Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
woo-tipdonation	woo-tipdonation	N/A	Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.2		June 30, 2026
video-xml-sitemap-generator	video-xml-sitemap-generator	N/A	Video XML Sitemap Generator <= 1.0.0 - Cross-Site Request Forgery via video_sitemap_generate	LOW	*-1.0.0		June 30, 2026
updraft	updraft	N/A	Updraft <= 0.6.1 - Reflected Cross-Site Scripting via 'backup_timestamp'	LOW	*-0.6.1		June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id	LOW	*-3.1.23	3.1.24	June 30, 2026
tippy	tippy	N/A	Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode	LOW	*-6.2.1		June 30, 2026
stock-sync-for-woocommerce	stock-sync-for-woocommerce	N/A	Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter	LOW	*-2.4.0	2.4.1	June 30, 2026
shortcode-to-display-post-and-user-data	shortcode-to-display-post-and-user-data	N/A	Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode	LOW	*-1.2.0	1.2.1	June 30, 2026
rating-widget	rating-widget	N/A	Rating Widget <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes	LOW	*-3.2.0	3.2.1	June 30, 2026
push-notification-for-wp-by-pushassist	push-notification-for-wp-by-pushassist	N/A	Push Notifications for WordPress by PushAssist <= 3.0.8 - Reflected Cross-Site Scripting	LOW	*-3.0.8		June 30, 2026
progress-bar	progress-bar	N/A	Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode	LOW	*-2.1.6	2.2.0	June 30, 2026
ns-coupon-to-become-customer	ns-coupon-to-become-customer	N/A	NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.2.2		June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title'	LOW	*-3.6.21	3.6.22	June 30, 2026
inactive-user-deleter	inactive-user-deleter	93	Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions	LOW	*-1.59	1.60	June 30, 2026
http-headers	http-headers	87	HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection	LOW	*-1.18.8	1.18.9	June 30, 2026
giveasap	giveasap	91	Simple Giveaways <= 2.46 - Cross-Site Request Forgery	LOW	*-2.46	2.46.1	June 30, 2026
forms-ada-form-builder	forms-ada-form-builder	91	Forms Ada <= 1.0 - Reflected Cross-Site Scripting via 'p' parameter	LOW	*-1.0		June 30, 2026
extensions-leaflet-map	extensions-leaflet-map	93	Extensions for Leaflet Map <= 3.4.1 - Reflected Cross-Site Scripting	LOW	*-3.4.1	3.4.2	June 30, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'	LOW	[*, 3.12.2)	3.12.2	June 30, 2026
dynamically-register-sidebars	dynamically-register-sidebars	91	Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.0.1		June 30, 2026
decon-wp-sms	decon-wp-sms	91	Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.1		June 30, 2026
crm-memberships	crm-memberships	91	CRM Memberships <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-2.2	2.5	June 30, 2026
chronosly-events-calendar	chronosly-events-calendar	91	Chronosly Events Calendar <= 2.6.2 - Cross-Site Request Forgery via plugin_settings_page	LOW	*-2.6.2		June 30, 2026
bsk-gravityforms-blacklist	bsk-gravityforms-blacklist	93	BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby'	LOW	*-3.6.2	3.6.3	June 30, 2026
arconix-shortcodes	arconix-shortcodes	95	Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	LOW	*-2.1.7	2.1.8	June 30, 2026
advanced-youtube-channel-pagination	advanced-youtube-channel-pagination	95	Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
advanced-youtube-channel-pagination	advanced-youtube-channel-pagination	95	Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
advanced-category-template	advanced-category-template	95	Advanced Category Template <= 0.1 - Stored Cross-Site Scripting via Cross-Site Request Forgery in _form.php	LOW	*-0.1		June 30, 2026
wooemailreport	wooemailreport	N/A	Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting	LOW	*-2.4		June 30, 2026
redirect-after-login	redirect-after-login	N/A	Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-0.1.9		June 30, 2026
modal-dialog	modal-dialog	93	Modal Dialog <= 3.5.14 - Reflected Cross-Site Scripting	LOW	[*, 3.5.15)	3.5.15	June 30, 2026
image-optimizer-wd	image-optimizer-wd	93	Image Optimizer WD <= 1.0.26 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.26	1.0.27	June 30, 2026
gps-plotter	gps-plotter	91	GPS Plotter <= 5.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-5.3.0		June 30, 2026
formilla-live-chat	formilla-live-chat	93	Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID'	LOW	*-1.3.0	1.3.1	June 30, 2026
formilla-edge	formilla-edge	93	Formilla Edge <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaPluginID'	LOW	*-1.0	1.1	June 30, 2026
formilla-chat-and-marketing	formilla-chat-and-marketing	93	Formilla Chat and Marketing Automation <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaToolsID'	LOW	*-1.0	1.1	June 30, 2026
erocket	erocket	93	eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.4	1.2.5	June 30, 2026
easy-slider-revolution	easy-slider-revolution	93	Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter	LOW	*-1.0.0	1.1.0	June 30, 2026
daves-wordpress-live-search	daves-wordpress-live-search	91	Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.8.1		June 30, 2026
cab-grid	cab-grid	93	Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.15	1.6	June 30, 2026
wpjam-basic	wpjam-basic	N/A	WPJAM Basic <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-6.2.1	6.2.1.1	June 30, 2026
ninja-tables	ninja-tables	N/A	Ninja Tables <= 4.3.4 - Cross-Site Request Forgery	LOW	*-4.3.4	4.3.5	June 30, 2026
netreviews	netreviews	N/A	Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.3.14	2.3.15	June 30, 2026
mail-subscribe-list	mail-subscribe-list	91	Mail Subscribe List <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via smlsubform shortcode	LOW	*-2.1.9	2.1.10	June 30, 2026
form-block	form-block	93	Form Block <= 1.0.1 - Cross-Site Request Forgery	LOW	[*, 1.0.2)	1.0.2	June 30, 2026
cms-tree-page-view	cms-tree-page-view	93	CMS Tree Page View <= 1.6.7 - Reflected Cross-Site Scripting via 'post_type'	LOW	[*, 1.6.8)	1.6.8	June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery	LOW	*-4.4.4	4.4.5	June 30, 2026
activecampaign-subscription-forms	activecampaign-subscription-forms	97	ActiveCampaign – Forms, Site Tracking, Live Chat <= 8.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.1.11	8.1.12	June 30, 2026
yatra	yatra	N/A	Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.14	2.1.15	June 30, 2026
wp-original-media-path	wp-original-media-path	N/A	WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-2.4.0	2.4.1	June 30, 2026
wp-links-page	wp-links-page	N/A	WP Links Page <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.9.1	4.9.2	June 30, 2026
wp-dtree-30	wp-dtree-30	N/A	WP-dTree <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-4.4.5		June 30, 2026
wp-docs	wp-docs	N/A	WP Docs <= 1.9.8 - Missing Authorization via multiple AJAX actions	LOW	*-1.9.8	1.9.9	June 30, 2026
wp-cerber	wp-cerber	N/A	WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-9.1	9.2	June 30, 2026
woocommerce-products-designer	woocommerce-products-designer	N/A	Woocommerce Product Designer <= 4.3.3 - Cross-Site Request Forgery	LOW	*-4.3.3		June 30, 2026
woocommerce-order-status-change-notifier	woocommerce-order-status-change-notifier	N/A	WooCommerce Order Status Change Notifier <= 1.1.0 - Authenticated (Subscriber+) Arbitrary Order Status Update	LOW	*-1.1.0		June 30, 2026
woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz	woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz	N/A	Kiwiz - Certification de facturation - Woocommerce <= 2.1.3 - Unauthenticated Arbitrary File Download	LOW	*-2.1.3		June 30, 2026
white-label-branding-elementor	white-label-branding-elementor	N/A	White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.0.2		June 30, 2026
wcp-contact-form	wcp-contact-form	N/A	WCP Contact Form <= 3.1.0 - Reflected Cross-Site Scripting via tab parameter	LOW	*-3.1.0		June 30, 2026
vslider	vslider	N/A	vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery	LOW	*-4.1.2		June 30, 2026
update-alt-attribute	update-alt-attribute	N/A	Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting	LOW	*-2.4.5	2.4.6	June 30, 2026
uji-popup	uji-popup	N/A	Uji Popup <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via uji_popup_code shortcode	LOW	*-1.4.3		June 30, 2026
tablesome	tablesome	N/A	Tablesome <= 1.0.8 - Reflected Cross-Site Scripting	LOW	[*, 1.0.9)	1.0.9	June 30, 2026
subscribers-com	subscribers-com	N/A	Subscribers – Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.3	1.5.4	June 30, 2026
stock-exporter-for-woocommerce	stock-exporter-for-woocommerce	N/A	Stock Exporter for WooCommerce <= 1.1.0 - Reflected Cross-Site Scripting	LOW	*-1.1.0	1.2.0	June 30, 2026
sparkpost	sparkpost	N/A	SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-3.2.7	3.2.8	June 30, 2026
social-share-boost	social-share-boost	N/A	Social Share Boost <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via ssboost shortcode	LOW	*-4.4	4.5	June 30, 2026
slider-slideshow	slider-slideshow	N/A	Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery via save_slide_ajax	LOW	*-1.1.9.7		June 30, 2026
simple-tooltips	simple-tooltips	N/A	Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.4		June 30, 2026
simple-share-buttons-adder	simple-share-buttons-adder	N/A	Simple Share Buttons Adder <= 8.4.6 - Cross-Site Request Forgery	LOW	*-8.4.6	8.4.7	June 30, 2026
shortcode-imdb	shortcode-imdb	N/A	Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection	LOW	*-6.0.8		June 30, 2026
shopengine	shopengine	N/A	ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product	LOW	*-4.1.1	4.1.2	June 30, 2026
school-management-system	school-management-system	N/A	The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection	LOW	*-4.1	4.2	June 30, 2026
robokassa	robokassa	N/A	Robokassa payment gateway for Woocommerce <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.5	1.4.6	June 30, 2026
reviewx	reviewx	N/A	ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.6.8	1.6.9	June 30, 2026
WP Responsive Tabs horizontal vertical and accordion Tabs	responsive-horizontal-vertical-and-accordion-tabs	95	WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting	LOW	*-1.1.15	1.1.16	June 30, 2026
reservation-studio-widget	reservation-studio-widget	N/A	Reservation.Studio widget <= 1.0.11 - Cross-Site Request Forgery via plugin settings	LOW	*-1.0.11	1.0.12	June 30, 2026
rapidexpcart	rapidexpcart	N/A	RapidExpCart <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
rapidexpcart	rapidexpcart	N/A	RapidExpCart <= 1.0 - Authenticated (Level 8/Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
query-wrangler	query-wrangler	N/A	Query Wrangler <= 1.5.51 - Reflected Cross-Site Scripting via page parameter	LOW	*-1.5.51	1.5.52	June 30, 2026
propertyhive	propertyhive	N/A	PropertyHive <= 1.5.48 - Reflected Cross-Site Scripting via date_post_id	LOW	*-1.5.48	1.5.49	June 30, 2026
pearl-header-builder	pearl-header-builder	N/A	Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_save_hb_settings	LOW	*-1.3.4	1.3.5	June 30, 2026
online-accessibility	online-accessibility	N/A	Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection	LOW	*-4.11	4.12	June 30, 2026
ninja-tables	ninja-tables	N/A	Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-4.3.4	4.3.5	June 30, 2026
new-album-gallery	new-album-gallery	N/A	Album Gallery – WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery via album-gallery-column-settings.php	LOW	*-1.4.9	1.5.0	June 30, 2026
my-wp-health-check	my-wp-health-check	N/A	SiteAlert (Formerly WP Health) <= 1.9.7 - Cross-Site Request Forgery	LOW	*-1.9.7	1.9.8	June 30, 2026
motors-car-dealership-classified-listings	motors-car-dealership-classified-listings	N/A	Motors – Car Dealer & Classified Ads <= 1.4.5 - Cross-Site Request Forgery via Multiple Functions	LOW	*-1.4.5	1.4.6	June 30, 2026
miniorange-2-factor-authentication	miniorange-2-factor-authentication	93	miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change	LOW	*-5.6.5	5.6.6	June 30, 2026
login-page-styler	login-page-styler	93	Login Page Styler <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-6.2	6.2.5	June 30, 2026
liquid-speech-balloon	liquid-speech-balloon	93	LIQUID SPEECH BALLOON <= 1.1.8 - Cross-Site Request Forgery to Settings Update	LOW	*-1.1.8	1.2	June 30, 2026
ldap-login-for-intranet-sites	ldap-login-for-intranet-sites	93	Active Directory Integration / LDAP Integration <= 4.1.0 - Unauthenticated Information Disclosure	LOW	*-4.1.0	4.1.1	June 30, 2026
kodex-posts-likes	kodex-posts-likes	86	Kodex Posts likes <= 2.4.3 - Cross-Site Request Forgery	LOW	*-2.4.3	2.5.0	June 30, 2026
image-optimizer-wd	image-optimizer-wd	93	Image Optimizer by 10web <= 1.0.25 - Directory Traversal to Information Exposure	LOW	[*, 1.0.26)	1.0.26	June 30, 2026
i-recommend-this	i-recommend-this	93	I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.8.3	3.9.0	June 30, 2026
helpdeskwp	helpdeskwp	91	Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.2.0		June 30, 2026
google-analytics-top-posts-widget	google-analytics-top-posts-widget	93	Google Analytics Top Content Widget <= 1.5.5 - Reflected Cross-Site Scripting	LOW	*-1.5.5	1.5.6	June 30, 2026
gdpr-compliance-cookie-consent	gdpr-compliance-cookie-consent	93	GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2	1.3	June 30, 2026
gallery-metabox	gallery-metabox	87	Gallery Metabox <= 1.5 - Cross-Site Request Forgery via gallery_remove	LOW	*-1.5		June 30, 2026
formcraft-form-builder	formcraft-form-builder	93	FormCraft <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode	LOW	*-1.2.9	1.2.10	June 30, 2026
flyzoo	flyzoo	91	Flyzoo Chat <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.3.3		June 30, 2026
file-gallery	file-gallery	91	File Gallery <= 1.8.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_gallery_shortcode	LOW	*-1.8.5.3	1.8.5.4	June 30, 2026

LOW

woo-tipdonation

Score: N/A Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

video-xml-sitemap-generator

Score: N/A Video XML Sitemap Generator <= 1.0.0 - Cross-Site Request Forgery via video_sitemap_generate Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

updraft

Score: N/A Updraft <= 0.6.1 - Reflected Cross-Site Scripting via 'backup_timestamp' Affected: *-0.6.1 Patched: Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id Affected: *-3.1.23 Patched: 3.1.24 Updated: June 30, 2026

LOW

tippy

Score: N/A Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode Affected: *-6.2.1 Patched: Updated: June 30, 2026

LOW

stock-sync-for-woocommerce

Score: N/A Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

shortcode-to-display-post-and-user-data

Score: N/A Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

rating-widget

Score: N/A Rating Widget <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes Affected: *-3.2.0 Patched: 3.2.1 Updated: June 30, 2026

LOW

push-notification-for-wp-by-pushassist

Score: N/A Push Notifications for WordPress by PushAssist <= 3.0.8 - Reflected Cross-Site Scripting Affected: *-3.0.8 Patched: Updated: June 30, 2026

LOW

progress-bar

Score: N/A Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode Affected: *-2.1.6 Patched: 2.2.0 Updated: June 30, 2026

LOW

ns-coupon-to-become-customer

Score: N/A NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title' Affected: *-3.6.21 Patched: 3.6.22 Updated: June 30, 2026

LOW

inactive-user-deleter

Score: 93/100 Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions Affected: *-1.59 Patched: 1.60 Updated: June 30, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection Affected: *-1.18.8 Patched: 1.18.9 Updated: June 30, 2026

LOW

giveasap

Score: 91/100 Simple Giveaways <= 2.46 - Cross-Site Request Forgery Affected: *-2.46 Patched: 2.46.1 Updated: June 30, 2026

LOW

forms-ada-form-builder

Score: 91/100 Forms Ada <= 1.0 - Reflected Cross-Site Scripting via 'p' parameter Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

extensions-leaflet-map

Score: 93/100 Extensions for Leaflet Map <= 3.4.1 - Reflected Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: June 30, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls' Affected: [*, 3.12.2) Patched: 3.12.2 Updated: June 30, 2026

LOW

dynamically-register-sidebars

Score: 91/100 Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

decon-wp-sms

Score: 91/100 Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

crm-memberships

Score: 91/100 CRM Memberships <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-2.2 Patched: 2.5 Updated: June 30, 2026

LOW

chronosly-events-calendar

Score: 91/100 Chronosly Events Calendar <= 2.6.2 - Cross-Site Request Forgery via plugin_settings_page Affected: *-2.6.2 Patched: Updated: June 30, 2026

LOW

bsk-gravityforms-blacklist

Score: 93/100 BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby' Affected: *-3.6.2 Patched: 3.6.3 Updated: June 30, 2026

LOW

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-2.1.7 Patched: 2.1.8 Updated: June 30, 2026

LOW

advanced-youtube-channel-pagination

Score: 95/100 Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

advanced-youtube-channel-pagination

Score: 95/100 Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

advanced-category-template

Score: 95/100 Advanced Category Template <= 0.1 - Stored Cross-Site Scripting via Cross-Site Request Forgery in _form.php Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

wooemailreport

Score: N/A Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

redirect-after-login

Score: N/A Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-0.1.9 Patched: Updated: June 30, 2026

LOW

modal-dialog

Score: 93/100 Modal Dialog <= 3.5.14 - Reflected Cross-Site Scripting Affected: [*, 3.5.15) Patched: 3.5.15 Updated: June 30, 2026

LOW

image-optimizer-wd

Score: 93/100 Image Optimizer WD <= 1.0.26 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.26 Patched: 1.0.27 Updated: June 30, 2026

LOW

gps-plotter

Score: 91/100 GPS Plotter <= 5.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.3.0 Patched: Updated: June 30, 2026

LOW

formilla-live-chat

Score: 93/100 Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID' Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

formilla-edge

Score: 93/100 Formilla Edge <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaPluginID' Affected: *-1.0 Patched: 1.1 Updated: June 30, 2026

LOW

formilla-chat-and-marketing

Score: 93/100 Formilla Chat and Marketing Automation <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaToolsID' Affected: *-1.0 Patched: 1.1 Updated: June 30, 2026

LOW

erocket

Score: 93/100 eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

easy-slider-revolution

Score: 93/100 Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter Affected: *-1.0.0 Patched: 1.1.0 Updated: June 30, 2026

LOW

daves-wordpress-live-search

Score: 91/100 Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.8.1 Patched: Updated: June 30, 2026

LOW

cab-grid

Score: 93/100 Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.15 Patched: 1.6 Updated: June 30, 2026

LOW

wpjam-basic

Score: N/A WPJAM Basic <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-6.2.1 Patched: 6.2.1.1 Updated: June 30, 2026

LOW

ninja-tables

Score: N/A Ninja Tables <= 4.3.4 - Cross-Site Request Forgery Affected: *-4.3.4 Patched: 4.3.5 Updated: June 30, 2026

LOW

netreviews

Score: N/A Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.14 Patched: 2.3.15 Updated: June 30, 2026

LOW

mail-subscribe-list

Score: 91/100 Mail Subscribe List <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via smlsubform shortcode Affected: *-2.1.9 Patched: 2.1.10 Updated: June 30, 2026

LOW

form-block

Score: 93/100 Form Block <= 1.0.1 - Cross-Site Request Forgery Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 30, 2026

LOW

cms-tree-page-view

Score: 93/100 CMS Tree Page View <= 1.6.7 - Reflected Cross-Site Scripting via 'post_type' Affected: [*, 1.6.8) Patched: 1.6.8 Updated: June 30, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery Affected: *-4.4.4 Patched: 4.4.5 Updated: June 30, 2026

LOW

activecampaign-subscription-forms

Score: 97/100 ActiveCampaign – Forms, Site Tracking, Live Chat <= 8.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.1.11 Patched: 8.1.12 Updated: June 30, 2026

LOW

yatra

Score: N/A Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.14 Patched: 2.1.15 Updated: June 30, 2026

LOW

wp-original-media-path

Score: N/A WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

wp-links-page

Score: N/A WP Links Page <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.9.1 Patched: 4.9.2 Updated: June 30, 2026

LOW

wp-dtree-30

Score: N/A WP-dTree <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-4.4.5 Patched: Updated: June 30, 2026

LOW

wp-docs

Score: N/A WP Docs <= 1.9.8 - Missing Authorization via multiple AJAX actions Affected: *-1.9.8 Patched: 1.9.9 Updated: June 30, 2026

LOW

wp-cerber

Score: N/A WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-9.1 Patched: 9.2 Updated: June 30, 2026

LOW

woocommerce-products-designer

Score: N/A Woocommerce Product Designer <= 4.3.3 - Cross-Site Request Forgery Affected: *-4.3.3 Patched: Updated: June 30, 2026

LOW

woocommerce-order-status-change-notifier

Score: N/A WooCommerce Order Status Change Notifier <= 1.1.0 - Authenticated (Subscriber+) Arbitrary Order Status Update Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz

Score: N/A Kiwiz - Certification de facturation - Woocommerce <= 2.1.3 - Unauthenticated Arbitrary File Download Affected: *-2.1.3 Patched: Updated: June 30, 2026

LOW

white-label-branding-elementor

Score: N/A White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wcp-contact-form

Score: N/A WCP Contact Form <= 3.1.0 - Reflected Cross-Site Scripting via tab parameter Affected: *-3.1.0 Patched: Updated: June 30, 2026

LOW

vslider

Score: N/A vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery Affected: *-4.1.2 Patched: Updated: June 30, 2026

LOW

update-alt-attribute

Score: N/A Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting Affected: *-2.4.5 Patched: 2.4.6 Updated: June 30, 2026

LOW

uji-popup

Score: N/A Uji Popup <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via uji_popup_code shortcode Affected: *-1.4.3 Patched: Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome <= 1.0.8 - Reflected Cross-Site Scripting Affected: [*, 1.0.9) Patched: 1.0.9 Updated: June 30, 2026

LOW

subscribers-com

Score: N/A Subscribers – Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.3 Patched: 1.5.4 Updated: June 30, 2026

LOW

stock-exporter-for-woocommerce

Score: N/A Stock Exporter for WooCommerce <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: 1.2.0 Updated: June 30, 2026

LOW

sparkpost

Score: N/A SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-3.2.7 Patched: 3.2.8 Updated: June 30, 2026

LOW

social-share-boost

Score: N/A Social Share Boost <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via ssboost shortcode Affected: *-4.4 Patched: 4.5 Updated: June 30, 2026

LOW

slider-slideshow

Score: N/A Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery via save_slide_ajax Affected: *-1.1.9.7 Patched: Updated: June 30, 2026

LOW

simple-tooltips

Score: N/A Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.4 Patched: Updated: June 30, 2026

LOW

simple-share-buttons-adder

Score: N/A Simple Share Buttons Adder <= 8.4.6 - Cross-Site Request Forgery Affected: *-8.4.6 Patched: 8.4.7 Updated: June 30, 2026

LOW

shortcode-imdb

Score: N/A Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection Affected: *-6.0.8 Patched: Updated: June 30, 2026

LOW

shopengine

Score: N/A ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026

LOW

school-management-system

Score: N/A The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection Affected: *-4.1 Patched: 4.2 Updated: June 30, 2026

LOW

robokassa

Score: N/A Robokassa payment gateway for Woocommerce <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

reviewx

Score: N/A ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection Affected: *-1.6.8 Patched: 1.6.9 Updated: June 30, 2026

LOW

WP Responsive Tabs horizontal vertical and accordion Tabs

responsive-horizontal-vertical-and-accordion-tabs

Score: 95/100 WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting Affected: *-1.1.15 Patched: 1.1.16 Updated: June 30, 2026

LOW

reservation-studio-widget

Score: N/A Reservation.Studio widget <= 1.0.11 - Cross-Site Request Forgery via plugin settings Affected: *-1.0.11 Patched: 1.0.12 Updated: June 30, 2026

LOW

rapidexpcart

Score: N/A RapidExpCart <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

rapidexpcart

Score: N/A RapidExpCart <= 1.0 - Authenticated (Level 8/Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

query-wrangler

Score: N/A Query Wrangler <= 1.5.51 - Reflected Cross-Site Scripting via page parameter Affected: *-1.5.51 Patched: 1.5.52 Updated: June 30, 2026

LOW

propertyhive

Score: N/A PropertyHive <= 1.5.48 - Reflected Cross-Site Scripting via date_post_id Affected: *-1.5.48 Patched: 1.5.49 Updated: June 30, 2026

LOW

pearl-header-builder

Score: N/A Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_save_hb_settings Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

online-accessibility

Score: N/A Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection Affected: *-4.11 Patched: 4.12 Updated: June 30, 2026

LOW

ninja-tables

Score: N/A Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-4.3.4 Patched: 4.3.5 Updated: June 30, 2026

LOW

new-album-gallery

Score: N/A Album Gallery – WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery via album-gallery-column-settings.php Affected: *-1.4.9 Patched: 1.5.0 Updated: June 30, 2026

LOW

my-wp-health-check

Score: N/A SiteAlert (Formerly WP Health) <= 1.9.7 - Cross-Site Request Forgery Affected: *-1.9.7 Patched: 1.9.8 Updated: June 30, 2026

LOW

motors-car-dealership-classified-listings

Score: N/A Motors – Car Dealer & Classified Ads <= 1.4.5 - Cross-Site Request Forgery via Multiple Functions Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

miniorange-2-factor-authentication

Score: 93/100 miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change Affected: *-5.6.5 Patched: 5.6.6 Updated: June 30, 2026

LOW

login-page-styler

Score: 93/100 Login Page Styler <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.2 Patched: 6.2.5 Updated: June 30, 2026

LOW

liquid-speech-balloon

Score: 93/100 LIQUID SPEECH BALLOON <= 1.1.8 - Cross-Site Request Forgery to Settings Update Affected: *-1.1.8 Patched: 1.2 Updated: June 30, 2026

LOW

ldap-login-for-intranet-sites

Score: 93/100 Active Directory Integration / LDAP Integration <= 4.1.0 - Unauthenticated Information Disclosure Affected: *-4.1.0 Patched: 4.1.1 Updated: June 30, 2026

LOW

kodex-posts-likes

Score: 86/100 Kodex Posts likes <= 2.4.3 - Cross-Site Request Forgery Affected: *-2.4.3 Patched: 2.5.0 Updated: June 30, 2026

LOW

image-optimizer-wd

Score: 93/100 Image Optimizer by 10web <= 1.0.25 - Directory Traversal to Information Exposure Affected: [*, 1.0.26) Patched: 1.0.26 Updated: June 30, 2026

LOW

i-recommend-this

Score: 93/100 I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.8.3 Patched: 3.9.0 Updated: June 30, 2026

LOW

helpdeskwp

Score: 91/100 Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

google-analytics-top-posts-widget

Score: 93/100 Google Analytics Top Content Widget <= 1.5.5 - Reflected Cross-Site Scripting Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

gdpr-compliance-cookie-consent

Score: 93/100 GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

gallery-metabox

Score: 87/100 Gallery Metabox <= 1.5 - Cross-Site Request Forgery via gallery_remove Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

formcraft-form-builder

Score: 93/100 FormCraft <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode Affected: *-1.2.9 Patched: 1.2.10 Updated: June 30, 2026

LOW

flyzoo

Score: 91/100 Flyzoo Chat <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.3 Patched: Updated: June 30, 2026

LOW

file-gallery

Score: 91/100 File Gallery <= 1.8.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_gallery_shortcode Affected: *-1.8.5.3 Patched: 1.8.5.4 Updated: June 30, 2026

Showing 25401 to 25500 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 03:30 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List