Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36280

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
directorist	directorist	93	Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation	LOW	*-7.5.4	7.5.5	June 29, 2026
directorist	directorist	93	Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task	LOW	*-7.5.4	7.5.5	June 29, 2026
bookly-responsive-appointment-booking-tool	bookly-responsive-appointment-booking-tool	93	Bookly <= 21.7 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	21.7	21.8	June 29, 2026
wp-report-post	wp-report-post	N/A	WP Report Post <= 2.1.2 - Cross-Site Request Forgery	LOW	*-2.1.2		June 29, 2026
wp-full-auto-tags-manager	wp-full-auto-tags-manager	N/A	WP Full Auto Tags Manager <= 2.2 - Cross-Site Request Forgery	LOW	*-2.2		June 29, 2026
wp-cachecom	wp-cachecom	N/A	WP-Cache.com <= 1.1.1 - Cross-Site Request Forgery	LOW	*-1.1.1		June 29, 2026
wordpress-social-login	wordpress-social-login	N/A	WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.0.4		June 29, 2026
wordpress-social-login	wordpress-social-login	N/A	WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting	LOW	*-3.0.4		June 29, 2026
woocommerce-bulk-order-form	woocommerce-bulk-order-form	N/A	Quick/Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting	LOW	*-3.5.7	3.6.0	June 29, 2026
wc-donation-platform	wc-donation-platform	N/A	Donation Platform for WooCommerce: Fundraising & Donation Management <= 1.2.9 - Cross-Site Request Forgery to Survey Submission	LOW	[*, 1.2.10)	1.2.10	June 29, 2026
ts-webfonts-for-sakura	ts-webfonts-for-sakura	N/A	TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery	LOW	*-3.1.1	3.1.2	June 29, 2026
tpg-redirect	tpg-redirect	N/A	TPG Redirect <= 1.0.7 - Cross-Site Request Forgery	LOW	*-1.0.7	1.0.8	June 29, 2026
reviewx	reviewx	N/A	ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.6.13	1.6.14	June 29, 2026
malinky-ajax-pagination	malinky-ajax-pagination	91	Ajax Pagination and Infinite Scroll <= 2.0.1 - Cross-Site Request Forgery	LOW	*-2.0.1		June 29, 2026
lws-hide-login	lws-hide-login	93	LWS Hide Login <= 2.1.6 - Cross-Site Request Forgery	LOW	*-2.1.6	2.1.7	June 29, 2026
formidable	formidable	93	Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation	LOW	[*, 6.3.1)	6.3.1	June 29, 2026
floating-action-button	floating-action-button	93	Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery to Settings Modification	LOW	*-1.2.1	1.2.2	June 29, 2026
file-manager-advanced-shortcode	file-manager-advanced-shortcode	93	File Manager Advanced Shortcode WordPress <= 2.3.2 - Unauthenticated Arbitrary File Upload to Remote Code Execution via Shortcode	LOW	*-2.3.2	2.4	June 29, 2026
dynamic-qr-code-generator	dynamic-qr-code-generator	91	Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting	LOW	*-0.0.5		June 29, 2026
counter-yandex-metrica	counter-yandex-metrica	91	Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.3		June 29, 2026
brizy	brizy	93	Brizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism Bypass	LOW	*-2.4.18	2.4.19	June 29, 2026
bbp-toolkit	bbp-toolkit	89	bbPress Toolkit <= 1.0.12 - Cross-Site Scripting	LOW	*-1.0.12		June 29, 2026
bbp-toolkit	bbp-toolkit	89	bbPress Toolkit <= 1.0.12 - Cross-Site Request Forgery	LOW	*-1.0.12		June 29, 2026
wp-worthy	wp-worthy	N/A	Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery	LOW	* - 1.6.5-6497609	1.7.0-0cde1c2	June 29, 2026
wp-report-post	wp-report-post	N/A	WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection	LOW	*-2.1.2		June 29, 2026
wp-nested-pages	wp-nested-pages	N/A	Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset	LOW	*-3.2.3	3.2.4	June 29, 2026
wp-cirrus	wp-cirrus	N/A	WP-Cirrus <= 0.6.11 - Cross-Site Request Forgery	LOW	*-0.6.11		June 29, 2026
wordpress-nextgen-galleryview	wordpress-nextgen-galleryview	N/A	NextGen GalleryView <= 0.5.5 - Cross-Site Request Forgery	LOW	*-0.5.5		June 29, 2026
wordapp	wordapp	95	Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature	LOW	*-1.6.0	1.7.0	June 29, 2026
woocommerce-order-address-print	woocommerce-order-address-print	N/A	Woocommerce Order address Print <= 3.2 - Reflected Cross-Site Scripting	LOW	*-3.2		June 29, 2026
woocommerce-bulk-order-form	woocommerce-bulk-order-form	N/A	Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.5.7	3.6.0	June 29, 2026
unite-gallery-lite	unite-gallery-lite	N/A	Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7.61	1.7.62	June 29, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member	N/A	Ultimate Member <= 2.6.0 - Cross-Site Request Forgery to Form Duplication	LOW	*-2.6.0	2.6.1	June 29, 2026
tutor	tutor	N/A	Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection	LOW	*-2.2.0	2.2.1	June 29, 2026
tutor	tutor	N/A	Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection	LOW	*-2.1.10	2.2.0	June 29, 2026
tutor	tutor	N/A	Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection	LOW	*-2.1.10	2.2.0	June 29, 2026
login-configurator	login-configurator	87	Login Configurator <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1		June 29, 2026
lh-password-changer	lh-password-changer	91	LH Password Changer <= 1.55 - Cross-Site Request Forgery	LOW	*-1.55		June 29, 2026
Jetpack – WP Security, Backup, Speed, & Growth	jetpack	69	Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation	LOW	10.0, 10.1, 10.2-10.2.1, 10.3, 10.4, 10.5-10.5.1	10.0.1	June 29, 2026
headless-cms	headless-cms	91	Headless CMS <= 2.0.3 - Missing Authorization	LOW	*-2.0.3		June 29, 2026
groundhogg	groundhogg	93	Groundhogg <= 2.7.11 - Cross-Site Request Forgery	LOW	*-2.7.11	2.7.11.1	June 29, 2026
groundhogg	groundhogg	93	Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection	LOW	*-2.7.11	2.7.11.1	June 29, 2026
free-google-fonts	free-google-fonts	93	Google Fonts For WordPress <= 3.0.0 - Reflected Cross-Site Scripting	LOW	*-3.0.0	3.0.1	June 29, 2026
feather-login-page	feather-login-page	91	Feather Login Page 1.0.7 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation	LOW	1.0.7-1.1.1	1.1.2	June 29, 2026
feather-login-page	feather-login-page	91	Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Non-Arbitrary User Deletion	LOW	1.0.7-1.1.1	1.1.2	June 29, 2026
feather-login-page	feather-login-page	91	Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Authentication Bypass and Privilege Escalation	LOW	1.0.7-1.1.1	1.1.2	June 29, 2026
favorites	favorites	91	Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.3.2	2.3.3	June 29, 2026
draw-attention	draw-attention	93	Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification	LOW	*-2.0.11	2.0.12	June 29, 2026
download-monitor	download-monitor	93	Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery	LOW	*-4.8.1	4.8.2	June 29, 2026
display-metadata	display-metadata	91	Display post meta, term meta, comment meta, and user meta <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
disable-update-notifications	disable-update-notifications	93	Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery	LOW	*-2.3.3	2.4.0	June 29, 2026
crm-perks-forms	crm-perks-forms	93	CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.1.1	1.1.2	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz \| GDPR/CCPA Cookie Consent <= 6.4.5 - Cross-Site Request Forgery	LOW	[*, 6.4.6)	6.4.6	June 29, 2026
chilexpress-oficial	chilexpress-oficial	91	Chilexpress woo oficial <= 1.2.9 - Reflected Cross-Site Scripting	LOW	*-1.2.9		June 29, 2026
call-now-icon-animate	call-now-icon-animate	91	Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.1.0		June 29, 2026
blog-in-blog	blog-in-blog	93	Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0.0	2.0.1	June 29, 2026
blog-in-blog	blog-in-blog	93	Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Local File Inclusion via Shortcode	LOW	*-2.0.0	2.0.1	June 29, 2026
bbs-e-popup	bbs-e-popup	89	BBS e-Popup <= 2.4.5 - Reflected Cross-Site Scripting	LOW	*-2.4.5		June 29, 2026
bbp-style-pack	bbp-style-pack	93	bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting	LOW	[*, 5.5.6)	5.5.6	June 29, 2026
telegram-bot	telegram-bot	N/A	Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.6.2	3.6.3	June 29, 2026
super-socializer	super-socializer	N/A	Social Share, Social Login and Social Comments <= 7.13.51 - Reflected Cross-Site Scripting	LOW	[*, 7.13.52)	7.13.52	June 29, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.7.3 - Unauthenticated PHP Object Injection	LOW	*-2.7.3	2.7.4	June 29, 2026
bulk-editor	bulk-editor	93	WOLF <= 1.0.7 - Cross-Site Request Forgery via create_profile	LOW	*-1.0.7	1.0.7.1	June 29, 2026
wp-easycart	wp-easycart	N/A	WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product	LOW	*-5.4.8	5.4.9	June 29, 2026
wp-easycart	wp-easycart	N/A	WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product	LOW	*-5.4.8	5.4.9	June 29, 2026
wp-easycart	wp-easycart	N/A	WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product	LOW	*-5.4.8	5.4.9	June 29, 2026
wp-easycart	wp-easycart	N/A	WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product	LOW	*-5.4.8	5.4.9	June 29, 2026
wp-easycart	wp-easycart	N/A	WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product	LOW	*-5.4.8	5.4.9	June 29, 2026
wp-easycart	wp-easycart	N/A	WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product	LOW	*-5.4.8	5.4.9	June 29, 2026
portfolio-gallery	portfolio-gallery	N/A	Portfolio Gallery – Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection	LOW	*-1.1.8	1.1.9	June 29, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action	LOW	*-1.1.9	1.2.0	June 29, 2026
slideonline	slideonline	N/A	SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.1		June 29, 2026
querywall	querywall	N/A	QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection	LOW	*-1.1.1		June 29, 2026
woocommerce-product-category-selection-widget	woocommerce-product-category-selection-widget	N/A	WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting	LOW	*-2.0		June 29, 2026
woo-sku-label-changer	woo-sku-label-changer	N/A	SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization	LOW	*-3.0	3.0.1	June 29, 2026
Product Gallery Slider, Additional Variation Images for WooCommerce	woo-product-gallery-slider	N/A	Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery	LOW	[*, 2.2.9)	2.2.9	June 29, 2026
video-contest	video-contest	N/A	Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery	LOW	*-3.2		June 29, 2026
video-contest	video-contest	N/A	Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2		June 29, 2026
user-activity-log	user-activity-log	N/A	User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch	LOW	*-1.6.2	1.6.3	June 29, 2026
this-day-in-history	this-day-in-history	N/A	This Day In History <= 3.10.1 - Reflected Cross-Site Scripting	LOW	*-3.10.1		June 29, 2026
recently-viewed-products	recently-viewed-products	N/A	Recently Viewed Products <= 1.0.0 - Unauthenticated PHP Object Injection	LOW	*-1.0.0		June 29, 2026
ip-metaboxes	ip-metaboxes	89	IP Metaboxes <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.1.1		June 29, 2026
ip-metaboxes	ip-metaboxes	89	IP Metaboxes <= 2.1.1 - Reflected Cross-Site Scripting	LOW	*-2.1.1		June 29, 2026
google-map-shortcode	google-map-shortcode	87	Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode	LOW	*-3.1.2		June 29, 2026
file-renaming-on-upload	file-renaming-on-upload	93	File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.5.1	2.5.2	June 29, 2026
Custom Twitter Feeds – A Tweets Widget or X Feed Widget	custom-twitter-feeds	75	Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery	LOW	[*, 2.0)	2.0	June 29, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.5.5	4.5.6	June 29, 2026
button-generation	button-generation	93	Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php	LOW	*-2.3.5	2.3.6	June 29, 2026
wpseo-local	wpseo-local	N/A	Yoast SEO: Local <= 14.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-14.9	15.0	June 29, 2026
wp-tiles	wp-tiles	N/A	WP Tiles <= 1.1.2 - Cross-Site Request Forgery	LOW	*-1.1.2		June 29, 2026
wp-migration-duplicator	wp-migration-duplicator	N/A	WordPress Backup & Migration <= 1.4.0 - Missing Authorization via wt_delete_schedule	LOW	*-1.4.0	1.4.1	June 29, 2026
wp-custom-cursors	wp-custom-cursors	N/A	WP Custom Cursors <= 3.1 - Authenticated (Admin+) SQL Injection	LOW	*-3.1	3.2	June 29, 2026
woocommerce-product-vendors	woocommerce-product-vendors	N/A	WooCommerce Product Vendors <= 2.1.76 - Reflected Cross-Site Scripting	LOW	*-2.1.76	2.1.77	June 29, 2026
woocommerce-product-vendors	woocommerce-product-vendors	N/A	WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection	LOW	*-2.1.76	2.1.77	June 29, 2026
woocommerce-follow-up-emails	woocommerce-follow-up-emails	N/A	WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection	LOW	*-4.9.50	4.9.51	June 29, 2026
utm-tracker	utm-tracker	N/A	UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.1		June 29, 2026
uncanny-automator	uncanny-automator	N/A	Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect	LOW	[*, 4.15)	4.15	June 29, 2026
tutor	tutor	N/A	Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions	LOW	*-2.1.8	2.1.9	June 29, 2026
resume-upload-form	resume-upload-form	N/A	Upload Resume <= 1.2.0 - Captcha Bypass via resume_upload_form	LOW	*-1.2.0		June 29, 2026
responsive-tabs-for-wpbakery	responsive-tabs-for-wpbakery	N/A	Responsive Tabs For WPBakery Page Builder <= 1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode	LOW	*-1.1		June 29, 2026

LOW

directorist

Score: 93/100 Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation Affected: *-7.5.4 Patched: 7.5.5 Updated: June 29, 2026

LOW

directorist

Score: 93/100 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task Affected: *-7.5.4 Patched: 7.5.5 Updated: June 29, 2026

LOW

bookly-responsive-appointment-booking-tool

Score: 93/100 Bookly <= 21.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: 21.7 Patched: 21.8 Updated: June 29, 2026

LOW

wp-report-post

Score: N/A WP Report Post <= 2.1.2 - Cross-Site Request Forgery Affected: *-2.1.2 Patched: Updated: June 29, 2026

LOW

wp-full-auto-tags-manager

Score: N/A WP Full Auto Tags Manager <= 2.2 - Cross-Site Request Forgery Affected: *-2.2 Patched: Updated: June 29, 2026

LOW

wp-cachecom

Score: N/A WP-Cache.com <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

wordpress-social-login

Score: N/A WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.4 Patched: Updated: June 29, 2026

LOW

wordpress-social-login

Score: N/A WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting Affected: *-3.0.4 Patched: Updated: June 29, 2026

LOW

woocommerce-bulk-order-form

Score: N/A Quick/Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: *-3.5.7 Patched: 3.6.0 Updated: June 29, 2026

LOW

wc-donation-platform

Score: N/A Donation Platform for WooCommerce: Fundraising & Donation Management <= 1.2.9 - Cross-Site Request Forgery to Survey Submission Affected: [*, 1.2.10) Patched: 1.2.10 Updated: June 29, 2026

LOW

ts-webfonts-for-sakura

Score: N/A TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery Affected: *-3.1.1 Patched: 3.1.2 Updated: June 29, 2026

LOW

tpg-redirect

Score: N/A TPG Redirect <= 1.0.7 - Cross-Site Request Forgery Affected: *-1.0.7 Patched: 1.0.8 Updated: June 29, 2026

LOW

reviewx

Score: N/A ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.6.13 Patched: 1.6.14 Updated: June 29, 2026

LOW

malinky-ajax-pagination

Score: 91/100 Ajax Pagination and Infinite Scroll <= 2.0.1 - Cross-Site Request Forgery Affected: *-2.0.1 Patched: Updated: June 29, 2026

LOW

lws-hide-login

Score: 93/100 LWS Hide Login <= 2.1.6 - Cross-Site Request Forgery Affected: *-2.1.6 Patched: 2.1.7 Updated: June 29, 2026

LOW

formidable

Score: 93/100 Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation Affected: [*, 6.3.1) Patched: 6.3.1 Updated: June 29, 2026

LOW

floating-action-button

Score: 93/100 Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery to Settings Modification Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

file-manager-advanced-shortcode

Score: 93/100 File Manager Advanced Shortcode WordPress <= 2.3.2 - Unauthenticated Arbitrary File Upload to Remote Code Execution via Shortcode Affected: *-2.3.2 Patched: 2.4 Updated: June 29, 2026

LOW

dynamic-qr-code-generator

Score: 91/100 Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting Affected: *-0.0.5 Patched: Updated: June 29, 2026

LOW

counter-yandex-metrica

Score: 91/100 Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: June 29, 2026

LOW

brizy

Score: 93/100 Brizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism Bypass Affected: *-2.4.18 Patched: 2.4.19 Updated: June 29, 2026

LOW

bbp-toolkit

Score: 89/100 bbPress Toolkit <= 1.0.12 - Cross-Site Scripting Affected: *-1.0.12 Patched: Updated: June 29, 2026

LOW

bbp-toolkit

Score: 89/100 bbPress Toolkit <= 1.0.12 - Cross-Site Request Forgery Affected: *-1.0.12 Patched: Updated: June 29, 2026

LOW

wp-worthy

Score: N/A Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery Affected: * - 1.6.5-6497609 Patched: 1.7.0-0cde1c2 Updated: June 29, 2026

LOW

wp-report-post

Score: N/A WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection Affected: *-2.1.2 Patched: Updated: June 29, 2026

LOW

wp-nested-pages

Score: N/A Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset Affected: *-3.2.3 Patched: 3.2.4 Updated: June 29, 2026

LOW

wp-cirrus

Score: N/A WP-Cirrus <= 0.6.11 - Cross-Site Request Forgery Affected: *-0.6.11 Patched: Updated: June 29, 2026

LOW

wordpress-nextgen-galleryview

Score: N/A NextGen GalleryView <= 0.5.5 - Cross-Site Request Forgery Affected: *-0.5.5 Patched: Updated: June 29, 2026

LOW

wordapp

Score: 95/100 Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature Affected: *-1.6.0 Patched: 1.7.0 Updated: June 29, 2026

LOW

woocommerce-order-address-print

Score: N/A Woocommerce Order address Print <= 3.2 - Reflected Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 29, 2026

LOW

woocommerce-bulk-order-form

Score: N/A Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5.7 Patched: 3.6.0 Updated: June 29, 2026

LOW

unite-gallery-lite

Score: N/A Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.61 Patched: 1.7.62 Updated: June 29, 2026

LOW

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Score: N/A Ultimate Member <= 2.6.0 - Cross-Site Request Forgery to Form Duplication Affected: *-2.6.0 Patched: 2.6.1 Updated: June 29, 2026

LOW

tutor

Score: N/A Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection Affected: *-2.2.0 Patched: 2.2.1 Updated: June 29, 2026

LOW

tutor

Score: N/A Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection Affected: *-2.1.10 Patched: 2.2.0 Updated: June 29, 2026

LOW

tutor

Score: N/A Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection Affected: *-2.1.10 Patched: 2.2.0 Updated: June 29, 2026

LOW

login-configurator

Score: 87/100 Login Configurator <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

lh-password-changer

Score: 91/100 LH Password Changer <= 1.55 - Cross-Site Request Forgery Affected: *-1.55 Patched: Updated: June 29, 2026

LOW

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Score: 69/100 Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation Affected: 10.0, 10.1, 10.2-10.2.1, 10.3, 10.4, 10.5-10.5.1 Patched: 10.0.1 Updated: June 29, 2026

LOW

headless-cms

Score: 91/100 Headless CMS <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: Updated: June 29, 2026

LOW

groundhogg

Score: 93/100 Groundhogg <= 2.7.11 - Cross-Site Request Forgery Affected: *-2.7.11 Patched: 2.7.11.1 Updated: June 29, 2026

LOW

groundhogg

Score: 93/100 Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection Affected: *-2.7.11 Patched: 2.7.11.1 Updated: June 29, 2026

LOW

free-google-fonts

Score: 93/100 Google Fonts For WordPress <= 3.0.0 - Reflected Cross-Site Scripting Affected: *-3.0.0 Patched: 3.0.1 Updated: June 29, 2026

LOW

feather-login-page

Score: 91/100 Feather Login Page 1.0.7 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation Affected: 1.0.7-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

feather-login-page

Score: 91/100 Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Non-Arbitrary User Deletion Affected: 1.0.7-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

feather-login-page

Score: 91/100 Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Authentication Bypass and Privilege Escalation Affected: 1.0.7-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

favorites

Score: 91/100 Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.2 Patched: 2.3.3 Updated: June 29, 2026

LOW

draw-attention

Score: 93/100 Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification Affected: *-2.0.11 Patched: 2.0.12 Updated: June 29, 2026

LOW

download-monitor

Score: 93/100 Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-4.8.1 Patched: 4.8.2 Updated: June 29, 2026

LOW

display-metadata

Score: 91/100 Display post meta, term meta, comment meta, and user meta <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

disable-update-notifications

Score: 93/100 Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery Affected: *-2.3.3 Patched: 2.4.0 Updated: June 29, 2026

LOW

crm-perks-forms

Score: 93/100 CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz | GDPR/CCPA Cookie Consent <= 6.4.5 - Cross-Site Request Forgery Affected: [*, 6.4.6) Patched: 6.4.6 Updated: June 29, 2026

LOW

chilexpress-oficial

Score: 91/100 Chilexpress woo oficial <= 1.2.9 - Reflected Cross-Site Scripting Affected: *-1.2.9 Patched: Updated: June 29, 2026

LOW

call-now-icon-animate

Score: 91/100 Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1.0 Patched: Updated: June 29, 2026

LOW

blog-in-blog

Score: 93/100 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

blog-in-blog

Score: 93/100 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Local File Inclusion via Shortcode Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

bbs-e-popup

Score: 89/100 BBS e-Popup <= 2.4.5 - Reflected Cross-Site Scripting Affected: *-2.4.5 Patched: Updated: June 29, 2026

LOW

bbp-style-pack

Score: 93/100 bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting Affected: [*, 5.5.6) Patched: 5.5.6 Updated: June 29, 2026

LOW

telegram-bot

Score: N/A Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.6.2 Patched: 3.6.3 Updated: June 29, 2026

LOW

super-socializer

Score: N/A Social Share, Social Login and Social Comments <= 7.13.51 - Reflected Cross-Site Scripting Affected: [*, 7.13.52) Patched: 7.13.52 Updated: June 29, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.7.3 - Unauthenticated PHP Object Injection Affected: *-2.7.3 Patched: 2.7.4 Updated: June 29, 2026

LOW

bulk-editor

Score: 93/100 WOLF <= 1.0.7 - Cross-Site Request Forgery via create_profile Affected: *-1.0.7 Patched: 1.0.7.1 Updated: June 29, 2026

LOW

wp-easycart

Score: N/A WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

wp-easycart

Score: N/A WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

wp-easycart

Score: N/A WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

wp-easycart

Score: N/A WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

wp-easycart

Score: N/A WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

wp-easycart

Score: N/A WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

portfolio-gallery

Score: N/A Portfolio Gallery – Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection Affected: *-1.1.8 Patched: 1.1.9 Updated: June 29, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action Affected: *-1.1.9 Patched: 1.2.0 Updated: June 29, 2026

LOW

slideonline

Score: N/A SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

querywall

Score: N/A QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

woocommerce-product-category-selection-widget

Score: N/A WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

woo-sku-label-changer

Score: N/A SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization Affected: *-3.0 Patched: 3.0.1 Updated: June 29, 2026

LOW

Product Gallery Slider, Additional Variation Images for WooCommerce

woo-product-gallery-slider

Score: N/A Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery Affected: [*, 2.2.9) Patched: 2.2.9 Updated: June 29, 2026

LOW

video-contest

Score: N/A Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery Affected: *-3.2 Patched: Updated: June 29, 2026

LOW

video-contest

Score: N/A Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 29, 2026

LOW

user-activity-log

Score: N/A User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch Affected: *-1.6.2 Patched: 1.6.3 Updated: June 29, 2026

LOW

this-day-in-history

Score: N/A This Day In History <= 3.10.1 - Reflected Cross-Site Scripting Affected: *-3.10.1 Patched: Updated: June 29, 2026

LOW

recently-viewed-products

Score: N/A Recently Viewed Products <= 1.0.0 - Unauthenticated PHP Object Injection Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

ip-metaboxes

Score: 89/100 IP Metaboxes <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: June 29, 2026

LOW

ip-metaboxes

Score: 89/100 IP Metaboxes <= 2.1.1 - Reflected Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: June 29, 2026

LOW

google-map-shortcode

Score: 87/100 Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-3.1.2 Patched: Updated: June 29, 2026

LOW

file-renaming-on-upload

Score: 93/100 File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.1 Patched: 2.5.2 Updated: June 29, 2026

LOW

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

custom-twitter-feeds

Score: 75/100 Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery Affected: [*, 2.0) Patched: 2.0 Updated: June 29, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5.5 Patched: 4.5.6 Updated: June 29, 2026

LOW

button-generation

Score: 93/100 Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php Affected: *-2.3.5 Patched: 2.3.6 Updated: June 29, 2026

LOW

wpseo-local

Score: N/A Yoast SEO: Local <= 14.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-14.9 Patched: 15.0 Updated: June 29, 2026

LOW

wp-tiles

Score: N/A WP Tiles <= 1.1.2 - Cross-Site Request Forgery Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

wp-migration-duplicator

Score: N/A WordPress Backup & Migration <= 1.4.0 - Missing Authorization via wt_delete_schedule Affected: *-1.4.0 Patched: 1.4.1 Updated: June 29, 2026

LOW

wp-custom-cursors

Score: N/A WP Custom Cursors <= 3.1 - Authenticated (Admin+) SQL Injection Affected: *-3.1 Patched: 3.2 Updated: June 29, 2026

LOW

woocommerce-product-vendors

Score: N/A WooCommerce Product Vendors <= 2.1.76 - Reflected Cross-Site Scripting Affected: *-2.1.76 Patched: 2.1.77 Updated: June 29, 2026

LOW

woocommerce-product-vendors

Score: N/A WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection Affected: *-2.1.76 Patched: 2.1.77 Updated: June 29, 2026

LOW

woocommerce-follow-up-emails

Score: N/A WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection Affected: *-4.9.50 Patched: 4.9.51 Updated: June 29, 2026

LOW

utm-tracker

Score: N/A UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: June 29, 2026

LOW

uncanny-automator

Score: N/A Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect Affected: [*, 4.15) Patched: 4.15 Updated: June 29, 2026

LOW

tutor

Score: N/A Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions Affected: *-2.1.8 Patched: 2.1.9 Updated: June 29, 2026

LOW

resume-upload-form

Score: N/A Upload Resume <= 1.2.0 - Captcha Bypass via resume_upload_form Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

responsive-tabs-for-wpbakery

Score: N/A Responsive Tabs For WPBakery Page Builder <= 1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-1.1 Patched: Updated: June 29, 2026

Showing 24901 to 25000 of 36280 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 20:20 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List