Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
email-posts-to-subscribers	email-posts-to-subscribers	87	Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection	LOW	*-6.2		June 30, 2026
ebook-store	ebook-store	93	Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 5.78)	5.78	June 30, 2026
ebook-store	ebook-store	93	Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders	LOW	*-5.775	5.78	June 30, 2026
easy-pie-maintenance-mode	easy-pie-maintenance-mode	91	EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.0.1		June 30, 2026
easy-ad-manager	easy-ad-manager	91	Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
continuous-announcement-scroller	continuous-announcement-scroller	91	Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-13.0		June 30, 2026
charitable	charitable	93	Charitable <= 1.7.0.10 - Reflected Cross-Site Scripting	LOW	*-1.7.0.10	1.7.0.11	June 30, 2026
category-specific-rss-feed-menu	category-specific-rss-feed-menu	93	Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-2.2	2.3	June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected	LOW	*-3.2.6	3.2.7	June 30, 2026
bizlibrary	bizlibrary	89	BizLibrary <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
bit-form	bit-form	93	Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution	LOW	*-1.8.1	1.9	June 30, 2026
armember-membership	armember-membership	95	ARMember <= 4.0 - Reflected Cross-Site Scripting	LOW	*-4.0	4.0.1	June 30, 2026
ad-inserter	ad-inserter	97	Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection	LOW	*-2.7.25	2.7.26	June 30, 2026
zero-bs-crm	zero-bs-crm	N/A	Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization	LOW	*-5.3.1	5.4.0	June 30, 2026
zendesk	zendesk	N/A	Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery	LOW	*-1.8.4	1.8.5	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.5	1.2.6	June 30, 2026
yet-another-related-posts-plugin	yet-another-related-posts-plugin	N/A	YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-5.30.4	5.30.5	June 30, 2026
yellow-pencil-visual-theme-customizer	yellow-pencil-visual-theme-customizer	N/A	YellowPencil Visual CSS Style Editor <= 7.5.8 - Reflected Cross-Site Scripting liveLink	LOW	*-7.5.8	7.5.9	June 30, 2026
wp-responsive-thumbnail-slider	wp-responsive-thumbnail-slider	N/A	Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting	LOW	[*, 1.1.10)	1.1.10	June 30, 2026
wp-docs	wp-docs	N/A	WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management	LOW	*-1.9.8	1.9.9	June 30, 2026
wp-custom-author-url	wp-custom-author-url	N/A	WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 1.0.5)	1.0.5	June 30, 2026
video-grid	video-grid	N/A	Video Grid <= 1.21 - Reflected Cross-Site Scripting	LOW	*-1.21	1.22	June 30, 2026
video-grid	video-grid	N/A	Video Grid <= 1.21 - Reflected Cross-Site Scripting	LOW	*-1.21	1.22	June 30, 2026
themify-portfolio-post	themify-portfolio-post	N/A	Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.2.4	1.2.5	June 30, 2026
stream	stream	N/A	Stream <= 3.9.2 - Cross-Site Request Forgery	LOW	*-3.9.2	3.9.3	June 30, 2026
smart-woocommerce-search	smart-woocommerce-search	N/A	Smart WooCommerce Search <= 2.5.0 - Missing Authorization	LOW	*-2.5.0	2.5.1	June 30, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.6.4	3.6.5	June 30, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.6.4	3.6.5	June 30, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.6.4	3.6.5	June 30, 2026
semalt	semalt	N/A	Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.3		June 30, 2026
project-panorama-lite	project-panorama-lite	N/A	Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5	1.5.1	June 30, 2026
pretty-url	pretty-url	N/A	Pretty Url < 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 1.5.5)	1.5.5	June 30, 2026
ooohboi-steroids-for-elementor	ooohboi-steroids-for-elementor	N/A	OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload	LOW	*-2.1.4	2.1.5	June 30, 2026
kaya-qr-code-generator	kaya-qr-code-generator	93	Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute	LOW	*-1.5.2	1.5.3	June 30, 2026
helpie-faq	helpie-faq	93	Helpie FAQ <= 1.9.8 - Reflected Cross-Site Scripting	LOW	*-1.9.8	1.9.9	June 30, 2026
fx-toc	fx-toc	91	f(x) TOC <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
formassembly-web-forms	formassembly-web-forms	93	WP-FormAssembly <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0.7	2.0.8	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.0.6 - Missing Authorization via get	LOW	*-4.0.6	4.0.7	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.0.6 - Missing Authorization via template_count	LOW	*-4.0.6	4.0.7	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.0.6 - Missing Authorization via templates	LOW	*-4.0.6	4.0.7	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save	LOW	*-4.0.6	4.0.7	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.0.6 - Missing Authorization via save	LOW	*-4.0.6	4.0.7	June 30, 2026
cmp-coming-soon-maintenance	cmp-coming-soon-maintenance	93	CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass	LOW	*-4.1.7	4.1.8	June 30, 2026
clock-in-portal	clock-in-portal	87	Clock In Portal <= 2.1 - Cross-Site Request Forgery To Staff Deletion	LOW	*-2.1		June 30, 2026
clock-in-portal	clock-in-portal	87	Clock In Portal <= 2.1 - Cross-Site Request Forgery to Holidays Deletion	LOW	*-2.1		June 30, 2026
clock-in-portal	clock-in-portal	87	Clock In Portal <= 2.1 - Cross-Site Request Forgery to Designation Deletion	LOW	*-2.1		June 30, 2026
church-admin	church-admin	93	Church Admin <= 3.7.5 - Reflected Cross-Site Scripting	LOW	*-3.7.5	3.7.6	June 30, 2026
captcha-them-all	captcha-them-all	93	Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 1.4)	1.4	June 30, 2026
buttons-x	buttons-x	91	Button Builder – Buttons X <= 0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.8.6		June 30, 2026
bbspoiler	bbspoiler	93	BBSpoiler <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.01	2.02	June 30, 2026
badgeos	badgeos	83	BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery	LOW	*-3.7.1.6		June 30, 2026
apexchat	apexchat	97	ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.3.1	1.3.2	June 30, 2026
yml-for-yandex-market	yml-for-yandex-market	N/A	Yml for Yandex Market <= 3.10.7 - Reflected Cross-Site Scripting	LOW	[*, 3.10.8)	3.10.8	June 30, 2026
wp-ses	wp-ses	N/A	guzzlehttp/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict	LOW	[*, 1.6.4)	1.6.4	June 30, 2026
wp-responsive-thumbnail-slider	wp-responsive-thumbnail-slider	N/A	Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting	LOW	*-1.1.9	1.1.10	June 30, 2026
wp-popups-lite	wp-popups-lite	N/A	WP Popups – WordPress Popup builder <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.5	2.1.5.1	June 30, 2026
wp-login-box	wp-login-box	N/A	WP Login Box <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.0.2		June 30, 2026
wp-d3	wp-d3	N/A	Wp-D3 <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.4.1		June 30, 2026
woocommerce-for-japan	woocommerce-for-japan	N/A	Japanized For WooCommerce <= 2.5.6 - Reflected Cross-Site Scripting	LOW	*-2.5.6	2.5.7	June 30, 2026
woo-easy-duplicate-product	woo-easy-duplicate-product	N/A	WooCommerce Easy Duplicate Product <= 0.3.0.0 - Reflected Cross-Site Scripting via wedp_duplicated	LOW	*-0.3.0.0	0.3.0.1	June 30, 2026
woo-altcoin-payment-gateway	woo-altcoin-payment-gateway	N/A	Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.2 - Unauthenticated SQL Injection	LOW	*-1.7.2	1.7.3	June 30, 2026
video-list-manager	video-list-manager	N/A	Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection	LOW	*-1.7		June 30, 2026
ultimate-carousel-for-visual-composer	ultimate-carousel-for-visual-composer	N/A	Ultimate Carousel For WPBakery Page Builder <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.6		June 30, 2026
ultimate-carousel-for-elementor	ultimate-carousel-for-elementor	N/A	Ultimate Carousel For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.17		June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer < 4.0 - Reflected Cross-Site Scripting via ‘td_video_url’	LOW	[*, 4.0)	4.0	June 30, 2026
sloth-logo-customizer	sloth-logo-customizer	N/A	Sloth Logo Customizer <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.0.2		June 30, 2026
responsive-filterable-portfolio	responsive-filterable-portfolio	N/A	Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting	LOW	*-1.0.19	1.0.20	June 30, 2026
product-slider-for-woocommerce-lite	product-slider-for-woocommerce-lite	N/A	Product Slider For WooCommerce Lite <= 1.1.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Keys	LOW	*-1.1.7		June 30, 2026
powerpress	powerpress	N/A	PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-10.0.1	10.0.2	June 30, 2026
post-shortcode	post-shortcode	N/A	Post Shortcode <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0.9		June 30, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection	LOW	*-8.3.3	8.4	June 30, 2026
member-database	member-database	91	Membership Database <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
mega-addons-for-visual-composer	mega-addons-for-visual-composer	89	Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.2.7	4.3.0	June 30, 2026
locatoraid	locatoraid	91	Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.9.14	3.9.15	June 30, 2026
learnpress-import-export	learnpress-import-export	93	LearnPress - Export/Import Courses <= 4.0.2 - Reflected Cross-Site Scripting	LOW	[*, 4.0.3)	4.0.3	June 30, 2026
freshdesk-support	freshdesk-support	93	Freshdesk (official) <= 1.7 - Open Redirect	LOW	1.7	1.8	June 30, 2026
custom-post-type-list-shortcode	custom-post-type-list-shortcode	91	Custom Post Type List Shortcode <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.4		June 30, 2026
contact-form-to-db	contact-form-to-db	93	Contact Form to DB by BestWebSoft <= 1.7.0 - Authenticated (Contributor+) SQL Injection via cntctfrmtdb_department	LOW	*-1.7.0	1.7.1	June 30, 2026
avirato-calendar	avirato-calendar	91	Avirato hotels online booking engine <= 5.0.5 - Authenticated (Subscriber+) SQL Injection	LOW	*-5.0.5		June 30, 2026
auto-login-when-resister	auto-login-when-resister	91	Enable/Disable Auto Login when Register <= 1.1.0 Cross-Site Request Forgery	LOW	*-1.1.0		June 30, 2026
amazon-s3-and-cloudfront	amazon-s3-and-cloudfront	97	guzzlehttp/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict	LOW	[*, 3.2.2)	3.2.2	June 30, 2026
sitepress-multilingual-cms	sitepress-multilingual-cms	N/A	WPML <= 4.6.0 - Reflected Cross-Site Scripting via wp_lang	LOW	*-4.6.0	4.6.1	June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master <= 8.1.4 - Unauthenticated SQL Injection	LOW	*-8.1.4	8.1.5	June 30, 2026
zm-ajax-login-register	zm-ajax-login-register	N/A	ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass	LOW	*-2.0.2		June 30, 2026
wp-roles-at-registration	wp-roles-at-registration	N/A	WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.23		June 30, 2026
wp-reroute-email	wp-reroute-email	N/A	WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection	LOW	*-1.4.6	1.4.8	June 30, 2026
wp-reroute-email	wp-reroute-email	N/A	WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery	LOW	*-1.4.6	1.4.8	June 30, 2026
wp-easy-pay	wp-easy-pay	N/A	WP EasyPay <= 4.0.4 - Cross-Site Request Forgery	LOW	*-4.0.4	4.1	June 30, 2026
wc-shortcodes	wc-shortcodes	N/A	Shortcodes by Angie Makes <= 3.46 - Missing Authorization	LOW	*-3.46		June 30, 2026
paytm-donation	paytm-donation	N/A	Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting	LOW	*-2.2.0	2.2.1	June 30, 2026
optima-express	optima-express	N/A	Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-7.3.0	7.3.1	June 30, 2026
motor-racing-league	motor-racing-league	N/A	Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.9.9		June 30, 2026
external-videos	external-videos	91	External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.1		June 30, 2026
electric-studio-client-login	electric-studio-client-login	91	Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.8.1		June 30, 2026
easy-appointments	easy-appointments	93	Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.11.0	3.11.1	June 30, 2026
database-collation-fix	database-collation-fix	93	Database Collation Fix <= 1.2.7 - Cross-Site Request Forgery via admin_page	LOW	*-1.2.7	1.2.8	June 30, 2026
custom-order-numbers-for-woocommerce	custom-order-numbers-for-woocommerce	93	Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery	LOW	*-1.4.0	1.4.1	June 30, 2026
contact-form-to-db	contact-form-to-db	93	Contact Form to DB <= 1.7.0 - Multiple Cross-Site Scripting	LOW	*-1.7.0	1.7.1	June 30, 2026
codeflavors-vimeo-video-post-lite	codeflavors-vimeo-video-post-lite	93	Vimeotheque <= 2.2.1 - Reflected Cross-Site Scripting via 'view' and 'page'	LOW	*-2.2.1	2.2.2	June 30, 2026
booqable-rental-reservations	booqable-rental-reservations	91	Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.4.15	2.4.16	June 30, 2026

LOW

email-posts-to-subscribers

Score: 87/100 Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection Affected: *-6.2 Patched: Updated: June 30, 2026

LOW

ebook-store

Score: 93/100 Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 5.78) Patched: 5.78 Updated: June 30, 2026

LOW

ebook-store

Score: 93/100 Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders Affected: *-5.775 Patched: 5.78 Updated: June 30, 2026

LOW

easy-pie-maintenance-mode

Score: 91/100 EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

easy-ad-manager

Score: 91/100 Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

continuous-announcement-scroller

Score: 91/100 Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-13.0 Patched: Updated: June 30, 2026

LOW

charitable

Score: 93/100 Charitable <= 1.7.0.10 - Reflected Cross-Site Scripting Affected: *-1.7.0.10 Patched: 1.7.0.11 Updated: June 30, 2026

LOW

category-specific-rss-feed-menu

Score: 93/100 Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected Affected: *-3.2.6 Patched: 3.2.7 Updated: June 30, 2026

LOW

bizlibrary

Score: 89/100 BizLibrary <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

bit-form

Score: 93/100 Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution Affected: *-1.8.1 Patched: 1.9 Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember <= 4.0 - Reflected Cross-Site Scripting Affected: *-4.0 Patched: 4.0.1 Updated: June 30, 2026

LOW

ad-inserter

Score: 97/100 Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection Affected: *-2.7.25 Patched: 2.7.26 Updated: June 30, 2026

LOW

zero-bs-crm

Score: N/A Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization Affected: *-5.3.1 Patched: 5.4.0 Updated: June 30, 2026

LOW

zendesk

Score: N/A Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery Affected: *-1.8.4 Patched: 1.8.5 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

yet-another-related-posts-plugin

Score: N/A YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion Affected: *-5.30.4 Patched: 5.30.5 Updated: June 30, 2026

LOW

yellow-pencil-visual-theme-customizer

Score: N/A YellowPencil Visual CSS Style Editor <= 7.5.8 - Reflected Cross-Site Scripting liveLink Affected: *-7.5.8 Patched: 7.5.9 Updated: June 30, 2026

LOW

wp-responsive-thumbnail-slider

Score: N/A Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting Affected: [*, 1.1.10) Patched: 1.1.10 Updated: June 30, 2026

LOW

wp-docs

Score: N/A WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management Affected: *-1.9.8 Patched: 1.9.9 Updated: June 30, 2026

LOW

wp-custom-author-url

Score: N/A WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 1.0.5) Patched: 1.0.5 Updated: June 30, 2026

LOW

video-grid

Score: N/A Video Grid <= 1.21 - Reflected Cross-Site Scripting Affected: *-1.21 Patched: 1.22 Updated: June 30, 2026

LOW

video-grid

Score: N/A Video Grid <= 1.21 - Reflected Cross-Site Scripting Affected: *-1.21 Patched: 1.22 Updated: June 30, 2026

LOW

themify-portfolio-post

Score: N/A Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

stream

Score: N/A Stream <= 3.9.2 - Cross-Site Request Forgery Affected: *-3.9.2 Patched: 3.9.3 Updated: June 30, 2026

LOW

smart-woocommerce-search

Score: N/A Smart WooCommerce Search <= 2.5.0 - Missing Authorization Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.6.4 Patched: 3.6.5 Updated: June 30, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.6.4 Patched: 3.6.5 Updated: June 30, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.6.4 Patched: 3.6.5 Updated: June 30, 2026

LOW

semalt

Score: N/A Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

project-panorama-lite

Score: N/A Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.5.1 Updated: June 30, 2026

LOW

pretty-url

Score: N/A Pretty Url < 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.5.5) Patched: 1.5.5 Updated: June 30, 2026

LOW

ooohboi-steroids-for-elementor

Score: N/A OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

kaya-qr-code-generator

Score: 93/100 Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

helpie-faq

Score: 93/100 Helpie FAQ <= 1.9.8 - Reflected Cross-Site Scripting Affected: *-1.9.8 Patched: 1.9.9 Updated: June 30, 2026

LOW

fx-toc

Score: 91/100 f(x) TOC <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

formassembly-web-forms

Score: 93/100 WP-FormAssembly <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.7 Patched: 2.0.8 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.0.6 - Missing Authorization via get Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.0.6 - Missing Authorization via template_count Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.0.6 - Missing Authorization via templates Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.0.6 - Missing Authorization via save Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

cmp-coming-soon-maintenance

Score: 93/100 CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass Affected: *-4.1.7 Patched: 4.1.8 Updated: June 30, 2026

LOW

clock-in-portal

Score: 87/100 Clock In Portal <= 2.1 - Cross-Site Request Forgery To Staff Deletion Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

clock-in-portal

Score: 87/100 Clock In Portal <= 2.1 - Cross-Site Request Forgery to Holidays Deletion Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

clock-in-portal

Score: 87/100 Clock In Portal <= 2.1 - Cross-Site Request Forgery to Designation Deletion Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

church-admin

Score: 93/100 Church Admin <= 3.7.5 - Reflected Cross-Site Scripting Affected: *-3.7.5 Patched: 3.7.6 Updated: June 30, 2026

LOW

captcha-them-all

Score: 93/100 Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.4) Patched: 1.4 Updated: June 30, 2026

LOW

buttons-x

Score: 91/100 Button Builder – Buttons X <= 0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.8.6 Patched: Updated: June 30, 2026

LOW

bbspoiler

Score: 93/100 BBSpoiler <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.01 Patched: 2.02 Updated: June 30, 2026

LOW

badgeos

Score: 83/100 BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery Affected: *-3.7.1.6 Patched: Updated: June 30, 2026

LOW

apexchat

Score: 97/100 ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

yml-for-yandex-market

Score: N/A Yml for Yandex Market <= 3.10.7 - Reflected Cross-Site Scripting Affected: [*, 3.10.8) Patched: 3.10.8 Updated: June 30, 2026

LOW

wp-ses

Score: N/A guzzlehttp/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict Affected: [*, 1.6.4) Patched: 1.6.4 Updated: June 30, 2026

LOW

wp-responsive-thumbnail-slider

Score: N/A Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting Affected: *-1.1.9 Patched: 1.1.10 Updated: June 30, 2026

LOW

wp-popups-lite

Score: N/A WP Popups – WordPress Popup builder <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.5.1 Updated: June 30, 2026

LOW

wp-login-box

Score: N/A WP Login Box <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

wp-d3

Score: N/A Wp-D3 <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.4.1 Patched: Updated: June 30, 2026

LOW

woocommerce-for-japan

Score: N/A Japanized For WooCommerce <= 2.5.6 - Reflected Cross-Site Scripting Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

woo-easy-duplicate-product

Score: N/A WooCommerce Easy Duplicate Product <= 0.3.0.0 - Reflected Cross-Site Scripting via wedp_duplicated Affected: *-0.3.0.0 Patched: 0.3.0.1 Updated: June 30, 2026

LOW

woo-altcoin-payment-gateway

Score: N/A Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.2 - Unauthenticated SQL Injection Affected: *-1.7.2 Patched: 1.7.3 Updated: June 30, 2026

LOW

video-list-manager

Score: N/A Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

ultimate-carousel-for-visual-composer

Score: N/A Ultimate Carousel For WPBakery Page Builder <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.6 Patched: Updated: June 30, 2026

LOW

ultimate-carousel-for-elementor

Score: N/A Ultimate Carousel For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.17 Patched: Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer < 4.0 - Reflected Cross-Site Scripting via ‘td_video_url’ Affected: [*, 4.0) Patched: 4.0 Updated: June 30, 2026

LOW

sloth-logo-customizer

Score: N/A Sloth Logo Customizer <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

responsive-filterable-portfolio

Score: N/A Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting Affected: *-1.0.19 Patched: 1.0.20 Updated: June 30, 2026

LOW

product-slider-for-woocommerce-lite

Score: N/A Product Slider For WooCommerce Lite <= 1.1.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Keys Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

powerpress

Score: N/A PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-10.0.1 Patched: 10.0.2 Updated: June 30, 2026

LOW

post-shortcode

Score: N/A Post Shortcode <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.9 Patched: Updated: June 30, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection Affected: *-8.3.3 Patched: 8.4 Updated: June 30, 2026

LOW

member-database

Score: 91/100 Membership Database <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

mega-addons-for-visual-composer

Score: 89/100 Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.2.7 Patched: 4.3.0 Updated: June 30, 2026

LOW

locatoraid

Score: 91/100 Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.9.14 Patched: 3.9.15 Updated: June 30, 2026

LOW

learnpress-import-export

Score: 93/100 LearnPress - Export/Import Courses <= 4.0.2 - Reflected Cross-Site Scripting Affected: [*, 4.0.3) Patched: 4.0.3 Updated: June 30, 2026

LOW

freshdesk-support

Score: 93/100 Freshdesk (official) <= 1.7 - Open Redirect Affected: 1.7 Patched: 1.8 Updated: June 30, 2026

LOW

custom-post-type-list-shortcode

Score: 91/100 Custom Post Type List Shortcode <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: June 30, 2026

LOW

contact-form-to-db

Score: 93/100 Contact Form to DB by BestWebSoft <= 1.7.0 - Authenticated (Contributor+) SQL Injection via cntctfrmtdb_department Affected: *-1.7.0 Patched: 1.7.1 Updated: June 30, 2026

LOW

avirato-calendar

Score: 91/100 Avirato hotels online booking engine <= 5.0.5 - Authenticated (Subscriber+) SQL Injection Affected: *-5.0.5 Patched: Updated: June 30, 2026

LOW

auto-login-when-resister

Score: 91/100 Enable/Disable Auto Login when Register <= 1.1.0 Cross-Site Request Forgery Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

amazon-s3-and-cloudfront

Score: 97/100 guzzlehttp/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict Affected: [*, 3.2.2) Patched: 3.2.2 Updated: June 30, 2026

LOW

sitepress-multilingual-cms

Score: N/A WPML <= 4.6.0 - Reflected Cross-Site Scripting via wp_lang Affected: *-4.6.0 Patched: 4.6.1 Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master <= 8.1.4 - Unauthenticated SQL Injection Affected: *-8.1.4 Patched: 8.1.5 Updated: June 30, 2026

LOW

zm-ajax-login-register

Score: N/A ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

wp-roles-at-registration

Score: N/A WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.23 Patched: Updated: June 30, 2026

LOW

wp-reroute-email

Score: N/A WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection Affected: *-1.4.6 Patched: 1.4.8 Updated: June 30, 2026

LOW

wp-reroute-email

Score: N/A WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery Affected: *-1.4.6 Patched: 1.4.8 Updated: June 30, 2026

LOW

wp-easy-pay

Score: N/A WP EasyPay <= 4.0.4 - Cross-Site Request Forgery Affected: *-4.0.4 Patched: 4.1 Updated: June 30, 2026

LOW

wc-shortcodes

Score: N/A Shortcodes by Angie Makes <= 3.46 - Missing Authorization Affected: *-3.46 Patched: Updated: June 30, 2026

LOW

paytm-donation

Score: N/A Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting Affected: *-2.2.0 Patched: 2.2.1 Updated: June 30, 2026

LOW

optima-express

Score: N/A Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.3.0 Patched: 7.3.1 Updated: June 30, 2026

LOW

motor-racing-league

Score: N/A Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: Updated: June 30, 2026

LOW

external-videos

Score: 91/100 External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

electric-studio-client-login

Score: 91/100 Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.8.1 Patched: Updated: June 30, 2026

LOW

easy-appointments

Score: 93/100 Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.11.0 Patched: 3.11.1 Updated: June 30, 2026

LOW

database-collation-fix

Score: 93/100 Database Collation Fix <= 1.2.7 - Cross-Site Request Forgery via admin_page Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

custom-order-numbers-for-woocommerce

Score: 93/100 Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

contact-form-to-db

Score: 93/100 Contact Form to DB <= 1.7.0 - Multiple Cross-Site Scripting Affected: *-1.7.0 Patched: 1.7.1 Updated: June 30, 2026

LOW

codeflavors-vimeo-video-post-lite

Score: 93/100 Vimeotheque <= 2.2.1 - Reflected Cross-Site Scripting via 'view' and 'page' Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

booqable-rental-reservations

Score: 91/100 Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.15 Patched: 2.4.16 Updated: June 30, 2026

Showing 25501 to 25600 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 05:08 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List