Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
woo-conditional-product-fees-for-checkout	woo-conditional-product-fees-for-checkout	N/A	Extra Fees Plugin for WooCommerce <= 4.3.3 - Cross-Site Request Forgery	LOW	*-4.3.3	4.3.4	June 30, 2026
visual-link-preview	visual-link-preview	N/A	Visual Link Preview <= 2.3.0 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-2.3.0	2.3.1	June 30, 2026
video-conferencing-with-zoom-api	video-conferencing-with-zoom-api	N/A	Video Conferencing with Zoom < 4.6.6 - Missing Authorization	LOW	[*, 4.6.6)	4.6.6	June 30, 2026
url-shortify	url-shortify	N/A	URL Shortify <= 1.12.3 - Authenticated (Author+) Server-Side Request Forgery	LOW	*-1.12.3	1.12.4	June 30, 2026
shiptime-discount-shipping	shiptime-discount-shipping	N/A	ShipTime: Discounted Shipping Rates <= 1.1.1 - Missing Authorization	LOW	*-1.1.1		June 30, 2026
pojo-accessibility	pojo-accessibility	N/A	Ally <= 4.0.2 - Missing Authorization	LOW	*-4.0.2	4.0.3	June 30, 2026
Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization	nelio-ab-testing	81	Nelio AB Testing <= 8.2.4 - Authenticated (Editor+) SQL Injection	LOW	*-8.2.4	8.2.5	June 30, 2026
izooto-web-push	izooto-web-push	93	iZooto <= 3.7.20 - Missing Authorization	LOW	*-3.7.20	3.7.21	June 30, 2026
greenly-addons	greenly-addons	93	Greenly Theme Addons < 8.2 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 8.2)	8.2	June 30, 2026
google-distance-calculator	google-distance-calculator	91	MK Google Directions <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.1		June 30, 2026
Download Manager	download-manager	63	Download Manager <= 3.3.52 - Missing Authorization	LOW	*-3.3.52	3.3.53	June 30, 2026
court-reservation	court-reservation	89	Court Reservation <= 1.10.11 - Missing Authorization	LOW	*-1.10.11		June 30, 2026
checkout-for-paypal	checkout-for-paypal	93	Checkout for PayPal <= 1.0.46 - Missing Authorization	LOW	*-1.0.46	1.0.47	June 30, 2026
dealia-request-a-quote	dealia-request-a-quote	91	Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes	LOW	*-1.0.8		June 30, 2026
wp-client-testimonial	wp-client-testimonial	N/A	Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting	LOW	*-2.0		June 30, 2026
institute-management	institute-management	91	Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting	LOW	*-5.5		June 30, 2026
s2member	s2member	N/A	s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover	LOW	*-260127	260215	June 30, 2026
idonate	idonate	89	IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function	LOW	2.1.5-2.1.9	2.1.0	June 30, 2026
xo-event-calendar	xo-event-calendar	N/A	XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode	LOW	*-3.2.10		June 30, 2026
yamaps	yamaps	N/A	YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters	LOW	*-0.6.40	0.6.41	June 30, 2026
wp-customer-reviews	wp-customer-reviews	N/A	WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter	LOW	*-3.7.5	3.7.6	June 30, 2026
wp-simple-firewall	wp-simple-firewall	N/A	Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection	LOW	*-21.0.8	21.0.10	June 30, 2026
wp-simple-firewall	wp-simple-firewall	N/A	Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter	LOW	*-21.0.8	21.0.10	June 30, 2026
wp-simple-firewall	wp-simple-firewall	N/A	Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update	LOW	*-21.0.9	21.0.10	June 30, 2026
GEO Plugin by Squirrly SEO	squirrly-seo	N/A	SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection	LOW	*-12.4.14	12.4.15	June 30, 2026
Checkout Field Manager (Checkout Manager) for WooCommerce	woocommerce-checkout-manager	92	Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion	LOW	*-7.8.5	7.8.6	June 30, 2026
OneClick Chat to Order	oneclick-whatsapp-order	99	OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update	LOW	*-1.0.9	1.1.0	June 30, 2026
xmlrpc-attacks-blocker	xmlrpc-attacks-blocker	N/A	xmlrpc attacks blocker <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For'	LOW	*-1.0		June 30, 2026
tennis-court-bookings	tennis-court-bookings	N/A	Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters	LOW	*-1.2.7		June 30, 2026
remove-post-type-slug	remove-post-type-slug	N/A	Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.2		June 30, 2026
salavat-counter	salavat-counter	N/A	salavat counter Plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter	LOW	*-0.9.5		June 30, 2026
talkjs	talkjs	N/A	TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter	LOW	*-0.1.15	0.1.16	June 30, 2026
ixml	ixml	91	iXML – Google XML sitemap generator <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter	LOW	*-0.6		June 30, 2026
dealia-request-a-quote	dealia-request-a-quote	91	Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset	LOW	*-1.0.7	1.0.8	June 30, 2026
slider-future	slider-future	N/A	Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.0.5		June 30, 2026
easy-author-image	easy-author-image	91	Easy Author Image <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL	LOW	*-1.7		June 30, 2026
slidorion	slidorion	N/A	Slidorion <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings	LOW	*-1.0.2		June 30, 2026
news-element	news-element	N/A	News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss	LOW	*-1.0.8		June 30, 2026
advance-block-extend	advance-block-extend	95	Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute	LOW	*-1.0.4		June 30, 2026
toret-manager	toret-manager	N/A	Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions	LOW	*-1.2.7	1.3.0	June 30, 2026
prodigy-commerce	prodigy-commerce	N/A	Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]	LOW	*-3.3.0	3.3.1	June 30, 2026
whatsiplus-scheduled-notification-for-woocommerce	whatsiplus-scheduled-notification-for-woocommerce	N/A	Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action	LOW	*-1.0.1		June 30, 2026
lizza-lms-pro	lizza-lms-pro	93	Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation	LOW	*-1.0.3	1.0.4	June 30, 2026
postmarkapp-email-integrator	postmarkapp-email-integrator	N/A	PostmarkApp Email Integrator <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-2.4		June 30, 2026
orderable	orderable	N/A	Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation	LOW	*-1.20.0	1.20.1	June 30, 2026
Breeze Cache	breeze	79	Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion	LOW	*-2.2.21	2.2.22	June 30, 2026
country-blocker-for-adsense	country-blocker-for-adsense	91	Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0		June 30, 2026
page-title-description-open-graph-updater	page-title-description-open-graph-updater	N/A	Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification	LOW	*-1.02		June 30, 2026
apollo13-framework-extensions	apollo13-framework-extensions	97	Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter	LOW	*-1.9.8	1.9.9	June 30, 2026
two-factor-2fa-via-email	two-factor-2fa-via-email	N/A	Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token	LOW	*-1.9.8	1.9.9	June 30, 2026
wp-audio-gallery	wp-audio-gallery	N/A	WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation	LOW	*-2.0		June 30, 2026
webappick-product-feed-for-woocommerce	webappick-product-feed-for-woocommerce	N/A	CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation	LOW	*-6.6.11	6.6.12	June 30, 2026
Checkout Field Manager (Checkout Manager) for WooCommerce	woocommerce-checkout-manager	92	Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload	LOW	*-7.8.1	7.8.2	June 30, 2026
Advanced Ads – Ad Manager & AdSense	advanced-ads	80	Advanced Ads – Ad Manager & AdSense <= 2.0.14 - Missing Authorization to Authenticated (Subscriber+) Ad Placements Update	LOW	*-2.0.14	2.0.15	June 30, 2026
clasifico-listing	clasifico-listing	91	Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation	LOW	*-2.0		June 30, 2026
easy-svg	easy-svg	93	Easy SVG Support <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-4.0	4.1	June 30, 2026
printful-shipping-for-woocommerce	printful-shipping-for-woocommerce	N/A	Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-2.2.11	2.2.12	June 30, 2026
Aruba HiSpeed Cache	aruba-hispeed-cache	94	Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification	LOW	*-3.0.2	3.0.3	June 30, 2026
navz-photo-gallery	navz-photo-gallery	N/A	ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification	LOW	*-3.0	3.1	June 30, 2026
mailchimp	mailchimp	93	Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change	LOW	*-2.0.0	2.0.1	June 30, 2026
Aruba HiSpeed Cache	aruba-hispeed-cache	94	Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting	LOW	*-3.0.2	3.0.3	June 30, 2026
gdpr-cookie-consent	gdpr-cookie-consent	93	Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure	LOW	*-4.1.2	4.1.3	June 30, 2026
the-plus-addons-for-elementor-page-builder	the-plus-addons-for-elementor-page-builder	N/A	The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type'	LOW	*-6.4.7	6.4.8	June 30, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection	LOW	*-2.4.14	2.4.15	June 30, 2026
woo-razorpay	woo-razorpay	N/A	Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification	LOW	*-4.7.8	4.7.9	June 30, 2026
widget-for-eventbrite-api	widget-for-eventbrite-api	N/A	Display Eventbrite Events <= 6.5.6 - Missing Authorization	LOW	*-6.5.6	6.5.7	June 30, 2026
Product Table & List Builder for WooCommerce Lite	wc-product-table-lite	N/A	Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter	LOW	*-4.6.2	4.6.3	June 30, 2026
virusdie	virusdie	N/A	Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure	LOW	*-1.1.7	1.1.8	June 30, 2026
truebooker-appointment-booking	truebooker-appointment-booking	N/A	TrueBooker <= 1.1.6 - Missing Authorization	LOW	*-1.1.6	1.1.7	June 30, 2026
tablesome	tablesome	N/A	Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation	LOW	0.5.4-1.2.1	1.2.2	June 30, 2026
sms-alert	sms-alert	N/A	SMS Alert Order Notifications <= 3.9.0 - Missing Authorization	LOW	*-3.9.0	3.9.1	June 30, 2026
smartsupp-live-chat	smartsupp-live-chat	N/A	Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.9.1	3.9.2	June 30, 2026
simple-membership	simple-membership	N/A	Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values	LOW	*-4.7.0	4.7.1	June 30, 2026
shopbuilder	shopbuilder	N/A	ShopBuilder – Elementor WooCommerce Builder Addons <= 3.2.4 - Unauthenticated Information Exposure	LOW	*-3.2.4	3.2.5	June 30, 2026
service-booking-manager	service-booking-manager	N/A	WpBookingly <= 1.2.9 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.2.9	1.3.0	June 30, 2026
seo-image	seo-image	N/A	SEO Friendly Images <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.5		June 30, 2026
s2member	s2member	N/A	s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-251005	260101	June 30, 2026
product-price-by-formula-for-woocommerce	product-price-by-formula-for-woocommerce	N/A	Product Price by Formula for WooCommerce <= 2.5.6 - Missing Authorization	LOW	*-2.5.6		June 30, 2026
popup-builder	popup-builder	N/A	Popup Builder - Create highly converting, mobile friendly marketing popups. <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens	LOW	*-4.4.2	4.4.3	June 30, 2026
official-statcounter-plugin-for-wordpress	official-statcounter-plugin-for-wordpress	N/A	Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname	LOW	*-2.1.0	2.1.1	June 30, 2026
nm-gift-registry-and-wishlist-lite	nm-gift-registry-and-wishlist-lite	N/A	NM Gift Registry and Wishlist Lite <= 5.13 - Missing Authorization	LOW	*-5.13	5.14	June 30, 2026
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization	nitropack	67	NitroPack <= 1.19.3 - Missing Authorization	LOW	*-1.19.3	1.19.4	June 30, 2026
mp3-music-player-by-sonaar	mp3-music-player-by-sonaar	N/A	MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure	LOW	4.0-5.10	5.11	June 30, 2026
mesmerize-companion	mesmerize-companion	93	Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update	LOW	*-1.6.158	1.6.162	June 30, 2026
mail-mint	mail-mint	93	Mail Mint <= 1.19.4 - Missing Authorization	LOW	*-1.19.4	1.19.5	June 30, 2026
Event Booking Manager for WooCommerce	mage-eventpress	82	WpEvently <= 5.1.1 - Unauthenticated PHP Object Injection	LOW	*-5.1.1	5.1.2	June 30, 2026
library-management-system	library-management-system	93	Library Management System <= 3.2.1 - Unauthenticated SQL Injection	LOW	*-3.2.1	3.3	June 30, 2026
leadrebel	leadrebel	91	Leadrebel <= 1.0.2 - Missing Authorization	LOW	*-1.0.2		June 30, 2026
korea-sns	korea-sns	91	Korea SNS <= 1.7.0 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.7.0		June 30, 2026
hellobar	hellobar	93	Hello Bar Popup Builder <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.1	1.5.2	June 30, 2026
groups	groups	93	Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode	LOW	*-3.10.0	3.11.0	June 30, 2026
final-tiles-grid-gallery-lite	final-tiles-grid-gallery-lite	93	Image Photo Gallery Final Tiles Grid <= 3.6.10 - Missing Authorization	LOW	*-3.6.10	3.6.11	June 30, 2026
envo-extra	envo-extra	93	Envo Extra <= 1.9.13 - Missing Authorization	LOW	*-1.9.13	1.9.14	June 30, 2026
Easy Table of Contents	easy-table-of-contents	95	Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.78	2.0.79	June 30, 2026
devvn-image-hotspot	devvn-image-hotspot	93	Image Hotspot by DevVN <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta	LOW	*-1.2.9	1.3.0	June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 6.0.7.6 - Missing Authorization	LOW	*-6.0.7.6	6.0.7.7	June 30, 2026
breadcrumb-navxt	breadcrumb-navxt	93	Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure	LOW	*-7.5.0	7.5.1	June 30, 2026
book-previewer-for-woocommerce	book-previewer-for-woocommerce	91	Book Previewer for Woocommerce <= 1.0.6 - Missing Authorization	LOW	*-1.0.6		June 30, 2026
BackWPup – WordPress Backup & Restore Plugin	backwpup	96	BackWPup 5.0.0 - 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update	LOW	5.0.0-5.6.2	5.6.3	June 30, 2026
Aruba HiSpeed Cache	aruba-hispeed-cache	94	Aruba HiSpeed Cache <= 3.0.4 - Missing Authorization	LOW	*-3.0.4	3.0.5	June 30, 2026

LOW

woo-conditional-product-fees-for-checkout

Score: N/A Extra Fees Plugin for WooCommerce <= 4.3.3 - Cross-Site Request Forgery Affected: *-4.3.3 Patched: 4.3.4 Updated: June 30, 2026

LOW

visual-link-preview

Score: N/A Visual Link Preview <= 2.3.0 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026

LOW

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom < 4.6.6 - Missing Authorization Affected: [*, 4.6.6) Patched: 4.6.6 Updated: June 30, 2026

LOW

url-shortify

Score: N/A URL Shortify <= 1.12.3 - Authenticated (Author+) Server-Side Request Forgery Affected: *-1.12.3 Patched: 1.12.4 Updated: June 30, 2026

LOW

shiptime-discount-shipping

Score: N/A ShipTime: Discounted Shipping Rates <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

pojo-accessibility

Score: N/A Ally <= 4.0.2 - Missing Authorization Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization

nelio-ab-testing

Score: 81/100 Nelio AB Testing <= 8.2.4 - Authenticated (Editor+) SQL Injection Affected: *-8.2.4 Patched: 8.2.5 Updated: June 30, 2026

LOW

izooto-web-push

Score: 93/100 iZooto <= 3.7.20 - Missing Authorization Affected: *-3.7.20 Patched: 3.7.21 Updated: June 30, 2026

LOW

greenly-addons

Score: 93/100 Greenly Theme Addons < 8.2 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 8.2) Patched: 8.2 Updated: June 30, 2026

LOW

google-distance-calculator

Score: 91/100 MK Google Directions <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.1 Patched: Updated: June 30, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.52 - Missing Authorization Affected: *-3.3.52 Patched: 3.3.53 Updated: June 30, 2026

LOW

court-reservation

Score: 89/100 Court Reservation <= 1.10.11 - Missing Authorization Affected: *-1.10.11 Patched: Updated: June 30, 2026

LOW

checkout-for-paypal

Score: 93/100 Checkout for PayPal <= 1.0.46 - Missing Authorization Affected: *-1.0.46 Patched: 1.0.47 Updated: June 30, 2026

LOW

dealia-request-a-quote

Score: 91/100 Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

wp-client-testimonial

Score: N/A Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

institute-management

Score: 91/100 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting Affected: *-5.5 Patched: Updated: June 30, 2026

LOW

s2member

Score: N/A s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-260127 Patched: 260215 Updated: June 30, 2026

LOW

Score: 89/100 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function Affected: 2.1.5-2.1.9 Patched: 2.1.0 Updated: June 30, 2026

LOW

xo-event-calendar

Score: N/A XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode Affected: *-3.2.10 Patched: Updated: June 30, 2026

LOW

yamaps

Score: N/A YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters Affected: *-0.6.40 Patched: 0.6.41 Updated: June 30, 2026

LOW

wp-customer-reviews

Score: N/A WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter Affected: *-3.7.5 Patched: 3.7.6 Updated: June 30, 2026

LOW

wp-simple-firewall

Score: N/A Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection Affected: *-21.0.8 Patched: 21.0.10 Updated: June 30, 2026

LOW

wp-simple-firewall

Score: N/A Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter Affected: *-21.0.8 Patched: 21.0.10 Updated: June 30, 2026

LOW

wp-simple-firewall

Score: N/A Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update Affected: *-21.0.9 Patched: 21.0.10 Updated: June 30, 2026

LOW

GEO Plugin by Squirrly SEO

squirrly-seo

Score: N/A SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection Affected: *-12.4.14 Patched: 12.4.15 Updated: June 30, 2026

LOW

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

Score: 92/100 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion Affected: *-7.8.5 Patched: 7.8.6 Updated: June 30, 2026

LOW

OneClick Chat to Order

oneclick-whatsapp-order

Score: 99/100 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026

LOW

xmlrpc-attacks-blocker

Score: N/A xmlrpc attacks blocker <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

tennis-court-bookings

Score: N/A Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters Affected: *-1.2.7 Patched: Updated: June 30, 2026

LOW

remove-post-type-slug

Score: N/A Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

salavat-counter

Score: N/A salavat counter Plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter Affected: *-0.9.5 Patched: Updated: June 30, 2026

LOW

talkjs

Score: N/A TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter Affected: *-0.1.15 Patched: 0.1.16 Updated: June 30, 2026

LOW

ixml

Score: 91/100 iXML – Google XML sitemap generator <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter Affected: *-0.6 Patched: Updated: June 30, 2026

LOW

dealia-request-a-quote

Score: 91/100 Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

slider-future

Score: N/A Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

easy-author-image

Score: 91/100 Easy Author Image <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

slidorion

Score: N/A Slidorion <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

news-element

Score: N/A News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

advance-block-extend

Score: 95/100 Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

toret-manager

Score: N/A Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions Affected: *-1.2.7 Patched: 1.3.0 Updated: June 30, 2026

LOW

prodigy-commerce

Score: N/A Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name] Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026

LOW

whatsiplus-scheduled-notification-for-woocommerce

Score: N/A Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

lizza-lms-pro

Score: 93/100 Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

postmarkapp-email-integrator

Score: N/A PostmarkApp Email Integrator <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

orderable

Score: N/A Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-1.20.0 Patched: 1.20.1 Updated: June 30, 2026

LOW

Breeze Cache

breeze

Score: 79/100 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion Affected: *-2.2.21 Patched: 2.2.22 Updated: June 30, 2026

LOW

country-blocker-for-adsense

Score: 91/100 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

page-title-description-open-graph-updater

Score: N/A Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification Affected: *-1.02 Patched: Updated: June 30, 2026

LOW

apollo13-framework-extensions

Score: 97/100 Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter Affected: *-1.9.8 Patched: 1.9.9 Updated: June 30, 2026

LOW

two-factor-2fa-via-email

Score: N/A Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token Affected: *-1.9.8 Patched: 1.9.9 Updated: June 30, 2026

LOW

wp-audio-gallery

Score: N/A WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

webappick-product-feed-for-woocommerce

Score: N/A CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation Affected: *-6.6.11 Patched: 6.6.12 Updated: June 30, 2026

LOW

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

Score: 92/100 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload Affected: *-7.8.1 Patched: 7.8.2 Updated: June 30, 2026

LOW

Advanced Ads – Ad Manager & AdSense

advanced-ads

Score: 80/100 Advanced Ads – Ad Manager & AdSense <= 2.0.14 - Missing Authorization to Authenticated (Subscriber+) Ad Placements Update Affected: *-2.0.14 Patched: 2.0.15 Updated: June 30, 2026

LOW

clasifico-listing

Score: 91/100 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

easy-svg

Score: 93/100 Easy SVG Support <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-4.0 Patched: 4.1 Updated: June 30, 2026

LOW

printful-shipping-for-woocommerce

Score: N/A Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-2.2.11 Patched: 2.2.12 Updated: June 30, 2026

LOW

Aruba HiSpeed Cache

aruba-hispeed-cache

Score: 94/100 Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification Affected: *-3.0.2 Patched: 3.0.3 Updated: June 30, 2026

LOW

navz-photo-gallery

Score: N/A ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

mailchimp

Score: 93/100 Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

Aruba HiSpeed Cache

aruba-hispeed-cache

Score: 94/100 Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting Affected: *-3.0.2 Patched: 3.0.3 Updated: June 30, 2026

LOW

gdpr-cookie-consent

Score: 93/100 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure Affected: *-4.1.2 Patched: 4.1.3 Updated: June 30, 2026

LOW

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' Affected: *-6.4.7 Patched: 6.4.8 Updated: June 30, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection Affected: *-2.4.14 Patched: 2.4.15 Updated: June 30, 2026

LOW

woo-razorpay

Score: N/A Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification Affected: *-4.7.8 Patched: 4.7.9 Updated: June 30, 2026

LOW

widget-for-eventbrite-api

Score: N/A Display Eventbrite Events <= 6.5.6 - Missing Authorization Affected: *-6.5.6 Patched: 6.5.7 Updated: June 30, 2026

LOW

Product Table & List Builder for WooCommerce Lite

wc-product-table-lite

Score: N/A Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter Affected: *-4.6.2 Patched: 4.6.3 Updated: June 30, 2026

LOW

virusdie

Score: N/A Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

truebooker-appointment-booking

Score: N/A TrueBooker <= 1.1.6 - Missing Authorization Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation Affected: 0.5.4-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

sms-alert

Score: N/A SMS Alert Order Notifications <= 3.9.0 - Missing Authorization Affected: *-3.9.0 Patched: 3.9.1 Updated: June 30, 2026

LOW

smartsupp-live-chat

Score: N/A Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.9.1 Patched: 3.9.2 Updated: June 30, 2026

LOW

simple-membership

Score: N/A Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values Affected: *-4.7.0 Patched: 4.7.1 Updated: June 30, 2026

LOW

shopbuilder

Score: N/A ShopBuilder – Elementor WooCommerce Builder Addons <= 3.2.4 - Unauthenticated Information Exposure Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

service-booking-manager

Score: N/A WpBookingly <= 1.2.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.2.9 Patched: 1.3.0 Updated: June 30, 2026

LOW

seo-image

Score: N/A SEO Friendly Images <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.5 Patched: Updated: June 30, 2026

LOW

s2member

Score: N/A s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-251005 Patched: 260101 Updated: June 30, 2026

LOW

product-price-by-formula-for-woocommerce

Score: N/A Product Price by Formula for WooCommerce <= 2.5.6 - Missing Authorization Affected: *-2.5.6 Patched: Updated: June 30, 2026

LOW

popup-builder

Score: N/A Popup Builder - Create highly converting, mobile friendly marketing popups. <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens Affected: *-4.4.2 Patched: 4.4.3 Updated: June 30, 2026

LOW

official-statcounter-plugin-for-wordpress

Score: N/A Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname Affected: *-2.1.0 Patched: 2.1.1 Updated: June 30, 2026

LOW

nm-gift-registry-and-wishlist-lite

Score: N/A NM Gift Registry and Wishlist Lite <= 5.13 - Missing Authorization Affected: *-5.13 Patched: 5.14 Updated: June 30, 2026

LOW

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

Score: 67/100 NitroPack <= 1.19.3 - Missing Authorization Affected: *-1.19.3 Patched: 1.19.4 Updated: June 30, 2026

LOW

mp3-music-player-by-sonaar

Score: N/A MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure Affected: 4.0-5.10 Patched: 5.11 Updated: June 30, 2026

LOW

mesmerize-companion

Score: 93/100 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update Affected: *-1.6.158 Patched: 1.6.162 Updated: June 30, 2026

LOW

mail-mint

Score: 93/100 Mail Mint <= 1.19.4 - Missing Authorization Affected: *-1.19.4 Patched: 1.19.5 Updated: June 30, 2026

LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 5.1.1 - Unauthenticated PHP Object Injection Affected: *-5.1.1 Patched: 5.1.2 Updated: June 30, 2026

LOW

library-management-system

Score: 93/100 Library Management System <= 3.2.1 - Unauthenticated SQL Injection Affected: *-3.2.1 Patched: 3.3 Updated: June 30, 2026

LOW

leadrebel

Score: 91/100 Leadrebel <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

korea-sns

Score: 91/100 Korea SNS <= 1.7.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.7.0 Patched: Updated: June 30, 2026

LOW

hellobar

Score: 93/100 Hello Bar Popup Builder <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: June 30, 2026

LOW

groups

Score: 93/100 Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode Affected: *-3.10.0 Patched: 3.11.0 Updated: June 30, 2026

LOW

final-tiles-grid-gallery-lite

Score: 93/100 Image Photo Gallery Final Tiles Grid <= 3.6.10 - Missing Authorization Affected: *-3.6.10 Patched: 3.6.11 Updated: June 30, 2026

LOW

envo-extra

Score: 93/100 Envo Extra <= 1.9.13 - Missing Authorization Affected: *-1.9.13 Patched: 1.9.14 Updated: June 30, 2026

LOW

Easy Table of Contents

easy-table-of-contents

Score: 95/100 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.78 Patched: 2.0.79 Updated: June 30, 2026

LOW

devvn-image-hotspot

Score: 93/100 Image Hotspot by DevVN <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta Affected: *-1.2.9 Patched: 1.3.0 Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 6.0.7.6 - Missing Authorization Affected: *-6.0.7.6 Patched: 6.0.7.7 Updated: June 30, 2026

LOW

breadcrumb-navxt

Score: 93/100 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure Affected: *-7.5.0 Patched: 7.5.1 Updated: June 30, 2026

LOW

book-previewer-for-woocommerce

Score: 91/100 Book Previewer for Woocommerce <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

BackWPup – WordPress Backup & Restore Plugin

backwpup

Score: 96/100 BackWPup 5.0.0 - 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update Affected: 5.0.0-5.6.2 Patched: 5.6.3 Updated: June 30, 2026

LOW

Aruba HiSpeed Cache

aruba-hispeed-cache

Score: 94/100 Aruba HiSpeed Cache <= 3.0.4 - Missing Authorization Affected: *-3.0.4 Patched: 3.0.5 Updated: June 30, 2026

Showing 2501 to 2600 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 03:56 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List