Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
ldap-login-for-intranet-sites	ldap-login-for-intranet-sites	93	Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection	LOW	*-4.1.5	4.1.6	June 30, 2026
contact-form-add	contact-form-add	89	Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection	LOW	*-1.9.9.0		June 30, 2026
wpjobboard	wpjobboard	N/A	WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection	LOW	*-5.9.0		June 30, 2026
wp-abstracts-manuscripts-manager	wp-abstracts-manuscripts-manager	N/A	WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.6.2	2.6.3	June 30, 2026
wp-abstracts-manuscripts-manager	wp-abstracts-manuscripts-manager	N/A	WP Abstracts <= 2.6.2 - Cross-Site Request Forgery	LOW	*-2.6.2	2.6.3	June 30, 2026
waitlist-woocommerce	waitlist-woocommerce	N/A	Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.2 - Cross-Site Request Forgery to Settings Reset	LOW	*-2.5.2	2.5.3	June 30, 2026
sw-product-bundles	sw-product-bundles	N/A	SW Product Bundles <= 2.0.15 - Missing Authorization	LOW	*-2.0.15		June 30, 2026
sfwd-lms	sfwd-lms	N/A	LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change	LOW	*-4.6.0	4.6.0.1	June 30, 2026
salon-booking-system	salon-booking-system	N/A	Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer	LOW	*-8.4.7	8.4.8	June 30, 2026
quiz-expert	quiz-expert	N/A	Quiz Expert – Easy Quiz Maker, Exam and Test Manager <= 1.5.0 - Cross-Site Request Forgery	LOW	*-1.5.0		June 30, 2026
post-hit-counter	post-hit-counter	N/A	Post Hit Counter <= 1.3.2 - Missing Authorization	LOW	*-1.3.2		June 30, 2026
noo-timetable	noo-timetable	N/A	NOO Timetable <= 2.1.3 - Cross-Site Request Forgery	LOW	*-2.1.3		June 30, 2026
noo-timetable	noo-timetable	N/A	NOO Timetable <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.3		June 30, 2026
houzez-crm	houzez-crm	93	Houzez CRM <= 1.3.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.3.4	1.3.5	June 30, 2026
front-editor	front-editor	89	Front User Submit \| Front Editor <= 3.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	[*, 3.8.5)	3.8.5	June 30, 2026
email-download-link	email-download-link	91	Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure	LOW	*-3.7		June 30, 2026
editorial-calendar	editorial-calendar	93	Editorial Calendar <= 3.7.12 - Authenticated (Contributor+) Insecure Direct Object Reference	LOW	*-3.7.12	3.8.0	June 30, 2026
duplicate-post-page-menu-custom-post-type	duplicate-post-page-menu-custom-post-type	93	Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization	LOW	*-2.3.1	2.4.0	June 30, 2026
catalyst-connect-client-portal	catalyst-connect-client-portal	93	Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.0	2.1.0	June 30, 2026
booked	booked	91	Booked < 2.4.4 - Unauthenticated Sensitive Information Exposure	LOW	[*, 2.4.4)	2.4.4	June 30, 2026
armember-membership	armember-membership	95	ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.0.4	4.0.5	June 30, 2026
woocommerce-shipping-multiple-addresses	woocommerce-shipping-multiple-addresses	N/A	WooCommerce Ship to Multiple Addresses <= 3.8.5 - Cross-Site Request Forgery	LOW	*-3.8.5	3.8.6	June 30, 2026
woocommerce-pre-orders	woocommerce-pre-orders	N/A	WooCommerce Pre-Orders <= 2.0.1 - Reflected Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 30, 2026
woocommerce-order-barcodes	woocommerce-order-barcodes	N/A	WooCommerce Order Barcodes <= 1.6.4 - Cross-Site Request Forgery	LOW	*-1.6.4	1.6.5	June 30, 2026
wc-gsheetconnector	wc-gsheetconnector	N/A	WooCommerce Google Sheet Connector < 1.3.6 - Cross-Site Request Forgery	LOW	*-1.3.5	1.3.6	June 30, 2026
subscribe2	subscribe2	N/A	Subscribe2 <= 10.40 - Cross-Site Request Forgery	LOW	*-10.40	10.41	June 30, 2026
subscribe2	subscribe2	N/A	Subscribe2 <= 10.40 - Missing Authorization	LOW	*-10.40	10.41	June 30, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp	87	POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise	LOW	*-2.5.6	2.5.7	June 30, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp	87	POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Arbitrary Log Deletion	LOW	*-2.5.6	2.5.7	June 30, 2026
poll-maker	poll-maker	N/A	Poll Maker <= 4.6.2 - Authenticated (Admin+) Server-Side Request Forgery	LOW	*-4.6.2	4.6.3	June 30, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name	LOW	*-8.4.3	8.4.4	June 30, 2026
login-configurator	login-configurator	87	Login Configurator <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1		June 30, 2026
image-map-pro-lite	image-map-pro-lite	89	Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
image-map-pro-lite	image-map-pro-lite	89	Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
gsheetconnector-caldera-forms	gsheetconnector-caldera-forms	91	Caldera Forms Google Sheets Connector <= 1.3 - Cross-Site Request Forgery	LOW	*-1.3		June 30, 2026
EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more	embedpress	69	EmbedPress <= 3.7.3 - Sensitive Information Exposure	LOW	*-3.7.3	3.8.0	June 30, 2026
easy-login-woocommerce	easy-login-woocommerce	93	Login/Signup Popup <= 2.3 - Cross-Site Request Forgery to Settings Reset	LOW	[*, 2.4)	2.4	June 30, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty	chaty	88	Floating Chat Widget - Chaty <= 3.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.1.1	3.1.2	June 30, 2026
auyautochat-for-wp	auyautochat-for-wp	89	Autochat Automatic Conversation <= 1.1.9 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1.9		June 30, 2026
automatewoo	automatewoo	93	AutomateWoo <= 5.7.5 - Cross-Site Request Forgery	LOW	*-5.7.5	5.7.6	June 30, 2026
automatewoo	automatewoo	93	AutomateWoo <= 5.7.5 - Missing Authorization	LOW	*-5.7.5	5.7.6	June 30, 2026
apply-online	apply-online	97	ApplyOnline – Application Form Builder and Manager <= 2.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.5.5	2.5.6	June 30, 2026
an-gradebook	an-gradebook	95	AN_GradeBook <= 5.0.1 - Authenticated (Subscriber+) SQL Injection via 'id'	LOW	*-5.0.1		June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.10.3 - Reflected Cross-Site Scripting via error message	LOW	[*, 4.11.0)	4.11.0	June 30, 2026
WP Mail Logging	wp-mail-logging	87	WP Mail Logging <= 1.11.2 - Missing Authorization to Notice Dismissal	LOW	[*, 1.12.0)	1.12.0	June 30, 2026
ultimate-post	ultimate-post	N/A	PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting	LOW	*-2.9.9	2.9.10	June 30, 2026
Membership Plugin – Kadence Memberships	restrict-content	N/A	Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal	LOW	[*, 3.2.3)	3.2.3	June 30, 2026
Membership Plugin – Kadence Memberships	restrict-content	N/A	Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting	LOW	[*, 3.2.3)	3.2.3	June 30, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin	restaurant-reservations	N/A	Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting	LOW	*-2.6.7	2.6.8	June 30, 2026
popup-by-supsystic	popup-by-supsystic	N/A	Popup by Supsystic <= 1.10.18 - Prototype Pollution	LOW	[*, 1.10.19)	1.10.19	June 30, 2026
mstore-api	mstore-api	N/A	MStore API <= 4.0.1 - Unauthenticated SQL Injection	LOW	*-4.0.1	4.0.2	June 30, 2026
maxbuttons	maxbuttons	93	MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-9.5.3	9.6	June 30, 2026
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites	mainwp-child	N/A	MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files	LOW	*-4.4.1.1	4.4.1.2	June 30, 2026
lana-text-to-image	lana-text-to-image	93	Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.0	1.1.0	June 30, 2026
lana-shortcodes	lana-shortcodes	93	Lana Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.1	1.2.0	June 30, 2026
inventorypress	inventorypress	91	InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting	LOW	*-1.7		June 30, 2026
enable-svg-webp-ico-upload	enable-svg-webp-ico-upload	93	Enable SVG, WebP & ICO Upload <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	LOW	*-1.1.1	1.1.2	June 30, 2026
contact-form-to-db	contact-form-to-db	93	Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's'	LOW	*-1.7.1	1.7.2	June 30, 2026
bbs-e-popup	bbs-e-popup	89	BBS e-Popup <= 2.4.5 - Missing Authorization	LOW	*-2.4.5		June 30, 2026
wp-ticket	wp-ticket	N/A	Customer Service Software & Support Ticket System <= 5.12.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 5.13)	5.13	June 30, 2026
wp-members	wp-members	N/A	WP-Members Membership <= 3.4.7.3 - Cross-Site Request Forgery to Settings Update	LOW	*-3.4.7.3	3.4.8	June 30, 2026
teachpress	teachpress	N/A	teachPress <= 9.0.2 - Reflected Cross-Site Scripting via meta_field_id and cite_id	LOW	[*, 9.0.3)	9.0.3	June 30, 2026
redi-restaurant-reservation	redi-restaurant-reservation	N/A	ReDi Restaurant Reservation <= 23.0211 - Missing Authorization	LOW	*-23.0211	23.0212	June 30, 2026
rduplicator	rduplicator	N/A	Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id	LOW	*-2.0		June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion	LOW	*-3.6.24	3.6.25	June 30, 2026
mycurator	mycurator	N/A	MyCurator Content Curation <= 3.74 - Cross-Site Request Forgery	LOW	*-3.74	3.75	June 30, 2026
metform	metform	93	Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup	LOW	*-3.3.2	3.3.3	June 30, 2026
mail-queue	mail-queue	93	Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-1.1	1.2	June 30, 2026
gallery-metabox	gallery-metabox	87	Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox	LOW	*-1.5		June 30, 2026
gallery-metabox	gallery-metabox	87	Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove	LOW	*-1.5		June 30, 2026
colibri-page-builder	colibri-page-builder	93	Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id	LOW	*-1.0.227	1.0.229	June 30, 2026
Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk	cleantalk-spam-protect	71	Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization	LOW	*-6.10	6.11	June 30, 2026
booking-calendar-contact-form	booking-calendar-contact-form	93	Booking Calendar Contact Form <= 1.2.40 - Reflected Cross-Site Scripting	LOW	*-1.2.40	1.2.41	June 30, 2026
about-me-3000	about-me-3000	95	About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.6		June 30, 2026
OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)	oopspam-anti-spam	N/A	OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries	LOW	[*, 1.1.45)	1.1.45	June 30, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.7.4 - Reflected Cross-Site Scripting	LOW	*-2.7.4	2.7.5	June 30, 2026
google-analytics-premium	google-analytics-premium	93	MonsterInsights Pro <= 8.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.14.1	8.15	June 30, 2026
complianz-gdpr-premium	complianz-gdpr-premium	93	Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-6.4.6.1	6.4.7	June 30, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-6.4.4	6.4.5	June 30, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	wpforms-lite	70	Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting	LOW	*-1.8.1.2	1.8.1.3	June 30, 2026
wpforms	wpforms	N/A	Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting	LOW	*-1.8.1.2	1.8.1.3	June 30, 2026
WooCommerce PayPal Payments	woocommerce-paypal-payments	92	WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery	LOW	[*, 2.0.5)	2.0.5	June 30, 2026
WooPayments: Integrated WooCommerce Payments	woocommerce-payments	84	WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters	LOW	*-5.9.0	5.9.1	June 30, 2026
unlimited-elements-for-elementor	unlimited-elements-for-elementor	N/A	Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization	LOW	*-1.5.65	1.5.66	June 30, 2026
mailtree-log-mail	mailtree-log-mail	93	Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-1.0.0	1.0.1	June 30, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-2.7.7	2.7.8	June 30, 2026
js_composer	js_composer	93	WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.12.0	6.13.0	June 30, 2026
gdpr-cookie-consent	gdpr-cookie-consent	93	WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection	LOW	*-2.2.5	2.2.6	June 30, 2026
elementor-pro	elementor-pro	93	Elementor Pro <= 3.13.0 - Missing Authorization	LOW	*-3.13.0	3.13.1	June 30, 2026
donations-for-woocommerce	donations-for-woocommerce	93	Potent Donations for WooCommerce <= 1.1.9 - Cross-Site Request Forgery in hm_wcdon_admin_page	LOW	*-1.1.9	1.1.10	June 30, 2026
complianz-gdpr-premium	complianz-gdpr-premium	93	Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery	LOW	*-6.4.7	6.4.8	June 30, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery	LOW	*-6.4.5	6.4.6	June 30, 2026
bookit	bookit	93	BookIt <= 2.3.7 - Authentication Bypass	LOW	*-2.3.7	2.3.8	June 30, 2026
wpview	wpview	N/A	wpView <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.0		June 30, 2026
wp-sticky-social	wp-sticky-social	N/A	WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	1.0.1	1.0.2	June 30, 2026
woocommerce-subscriptions	woocommerce-subscriptions	N/A	WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference	LOW	*-5.1.2	5.1.3	June 30, 2026
woocommerce-square	woocommerce-square	N/A	WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions	LOW	*-3.8.1	3.8.2	June 30, 2026
woocommerce-product-vendors	woocommerce-product-vendors	N/A	WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection	LOW	*-2.1.78	2.1.79	June 30, 2026
WooPayments: Integrated WooCommerce Payments	woocommerce-payments	84	WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method	LOW	*-5.9.0	5.9.1	June 30, 2026
woocommerce-bulk-stock-management	woocommerce-bulk-stock-management	N/A	WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting	LOW	*-2.2.33	2.2.34	June 30, 2026

LOW

ldap-login-for-intranet-sites

Score: 93/100 Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

contact-form-add

Score: 89/100 Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection Affected: *-1.9.9.0 Patched: Updated: June 30, 2026

LOW

wpjobboard

Score: N/A WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection Affected: *-5.9.0 Patched: Updated: June 30, 2026

LOW

wp-abstracts-manuscripts-manager

Score: N/A WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6.2 Patched: 2.6.3 Updated: June 30, 2026

LOW

wp-abstracts-manuscripts-manager

Score: N/A WP Abstracts <= 2.6.2 - Cross-Site Request Forgery Affected: *-2.6.2 Patched: 2.6.3 Updated: June 30, 2026

LOW

waitlist-woocommerce

Score: N/A Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.2 - Cross-Site Request Forgery to Settings Reset Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

sw-product-bundles

Score: N/A SW Product Bundles <= 2.0.15 - Missing Authorization Affected: *-2.0.15 Patched: Updated: June 30, 2026

LOW

sfwd-lms

Score: N/A LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change Affected: *-4.6.0 Patched: 4.6.0.1 Updated: June 30, 2026

LOW

salon-booking-system

Score: N/A Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer Affected: *-8.4.7 Patched: 8.4.8 Updated: June 30, 2026

LOW

quiz-expert

Score: N/A Quiz Expert – Easy Quiz Maker, Exam and Test Manager <= 1.5.0 - Cross-Site Request Forgery Affected: *-1.5.0 Patched: Updated: June 30, 2026

LOW

post-hit-counter

Score: N/A Post Hit Counter <= 1.3.2 - Missing Authorization Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

noo-timetable

Score: N/A NOO Timetable <= 2.1.3 - Cross-Site Request Forgery Affected: *-2.1.3 Patched: Updated: June 30, 2026

LOW

noo-timetable

Score: N/A NOO Timetable <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.3 Patched: Updated: June 30, 2026

LOW

houzez-crm

Score: 93/100 Houzez CRM <= 1.3.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

front-editor

Score: 89/100 Front User Submit | Front Editor <= 3.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: [*, 3.8.5) Patched: 3.8.5 Updated: June 30, 2026

LOW

email-download-link

Score: 91/100 Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure Affected: *-3.7 Patched: Updated: June 30, 2026

LOW

editorial-calendar

Score: 93/100 Editorial Calendar <= 3.7.12 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-3.7.12 Patched: 3.8.0 Updated: June 30, 2026

LOW

duplicate-post-page-menu-custom-post-type

Score: 93/100 Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization Affected: *-2.3.1 Patched: 2.4.0 Updated: June 30, 2026

LOW

catalyst-connect-client-portal

Score: 93/100 Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.1.0 Updated: June 30, 2026

LOW

booked

Score: 91/100 Booked < 2.4.4 - Unauthenticated Sensitive Information Exposure Affected: [*, 2.4.4) Patched: 2.4.4 Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026

LOW

woocommerce-shipping-multiple-addresses

Score: N/A WooCommerce Ship to Multiple Addresses <= 3.8.5 - Cross-Site Request Forgery Affected: *-3.8.5 Patched: 3.8.6 Updated: June 30, 2026

LOW

woocommerce-pre-orders

Score: N/A WooCommerce Pre-Orders <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

woocommerce-order-barcodes

Score: N/A WooCommerce Order Barcodes <= 1.6.4 - Cross-Site Request Forgery Affected: *-1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

wc-gsheetconnector

Score: N/A WooCommerce Google Sheet Connector < 1.3.6 - Cross-Site Request Forgery Affected: *-1.3.5 Patched: 1.3.6 Updated: June 30, 2026

LOW

subscribe2

Score: N/A Subscribe2 <= 10.40 - Cross-Site Request Forgery Affected: *-10.40 Patched: 10.41 Updated: June 30, 2026

LOW

subscribe2

Score: N/A Subscribe2 <= 10.40 - Missing Authorization Affected: *-10.40 Patched: 10.41 Updated: June 30, 2026

LOW

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Score: 87/100 POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Score: 87/100 POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Arbitrary Log Deletion Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

poll-maker

Score: N/A Poll Maker <= 4.6.2 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-4.6.2 Patched: 4.6.3 Updated: June 30, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name Affected: *-8.4.3 Patched: 8.4.4 Updated: June 30, 2026

LOW

login-configurator

Score: 87/100 Login Configurator <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

Score: 89/100 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

image-map-pro-lite

Score: 89/100 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

gsheetconnector-caldera-forms

Score: 91/100 Caldera Forms Google Sheets Connector <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

embedpress

Score: 69/100 EmbedPress <= 3.7.3 - Sensitive Information Exposure Affected: *-3.7.3 Patched: 3.8.0 Updated: June 30, 2026

LOW

easy-login-woocommerce

Score: 93/100 Login/Signup Popup <= 2.3 - Cross-Site Request Forgery to Settings Reset Affected: [*, 2.4) Patched: 2.4 Updated: June 30, 2026

LOW

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

Score: 88/100 Floating Chat Widget - Chaty <= 3.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.1 Patched: 3.1.2 Updated: June 30, 2026

LOW

auyautochat-for-wp

Score: 89/100 Autochat Automatic Conversation <= 1.1.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

automatewoo

Score: 93/100 AutomateWoo <= 5.7.5 - Cross-Site Request Forgery Affected: *-5.7.5 Patched: 5.7.6 Updated: June 30, 2026

LOW

automatewoo

Score: 93/100 AutomateWoo <= 5.7.5 - Missing Authorization Affected: *-5.7.5 Patched: 5.7.6 Updated: June 30, 2026

LOW

apply-online

Score: 97/100 ApplyOnline – Application Form Builder and Manager <= 2.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.5.5 Patched: 2.5.6 Updated: June 30, 2026

LOW

an-gradebook

Score: 95/100 AN_GradeBook <= 5.0.1 - Authenticated (Subscriber+) SQL Injection via 'id' Affected: *-5.0.1 Patched: Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.10.3 - Reflected Cross-Site Scripting via error message Affected: [*, 4.11.0) Patched: 4.11.0 Updated: June 30, 2026

LOW

WP Mail Logging

wp-mail-logging

Score: 87/100 WP Mail Logging <= 1.11.2 - Missing Authorization to Notice Dismissal Affected: [*, 1.12.0) Patched: 1.12.0 Updated: June 30, 2026

LOW

ultimate-post

Score: N/A PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting Affected: *-2.9.9 Patched: 2.9.10 Updated: June 30, 2026

LOW

Membership Plugin – Kadence Memberships

restrict-content

Score: N/A Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal Affected: [*, 3.2.3) Patched: 3.2.3 Updated: June 30, 2026

LOW

Membership Plugin – Kadence Memberships

restrict-content

Score: N/A Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting Affected: [*, 3.2.3) Patched: 3.2.3 Updated: June 30, 2026

LOW

Five Star Restaurant Reservations – WordPress Booking Plugin

restaurant-reservations

Score: N/A Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting Affected: *-2.6.7 Patched: 2.6.8 Updated: June 30, 2026

LOW

popup-by-supsystic

Score: N/A Popup by Supsystic <= 1.10.18 - Prototype Pollution Affected: [*, 1.10.19) Patched: 1.10.19 Updated: June 30, 2026

LOW

mstore-api

Score: N/A MStore API <= 4.0.1 - Unauthenticated SQL Injection Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026

LOW

maxbuttons

Score: 93/100 MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-9.5.3 Patched: 9.6 Updated: June 30, 2026

LOW

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

Score: N/A MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files Affected: *-4.4.1.1 Patched: 4.4.1.2 Updated: June 30, 2026

LOW

lana-text-to-image

Score: 93/100 Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.0 Patched: 1.1.0 Updated: June 30, 2026

LOW

lana-shortcodes

Score: 93/100 Lana Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.1 Patched: 1.2.0 Updated: June 30, 2026

LOW

inventorypress

Score: 91/100 InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

enable-svg-webp-ico-upload

Score: 93/100 Enable SVG, WebP & ICO Upload <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026

LOW

contact-form-to-db

Score: 93/100 Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

bbs-e-popup

Score: 89/100 BBS e-Popup <= 2.4.5 - Missing Authorization Affected: *-2.4.5 Patched: Updated: June 30, 2026

LOW

wp-ticket

Score: N/A Customer Service Software & Support Ticket System <= 5.12.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 5.13) Patched: 5.13 Updated: June 30, 2026

LOW

wp-members

Score: N/A WP-Members Membership <= 3.4.7.3 - Cross-Site Request Forgery to Settings Update Affected: *-3.4.7.3 Patched: 3.4.8 Updated: June 30, 2026

LOW

teachpress

Score: N/A teachPress <= 9.0.2 - Reflected Cross-Site Scripting via meta_field_id and cite_id Affected: [*, 9.0.3) Patched: 9.0.3 Updated: June 30, 2026

LOW

redi-restaurant-reservation

Score: N/A ReDi Restaurant Reservation <= 23.0211 - Missing Authorization Affected: *-23.0211 Patched: 23.0212 Updated: June 30, 2026

LOW

rduplicator

Score: N/A Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion Affected: *-3.6.24 Patched: 3.6.25 Updated: June 30, 2026

LOW

mycurator

Score: N/A MyCurator Content Curation <= 3.74 - Cross-Site Request Forgery Affected: *-3.74 Patched: 3.75 Updated: June 30, 2026

LOW

metform

Score: 93/100 Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup Affected: *-3.3.2 Patched: 3.3.3 Updated: June 30, 2026

LOW

mail-queue

Score: 93/100 Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-1.1 Patched: 1.2 Updated: June 30, 2026

LOW

gallery-metabox

Score: 87/100 Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

gallery-metabox

Score: 87/100 Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

colibri-page-builder

Score: 93/100 Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id Affected: *-1.0.227 Patched: 1.0.229 Updated: June 30, 2026

LOW

Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk

cleantalk-spam-protect

Score: 71/100 Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization Affected: *-6.10 Patched: 6.11 Updated: June 30, 2026

LOW

booking-calendar-contact-form

Score: 93/100 Booking Calendar Contact Form <= 1.2.40 - Reflected Cross-Site Scripting Affected: *-1.2.40 Patched: 1.2.41 Updated: June 30, 2026

LOW

about-me-3000

Score: 95/100 About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.6 Patched: Updated: June 30, 2026

LOW

OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)

oopspam-anti-spam

Score: N/A OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries Affected: [*, 1.1.45) Patched: 1.1.45 Updated: June 30, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.7.4 - Reflected Cross-Site Scripting Affected: *-2.7.4 Patched: 2.7.5 Updated: June 30, 2026

LOW

google-analytics-premium

Score: 93/100 MonsterInsights Pro <= 8.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.14.1 Patched: 8.15 Updated: June 30, 2026

LOW

complianz-gdpr-premium

Score: 93/100 Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-6.4.6.1 Patched: 6.4.7 Updated: June 30, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-6.4.4 Patched: 6.4.5 Updated: June 30, 2026

LOW

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

Score: 70/100 Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting Affected: *-1.8.1.2 Patched: 1.8.1.3 Updated: June 30, 2026

LOW

wpforms

Score: N/A Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting Affected: *-1.8.1.2 Patched: 1.8.1.3 Updated: June 30, 2026

LOW

WooCommerce PayPal Payments

woocommerce-paypal-payments

Score: 92/100 WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery Affected: [*, 2.0.5) Patched: 2.0.5 Updated: June 30, 2026

LOW

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Score: 84/100 WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters Affected: *-5.9.0 Patched: 5.9.1 Updated: June 30, 2026

LOW

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization Affected: *-1.5.65 Patched: 1.5.66 Updated: June 30, 2026

LOW

mailtree-log-mail

Score: 93/100 Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.7.7 Patched: 2.7.8 Updated: June 30, 2026

LOW

js_composer

Score: 93/100 WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.12.0 Patched: 6.13.0 Updated: June 30, 2026

LOW

gdpr-cookie-consent

Score: 93/100 WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection Affected: *-2.2.5 Patched: 2.2.6 Updated: June 30, 2026

LOW

elementor-pro

Score: 93/100 Elementor Pro <= 3.13.0 - Missing Authorization Affected: *-3.13.0 Patched: 3.13.1 Updated: June 30, 2026

LOW

donations-for-woocommerce

Score: 93/100 Potent Donations for WooCommerce <= 1.1.9 - Cross-Site Request Forgery in hm_wcdon_admin_page Affected: *-1.1.9 Patched: 1.1.10 Updated: June 30, 2026

LOW

complianz-gdpr-premium

Score: 93/100 Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery Affected: *-6.4.7 Patched: 6.4.8 Updated: June 30, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery Affected: *-6.4.5 Patched: 6.4.6 Updated: June 30, 2026

LOW

bookit

Score: 93/100 BookIt <= 2.3.7 - Authentication Bypass Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026

LOW

wpview

Score: N/A wpView <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: June 30, 2026

LOW

wp-sticky-social

Score: N/A WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: 1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

woocommerce-subscriptions

Score: N/A WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference Affected: *-5.1.2 Patched: 5.1.3 Updated: June 30, 2026

LOW

woocommerce-square

Score: N/A WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions Affected: *-3.8.1 Patched: 3.8.2 Updated: June 30, 2026

LOW

woocommerce-product-vendors

Score: N/A WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection Affected: *-2.1.78 Patched: 2.1.79 Updated: June 30, 2026

LOW

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Score: 84/100 WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method Affected: *-5.9.0 Patched: 5.9.1 Updated: June 30, 2026

LOW

woocommerce-bulk-stock-management

Score: N/A WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting Affected: *-2.2.33 Patched: 2.2.34 Updated: June 30, 2026

Showing 24601 to 24700 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 00:46 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List