Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion	LOW	*-5.1.2	5.1.3	June 30, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration & Membership <= 5.1.2 - Authentication Bypass	LOW	*-5.1.2	5.1.3	June 30, 2026
tp2wp-importer	tp2wp-importer	N/A	TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea	LOW	*-1.1		June 30, 2026
addons-for-beaver-builder	addons-for-beaver-builder	93	Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes	LOW	*-3.9.2		June 30, 2026
wp-responsive-images	wp-responsive-images	N/A	WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src	LOW	*-1.0		June 30, 2026
wp-social-meta	wp-social-meta	N/A	WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings	LOW	*-1.0.1		June 30, 2026
custom-logo	custom-logo	91	Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting	LOW	*-2.2		June 30, 2026
cost-calculator	cost-calculator	91	EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'	LOW	*-2.3.1		June 30, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API	LOW	*-6.15.16	6.15.16.1	June 30, 2026
woo-coming-soon-product	woo-coming-soon-product	N/A	WooCommerce Coming Soon Product with Countdown <= 5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-5.0		June 30, 2026
wedocs	wedocs	N/A	weDocs <= 2.1.18 - Missing Authorization	LOW	*-2.1.18	2.2.1	June 30, 2026
wedesigntech-ultimate-booking-addon	wedesigntech-ultimate-booking-addon	N/A	WeDesignTech Ultimate Booking Addon <= 1.0.3 - Missing Authorization	LOW	*-1.0.3	1.0.4	June 30, 2026
vc-autoresponder-addon	vc-autoresponder-addon	N/A	Bakery Autoresponder Addon <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.0.6		June 30, 2026
vc-autoresponder-addon	vc-autoresponder-addon	N/A	Bakery Autoresponder Addon <= 1.0.6 - Missing Authorization	LOW	*-1.0.6		June 30, 2026
tutor	tutor	N/A	Tutor LMS – eLearning and online course solution <= 3.9.5 - Missing Authorization	LOW	*-3.9.5	3.9.6	June 30, 2026
theatre	theatre	N/A	Theater for WordPress <= 0.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-0.19	0.19.1	June 30, 2026
squeeze	squeeze	N/A	Squeeze <= 1.7.7 - Authenticated (Subscriber+) Directory Traversal	LOW	*-1.7.7	1.7.8	June 30, 2026
riode-core	riode-core	N/A	Riode Core <= 1.6.26 - Unauthenticated SQL Injection	LOW	*-1.6.26	1.6.27	June 30, 2026
responsive-posts-carousel-pro	responsive-posts-carousel-pro	N/A	Responsive Posts Carousel WordPress Plugin <= 15.1 - Missing Authorization	LOW	*-15.1		June 30, 2026
powerpress	powerpress	N/A	PowerPress Podcasting plugin by Blubrry <= 11.15.10 - Authenticated (Contributor+) PHP Object Injection	LOW	*-11.15.10	11.15.11	June 30, 2026
pochipp	pochipp	N/A	Pochipp < 1.18.9 - Missing Authorization	LOW	[*, 1.18.9)	1.18.9	June 30, 2026
permalink-manager	permalink-manager	N/A	Permalink Manager Lite < 2.5.3 - Missing Authorization	LOW	[*, 2.5.3)	2.5.3	June 30, 2026
PDF Poster – Display PDF Files with Custom Viewer	pdf-poster	96	PDF Poster <= 2.4.0 - Missing Authorization	LOW	*-2.4.0	2.4.1	June 30, 2026
inseri-core	inseri-core	91	Scientific and Interactive Blocks – inseri core <= 1.0.5 - Missing Authorization	LOW	*-1.0.5		June 30, 2026
gift-up	gift-up	93	Gift Up Gift Cards for WordPress and WooCommerce <= 3.1.7 - Unauthenticated Server-Side Request Forgery	LOW	*-3.1.7	3.1.8	June 30, 2026
fsm-custom-featured-image-caption	fsm-custom-featured-image-caption	91	FSM Custom Featured Image Caption <= 1.25.1 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.25.1		June 30, 2026
depart-deposit-and-part-payment-for-woo	depart-deposit-and-part-payment-for-woo	93	DEPART <= 1.0.7 - Missing Authorization	LOW	*-1.0.7	1.0.8	June 30, 2026
delicious-recipes	delicious-recipes	93	Delicious <= 1.9.5 - Missing Authorization	LOW	*-1.9.5	1.9.6	June 30, 2026
builderall-cheetah-for-wp	builderall-cheetah-for-wp	89	Builderall for WordPress <= 3.0.1 - Authenticated (Contributor+) Remote Code Execution	LOW	*-3.0.1		June 30, 2026
awa-plugins	awa-plugins	91	Awa Plugins <= 1.4.4 - Reflected Cross-Site Scripting	LOW	*-1.4.4		June 30, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress	ai-engine	82	AI Engine – The Chatbot, AI Framework & MCP for WordPress <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload	LOW	*-3.3.2	3.3.3	June 30, 2026
advanced-woo-labels	advanced-woo-labels	97	Advanced Woo Labels <= 2.36 - Authenticated (Admin+) Remote Code Execution	LOW	*-2.36	2.37	June 30, 2026
post-duplicator	post-duplicator	N/A	Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter	LOW	*-3.0.8	3.0.9	June 30, 2026
wp-recipe-maker	wp-recipe-maker	N/A	WP Recipe Maker <= 10.6.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-10.6.0	10.6.1	June 30, 2026
disable-admin-notices	disable-admin-notices	93	Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-1.4.2	1.4.3	June 30, 2026
secure-copy-content-protection	secure-copy-content-protection	N/A	Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute	LOW	*-5.0.1	5.0.2	June 30, 2026
responsive-lightbox	responsive-lightbox	N/A	Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload	LOW	*-2.7.1	2.7.2	June 30, 2026
advanced-woo-labels	advanced-woo-labels	97	Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter	LOW	*-2.36	2.37	June 30, 2026
geo-mashup	geo-mashup	93	Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter	LOW	*-1.13.17	1.13.18	June 30, 2026
wpgsi	wpgsi	N/A	WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token	LOW	*-3.8.3	3.8.4	June 30, 2026
rise-blocks	rise-blocks	N/A	Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes	LOW	*-3.7		June 30, 2026
woocommerce-order-details	woocommerce-order-details	N/A	WooCommerce Order Details <= 3.1 - Missing Authorization	LOW	*-3.1		June 30, 2026
W3 Total Cache	w3-total-cache	69	W3 Total Cache <= 2.9.1 - Unauthenticated Arbitrary Code Execution	LOW	*-2.9.1	2.9.2	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.4	5.4.5	June 30, 2026
tablesome	tablesome	N/A	Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.2.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.2.3	1.2.4	June 30, 2026
social-networks-auto-poster-facebook-twitter-g	social-networks-auto-poster-facebook-twitter-g	N/A	NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection	LOW	*-4.4.7		June 30, 2026
embed-calendly-scheduling	embed-calendly-scheduling	93	Embed Calendly <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.4	4.5	June 30, 2026
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor	elementskit-lite	95	ElementsKit Elementor addons Lite < 3.7.9 - Missing Authorization	LOW	[*, 3.7.9)	3.7.9	June 30, 2026
designthemes-portfolio	designthemes-portfolio	91	DesignThemes Portfolio <= 1.3 - Reflected Cross-Site Scripting	LOW	*-1.3		June 30, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty	chaty	88	Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty <= 3.5.1 - Unauthenticated Information Exposure	LOW	*-3.5.1	3.5.2	June 30, 2026
wp-front-end-profile	wp-front-end-profile	N/A	Frontend Profile <= 1.3.9 - Missing Authorization	LOW	*-1.3.9		June 30, 2026
woo-currency	woo-currency	N/A	WBW Currency Switcher for WooCommerce <= 2.2.5 - Missing Authorization	LOW	*-2.2.5	2.2.6	June 30, 2026
wedesigntech-ultimate-booking-addon	wedesigntech-ultimate-booking-addon	N/A	WeDesignTech Ultimate Booking Addon <= 1.0.1 - Authenticated (Subscriber+) Authentication Bypass	LOW	*-1.0.1		June 30, 2026
wedesigntech-ultimate-booking-addon	wedesigntech-ultimate-booking-addon	N/A	WeDesignTech Ultimate Booking Addon <= 1.0.1 - Authentication Bypass	LOW	*-1.0.1		June 30, 2026
siteguard	siteguard	N/A	SiteGuard WP Plugin <= 1.7.9 - Missing Authorization	LOW	*-1.7.9	1.7.10	June 30, 2026
really-simple-ssl-pro	really-simple-ssl-pro	N/A	Really Simple Security Pro <= 9.5.4.0 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-9.5.4.0	9.5.4.1	June 30, 2026
profile-builder-pro	profile-builder-pro	N/A	Profile Builder Pro < 3.14.0 - Unauthenticated SQL Injection	LOW	[*, 3.14.0)	3.14.0	June 30, 2026
my-tickets	my-tickets	N/A	My Tickets – Accessible Event Ticketing <= 2.1.0 - Unauthenticated Information Exposure	LOW	*-2.1.0	2.1.1	June 30, 2026
free-vehicle-data-uk	free-vehicle-data-uk	91	Rapid Car Check Vehicle Data <= 2.1.2 - Missing Authorization	LOW	*-2.1.2	2.1.3	June 30, 2026
eshipper-commerce	eshipper-commerce	93	eShipper Commerce <= 2.16.12 - Missing Authorization	LOW	*-2.16.12	2.16.13	June 30, 2026
eagle-booking	eagle-booking	87	Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.3.4.3		June 30, 2026
directory-pro	directory-pro	86	Directory Pro <= 2.5.6 - Missing Authorization	LOW	*-2.5.6		June 30, 2026
designthemes-directory-addon	designthemes-directory-addon	91	DesignThemes Directory Addon <= 1.8 - Missing Authorization	LOW	*-1.8		June 30, 2026
designthemes-booking-manager	designthemes-booking-manager	91	DesignThemes Booking Manager <= 2.0 - Missing Authorization	LOW	*-2.0		June 30, 2026
cryptocurrency-donation-box	cryptocurrency-donation-box	91	Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.13 - Missing Authorization	LOW	*-2.2.13		June 30, 2026
classified-listing	classified-listing	93	Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.4 - Authenticated (Subscriber+) Sensitive Data Exposure	LOW	*-5.3.4	5.3.5	June 30, 2026
author-avatars	author-avatars	91	Author Avatars List/Block <= 2.1.25 - Missing Authorization	LOW	*-2.1.25		June 30, 2026
woo-smart-wishlist	woo-smart-wishlist	N/A	WPC Smart Wishlist for WooCommerce <= 5.0.8 - Missing Authorization	LOW	*-5.0.8	5.0.9	June 30, 2026
woo-product-bundle	woo-product-bundle	N/A	WPC Product Bundles for WooCommerce <= 8.4.5 - Missing Authorization	LOW	*-8.4.5	8.4.6	June 30, 2026
the-moneytizer	the-moneytizer	N/A	The Moneytizer <= 10.0.10 - Missing Authorization	LOW	*-10.0.10		June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator <= 1.50.2 - Missing Authorization	LOW	*-1.50.2	1.50.3	June 30, 2026
directorist	directorist	93	Directorist <= 8.5.10 - Missing Authorization	LOW	*-8.5.10	8.6.1	June 30, 2026
bsk-pdf-manager	bsk-pdf-manager	91	BSK PDF Manager <= 3.7.2 - Unauthenticated Information Exposure	LOW	*-3.7.2		June 30, 2026
brizy	brizy	93	Brizy <= 2.7.23 - Missing Authorization	LOW	*-2.7.23	2.7.24	June 30, 2026
the-plus-addons-for-elementor-page-builder	the-plus-addons-for-elementor-page-builder	N/A	The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay	LOW	*-6.4.7	6.4.8	June 30, 2026
toocheke-companion	toocheke-companion	N/A	Toocheke Companion <= 1.194 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.194	1.195	June 30, 2026
studio99-wp-monitor	studio99-wp-monitor	N/A	Studio99 WP Monitor <= 1.0.3 - Missing Authorization	LOW	*-1.0.3	1.0.4	June 30, 2026
sprout-invoices	sprout-invoices	N/A	Client Invoicing by Sprout Invoices <= 20.8.9 - Authenticated (Author+) Local File Inclusion	LOW	*-20.8.9	20.8.10	June 30, 2026
linkpizza-manager	linkpizza-manager	93	linkPizza-Manager <= 5.5.5 - Missing Authorization	LOW	*-5.5.5	5.6.0	June 30, 2026
garden-gnome-package	garden-gnome-package	93	Garden Gnome Package <= 2.5.1 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-2.5.1	2.5.2	June 30, 2026
diet-calorie-calculator	diet-calorie-calculator	91	Diet Calorie Calculator <= 1.1.1 - Missing Authorization	LOW	*-1.1.1		June 30, 2026
ays-slider	ays-slider	93	Image Slider by Ays <= 2.7.1 - Missing Authorization	LOW	*-2.7.1	2.7.2	June 30, 2026
wemail	wemail	N/A	weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion	LOW	*-2.0.7	2.0.8	June 30, 2026
ymc-smart-filter	ymc-smart-filter	N/A	Filter & Grids <= 3.5.1 - Missing Authorization	LOW	*-3.5.1	3.5.2	June 30, 2026
xpro-addons-beaver-builder-elementor	xpro-addons-beaver-builder-elementor	N/A	Xpro Addons For Beaver Builder – Lite <= 1.5.6 - Missing Authorization	LOW	*-1.5.6	1.5.7	June 30, 2026
woocommerce-wholesale-prices	woocommerce-wholesale-prices	N/A	Wholesale Suite <= 2.2.6 - Authenticated (Shop Manager) Privilege Escalation	LOW	*-2.2.6	2.2.7	June 30, 2026
woocommerce-wholesale-lead-capture	woocommerce-wholesale-lead-capture	N/A	Woocommerce Wholesale Lead Capture <= 2.0.3.1 - Unauthenticated Privilege Escalation	LOW	*-2.0.3.1	2.0.3.2	June 30, 2026
woocommerce-wholesale-lead-capture	woocommerce-wholesale-lead-capture	N/A	Woocommerce Wholesale Lead Capture <= 2.0.3.1 - Unauthenticated Arbitrary File Upload	LOW	*-2.0.3.1	2.0.3.2	June 30, 2026
woo-wallet	woo-wallet	N/A	TeraWallet – For WooCommerce <= 1.5.15 - Authenticated (Customer+) Race Condition	LOW	*-1.5.15	1.5.16	June 30, 2026
userfeedback-lite	userfeedback-lite	N/A	User Feedback <= 1.10.1 - Authenticated (Editor+) SQL Injection	LOW	*-1.10.1	1.11.0	June 30, 2026
tlp-team	tlp-team	N/A	Team <= 5.0.13 - Missing Authorization	LOW	*-5.0.13	5.0.14	June 30, 2026
media-library-assistant	media-library-assistant	93	Media LIbrary Assistant <= 3.32 - Authenticated (Contributor+) SQL Injection	LOW	*-3.32	3.33	June 30, 2026
image-optimization	image-optimization	93	Image Optimizer by Elementor <= 1.7.1 - Missing Authorization	LOW	*-1.7.1	1.7.2	June 30, 2026
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management	74	EventPrime <= 4.2.8.3 - Unauthenticated Information Exposure	LOW	*-4.2.8.3	4.2.8.4	June 30, 2026
capability-manager-enhanced	capability-manager-enhanced	93	PublishPress Capabilities <= 2.31.0 - Missing Authorization	LOW	*-2.31.0	2.32.0	June 30, 2026
booking-system	booking-system	91	Pinpoint Booking System <= 2.9.9.6.5 - Missing Authorization	LOW	*-2.9.9.6.5		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro <= 5.0 - Missing Authorization	LOW	*-5.0	5.1	June 30, 2026
master-addons	master-addons	93	Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text'	LOW	*-2.1.1	2.1.2	June 30, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-6.7.1.7	6.7.1.8	June 30, 2026
wp-lister-for-ebay	wp-lister-for-ebay	N/A	WP-Lister Lite for eBay <= 3.8.5 - Missing Authorization	LOW	*-3.8.5	3.8.6	June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion Affected: *-5.1.2 Patched: 5.1.3 Updated: June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration & Membership <= 5.1.2 - Authentication Bypass Affected: *-5.1.2 Patched: 5.1.3 Updated: June 30, 2026

LOW

tp2wp-importer

Score: N/A TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

Score: 93/100 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes Affected: *-3.9.2 Patched: Updated: June 30, 2026

LOW

wp-responsive-images

Score: N/A WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-social-meta

Score: N/A WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

custom-logo

Score: 91/100 Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting Affected: *-2.2 Patched: Updated: June 30, 2026

LOW

cost-calculator

Score: 91/100 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' Affected: *-2.3.1 Patched: Updated: June 30, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API Affected: *-6.15.16 Patched: 6.15.16.1 Updated: June 30, 2026

LOW

woo-coming-soon-product

Score: N/A WooCommerce Coming Soon Product with Countdown <= 5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-5.0 Patched: Updated: June 30, 2026

LOW

wedocs

Score: N/A weDocs <= 2.1.18 - Missing Authorization Affected: *-2.1.18 Patched: 2.2.1 Updated: June 30, 2026

LOW

wedesigntech-ultimate-booking-addon

Score: N/A WeDesignTech Ultimate Booking Addon <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

vc-autoresponder-addon

Score: N/A Bakery Autoresponder Addon <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

vc-autoresponder-addon

Score: N/A Bakery Autoresponder Addon <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS – eLearning and online course solution <= 3.9.5 - Missing Authorization Affected: *-3.9.5 Patched: 3.9.6 Updated: June 30, 2026

LOW

theatre

Score: N/A Theater for WordPress <= 0.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.19 Patched: 0.19.1 Updated: June 30, 2026

LOW

squeeze

Score: N/A Squeeze <= 1.7.7 - Authenticated (Subscriber+) Directory Traversal Affected: *-1.7.7 Patched: 1.7.8 Updated: June 30, 2026

LOW

riode-core

Score: N/A Riode Core <= 1.6.26 - Unauthenticated SQL Injection Affected: *-1.6.26 Patched: 1.6.27 Updated: June 30, 2026

LOW

responsive-posts-carousel-pro

Score: N/A Responsive Posts Carousel WordPress Plugin <= 15.1 - Missing Authorization Affected: *-15.1 Patched: Updated: June 30, 2026

LOW

powerpress

Score: N/A PowerPress Podcasting plugin by Blubrry <= 11.15.10 - Authenticated (Contributor+) PHP Object Injection Affected: *-11.15.10 Patched: 11.15.11 Updated: June 30, 2026

LOW

pochipp

Score: N/A Pochipp < 1.18.9 - Missing Authorization Affected: [*, 1.18.9) Patched: 1.18.9 Updated: June 30, 2026

LOW

permalink-manager

Score: N/A Permalink Manager Lite < 2.5.3 - Missing Authorization Affected: [*, 2.5.3) Patched: 2.5.3 Updated: June 30, 2026

LOW

PDF Poster – Display PDF Files with Custom Viewer

pdf-poster

Score: 96/100 PDF Poster <= 2.4.0 - Missing Authorization Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

inseri-core

Score: 91/100 Scientific and Interactive Blocks – inseri core <= 1.0.5 - Missing Authorization Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

gift-up

Score: 93/100 Gift Up Gift Cards for WordPress and WooCommerce <= 3.1.7 - Unauthenticated Server-Side Request Forgery Affected: *-3.1.7 Patched: 3.1.8 Updated: June 30, 2026

LOW

fsm-custom-featured-image-caption

Score: 91/100 FSM Custom Featured Image Caption <= 1.25.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.25.1 Patched: Updated: June 30, 2026

LOW

depart-deposit-and-part-payment-for-woo

Score: 93/100 DEPART <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

delicious-recipes

Score: 93/100 Delicious <= 1.9.5 - Missing Authorization Affected: *-1.9.5 Patched: 1.9.6 Updated: June 30, 2026

LOW

builderall-cheetah-for-wp

Score: 89/100 Builderall for WordPress <= 3.0.1 - Authenticated (Contributor+) Remote Code Execution Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

awa-plugins

Score: 91/100 Awa Plugins <= 1.4.4 - Reflected Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: June 30, 2026

LOW

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

Score: 82/100 AI Engine – The Chatbot, AI Framework & MCP for WordPress <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload Affected: *-3.3.2 Patched: 3.3.3 Updated: June 30, 2026

LOW

advanced-woo-labels

Score: 97/100 Advanced Woo Labels <= 2.36 - Authenticated (Admin+) Remote Code Execution Affected: *-2.36 Patched: 2.37 Updated: June 30, 2026

LOW

post-duplicator

Score: N/A Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter Affected: *-3.0.8 Patched: 3.0.9 Updated: June 30, 2026

LOW

wp-recipe-maker

Score: N/A WP Recipe Maker <= 10.6.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-10.6.0 Patched: 10.6.1 Updated: June 30, 2026

LOW

disable-admin-notices

Score: 93/100 Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute Affected: *-5.0.1 Patched: 5.0.2 Updated: June 30, 2026

LOW

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026

LOW

advanced-woo-labels

Score: 97/100 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter Affected: *-2.36 Patched: 2.37 Updated: June 30, 2026

LOW

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter Affected: *-1.13.17 Patched: 1.13.18 Updated: June 30, 2026

LOW

wpgsi

Score: N/A WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token Affected: *-3.8.3 Patched: 3.8.4 Updated: June 30, 2026

LOW

rise-blocks

Score: N/A Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes Affected: *-3.7 Patched: Updated: June 30, 2026

LOW

woocommerce-order-details

Score: N/A WooCommerce Order Details <= 3.1 - Missing Authorization Affected: *-3.1 Patched: Updated: June 30, 2026

LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 2.9.1 - Unauthenticated Arbitrary Code Execution Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.4 Patched: 5.4.5 Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.2.3 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

social-networks-auto-poster-facebook-twitter-g

Score: N/A NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection Affected: *-4.4.7 Patched: Updated: June 30, 2026

LOW

embed-calendly-scheduling

Score: 93/100 Embed Calendly <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.4 Patched: 4.5 Updated: June 30, 2026

LOW

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Score: 95/100 ElementsKit Elementor addons Lite < 3.7.9 - Missing Authorization Affected: [*, 3.7.9) Patched: 3.7.9 Updated: June 30, 2026

LOW

designthemes-portfolio

Score: 91/100 DesignThemes Portfolio <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

Score: 88/100 Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty <= 3.5.1 - Unauthenticated Information Exposure Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026

LOW

wp-front-end-profile

Score: N/A Frontend Profile <= 1.3.9 - Missing Authorization Affected: *-1.3.9 Patched: Updated: June 30, 2026

LOW

woo-currency

Score: N/A WBW Currency Switcher for WooCommerce <= 2.2.5 - Missing Authorization Affected: *-2.2.5 Patched: 2.2.6 Updated: June 30, 2026

LOW

wedesigntech-ultimate-booking-addon

Score: N/A WeDesignTech Ultimate Booking Addon <= 1.0.1 - Authenticated (Subscriber+) Authentication Bypass Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

wedesigntech-ultimate-booking-addon

Score: N/A WeDesignTech Ultimate Booking Addon <= 1.0.1 - Authentication Bypass Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

siteguard

Score: N/A SiteGuard WP Plugin <= 1.7.9 - Missing Authorization Affected: *-1.7.9 Patched: 1.7.10 Updated: June 30, 2026

LOW

really-simple-ssl-pro

Score: N/A Really Simple Security Pro <= 9.5.4.0 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-9.5.4.0 Patched: 9.5.4.1 Updated: June 30, 2026

LOW

profile-builder-pro

Score: N/A Profile Builder Pro < 3.14.0 - Unauthenticated SQL Injection Affected: [*, 3.14.0) Patched: 3.14.0 Updated: June 30, 2026

LOW

my-tickets

Score: N/A My Tickets – Accessible Event Ticketing <= 2.1.0 - Unauthenticated Information Exposure Affected: *-2.1.0 Patched: 2.1.1 Updated: June 30, 2026

LOW

free-vehicle-data-uk

Score: 91/100 Rapid Car Check Vehicle Data <= 2.1.2 - Missing Authorization Affected: *-2.1.2 Patched: 2.1.3 Updated: June 30, 2026

LOW

eshipper-commerce

Score: 93/100 eShipper Commerce <= 2.16.12 - Missing Authorization Affected: *-2.16.12 Patched: 2.16.13 Updated: June 30, 2026

LOW

eagle-booking

Score: 87/100 Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.4.3 Patched: Updated: June 30, 2026

LOW

directory-pro

Score: 86/100 Directory Pro <= 2.5.6 - Missing Authorization Affected: *-2.5.6 Patched: Updated: June 30, 2026

LOW

designthemes-directory-addon

Score: 91/100 DesignThemes Directory Addon <= 1.8 - Missing Authorization Affected: *-1.8 Patched: Updated: June 30, 2026

LOW

designthemes-booking-manager

Score: 91/100 DesignThemes Booking Manager <= 2.0 - Missing Authorization Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

cryptocurrency-donation-box

Score: 91/100 Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.13 - Missing Authorization Affected: *-2.2.13 Patched: Updated: June 30, 2026

LOW

classified-listing

Score: 93/100 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.4 - Authenticated (Subscriber+) Sensitive Data Exposure Affected: *-5.3.4 Patched: 5.3.5 Updated: June 30, 2026

LOW

author-avatars

Score: 91/100 Author Avatars List/Block <= 2.1.25 - Missing Authorization Affected: *-2.1.25 Patched: Updated: June 30, 2026

LOW

woo-smart-wishlist

Score: N/A WPC Smart Wishlist for WooCommerce <= 5.0.8 - Missing Authorization Affected: *-5.0.8 Patched: 5.0.9 Updated: June 30, 2026

LOW

woo-product-bundle

Score: N/A WPC Product Bundles for WooCommerce <= 8.4.5 - Missing Authorization Affected: *-8.4.5 Patched: 8.4.6 Updated: June 30, 2026

LOW

the-moneytizer

Score: N/A The Moneytizer <= 10.0.10 - Missing Authorization Affected: *-10.0.10 Patched: Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator <= 1.50.2 - Missing Authorization Affected: *-1.50.2 Patched: 1.50.3 Updated: June 30, 2026

LOW

directorist

Score: 93/100 Directorist <= 8.5.10 - Missing Authorization Affected: *-8.5.10 Patched: 8.6.1 Updated: June 30, 2026

LOW

bsk-pdf-manager

Score: 91/100 BSK PDF Manager <= 3.7.2 - Unauthenticated Information Exposure Affected: *-3.7.2 Patched: Updated: June 30, 2026

LOW

brizy

Score: 93/100 Brizy <= 2.7.23 - Missing Authorization Affected: *-2.7.23 Patched: 2.7.24 Updated: June 30, 2026

LOW

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay Affected: *-6.4.7 Patched: 6.4.8 Updated: June 30, 2026

LOW

toocheke-companion

Score: N/A Toocheke Companion <= 1.194 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.194 Patched: 1.195 Updated: June 30, 2026

LOW

studio99-wp-monitor

Score: N/A Studio99 WP Monitor <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

sprout-invoices

Score: N/A Client Invoicing by Sprout Invoices <= 20.8.9 - Authenticated (Author+) Local File Inclusion Affected: *-20.8.9 Patched: 20.8.10 Updated: June 30, 2026

LOW

linkpizza-manager

Score: 93/100 linkPizza-Manager <= 5.5.5 - Missing Authorization Affected: *-5.5.5 Patched: 5.6.0 Updated: June 30, 2026

LOW

garden-gnome-package

Score: 93/100 Garden Gnome Package <= 2.5.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

diet-calorie-calculator

Score: 91/100 Diet Calorie Calculator <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

ays-slider

Score: 93/100 Image Slider by Ays <= 2.7.1 - Missing Authorization Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026

LOW

wemail

Score: N/A weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion Affected: *-2.0.7 Patched: 2.0.8 Updated: June 30, 2026

LOW

ymc-smart-filter

Score: N/A Filter & Grids <= 3.5.1 - Missing Authorization Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026

LOW

xpro-addons-beaver-builder-elementor

Score: N/A Xpro Addons For Beaver Builder – Lite <= 1.5.6 - Missing Authorization Affected: *-1.5.6 Patched: 1.5.7 Updated: June 30, 2026

LOW

woocommerce-wholesale-prices

Score: N/A Wholesale Suite <= 2.2.6 - Authenticated (Shop Manager) Privilege Escalation Affected: *-2.2.6 Patched: 2.2.7 Updated: June 30, 2026

LOW

woocommerce-wholesale-lead-capture

Score: N/A Woocommerce Wholesale Lead Capture <= 2.0.3.1 - Unauthenticated Privilege Escalation Affected: *-2.0.3.1 Patched: 2.0.3.2 Updated: June 30, 2026

LOW

woocommerce-wholesale-lead-capture

Score: N/A Woocommerce Wholesale Lead Capture <= 2.0.3.1 - Unauthenticated Arbitrary File Upload Affected: *-2.0.3.1 Patched: 2.0.3.2 Updated: June 30, 2026

LOW

woo-wallet

Score: N/A TeraWallet – For WooCommerce <= 1.5.15 - Authenticated (Customer+) Race Condition Affected: *-1.5.15 Patched: 1.5.16 Updated: June 30, 2026

LOW

userfeedback-lite

Score: N/A User Feedback <= 1.10.1 - Authenticated (Editor+) SQL Injection Affected: *-1.10.1 Patched: 1.11.0 Updated: June 30, 2026

LOW

tlp-team

Score: N/A Team <= 5.0.13 - Missing Authorization Affected: *-5.0.13 Patched: 5.0.14 Updated: June 30, 2026

LOW

media-library-assistant

Score: 93/100 Media LIbrary Assistant <= 3.32 - Authenticated (Contributor+) SQL Injection Affected: *-3.32 Patched: 3.33 Updated: June 30, 2026

LOW

image-optimization

Score: 93/100 Image Optimizer by Elementor <= 1.7.1 - Missing Authorization Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime <= 4.2.8.3 - Unauthenticated Information Exposure Affected: *-4.2.8.3 Patched: 4.2.8.4 Updated: June 30, 2026

LOW

capability-manager-enhanced

Score: 93/100 PublishPress Capabilities <= 2.31.0 - Missing Authorization Affected: *-2.31.0 Patched: 2.32.0 Updated: June 30, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System <= 2.9.9.6.5 - Missing Authorization Affected: *-2.9.9.6.5 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro <= 5.0 - Missing Authorization Affected: *-5.0 Patched: 5.1 Updated: June 30, 2026

LOW

master-addons

Score: 93/100 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-6.7.1.7 Patched: 6.7.1.8 Updated: June 30, 2026

LOW

wp-lister-for-ebay

Score: N/A WP-Lister Lite for eBay <= 3.8.5 - Missing Authorization Affected: *-3.8.5 Patched: 3.8.6 Updated: June 30, 2026

Showing 2401 to 2500 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 02:25 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List