Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
woocommerce-brands	woocommerce-brands	N/A	WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery	LOW	*-1.6.49	1.6.50	June 29, 2026
url-shortify	url-shortify	N/A	URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 1.7.0)	1.7.0	June 29, 2026
tinymce-custom-styles	tinymce-custom-styles	N/A	TinyMCE Custom Styles <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.3	1.1.4	June 29, 2026
td-cloud-library	td-cloud-library	N/A	tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update	LOW	[*, 2.7)	2.7	June 29, 2026
super-socializer	super-socializer	N/A	Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-7.13.52	7.13.53	June 29, 2026
smoothscroller	smoothscroller	N/A	Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.0	1.1.0	June 29, 2026
simple-iframe	simple-iframe	N/A	Simple Iframe <= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes	LOW	*-1.1.1	1.2.0	June 29, 2026
prepost-seo	prepost-seo	N/A	PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-3.0		June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation	LOW	*-4.10.7	4.10.8	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.7 - Unauthenticated SQL Injection	LOW	*-3.9.7	3.9.8	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.8 - Unauthenticated Privilege Escalation	LOW	*-3.9.8	3.9.9	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.7 - Unauthenticated SQL Injection	LOW	*-3.9.7	3.9.8	June 29, 2026
mojoplug-slide-panel	mojoplug-slide-panel	91	MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.2		June 29, 2026
image-protector	image-protector	91	Image Protector <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
http-headers	http-headers	87	HTTP Headers <= 1.18.10 - Authenticated(Administrator+) Remote Code Execution	LOW	*-1.18.10	1.18.11	June 29, 2026
gutenverse	gutenverse	93	Gutenverse <= 1.8.5 - Missing Authorization via 'data/update' API Endpoint	LOW	*-1.8.5	1.8.6	June 29, 2026
greeklish-permalink	greeklish-permalink	93	Greeklish-permalink <= 3.3 - Missing Authorization via cyrtrans_ajax_old AJAX action	LOW	*-3.3	3.5	June 29, 2026
float-menu	float-menu	93	Float menu <= 5.0.2 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-5.0.2	5.0.3	June 29, 2026
extra-user-details	extra-user-details	93	Extra User Details <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5	0.5.1	June 29, 2026
extra-user-details	extra-user-details	93	Extra User Details <= 0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.5	0.5.1	June 29, 2026
export-all-urls	export-all-urls	93	Export All URLs <= 4.5 - Reflected Cross-Site Scripting	LOW	*-4.5	4.6	June 29, 2026
eventon-lite	eventon-lite	93	EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access	LOW	*-2.1	2.1.2	June 29, 2026
eventon-lite	eventon-lite	93	EventON <= 2.1 - Missing Authorization to Event Access	LOW	*-2.1	2.1.2	June 29, 2026
eventon	eventon	86	EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access	LOW	[*, 4.4)	4.4	June 29, 2026
enable-svg-uploads	enable-svg-uploads	91	Enable SVG Uploads <= 2.1.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	LOW	*-2.1.5		June 29, 2026
core-web-vitals-pagespeed-booster	core-web-vitals-pagespeed-booster	91	Core Web Vitals & PageSpeed Booster <= 1.0.12 - Open Redirect via _wp_http_referer	LOW	*-1.0.12	1.0.13	June 29, 2026
contact-form-add	contact-form-add	89	Form Builder <= 1.9.9.0 - Cross-Site Request Forgery	LOW	*-1.9.9.0		June 29, 2026
companion-sitemap-generator	companion-sitemap-generator	93	Companion Sitemap Generator <= 4.5.1.1 - Reflected Cross-Site Scripting	LOW	*-4.5.1.1	4.5.3	June 29, 2026
cms-commander-client	cms-commander-client	91	CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature	LOW	*-2.287	2.288	June 29, 2026
buymeacoffee	buymeacoffee	93	Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.6	3.7	June 29, 2026
an-gradebook	an-gradebook	95	AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-5.0.1		June 29, 2026
all-in-one-redirection	all-in-one-redirection	95	All In One Redirection <= 2.1.0 - Authenticated(Administrator+) SQL Injection	LOW	*-2.1.0	2.2.0	June 29, 2026
accessibility-help-button	accessibility-help-button	97	Call Now Accessibility Button <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.2	1.1	June 29, 2026
wp-backup-manager	wp-backup-manager	N/A	WP Backup Manager <= 1.13.1 - Reflected Cross-Site Scripting	LOW	*-1.13.1		June 29, 2026
who-hit-the-page-hit-counter	who-hit-the-page-hit-counter	N/A	Who Hit The Page – Hit Counter <= 1.4.14.3 - Reflected Cross-Site Scripting	LOW	*-1.4.14.3		June 29, 2026
unlimited-elements-for-elementor	unlimited-elements-for-elementor	N/A	Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-1.5.66	1.5.67	June 29, 2026
sermone-online-sermons-management	sermone-online-sermons-management	N/A	Sermon'e <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.0		June 29, 2026
seed-fonts	seed-fonts	N/A	Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	2.3.1	2.4.0	June 29, 2026
recent-posts-slider	recent-posts-slider	N/A	Recent Posts Slider <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 29, 2026
quick-edit-template-link	quick-edit-template-link	N/A	Template Debugger <= 3.1.2 - Cross-Site Request Forgery	LOW	*-3.1.2		June 29, 2026
lws-tools	lws-tools	93	LWS Tools <= 2.4.1 - Cross-Site Request Forgery	LOW	*-2.4.1	2.4.2	June 29, 2026
lws-cleaner	lws-cleaner	93	LWS Cleaner <= 2.3.0 - Cross-Site Request Forgery	LOW	*-2.3.0	2.3.1	June 29, 2026
google-map-shortcode	google-map-shortcode	87	Google Map Shortcode <= 3.1.2 - Reflected Cross-Site Scripting	LOW	*-3.1.2		June 29, 2026
galleria	galleria	91	Galleria <= 1.0.3 - Cross-Site Request Forgery via showOptionsPage	LOW	*-1.0.3		June 29, 2026
zip-recipes	zip-recipes	N/A	Zip Recipes <= 8.0.7 - Cross-Site Request Forgery	LOW	[*, 8.0.8)	8.0.8	June 29, 2026
zip-recipes	zip-recipes	N/A	Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery	LOW	*-8.0.7	8.0.8	June 29, 2026
wp-affiliate-links	wp-affiliate-links	N/A	WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting	LOW	*-0.1.1		June 29, 2026
wordpress-nextgen-galleryview	wordpress-nextgen-galleryview	N/A	NextGen GalleryView <= 0.5.5 - Reflected Cross-Site Scripting	LOW	*-0.5.5		June 29, 2026
shortcode-gallery-for-matterport-showcase	shortcode-gallery-for-matterport-showcase	N/A	WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.1.4	2.1.5	June 29, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.8	3.0.9	June 29, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation	LOW	*-3.0.8	3.0.9	June 29, 2026
flo-forms	flo-forms	89	Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.40	1.0.41	June 29, 2026
contact-form-maker	contact-form-maker	91	Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection	LOW	*-1.13.23		June 29, 2026
constant-contact-forms	constant-contact-forms	93	Constant Contact Forms <= 2.0.2 - Missing Authorization via constant_contact_privacy_ajax_handler	LOW	*-2.0.2	2.0.3	June 29, 2026
chp-ads-block-detector	chp-ads-block-detector	93	CHP Ads Block Detector <= 3.9.4 - Missing Authorization to Plugin Settings Update	LOW	*-3.9.4	3.9.8	June 29, 2026
chp-ads-block-detector	chp-ads-block-detector	93	CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.9.4	3.9.8	June 29, 2026
chp-ads-block-detector	chp-ads-block-detector	93	CHP Ads Block Detector <= 3.9.4 - Cross-Site Request Forgery via chp_abd_action	LOW	*-3.9.4	3.9.8	June 29, 2026
breadcrumb-simple	breadcrumb-simple	91	breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3		June 29, 2026
woocommerce-stock-manager	woocommerce-stock-manager	N/A	Stock Manager for WooCommerce <= 2.10.0 - Cross-Site Request Forgery	LOW	[*, 2.11.0)	2.11.0	June 29, 2026
mycred	mycred	N/A	myCred <= 2.5 - Cross-Site Request Forgery	LOW	[*, 2.5.1)	2.5.1	June 29, 2026
form-maker	form-maker	93	Form Maker <= 1.15.16 - Missing Authorization in check_score	LOW	*-1.15.16	1.15.17	June 29, 2026
fat-rat-collect	fat-rat-collect	93	Fat Rat Collect <= 2.6.0 - Missing Authorization	LOW	*-2.6.0	2.6.1	June 29, 2026
zephyr-project-manager	zephyr-project-manager	N/A	Zephyr Project Manager <= 3.3.93 - Cross-Site Request Forgery	LOW	*-3.3.93	3.3.94	June 29, 2026
wp-pdf-generator	wp-pdf-generator	N/A	WP PDF Generator <= 1.2.2 - Cross-Site Request Forgery to PDF Settings Update	LOW	*-1.2.2	1.2.3	June 29, 2026
WooCommerce Stripe Payment Gateway	woocommerce-gateway-stripe	N/A	WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization	LOW	*-7.4.0	7.4.1	June 29, 2026
WooCommerce Stripe Payment Gateway	woocommerce-gateway-stripe	N/A	WooCommerce Stripe Payment Gateway <= 7.4.0 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Disclosure	LOW	*-5.5.0, [5.5.0, 5.5.1), [5.6.0, 5.6.3), [5.7.0, 5.7.1), [5.8.0, 5.8.2), [5.9.0, 5.9.1)	5.5.1	June 29, 2026
securimage-wp	securimage-wp	N/A	Securimage-WP <= 3.6.16 - Cross-Site Request Forgery	LOW	*-3.6.16		June 29, 2026
recent-posts-slider	recent-posts-slider	N/A	Recent Posts Slider <= 1.1 - Reflected Cross-Site Scripting	LOW	*-1.1		June 29, 2026
password-protected	password-protected	N/A	Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.6.2	2.6.3	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update	LOW	*-3.9.6	3.9.7	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Message Update	LOW	*-3.9.6	3.9.7	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update	LOW	*-3.9.6	3.9.7	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update	LOW	*-3.9.6	3.9.7	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update	LOW	*-3.9.6	3.9.7	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update	LOW	*-3.9.6	3.9.7	June 29, 2026
login-configurator	login-configurator	87	Login Configurator <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1		June 29, 2026
contact-forms	contact-forms	93	WordPress Contact Forms by Cimatti <= 1.5.7 - Missing Authorization	LOW	*-1.5.7	1.5.8	June 29, 2026
church-admin	church-admin	93	Church Admin <= 3.7.29 - Reflected Cross-Site Scripting	LOW	*-3.7.29	3.7.30	June 29, 2026
booking-and-rental-manager-for-woocommerce	booking-and-rental-manager-for-woocommerce	93	Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.1	1.2.2	June 29, 2026
armember-membership	armember-membership	95	ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.0.2	4.0.3	June 29, 2026
all-bootstrap-blocks	all-bootstrap-blocks	97	All Bootstrap Blocks <= 1.3.6 - Cross-Site Request Forgery to Plugin Settings Reset	LOW	*-1.3.6	1.3.7	June 29, 2026
yaysmtp	yaysmtp	N/A	YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email	LOW	*-2.4.5	2.4.6	June 29, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action	LOW	*-1.2.3	1.2.4	June 29, 2026
tutor	tutor	N/A	Tutor LMS <= 2.2.0 - Missing Authorization via REST API	LOW	*-2.2.0	2.2.1	June 29, 2026
protect-wp-admin	protect-wp-admin	N/A	Protect WP Admin <= 3.8 - Unauthenticated Information Disclosure to Protection Bypass	LOW	*-3.8	4.0	June 29, 2026
ND Shortcodes	nd-shortcodes	N/A	ND Shortcodes <= 6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-6.9	7.0	June 29, 2026
ND Shortcodes	nd-shortcodes	N/A	ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-6.9	7.0	June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.6 - Missing Authorization	LOW	[*, 3.9.7)	3.9.7	June 29, 2026
gsheetconnector-wpforms-pro	gsheetconnector-wpforms-pro	93	WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting	LOW	[*, 2.5.7)	2.5.7	June 29, 2026
gsheetconnector-wpforms	gsheetconnector-wpforms	93	WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting	LOW	*-3.4.5	3.4.6	June 29, 2026
gsheetconnector-ninja-forms-pro	gsheetconnector-ninja-forms-pro	93	Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting	LOW	*-1.4	1.5	June 29, 2026
gsheetconnector-ninja-forms	gsheetconnector-ninja-forms	93	Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting	LOW	*-1.2.6	1.2.7	June 29, 2026
gsheetconnector-for-elementor-forms-pro	gsheetconnector-for-elementor-forms-pro	91	Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code'	LOW	*-1.0.6		June 29, 2026
gsheetconnector-for-elementor-forms	gsheetconnector-for-elementor-forms	93	Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code'	LOW	*-1.0.6	1.0.7	June 29, 2026
front-editor	front-editor	89	Front User Submit \| Front Editor <= 3.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	[*, 3.8.0)	3.8.0	June 29, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting	LOW	*-1.23.3	1.24.1	June 29, 2026
contact-forms	contact-forms	93	WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action	LOW	*-1.5.7	1.5.8	June 29, 2026
cf7-google-sheets-connector-pro	cf7-google-sheets-connector-pro	93	CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code'	LOW	[*, 2.3.7)	2.3.7	June 29, 2026
cf7-google-sheets-connector	cf7-google-sheets-connector	93	CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code'	LOW	*-5.0.1	5.0.2	June 29, 2026
wp-mail-catcher	wp-mail-catcher	N/A	WP Mail Catcher <= 2.1.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-2.1.2	2.1.3	June 29, 2026

LOW

woocommerce-brands

Score: N/A WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery Affected: *-1.6.49 Patched: 1.6.50 Updated: June 29, 2026

LOW

Score: N/A URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.7.0) Patched: 1.7.0 Updated: June 29, 2026

LOW

tinymce-custom-styles

Score: N/A TinyMCE Custom Styles <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026

LOW

td-cloud-library

Score: N/A tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update Affected: [*, 2.7) Patched: 2.7 Updated: June 29, 2026

LOW

super-socializer

Score: N/A Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-7.13.52 Patched: 7.13.53 Updated: June 29, 2026

LOW

smoothscroller

Score: N/A Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.1.0 Updated: June 29, 2026

LOW

simple-iframe

Score: N/A Simple Iframe <= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes Affected: *-1.1.1 Patched: 1.2.0 Updated: June 29, 2026

LOW

prepost-seo

Score: N/A PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation Affected: *-4.10.7 Patched: 4.10.8 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.7 - Unauthenticated SQL Injection Affected: *-3.9.7 Patched: 3.9.8 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.8 - Unauthenticated Privilege Escalation Affected: *-3.9.8 Patched: 3.9.9 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.7 - Unauthenticated SQL Injection Affected: *-3.9.7 Patched: 3.9.8 Updated: June 29, 2026

LOW

mojoplug-slide-panel

Score: 91/100 MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

image-protector

Score: 91/100 Image Protector <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.18.10 - Authenticated(Administrator+) Remote Code Execution Affected: *-1.18.10 Patched: 1.18.11 Updated: June 29, 2026

LOW

gutenverse

Score: 93/100 Gutenverse <= 1.8.5 - Missing Authorization via 'data/update' API Endpoint Affected: *-1.8.5 Patched: 1.8.6 Updated: June 29, 2026

LOW

greeklish-permalink

Score: 93/100 Greeklish-permalink <= 3.3 - Missing Authorization via cyrtrans_ajax_old AJAX action Affected: *-3.3 Patched: 3.5 Updated: June 29, 2026

LOW

float-menu

Score: 93/100 Float menu <= 5.0.2 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-5.0.2 Patched: 5.0.3 Updated: June 29, 2026

LOW

extra-user-details

Score: 93/100 Extra User Details <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: 0.5.1 Updated: June 29, 2026

LOW

extra-user-details

Score: 93/100 Extra User Details <= 0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.5 Patched: 0.5.1 Updated: June 29, 2026

LOW

export-all-urls

Score: 93/100 Export All URLs <= 4.5 - Reflected Cross-Site Scripting Affected: *-4.5 Patched: 4.6 Updated: June 29, 2026

LOW

eventon-lite

Score: 93/100 EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access Affected: *-2.1 Patched: 2.1.2 Updated: June 29, 2026

LOW

eventon-lite

Score: 93/100 EventON <= 2.1 - Missing Authorization to Event Access Affected: *-2.1 Patched: 2.1.2 Updated: June 29, 2026

LOW

eventon

Score: 86/100 EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access Affected: [*, 4.4) Patched: 4.4 Updated: June 29, 2026

LOW

enable-svg-uploads

Score: 91/100 Enable SVG Uploads <= 2.1.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-2.1.5 Patched: Updated: June 29, 2026

LOW

core-web-vitals-pagespeed-booster

Score: 91/100 Core Web Vitals & PageSpeed Booster <= 1.0.12 - Open Redirect via _wp_http_referer Affected: *-1.0.12 Patched: 1.0.13 Updated: June 29, 2026

LOW

contact-form-add

Score: 89/100 Form Builder <= 1.9.9.0 - Cross-Site Request Forgery Affected: *-1.9.9.0 Patched: Updated: June 29, 2026

LOW

companion-sitemap-generator

Score: 93/100 Companion Sitemap Generator <= 4.5.1.1 - Reflected Cross-Site Scripting Affected: *-4.5.1.1 Patched: 4.5.3 Updated: June 29, 2026

LOW

cms-commander-client

Score: 91/100 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature Affected: *-2.287 Patched: 2.288 Updated: June 29, 2026

LOW

buymeacoffee

Score: 93/100 Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.6 Patched: 3.7 Updated: June 29, 2026

LOW

an-gradebook

Score: 95/100 AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-5.0.1 Patched: Updated: June 29, 2026

LOW

all-in-one-redirection

Score: 95/100 All In One Redirection <= 2.1.0 - Authenticated(Administrator+) SQL Injection Affected: *-2.1.0 Patched: 2.2.0 Updated: June 29, 2026

LOW

accessibility-help-button

Score: 97/100 Call Now Accessibility Button <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.1 Updated: June 29, 2026

LOW

wp-backup-manager

Score: N/A WP Backup Manager <= 1.13.1 - Reflected Cross-Site Scripting Affected: *-1.13.1 Patched: Updated: June 29, 2026

LOW

who-hit-the-page-hit-counter

Score: N/A Who Hit The Page – Hit Counter <= 1.4.14.3 - Reflected Cross-Site Scripting Affected: *-1.4.14.3 Patched: Updated: June 29, 2026

LOW

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.5.66 Patched: 1.5.67 Updated: June 29, 2026

LOW

sermone-online-sermons-management

Score: N/A Sermon'e <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

seed-fonts

Score: N/A Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: 2.3.1 Patched: 2.4.0 Updated: June 29, 2026

LOW

recent-posts-slider

Score: N/A Recent Posts Slider <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

quick-edit-template-link

Score: N/A Template Debugger <= 3.1.2 - Cross-Site Request Forgery Affected: *-3.1.2 Patched: Updated: June 29, 2026

LOW

lws-tools

Score: 93/100 LWS Tools <= 2.4.1 - Cross-Site Request Forgery Affected: *-2.4.1 Patched: 2.4.2 Updated: June 29, 2026

LOW

lws-cleaner

Score: 93/100 LWS Cleaner <= 2.3.0 - Cross-Site Request Forgery Affected: *-2.3.0 Patched: 2.3.1 Updated: June 29, 2026

LOW

google-map-shortcode

Score: 87/100 Google Map Shortcode <= 3.1.2 - Reflected Cross-Site Scripting Affected: *-3.1.2 Patched: Updated: June 29, 2026

LOW

galleria

Score: 91/100 Galleria <= 1.0.3 - Cross-Site Request Forgery via showOptionsPage Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

zip-recipes

Score: N/A Zip Recipes <= 8.0.7 - Cross-Site Request Forgery Affected: [*, 8.0.8) Patched: 8.0.8 Updated: June 29, 2026

LOW

zip-recipes

Score: N/A Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery Affected: *-8.0.7 Patched: 8.0.8 Updated: June 29, 2026

LOW

wp-affiliate-links

Score: N/A WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 29, 2026

LOW

wordpress-nextgen-galleryview

Score: N/A NextGen GalleryView <= 0.5.5 - Reflected Cross-Site Scripting Affected: *-0.5.5 Patched: Updated: June 29, 2026

LOW

shortcode-gallery-for-matterport-showcase

Score: N/A WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.4 Patched: 2.1.5 Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.8 Patched: 3.0.9 Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation Affected: *-3.0.8 Patched: 3.0.9 Updated: June 29, 2026

LOW

flo-forms

Score: 89/100 Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.40 Patched: 1.0.41 Updated: June 29, 2026

LOW

contact-form-maker

Score: 91/100 Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection Affected: *-1.13.23 Patched: Updated: June 29, 2026

LOW

constant-contact-forms

Score: 93/100 Constant Contact Forms <= 2.0.2 - Missing Authorization via constant_contact_privacy_ajax_handler Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026

LOW

chp-ads-block-detector

Score: 93/100 CHP Ads Block Detector <= 3.9.4 - Missing Authorization to Plugin Settings Update Affected: *-3.9.4 Patched: 3.9.8 Updated: June 29, 2026

LOW

chp-ads-block-detector

Score: 93/100 CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.9.4 Patched: 3.9.8 Updated: June 29, 2026

LOW

chp-ads-block-detector

Score: 93/100 CHP Ads Block Detector <= 3.9.4 - Cross-Site Request Forgery via chp_abd_action Affected: *-3.9.4 Patched: 3.9.8 Updated: June 29, 2026

LOW

breadcrumb-simple

Score: 91/100 breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

woocommerce-stock-manager

Score: N/A Stock Manager for WooCommerce <= 2.10.0 - Cross-Site Request Forgery Affected: [*, 2.11.0) Patched: 2.11.0 Updated: June 29, 2026

LOW

mycred

Score: N/A myCred <= 2.5 - Cross-Site Request Forgery Affected: [*, 2.5.1) Patched: 2.5.1 Updated: June 29, 2026

LOW

form-maker

Score: 93/100 Form Maker <= 1.15.16 - Missing Authorization in check_score Affected: *-1.15.16 Patched: 1.15.17 Updated: June 29, 2026

LOW

fat-rat-collect

Score: 93/100 Fat Rat Collect <= 2.6.0 - Missing Authorization Affected: *-2.6.0 Patched: 2.6.1 Updated: June 29, 2026

LOW

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.3.93 - Cross-Site Request Forgery Affected: *-3.3.93 Patched: 3.3.94 Updated: June 29, 2026

LOW

wp-pdf-generator

Score: N/A WP PDF Generator <= 1.2.2 - Cross-Site Request Forgery to PDF Settings Update Affected: *-1.2.2 Patched: 1.2.3 Updated: June 29, 2026

LOW

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Score: N/A WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization Affected: *-7.4.0 Patched: 7.4.1 Updated: June 29, 2026

LOW

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Score: N/A WooCommerce Stripe Payment Gateway <= 7.4.0 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Disclosure Affected: *-5.5.0, [5.5.0, 5.5.1), [5.6.0, 5.6.3), [5.7.0, 5.7.1), [5.8.0, 5.8.2), [5.9.0, 5.9.1) Patched: 5.5.1 Updated: June 29, 2026

LOW

securimage-wp

Score: N/A Securimage-WP <= 3.6.16 - Cross-Site Request Forgery Affected: *-3.6.16 Patched: Updated: June 29, 2026

LOW

recent-posts-slider

Score: N/A Recent Posts Slider <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

password-protected

Score: N/A Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6.2 Patched: 2.6.3 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Message Update Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

login-configurator

Score: 87/100 Login Configurator <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

contact-forms

Score: 93/100 WordPress Contact Forms by Cimatti <= 1.5.7 - Missing Authorization Affected: *-1.5.7 Patched: 1.5.8 Updated: June 29, 2026

LOW

church-admin

Score: 93/100 Church Admin <= 3.7.29 - Reflected Cross-Site Scripting Affected: *-3.7.29 Patched: 3.7.30 Updated: June 29, 2026

LOW

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

armember-membership

Score: 95/100 ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.2 Patched: 4.0.3 Updated: June 29, 2026

LOW

all-bootstrap-blocks

Score: 97/100 All Bootstrap Blocks <= 1.3.6 - Cross-Site Request Forgery to Plugin Settings Reset Affected: *-1.3.6 Patched: 1.3.7 Updated: June 29, 2026

LOW

yaysmtp

Score: N/A YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email Affected: *-2.4.5 Patched: 2.4.6 Updated: June 29, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action Affected: *-1.2.3 Patched: 1.2.4 Updated: June 29, 2026

LOW

tutor

Score: N/A Tutor LMS <= 2.2.0 - Missing Authorization via REST API Affected: *-2.2.0 Patched: 2.2.1 Updated: June 29, 2026

LOW

protect-wp-admin

Score: N/A Protect WP Admin <= 3.8 - Unauthenticated Information Disclosure to Protection Bypass Affected: *-3.8 Patched: 4.0 Updated: June 29, 2026

LOW

ND Shortcodes

nd-shortcodes

Score: N/A ND Shortcodes <= 6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-6.9 Patched: 7.0 Updated: June 29, 2026

LOW

ND Shortcodes

nd-shortcodes

Score: N/A ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion Affected: *-6.9 Patched: 7.0 Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.6 - Missing Authorization Affected: [*, 3.9.7) Patched: 3.9.7 Updated: June 29, 2026

LOW

gsheetconnector-wpforms-pro

Score: 93/100 WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting Affected: [*, 2.5.7) Patched: 2.5.7 Updated: June 29, 2026

LOW

gsheetconnector-wpforms

Score: 93/100 WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting Affected: *-3.4.5 Patched: 3.4.6 Updated: June 29, 2026

LOW

gsheetconnector-ninja-forms-pro

Score: 93/100 Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: June 29, 2026

LOW

gsheetconnector-ninja-forms

Score: 93/100 Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: June 29, 2026

LOW

gsheetconnector-for-elementor-forms-pro

Score: 91/100 Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code' Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

gsheetconnector-for-elementor-forms

Score: 93/100 Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code' Affected: *-1.0.6 Patched: 1.0.7 Updated: June 29, 2026

LOW

front-editor

Score: 89/100 Front User Submit | Front Editor <= 3.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: [*, 3.8.0) Patched: 3.8.0 Updated: June 29, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting Affected: *-1.23.3 Patched: 1.24.1 Updated: June 29, 2026

LOW

contact-forms

Score: 93/100 WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action Affected: *-1.5.7 Patched: 1.5.8 Updated: June 29, 2026

LOW

cf7-google-sheets-connector-pro

Score: 93/100 CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code' Affected: [*, 2.3.7) Patched: 2.3.7 Updated: June 29, 2026

LOW

cf7-google-sheets-connector

Score: 93/100 CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code' Affected: *-5.0.1 Patched: 5.0.2 Updated: June 29, 2026

LOW

wp-mail-catcher

Score: N/A WP Mail Catcher <= 2.1.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-2.1.2 Patched: 2.1.3 Updated: June 29, 2026

Showing 24701 to 24800 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 23:16 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List