Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
connections	connections	91	Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-10.4.36	10.4.37	June 30, 2026
cancel-order-request-woocommerce	cancel-order-request-woocommerce	93	Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.2	1.3.3	June 30, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Amelia <= 1.0.75 - Unauthenticated Reflected Cross-Site Scripting via 'code'	LOW	*-1.0.75	1.0.76	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset	LOW	*-1.2.3	1.2.4	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset	LOW	*-1.2.4	1.2.5	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change	LOW	*-1.2.4	1.2.5	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset	LOW	*-1.2.3	1.2.4	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update	LOW	*-1.2.4	1.2.5	June 30, 2026
yourchannel	yourchannel	N/A	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset	LOW	*-1.2.4	1.2.5	June 30, 2026
SEOPress – AI SEO Plugin & On-site SEO	wp-seopress	79	SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection	LOW	*-6.5.0.2	6.5.0.3	June 30, 2026
woo-product-feed-pro	woo-product-feed-pro	N/A	Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery	LOW	*-12.4.4	12.4.5	June 30, 2026
wc-multivendor-membership	wc-multivendor-membership	N/A	WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation	LOW	*-2.10.0	2.10.1	June 30, 2026
wc-multivendor-membership	wc-multivendor-membership	N/A	WCFM Membership <= 2.9.10 - Cross-Site Request Forgery	LOW	*-2.9.10	2.10.0	June 30, 2026
wc-multivendor-membership	wc-multivendor-membership	N/A	WCFM Membership <= 2.10.0 - Missing Authorization	LOW	*-2.10.0	2.10.1	June 30, 2026
wc-multivendor-marketplace	wc-multivendor-marketplace	N/A	WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery	LOW	*-3.4.12	3.5.0	June 30, 2026
wc-multivendor-marketplace	wc-multivendor-marketplace	N/A	WCFM Marketplace <= 3.4.11 - Missing Authorization	LOW	*-3.4.11	3.4.12	June 30, 2026
wc-frontend-manager	wc-frontend-manager	N/A	WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery	LOW	*-6.5.13	6.6.0	June 30, 2026
wc-frontend-manager	wc-frontend-manager	N/A	WCFM Frontend Manager <= 6.6.0 - Missing Authorization	LOW	6.6.0	6.6.1	June 30, 2026
stagtools	stagtools	N/A	Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode	LOW	*-2.3.6	2.3.7	June 30, 2026
Site Reviews	site-reviews	N/A	Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-6.7.0	6.7.1	June 30, 2026
fancy-product-designer	fancy-product-designer	93	Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions	LOW	*-4.6.9	4.7.0	June 30, 2026
fancy-product-designer	fancy-product-designer	93	Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options	LOW	*-4.6.9	4.7.0	June 30, 2026
spotify-play-button-for-wordpress	spotify-play-button-for-wordpress	N/A	Sp*tify Play Button for WordPress <= 2.07 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.07	2.08	June 30, 2026
popup-zyrex	popup-zyrex	N/A	Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.0	1.1	June 30, 2026
libsyn-podcasting	libsyn-podcasting	86	Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure	LOW	*-1.3.2	1.4.1	June 30, 2026
comment-reply-notification	comment-reply-notification	91	Comment Reply Notification <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 30, 2026
amr-ical-events-list	amr-ical-events-list	95	Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-6.6		June 30, 2026
wp-shoutbox-live-chat	wp-shoutbox-live-chat	N/A	Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.4.2		June 30, 2026
wp-shoutbox-live-chat	wp-shoutbox-live-chat	N/A	Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQL Injection	LOW	*-1.4.2		June 30, 2026
wp-fevents-book	wp-fevents-book	N/A	WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Insecure Direct Object Reference to Booking Manipulation	LOW	*-0.46	0.47	June 30, 2026
wp-fevents-book	wp-fevents-book	N/A	WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-0.46		June 30, 2026
wp-copysafe-web	wp-copysafe-web	N/A	CopySafe Web Protection <= 3.13 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.13	3.14	June 30, 2026
smtp-mailing-queue	smtp-mailing-queue	N/A	SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.4.7	2.0.0	June 30, 2026
randomtext	randomtext	N/A	Random Text <= 0.3.0 - Authenticated (Subscriber+) SQL Injection	LOW	*-0.3.0		June 30, 2026
propertyhive	propertyhive	N/A	PropertyHive <= 1.5.46 - Reflected Cross-Site Scripting via 'merge_ids'	LOW	*-1.5.46	1.5.47	June 30, 2026
product-page-shipping-calculator-for-woocommerce	product-page-shipping-calculator-for-woocommerce	N/A	Product page shipping calculator for WooCommerce <= 1.3.20 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.20	1.3.21	June 30, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings	LOW	*-2.9.34	2.9.35	June 30, 2026
magic-post-thumbnail	magic-post-thumbnail	93	Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting	LOW	*-4.1.10	4.1.11	June 30, 2026
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager	insert-headers-and-footers	86	WPCode <= 2.0.8 - Cross-Site Request Forgery	LOW	*-2.0.8	2.0.9	June 30, 2026
ht-builder	ht-builder	93	HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation	LOW	*-1.2.9	1.3.0	June 30, 2026
enquiry-quotation-for-woocommerce	enquiry-quotation-for-woocommerce	93	Product Enquiry for WooCommerce <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.12	2.2.13	June 30, 2026
albo-pretorio-on-line	albo-pretorio-on-line	95	Albo Pretorio Online <= 4.6.1 - Reflected Cross-Site Scripting	LOW	*-4.6.1	4.6.2	June 30, 2026
ajax-search-pro	ajax-search-pro	97	Ajax Search Pro <= 4.26.1 - Reflected Cross-Site Scripting	LOW	*-4.26.1	4.26.2	June 30, 2026
ajax-search-lite	ajax-search-lite	97	Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting	LOW	*-4.11	4.11.1	June 30, 2026
advanced-custom-fields	advanced-custom-fields	97	Advanced Custom Fields <= 6.0.7 - Authenticated (Contributor+) PHP Object Injection	LOW	*-5.12.4, 6.0.0-6.0.7	5.12.5	June 30, 2026
premmerce	premmerce	N/A	Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction	LOW	*-1.3.18	1.3.19	June 30, 2026
show-posts	show-posts	N/A	Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name	LOW	*-1.6	1.7	June 30, 2026
wpdevart-vertical-menu	wpdevart-vertical-menu	N/A	Responsive Vertical Icon Menu <= 1.5.8 - Reflected Cross-Site Scripting via 'id'	LOW	*-1.5.8	1.5.9	June 30, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates <= 5.4.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.4.3	5.4.4	June 30, 2026
really-simple-google-tag-manager	really-simple-google-tag-manager	N/A	Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation	LOW	*-1.0.6	1.0.7	June 30, 2026
pi-woocommerce-order-date-time-and-type	pi-woocommerce-order-date-time-and-type	N/A	Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.0.19	3.0.20	June 30, 2026
intelly-welcome-bar	intelly-welcome-bar	91	Welcome Bar <= 2.0.3 - Cross-Site Request Forgery	LOW	*-2.0.3	2.0.4	June 30, 2026
intelly-welcome-bar	intelly-welcome-bar	91	Welcome Bar <= 2.0.3 - Missing Authorization	LOW	*-2.0.3	2.0.4	June 30, 2026
health-check	health-check	91	Health Check & Troubleshooting <= 1.5.1 - Cross-Site Request Forgery via health_check_troubleshoot_get_captures	LOW	*-1.5.1	1.6.0	June 30, 2026
enhanced-wordpress-contactform	enhanced-wordpress-contactform	93	Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.3	2.3	June 30, 2026
enhanced-wordpress-contactform	enhanced-wordpress-contactform	93	Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.3	2.2.4	June 30, 2026
conditional-extra-fees-for-woocommerce	conditional-extra-fees-for-woocommerce	93	Conditional cart fee / Extra charge rule for WooCommerce extra fees <= 1.0.96 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.96	1.0.97	June 30, 2026
advanced-local-pickup-for-woocommerce	advanced-local-pickup-for-woocommerce	97	Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery	LOW	*-1.5.2	1.5.3	June 30, 2026
zippy	zippy	N/A	Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure	LOW	*-1.6.1	1.6.2	June 30, 2026
wpappninja	wpappninja	N/A	WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-11.20	11.21	June 30, 2026
wp-trending-post-slider-and-widget	wp-trending-post-slider-and-widget	N/A	Trending/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count	LOW	*-1.5.7	1.5.8	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode	LOW	*-4.9.3.3	4.9.3.4	June 30, 2026
wishsuite	wishsuite	N/A	WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation()	LOW	*-1.3.3	1.3.4	June 30, 2026
swatchly	swatchly	N/A	Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation	LOW	*-1.2.0	1.2.1	June 30, 2026
premmerce-redirect-manager	premmerce-redirect-manager	N/A	Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect()	LOW	*-1.0.10	1.0.11	June 30, 2026
premmerce-redirect-manager	premmerce-redirect-manager	N/A	Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.9	1.0.12	June 30, 2026
pixfields	pixfields	N/A	PixFields <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.7.0		June 30, 2026
no-captcha-recaptcha-for-woocommerce	no-captcha-recaptcha-for-woocommerce	N/A	No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Authenticated(Admin+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-1.2.6		June 30, 2026
no-captcha-recaptcha-for-woocommerce	no-captcha-recaptcha-for-woocommerce	N/A	No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Missing Authorization to Notification Dismissal	LOW	*-1.2.6		June 30, 2026
n-media-wp-simple-quiz	n-media-wp-simple-quiz	N/A	Easy Quiz Maker <= 1.5 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.5	2.0	June 30, 2026
just-tables	just-tables	93	JustTables – WooCommerce Product Table <= 1.4.9 - Cross-Site Request Forgery via plugin_activation()	LOW	*-1.4.9	1.5.0	June 30, 2026
ht-menu-lite	ht-menu-lite	93	HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation	LOW	*-1.2.1	1.2.2	June 30, 2026
external-media	external-media	89	External Media <= 1.0.36 - Authenticated(Author+) File Upload to Stored Cross-Site Scripting via SVG	LOW	*-1.0.36		June 30, 2026
custom-more-link-complete	custom-more-link-complete	91	Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.1		June 30, 2026
configurable-tag-cloud-widget	configurable-tag-cloud-widget	93	Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()	LOW	*-5.2	5.3	June 30, 2026
affiliate-toolkit-starter	affiliate-toolkit-starter	95	affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.3.3	3.3.4	June 30, 2026
add-to-cart-direct-checkout-for-woocommerce	add-to-cart-direct-checkout-for-woocommerce	97	Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.48	2.1.49	June 30, 2026
yikes-inc-easy-mailchimp-extender	yikes-inc-easy-mailchimp-extender	N/A	Easy Forms for MailChimp <= 6.8.7 - Reflected Cross-Site Scripting	LOW	*-6.8.7	6.8.8	June 30, 2026
wpvr	wpvr	N/A	WP VR <= 8.2.9 - Missing Authorization	LOW	*-8.2.9	8.3.0	June 30, 2026
wp-ultimate-review	wp-ultimate-review	N/A	Wp Ultimate Review <= 2.0.3 - Cross-Site Request Forgery	LOW	*-2.0.3	2.1.0	June 30, 2026
wp-ultimate-review	wp-ultimate-review	N/A	Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.3	2.1.0	June 30, 2026
social-proof-testimonials-slider	social-proof-testimonials-slider	N/A	Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.3	2.2.4	June 30, 2026
mobile-banner	mobile-banner	93	Mobile Banner <= 1.5 - Cross-Site Request Forgery leading to Plugin Settings Changes	LOW	*-1.5	1.6	June 30, 2026
mega_main_menu	mega_main_menu	89	Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting	LOW	*-2.2.2		June 30, 2026
happyfiles-pro	happyfiles-pro	93	HappyFiles Pro <= 1.8.1 - Missing Authorization to Arbitrary File Deletion	LOW	*-1.8.1	1.8.2	June 30, 2026
happyfiles-pro	happyfiles-pro	93	HappyFiles Pro <= 1.8.1 - Missing Authorization	LOW	*-1.8.1	1.8.2	June 30, 2026
happy-elementor-addons	happy-elementor-addons	93	Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout()	LOW	*-3.8.2	3.8.3	June 30, 2026
gmace	gmace	87	GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)	LOW	*-1.5.2		June 30, 2026
gift-voucher	gift-voucher	93	Gift Cards (Gift Vouchers and Packages) <= 4.3.2 - Unauthenticated SQL Injection	LOW	*-4.3.2	4.3.3	June 30, 2026
feed-them-social	feed-them-social	93	Feed Them Social <= 4.0.7 - Cross-Site Request Forgery	LOW	*-4.0.7	4.0.8	June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	AI ChatBot <= 4.4.7 - Missing Authorization on openai_settings_option_callback	LOW	*-4.4.7	4.4.8	June 30, 2026
affiliates-manager	affiliates-manager	97	Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action()	LOW	*-2.9.20	2.9.21	June 30, 2026
wp-image-carousel	wp-image-carousel	N/A	WP Image Carousel WordPress - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.2		June 30, 2026
woo-custom-checkout-fields	woo-custom-checkout-fields	N/A	Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1 - Reflected Cross-Site Scripting via 'tab'	LOW	*-0.1		June 30, 2026
Advanced Shipment Tracking for WooCommerce	woo-advanced-shipment-tracking	N/A	Advanced Shipment Tracking for WooCommerce <= 3.5.2 - Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list	LOW	*-3.5.2	3.5.3	June 30, 2026
wc-fields-factory	wc-fields-factory	N/A	WC Fields Factory <= 4.1.5 - Authenticated(Subscriber+) SQL Injection	LOW	*-4.1.5	4.1.6	June 30, 2026
video-central	video-central	N/A	Video Central for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.0		June 30, 2026
supportcandy	supportcandy	N/A	SupportCandy <= 3.1.3 - Sensitive Data Exposure	LOW	*-3.1.3	3.1.4	June 30, 2026
simple-author-box	simple-author-box	N/A	Simple Author Box <= 2.50 - Cross-Site Request Forgery via save_user_profile	LOW	*-2.50	2.51	June 30, 2026
product-specifications	product-specifications	N/A	Product Specifications for Woocommerce <= 0.6.0 - Reflected Cross-Site Scripting via Arbitrary Query String Parameter	LOW	*-0.6.0	0.7.0	June 30, 2026

LOW

connections

Score: 91/100 Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-10.4.36 Patched: 10.4.37 Updated: June 30, 2026

LOW

cancel-order-request-woocommerce

Score: 93/100 Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: June 30, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Amelia <= 1.0.75 - Unauthenticated Reflected Cross-Site Scripting via 'code' Affected: *-1.0.75 Patched: 1.0.76 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

yourchannel

Score: N/A YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

SEOPress – AI SEO Plugin & On-site SEO

wp-seopress

Score: 79/100 SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection Affected: *-6.5.0.2 Patched: 6.5.0.3 Updated: June 30, 2026

LOW

woo-product-feed-pro

Score: N/A Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery Affected: *-12.4.4 Patched: 12.4.5 Updated: June 30, 2026

LOW

wc-multivendor-membership

Score: N/A WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation Affected: *-2.10.0 Patched: 2.10.1 Updated: June 30, 2026

LOW

wc-multivendor-membership

Score: N/A WCFM Membership <= 2.9.10 - Cross-Site Request Forgery Affected: *-2.9.10 Patched: 2.10.0 Updated: June 30, 2026

LOW

wc-multivendor-membership

Score: N/A WCFM Membership <= 2.10.0 - Missing Authorization Affected: *-2.10.0 Patched: 2.10.1 Updated: June 30, 2026

LOW

wc-multivendor-marketplace

Score: N/A WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery Affected: *-3.4.12 Patched: 3.5.0 Updated: June 30, 2026

LOW

wc-multivendor-marketplace

Score: N/A WCFM Marketplace <= 3.4.11 - Missing Authorization Affected: *-3.4.11 Patched: 3.4.12 Updated: June 30, 2026

LOW

wc-frontend-manager

Score: N/A WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery Affected: *-6.5.13 Patched: 6.6.0 Updated: June 30, 2026

LOW

wc-frontend-manager

Score: N/A WCFM Frontend Manager <= 6.6.0 - Missing Authorization Affected: 6.6.0 Patched: 6.6.1 Updated: June 30, 2026

LOW

stagtools

Score: N/A Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-2.3.6 Patched: 2.3.7 Updated: June 30, 2026

LOW

Site Reviews

site-reviews

Score: N/A Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.7.0 Patched: 6.7.1 Updated: June 30, 2026

LOW

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions Affected: *-4.6.9 Patched: 4.7.0 Updated: June 30, 2026

LOW

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options Affected: *-4.6.9 Patched: 4.7.0 Updated: June 30, 2026

LOW

spotify-play-button-for-wordpress

Score: N/A Sp*tify Play Button for WordPress <= 2.07 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.07 Patched: 2.08 Updated: June 30, 2026

LOW

popup-zyrex

Score: N/A Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.0 Patched: 1.1 Updated: June 30, 2026

LOW

libsyn-podcasting

Score: 86/100 Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure Affected: *-1.3.2 Patched: 1.4.1 Updated: June 30, 2026

LOW

comment-reply-notification

Score: 91/100 Comment Reply Notification <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

amr-ical-events-list

Score: 95/100 Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.6 Patched: Updated: June 30, 2026

LOW

wp-shoutbox-live-chat

Score: N/A Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

wp-shoutbox-live-chat

Score: N/A Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQL Injection Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

wp-fevents-book

Score: N/A WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Insecure Direct Object Reference to Booking Manipulation Affected: *-0.46 Patched: 0.47 Updated: June 30, 2026

LOW

wp-fevents-book

Score: N/A WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.46 Patched: Updated: June 30, 2026

LOW

wp-copysafe-web

Score: N/A CopySafe Web Protection <= 3.13 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.13 Patched: 3.14 Updated: June 30, 2026

LOW

smtp-mailing-queue

Score: N/A SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.7 Patched: 2.0.0 Updated: June 30, 2026

LOW

randomtext

Score: N/A Random Text <= 0.3.0 - Authenticated (Subscriber+) SQL Injection Affected: *-0.3.0 Patched: Updated: June 30, 2026

LOW

propertyhive

Score: N/A PropertyHive <= 1.5.46 - Reflected Cross-Site Scripting via 'merge_ids' Affected: *-1.5.46 Patched: 1.5.47 Updated: June 30, 2026

LOW

product-page-shipping-calculator-for-woocommerce

Score: N/A Product page shipping calculator for WooCommerce <= 1.3.20 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.20 Patched: 1.3.21 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings Affected: *-2.9.34 Patched: 2.9.35 Updated: June 30, 2026

LOW

magic-post-thumbnail

Score: 93/100 Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.1.10 Patched: 4.1.11 Updated: June 30, 2026

LOW

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

Score: 86/100 WPCode <= 2.0.8 - Cross-Site Request Forgery Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

ht-builder

Score: 93/100 HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation Affected: *-1.2.9 Patched: 1.3.0 Updated: June 30, 2026

LOW

enquiry-quotation-for-woocommerce

Score: 93/100 Product Enquiry for WooCommerce <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.12 Patched: 2.2.13 Updated: June 30, 2026

LOW

albo-pretorio-on-line

Score: 95/100 Albo Pretorio Online <= 4.6.1 - Reflected Cross-Site Scripting Affected: *-4.6.1 Patched: 4.6.2 Updated: June 30, 2026

LOW

ajax-search-pro

Score: 97/100 Ajax Search Pro <= 4.26.1 - Reflected Cross-Site Scripting Affected: *-4.26.1 Patched: 4.26.2 Updated: June 30, 2026

LOW

ajax-search-lite

Score: 97/100 Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting Affected: *-4.11 Patched: 4.11.1 Updated: June 30, 2026

LOW

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 6.0.7 - Authenticated (Contributor+) PHP Object Injection Affected: *-5.12.4, 6.0.0-6.0.7 Patched: 5.12.5 Updated: June 30, 2026

LOW

premmerce

Score: N/A Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction Affected: *-1.3.18 Patched: 1.3.19 Updated: June 30, 2026

LOW

show-posts

Score: N/A Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

wpdevart-vertical-menu

Score: N/A Responsive Vertical Icon Menu <= 1.5.8 - Reflected Cross-Site Scripting via 'id' Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates <= 5.4.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.4.3 Patched: 5.4.4 Updated: June 30, 2026

LOW

really-simple-google-tag-manager

Score: N/A Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

pi-woocommerce-order-date-time-and-type

Score: N/A Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.19 Patched: 3.0.20 Updated: June 30, 2026

LOW

intelly-welcome-bar

Score: 91/100 Welcome Bar <= 2.0.3 - Cross-Site Request Forgery Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

intelly-welcome-bar

Score: 91/100 Welcome Bar <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

health-check

Score: 91/100 Health Check & Troubleshooting <= 1.5.1 - Cross-Site Request Forgery via health_check_troubleshoot_get_captures Affected: *-1.5.1 Patched: 1.6.0 Updated: June 30, 2026

LOW

enhanced-wordpress-contactform

Score: 93/100 Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.3 Updated: June 30, 2026

LOW

enhanced-wordpress-contactform

Score: 93/100 Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

conditional-extra-fees-for-woocommerce

Score: 93/100 Conditional cart fee / Extra charge rule for WooCommerce extra fees <= 1.0.96 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.96 Patched: 1.0.97 Updated: June 30, 2026

LOW

advanced-local-pickup-for-woocommerce

Score: 97/100 Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

zippy

Score: N/A Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

wpappninja

Score: N/A WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-11.20 Patched: 11.21 Updated: June 30, 2026

LOW

wp-trending-post-slider-and-widget

Score: N/A Trending/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count Affected: *-1.5.7 Patched: 1.5.8 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode Affected: *-4.9.3.3 Patched: 4.9.3.4 Updated: June 30, 2026

LOW

wishsuite

Score: N/A WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation() Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

swatchly

Score: N/A Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

premmerce-redirect-manager

Score: N/A Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect() Affected: *-1.0.10 Patched: 1.0.11 Updated: June 30, 2026

LOW

premmerce-redirect-manager

Score: N/A Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.0.12 Updated: June 30, 2026

LOW

pixfields

Score: N/A PixFields <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.7.0 Patched: Updated: June 30, 2026

LOW

no-captcha-recaptcha-for-woocommerce

Score: N/A No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Authenticated(Admin+) Stored Cross-Site Scripting via Plugin Settings Affected: *-1.2.6 Patched: Updated: June 30, 2026

LOW

no-captcha-recaptcha-for-woocommerce

Score: N/A No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Missing Authorization to Notification Dismissal Affected: *-1.2.6 Patched: Updated: June 30, 2026

LOW

n-media-wp-simple-quiz

Score: N/A Easy Quiz Maker <= 1.5 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.5 Patched: 2.0 Updated: June 30, 2026

LOW

just-tables

Score: 93/100 JustTables – WooCommerce Product Table <= 1.4.9 - Cross-Site Request Forgery via plugin_activation() Affected: *-1.4.9 Patched: 1.5.0 Updated: June 30, 2026

LOW

ht-menu-lite

Score: 93/100 HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

external-media

Score: 89/100 External Media <= 1.0.36 - Authenticated(Author+) File Upload to Stored Cross-Site Scripting via SVG Affected: *-1.0.36 Patched: Updated: June 30, 2026

LOW

custom-more-link-complete

Score: 91/100 Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: June 30, 2026

LOW

configurable-tag-cloud-widget

Score: 93/100 Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page() Affected: *-5.2 Patched: 5.3 Updated: June 30, 2026

LOW

affiliate-toolkit-starter

Score: 95/100 affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.3.3 Patched: 3.3.4 Updated: June 30, 2026

LOW

add-to-cart-direct-checkout-for-woocommerce

Score: 97/100 Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.48 Patched: 2.1.49 Updated: June 30, 2026

LOW

yikes-inc-easy-mailchimp-extender

Score: N/A Easy Forms for MailChimp <= 6.8.7 - Reflected Cross-Site Scripting Affected: *-6.8.7 Patched: 6.8.8 Updated: June 30, 2026

LOW

wpvr

Score: N/A WP VR <= 8.2.9 - Missing Authorization Affected: *-8.2.9 Patched: 8.3.0 Updated: June 30, 2026

LOW

wp-ultimate-review

Score: N/A Wp Ultimate Review <= 2.0.3 - Cross-Site Request Forgery Affected: *-2.0.3 Patched: 2.1.0 Updated: June 30, 2026

LOW

wp-ultimate-review

Score: N/A Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.1.0 Updated: June 30, 2026

LOW

social-proof-testimonials-slider

Score: N/A Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

mobile-banner

Score: 93/100 Mobile Banner <= 1.5 - Cross-Site Request Forgery leading to Plugin Settings Changes Affected: *-1.5 Patched: 1.6 Updated: June 30, 2026

LOW

mega_main_menu

Score: 89/100 Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-2.2.2 Patched: Updated: June 30, 2026

LOW

happyfiles-pro

Score: 93/100 HappyFiles Pro <= 1.8.1 - Missing Authorization to Arbitrary File Deletion Affected: *-1.8.1 Patched: 1.8.2 Updated: June 30, 2026

LOW

happyfiles-pro

Score: 93/100 HappyFiles Pro <= 1.8.1 - Missing Authorization Affected: *-1.8.1 Patched: 1.8.2 Updated: June 30, 2026

LOW

happy-elementor-addons

Score: 93/100 Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout() Affected: *-3.8.2 Patched: 3.8.3 Updated: June 30, 2026

LOW

gmace

Score: 87/100 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion) Affected: *-1.5.2 Patched: Updated: June 30, 2026

LOW

gift-voucher

Score: 93/100 Gift Cards (Gift Vouchers and Packages) <= 4.3.2 - Unauthenticated SQL Injection Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

feed-them-social

Score: 93/100 Feed Them Social <= 4.0.7 - Cross-Site Request Forgery Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 AI ChatBot <= 4.4.7 - Missing Authorization on openai_settings_option_callback Affected: *-4.4.7 Patched: 4.4.8 Updated: June 30, 2026

LOW

affiliates-manager

Score: 97/100 Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action() Affected: *-2.9.20 Patched: 2.9.21 Updated: June 30, 2026

LOW

wp-image-carousel

Score: N/A WP Image Carousel WordPress - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

woo-custom-checkout-fields

Score: N/A Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1 - Reflected Cross-Site Scripting via 'tab' Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

Score: N/A Advanced Shipment Tracking for WooCommerce <= 3.5.2 - Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list Affected: *-3.5.2 Patched: 3.5.3 Updated: June 30, 2026

LOW

wc-fields-factory

Score: N/A WC Fields Factory <= 4.1.5 - Authenticated(Subscriber+) SQL Injection Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

video-central

Score: N/A Video Central for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: June 30, 2026

LOW

supportcandy

Score: N/A SupportCandy <= 3.1.3 - Sensitive Data Exposure Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

simple-author-box

Score: N/A Simple Author Box <= 2.50 - Cross-Site Request Forgery via save_user_profile Affected: *-2.50 Patched: 2.51 Updated: June 30, 2026

LOW

product-specifications

Score: N/A Product Specifications for Woocommerce <= 0.6.0 - Reflected Cross-Site Scripting via Arbitrary Query String Parameter Affected: *-0.6.0 Patched: 0.7.0 Updated: June 30, 2026

Showing 25701 to 25800 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 08:09 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List