Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
cookiemonster	cookiemonster	91	Cookie Monster <= 1.51 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.51		June 29, 2026
bp-social-connect	bp-social-connect	91	BP Social Connect <= 1.5 - Authentication Bypass	LOW	*-1.5	1.6.2	June 29, 2026
bnfw	bnfw	93	Better Notifications for WP <= 1.9.2 - Cross-Site Request Forgery via handle_actions	LOW	*-1.9.2	1.9.3	June 29, 2026
baidu-tongji-generator	baidu-tongji-generator	89	Baidu Tongji generator <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
yikes-inc-easy-mailchimp-extender	yikes-inc-easy-mailchimp-extender	N/A	Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error'	LOW	*-6.8.8	6.8.9	June 29, 2026
wp-security-audit-log-premium	wp-security-audit-log-premium	N/A	WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db	LOW	*-4.5.0	4.5.2	June 29, 2026
wp-security-audit-log-premium	wp-security-audit-log-premium	N/A	WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db	LOW	*-4.5.0	4.5.2	June 29, 2026
wp-security-audit-log-premium	wp-security-audit-log-premium	N/A	WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup	LOW	*-4.5.0	4.5.2	June 29, 2026
wp-security-audit-log-premium	wp-security-audit-log-premium	N/A	WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration	LOW	*-4.5.0	4.5.2	June 29, 2026
WP Activity Log	wp-security-audit-log	N/A	WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup	LOW	*-4.5.0	4.5.2	June 29, 2026
WP Activity Log	wp-security-audit-log	N/A	WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration	LOW	*-4.5.0	4.5.2	June 29, 2026
waiting	waiting	N/A	Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-0.6.2		June 29, 2026
mstore-api	mstore-api	N/A	MStore API <= 3.9.0 - Authentication Bypass	LOW	*-3.9.0	3.9.1	June 29, 2026
zotpress	zotpress	N/A	Zotpress <= 7.3.3 - Reflected Cross-Site Scripting	LOW	*-7.3.3	7.3.4	June 29, 2026
simple-page-ordering	simple-page-ordering	N/A	Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure	LOW	[*, 2.5.1)	2.5.1	June 29, 2026
ricerca-smart-search	ricerca-smart-search	N/A	Ricerca smart and advanced search <= 1.0.15 - Cross-Site Request Forgery	LOW	*-1.0.15	1.0.16	June 29, 2026
pixelyoursite-pro	pixelyoursite-pro	N/A	PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-9.6.1	9.6.2	June 29, 2026
pixelyoursite	pixelyoursite	N/A	PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-9.3.6	9.3.7	June 29, 2026
multiple-pages-generator-by-porthas	multiple-pages-generator-by-porthas	N/A	Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection	LOW	*-3.3.17	3.3.18	June 29, 2026
multiple-pages-generator-by-porthas	multiple-pages-generator-by-porthas	N/A	Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection	LOW	*-3.3.17	3.3.18	June 29, 2026
mobile-login-woocommerce	mobile-login-woocommerce	93	OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation	LOW	*-2.2	2.3	June 29, 2026
gallery-photo-gallery	gallery-photo-gallery	93	Photo Gallery by Ays <= 5.1.6 - Reflected Cross-Site Scripting	LOW	*-5.1.6	5.1.7	June 29, 2026
file-away	file-away	87	File Away <= 3.9.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.9.9.0.1		June 29, 2026
easing-slider	easing-slider	91	Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset	LOW	*-3.0.8		June 29, 2026
contact-form-to-email	contact-form-to-email	93	Contact Form Email <= 1.3.37 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.3.37	1.3.38	June 29, 2026
contact-form-by-supsystic	contact-form-by-supsystic	93	Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action	LOW	*-1.7.24	1.7.25	June 29, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty	chaty	88	Chaty <= 3.0.9 - Reflected Cross-Site Scripting	LOW	*-3.0.9	3.1	June 29, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty	chaty	88	Chaty <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.0.9	3.1	June 29, 2026
wp-sms	wp-sms	N/A	WP SMS <= 6.1.4 - Reflected Cross-Site Scripting via 'delete_mobile'	LOW	*-6.1.4	6.1.5	June 29, 2026
wp-responsive-video-gallery-with-lightbox	wp-responsive-video-gallery-with-lightbox	N/A	video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting	LOW	*-1.0.22	1.0.23	June 29, 2026
wp-custom-cursors	wp-custom-cursors	N/A	WP Custom Cursors < 3.2 - Cross-Site Request Forgery	LOW	[*, 3.2)	3.2	June 29, 2026
woocommerce-shipping-multiple-addresses	woocommerce-shipping-multiple-addresses	N/A	WooCommerce Ship to Multiple Addresses <= 3.8.3 - Insecure Direct Object Reference	LOW	*-3.8.3	3.8.4	June 29, 2026
woocommerce-product-recommendations	woocommerce-product-recommendations	N/A	WooCommerce Product Recommendations < 2.3.0 - Cross-Site Request Forgery	LOW	[*, 2.3.0)	2.3.0	June 29, 2026
woocommerce-product-addons	woocommerce-product-addons	N/A	WooCommerce Product Add-ons <= 6.1.3 - Cross-Site Request Forgery	LOW	*-6.1.3	6.2.0	June 29, 2026
woocommerce-product-addons	woocommerce-product-addons	N/A	WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection	LOW	*-6.1.3	6.2.0	June 29, 2026
woocommerce-pre-orders	woocommerce-pre-orders	N/A	WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting	LOW	*-1.9.0	2.0.0	June 29, 2026
woocommerce-pre-orders	woocommerce-pre-orders	N/A	WooCommerce Pre-Orders <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.0	2.0.1	June 29, 2026
woocommerce-composite-products	woocommerce-composite-products	N/A	WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting	LOW	*-8.7.5	8.7.6	June 29, 2026
woocommerce-brands	woocommerce-brands	N/A	WooCommerce Brands <= 1.6.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.6.45	1.6.46	June 29, 2026
woocommerce-bookings	woocommerce-bookings	N/A	WooCommerce Bookings <= 1.15.78 - Insecure Direct Object Reference	LOW	*-1.15.78	1.15.79	June 29, 2026
video-slider-with-thumbnails	video-slider-with-thumbnails	N/A	Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting	LOW	*-1.0.10	1.0.11	June 29, 2026
survey-maker	survey-maker	N/A	Survey Maker <= 3.4.6 - Reflected Cross-Site Scripting via 'page' parameter	LOW	*-3.4.6	3.4.7	June 29, 2026
stop-spammer-registrations-plugin	stop-spammer-registrations-plugin	N/A	Stop Spammers Security <= 2022.6 - Reflected Cross-Site Scripting	LOW	*-2022.6	2023	June 29, 2026
stop-spammer-registrations-plugin	stop-spammer-registrations-plugin	N/A	Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2022.6	2023	June 29, 2026
recaptcha-for-all	recaptcha-for-all	N/A	reCAPTCHA for all <= 1.22 - Missing Authorization via recaptcha_for_all_image_select	LOW	*-1.22	1.23	June 29, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.4.2.6 - Reflected Cross-Site Scripting	LOW	*-6.4.2.6	6.4.2.7	June 29, 2026
predictive-search	predictive-search	N/A	Predictive Search <= 1.2.2 - Missing Authorization	LOW	*-1.2.2	1.2.3	June 29, 2026
predictive-search	predictive-search	N/A	Predictive Search <= 1.2.2 - Missing Authorization	LOW	*-1.2.2	1.2.3	June 29, 2026
predictive-search	predictive-search	N/A	Predictive Search <= 1.2.2 - Missing Authorization	LOW	*-1.2.2	1.2.3	June 29, 2026
essential-addons-elementor	essential-addons-elementor	93	Essential Addons for Elementor Pro <= 5.4.8 - Unauthenticated Server-Side Request Forgery	LOW	*-5.4.8	5.4.9	June 29, 2026
essential-addons-elementor	essential-addons-elementor	93	Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting	LOW	*-5.4.8	5.4.9	June 29, 2026
drop-shadow-boxes	drop-shadow-boxes	93	Drop Shadow Boxes <= 1.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.10	1.7.11	June 29, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 5.2.1.0 - Authentication Bypass	LOW	*-5.2.1.0	5.2.1.1	June 29, 2026
custom-404-pro	custom-404-pro	91	Custom 404 Pro <= 3.8.1 - Reflected Cross-Site Scripting via 'page'	LOW	*-3.8.1	3.8.2	June 29, 2026
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages	convertkit	88	ConvertKit <= 2.2.0 - Reflected Cross-Site Scripting	LOW	*-2.2.0	2.2.1	June 29, 2026
automatewoo	automatewoo	93	AutomateWoo <= 5.7.1 - Cross-Site Request Forgery	LOW	*-5.7.1	5.7.2	June 29, 2026
automatewoo	automatewoo	93	AutomateWoo <= 5.7.1 - Authenticated (Shop manager+) SQL Injection	LOW	*-5.7.1	5.7.2	June 29, 2026
wp-register-profile-with-shortcode	wp-register-profile-with-shortcode	N/A	WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.5.7	3.5.8	June 29, 2026
wp-reactions-lite	wp-reactions-lite	N/A	WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action	LOW	*-1.3.8	1.3.9	June 29, 2026
wp-multi-store-locator	wp-multi-store-locator	N/A	WP Multi Store Locator <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.9	2.5.1	June 29, 2026
wp-all-backup	wp-all-backup	N/A	WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification	LOW	*-2.4.3		June 29, 2026
weebotlite	weebotlite	N/A	weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-1.0.0		June 29, 2026
smart-donations	smart-donations	N/A	Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting	LOW	*-4.0.12		June 29, 2026
quick-pagepost-redirect-plugin	quick-pagepost-redirect-plugin	N/A	Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-5.2.3	5.2.4	June 29, 2026
product-page-shipping-calculator-for-woocommerce	product-page-shipping-calculator-for-woocommerce	N/A	Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings	LOW	*-1.3.25	1.3.26	June 29, 2026
post-state-tags	post-state-tags	N/A	Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset	LOW	*-2.0.6		June 29, 2026
peepso-core	peepso-core	N/A	Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication	LOW	*-6.0.9.0	6.1.0.0	June 29, 2026
lokalyze-call-now	lokalyze-call-now	91	CALL ME NOW <= 3.0 - Cross-Site Request Forgery	LOW	*-3.0		June 29, 2026
ldap-login-for-intranet-sites	ldap-login-for-intranet-sites	93	Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection	LOW	*-4.1.4	4.1.5	June 29, 2026
ldap-login-for-intranet-sites	ldap-login-for-intranet-sites	93	Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection	LOW	*-4.1.4	4.1.5	June 29, 2026
itempropwp	itempropwp	91	itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.5.201706131		June 29, 2026
iframe-popup	iframe-popup	91	iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-3.3		June 29, 2026
hyphenator	hyphenator	91	Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update	LOW	*-5.1.5		June 29, 2026
get-your-number	get-your-number	91	Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.3		June 29, 2026
featured-image-pro	featured-image-pro	93	Featured Image Pro Post Grid <= 5.14 - Reflected Cross-Site Scripting via page	LOW	*-5.14	5.15	June 29, 2026
fast-search-powered-by-solr	fast-search-powered-by-solr	89	Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.2		June 29, 2026
fast-search-powered-by-solr	fast-search-powered-by-solr	89	Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-1.0.2		June 29, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor <= 3.13.1 - Missing Authorization to Settings Update	LOW	*-3.13.1	3.13.2	June 29, 2026
Download Manager	download-manager	63	Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.2.70	3.2.71	June 29, 2026
d-bargain	d-bargain	93	DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-3.0.0	4.0.0	June 29, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change	LOW	*-5.2.0.5	5.2.1.0	June 29, 2026
currency-switcher	currency-switcher	93	WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion	LOW	*-1.1.9	1.2.0	June 29, 2026
currency-switcher	currency-switcher	93	WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.9	1.2.0	June 29, 2026
currency-switcher	currency-switcher	93	WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing	LOW	*-1.1.9	1.2.0	June 29, 2026
currency-switcher	currency-switcher	93	WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation	LOW	*-1.1.9	1.2.0	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via maybe_install_suggested_plugins	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_create_pages	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_duplicate_cookiebanner	LOW	*-6.4.4	6.4.5	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner	LOW	*-6.4.4	6.4.5	June 29, 2026
column-matic	column-matic	91	Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.3		June 29, 2026
button	button	93	Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.22	1.1.23	June 29, 2026
booking-ultra-pro	booking-ultra-pro	91	Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings	LOW	*-1.1.6	1.1.7	June 29, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection	LOW	*-5.0.4	5.0.5	June 29, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting	LOW	*-5.0.4	5.0.5	June 29, 2026
wp-chatbot	wp-chatbot	N/A	WP-Chatbot for Messenger <= 4.7 - Missing Authorization	LOW	*-4.7	4.8	June 29, 2026

LOW

cookiemonster

Score: 91/100 Cookie Monster <= 1.51 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.51 Patched: Updated: June 29, 2026

LOW

bp-social-connect

Score: 91/100 BP Social Connect <= 1.5 - Authentication Bypass Affected: *-1.5 Patched: 1.6.2 Updated: June 29, 2026

LOW

bnfw

Score: 93/100 Better Notifications for WP <= 1.9.2 - Cross-Site Request Forgery via handle_actions Affected: *-1.9.2 Patched: 1.9.3 Updated: June 29, 2026

LOW

baidu-tongji-generator

Score: 89/100 Baidu Tongji generator <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

yikes-inc-easy-mailchimp-extender

Score: N/A Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error' Affected: *-6.8.8 Patched: 6.8.9 Updated: June 29, 2026

LOW

wp-security-audit-log-premium

Score: N/A WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db Affected: *-4.5.0 Patched: 4.5.2 Updated: June 29, 2026

LOW

wp-security-audit-log-premium

Score: N/A WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db Affected: *-4.5.0 Patched: 4.5.2 Updated: June 29, 2026

LOW

wp-security-audit-log-premium

Score: N/A WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup Affected: *-4.5.0 Patched: 4.5.2 Updated: June 29, 2026

LOW

wp-security-audit-log-premium

Score: N/A WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration Affected: *-4.5.0 Patched: 4.5.2 Updated: June 29, 2026

LOW

WP Activity Log

wp-security-audit-log

Score: N/A WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup Affected: *-4.5.0 Patched: 4.5.2 Updated: June 29, 2026

LOW

WP Activity Log

wp-security-audit-log

Score: N/A WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration Affected: *-4.5.0 Patched: 4.5.2 Updated: June 29, 2026

LOW

waiting

Score: N/A Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.6.2 Patched: Updated: June 29, 2026

LOW

mstore-api

Score: N/A MStore API <= 3.9.0 - Authentication Bypass Affected: *-3.9.0 Patched: 3.9.1 Updated: June 29, 2026

LOW

zotpress

Score: N/A Zotpress <= 7.3.3 - Reflected Cross-Site Scripting Affected: *-7.3.3 Patched: 7.3.4 Updated: June 29, 2026

LOW

simple-page-ordering

Score: N/A Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure Affected: [*, 2.5.1) Patched: 2.5.1 Updated: June 29, 2026

LOW

ricerca-smart-search

Score: N/A Ricerca smart and advanced search <= 1.0.15 - Cross-Site Request Forgery Affected: *-1.0.15 Patched: 1.0.16 Updated: June 29, 2026

LOW

pixelyoursite-pro

Score: N/A PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-9.6.1 Patched: 9.6.2 Updated: June 29, 2026

LOW

pixelyoursite

Score: N/A PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-9.3.6 Patched: 9.3.7 Updated: June 29, 2026

LOW

multiple-pages-generator-by-porthas

Score: N/A Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection Affected: *-3.3.17 Patched: 3.3.18 Updated: June 29, 2026

LOW

multiple-pages-generator-by-porthas

Score: N/A Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection Affected: *-3.3.17 Patched: 3.3.18 Updated: June 29, 2026

LOW

mobile-login-woocommerce

Score: 93/100 OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation Affected: *-2.2 Patched: 2.3 Updated: June 29, 2026

LOW

gallery-photo-gallery

Score: 93/100 Photo Gallery by Ays <= 5.1.6 - Reflected Cross-Site Scripting Affected: *-5.1.6 Patched: 5.1.7 Updated: June 29, 2026

LOW

file-away

Score: 87/100 File Away <= 3.9.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.9.9.0.1 Patched: Updated: June 29, 2026

LOW

easing-slider

Score: 91/100 Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset Affected: *-3.0.8 Patched: Updated: June 29, 2026

LOW

contact-form-to-email

Score: 93/100 Contact Form Email <= 1.3.37 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.37 Patched: 1.3.38 Updated: June 29, 2026

LOW

contact-form-by-supsystic

Score: 93/100 Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action Affected: *-1.7.24 Patched: 1.7.25 Updated: June 29, 2026

LOW

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

Score: 88/100 Chaty <= 3.0.9 - Reflected Cross-Site Scripting Affected: *-3.0.9 Patched: 3.1 Updated: June 29, 2026

LOW

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

Score: 88/100 Chaty <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.0.9 Patched: 3.1 Updated: June 29, 2026

LOW

wp-sms

Score: N/A WP SMS <= 6.1.4 - Reflected Cross-Site Scripting via 'delete_mobile' Affected: *-6.1.4 Patched: 6.1.5 Updated: June 29, 2026

LOW

wp-responsive-video-gallery-with-lightbox

Score: N/A video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting Affected: *-1.0.22 Patched: 1.0.23 Updated: June 29, 2026

LOW

wp-custom-cursors

Score: N/A WP Custom Cursors < 3.2 - Cross-Site Request Forgery Affected: [*, 3.2) Patched: 3.2 Updated: June 29, 2026

LOW

woocommerce-shipping-multiple-addresses

Score: N/A WooCommerce Ship to Multiple Addresses <= 3.8.3 - Insecure Direct Object Reference Affected: *-3.8.3 Patched: 3.8.4 Updated: June 29, 2026

LOW

woocommerce-product-recommendations

Score: N/A WooCommerce Product Recommendations < 2.3.0 - Cross-Site Request Forgery Affected: [*, 2.3.0) Patched: 2.3.0 Updated: June 29, 2026

LOW

woocommerce-product-addons

Score: N/A WooCommerce Product Add-ons <= 6.1.3 - Cross-Site Request Forgery Affected: *-6.1.3 Patched: 6.2.0 Updated: June 29, 2026

LOW

woocommerce-product-addons

Score: N/A WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection Affected: *-6.1.3 Patched: 6.2.0 Updated: June 29, 2026

LOW

woocommerce-pre-orders

Score: N/A WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting Affected: *-1.9.0 Patched: 2.0.0 Updated: June 29, 2026

LOW

woocommerce-pre-orders

Score: N/A WooCommerce Pre-Orders <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

woocommerce-composite-products

Score: N/A WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting Affected: *-8.7.5 Patched: 8.7.6 Updated: June 29, 2026

LOW

woocommerce-brands

Score: N/A WooCommerce Brands <= 1.6.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.6.45 Patched: 1.6.46 Updated: June 29, 2026

LOW

woocommerce-bookings

Score: N/A WooCommerce Bookings <= 1.15.78 - Insecure Direct Object Reference Affected: *-1.15.78 Patched: 1.15.79 Updated: June 29, 2026

LOW

video-slider-with-thumbnails

Score: N/A Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting Affected: *-1.0.10 Patched: 1.0.11 Updated: June 29, 2026

LOW

survey-maker

Score: N/A Survey Maker <= 3.4.6 - Reflected Cross-Site Scripting via 'page' parameter Affected: *-3.4.6 Patched: 3.4.7 Updated: June 29, 2026

LOW

stop-spammer-registrations-plugin

Score: N/A Stop Spammers Security <= 2022.6 - Reflected Cross-Site Scripting Affected: *-2022.6 Patched: 2023 Updated: June 29, 2026

LOW

stop-spammer-registrations-plugin

Score: N/A Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2022.6 Patched: 2023 Updated: June 29, 2026

LOW

recaptcha-for-all

Score: N/A reCAPTCHA for all <= 1.22 - Missing Authorization via recaptcha_for_all_image_select Affected: *-1.22 Patched: 1.23 Updated: June 29, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.4.2.6 - Reflected Cross-Site Scripting Affected: *-6.4.2.6 Patched: 6.4.2.7 Updated: June 29, 2026

LOW

predictive-search

Score: N/A Predictive Search <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: June 29, 2026

LOW

predictive-search

Score: N/A Predictive Search <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: June 29, 2026

LOW

predictive-search

Score: N/A Predictive Search <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: June 29, 2026

LOW

essential-addons-elementor

Score: 93/100 Essential Addons for Elementor Pro <= 5.4.8 - Unauthenticated Server-Side Request Forgery Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

essential-addons-elementor

Score: 93/100 Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting Affected: *-5.4.8 Patched: 5.4.9 Updated: June 29, 2026

LOW

drop-shadow-boxes

Score: 93/100 Drop Shadow Boxes <= 1.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.10 Patched: 1.7.11 Updated: June 29, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 5.2.1.0 - Authentication Bypass Affected: *-5.2.1.0 Patched: 5.2.1.1 Updated: June 29, 2026

LOW

custom-404-pro

Score: 91/100 Custom 404 Pro <= 3.8.1 - Reflected Cross-Site Scripting via 'page' Affected: *-3.8.1 Patched: 3.8.2 Updated: June 29, 2026

LOW

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Score: 88/100 ConvertKit <= 2.2.0 - Reflected Cross-Site Scripting Affected: *-2.2.0 Patched: 2.2.1 Updated: June 29, 2026

LOW

automatewoo

Score: 93/100 AutomateWoo <= 5.7.1 - Cross-Site Request Forgery Affected: *-5.7.1 Patched: 5.7.2 Updated: June 29, 2026

LOW

automatewoo

Score: 93/100 AutomateWoo <= 5.7.1 - Authenticated (Shop manager+) SQL Injection Affected: *-5.7.1 Patched: 5.7.2 Updated: June 29, 2026

LOW

wp-register-profile-with-shortcode

Score: N/A WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5.7 Patched: 3.5.8 Updated: June 29, 2026

LOW

wp-reactions-lite

Score: N/A WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action Affected: *-1.3.8 Patched: 1.3.9 Updated: June 29, 2026

LOW

wp-multi-store-locator

Score: N/A WP Multi Store Locator <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.9 Patched: 2.5.1 Updated: June 29, 2026

LOW

wp-all-backup

Score: N/A WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification Affected: *-2.4.3 Patched: Updated: June 29, 2026

LOW

weebotlite

Score: N/A weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

smart-donations

Score: N/A Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting Affected: *-4.0.12 Patched: Updated: June 29, 2026

LOW

quick-pagepost-redirect-plugin

Score: N/A Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-5.2.3 Patched: 5.2.4 Updated: June 29, 2026

LOW

product-page-shipping-calculator-for-woocommerce

Score: N/A Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-1.3.25 Patched: 1.3.26 Updated: June 29, 2026

LOW

post-state-tags

Score: N/A Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset Affected: *-2.0.6 Patched: Updated: June 29, 2026

LOW

peepso-core

Score: N/A Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication Affected: *-6.0.9.0 Patched: 6.1.0.0 Updated: June 29, 2026

LOW

lokalyze-call-now

Score: 91/100 CALL ME NOW <= 3.0 - Cross-Site Request Forgery Affected: *-3.0 Patched: Updated: June 29, 2026

LOW

ldap-login-for-intranet-sites

Score: 93/100 Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection Affected: *-4.1.4 Patched: 4.1.5 Updated: June 29, 2026

LOW

ldap-login-for-intranet-sites

Score: 93/100 Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection Affected: *-4.1.4 Patched: 4.1.5 Updated: June 29, 2026

LOW

itempropwp

Score: 91/100 itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5.201706131 Patched: Updated: June 29, 2026

LOW

iframe-popup

Score: 91/100 iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-3.3 Patched: Updated: June 29, 2026

LOW

hyphenator

Score: 91/100 Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update Affected: *-5.1.5 Patched: Updated: June 29, 2026

LOW

get-your-number

Score: 91/100 Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 29, 2026

LOW

featured-image-pro

Score: 93/100 Featured Image Pro Post Grid <= 5.14 - Reflected Cross-Site Scripting via page Affected: *-5.14 Patched: 5.15 Updated: June 29, 2026

LOW

fast-search-powered-by-solr

Score: 89/100 Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

fast-search-powered-by-solr

Score: 89/100 Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor <= 3.13.1 - Missing Authorization to Settings Update Affected: *-3.13.1 Patched: 3.13.2 Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.2.70 Patched: 3.2.71 Updated: June 29, 2026

LOW

d-bargain

Score: 93/100 DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-3.0.0 Patched: 4.0.0 Updated: June 29, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change Affected: *-5.2.0.5 Patched: 5.2.1.0 Updated: June 29, 2026

LOW

currency-switcher

Score: 93/100 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion Affected: *-1.1.9 Patched: 1.2.0 Updated: June 29, 2026

LOW

currency-switcher

Score: 93/100 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.9 Patched: 1.2.0 Updated: June 29, 2026

LOW

currency-switcher

Score: 93/100 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing Affected: *-1.1.9 Patched: 1.2.0 Updated: June 29, 2026

LOW

currency-switcher

Score: 93/100 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation Affected: *-1.1.9 Patched: 1.2.0 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via maybe_install_suggested_plugins Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_create_pages Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_duplicate_cookiebanner Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner Affected: *-6.4.4 Patched: 6.4.5 Updated: June 29, 2026

LOW

column-matic

Score: 91/100 Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: June 29, 2026

LOW

button

Score: 93/100 Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.22 Patched: 1.1.23 Updated: June 29, 2026

LOW

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings Affected: *-1.1.6 Patched: 1.1.7 Updated: June 29, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection Affected: *-5.0.4 Patched: 5.0.5 Updated: June 29, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting Affected: *-5.0.4 Patched: 5.0.5 Updated: June 29, 2026

LOW

wp-chatbot

Score: N/A WP-Chatbot for Messenger <= 4.7 - Missing Authorization Affected: *-4.7 Patched: 4.8 Updated: June 29, 2026

Showing 25101 to 25200 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 23:17 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List