Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
phonepe-payment-solutions	phonepe-payment-solutions	N/A	PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.0.15	2.0.0	June 30, 2026
kopatheme	kopatheme	91	Kopa Framework <= 1.3.5 - Cross-Site Request Forgery	LOW	*-1.3.5		June 30, 2026
klaviyo	klaviyo	93	Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.0.7	3.0.8	June 30, 2026
integration-dynamics	integration-dynamics	93	Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log	LOW	*-1.3.12	1.3.13	June 30, 2026
fluid-checkout	fluid-checkout	93	Fluid Checkout for WooCommerce – Lite <= 2.3.1 - Cross-Site Request Forgery via dismiss_notice	LOW	*-2.3.1	2.3.2	June 30, 2026
exxp-wp	exxp-wp	91	Exxp <= 2.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-2.6.9		June 30, 2026
Data Tables Generator by Supsystic	data-tables-generator-by-supsystic	89	Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization	LOW	*-1.10.25	1.10.26	June 30, 2026
cms-press	cms-press	91	CMS Press <= 0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.2.3		June 30, 2026
weaverx-theme-support	weaverx-theme-support	N/A	Weaver Xtreme Theme Support <= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-6.2.5	6.2.7	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'attach_rule'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'uucss_update_rule'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_page_cache'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ajax_deactivate'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'	LOW	*-1.7.1	1.7.2	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'queue_posts'	LOW	*-1.7.1	1.7.2	June 30, 2026
mass-delete-unused-tags	mass-delete-unused-tags	93	Mass Delete Unused Tags <= 2.0.0 - Cross-Site Request Forgery via plugin_mass_delete_unused_tags_init	LOW	*-2.0.0	3.0.0	June 30, 2026
mass-delete-tags	mass-delete-tags	93	Mass Delete Taxonomies <= 3.0.0 - Cross-Site Request Forgery via mp_plugin_mass_delete_tags_init	LOW	*-3.0.0	4.0.0	June 30, 2026
leadsnap	leadsnap	93	LeadSnap <= 1.23 - Unauthenticated PHP Object Injection via AJAX	LOW	*-1.23	1.24	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-2.25.1	2.25.2	June 30, 2026
auto-prune-posts	auto-prune-posts	93	Auto Prune Posts <= 1.8.0 - Cross-Site Request Forgery via admin_menu	LOW	*-1.8.0	2.0.0	June 30, 2026
yikes-inc-easy-mailchimp-extender	yikes-inc-easy-mailchimp-extender	N/A	Easy Forms for Mailchimp <= 6.8.8 - Authenticated (Administrator+) Cross-Site Scripting via Form Name	LOW	*-6.8.8	6.8.9	June 30, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder	popup-maker	N/A	Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state	LOW	*-1.17.1	1.18.0	June 30, 2026
wp-external-links	wp-external-links	N/A	External Links <= 2.57 - Cross-Site Request Forgery via action_admin_action_wpel_dismiss_notice	LOW	*-2.57	2.58	June 30, 2026
wp-clone-by-wp-academy	wp-clone-by-wp-academy	N/A	Clone <= 2.3.7 - Cross-Site Request Forgery via wp_ajax_tifm_save_decision	LOW	*-2.3.7	2.3.8	June 30, 2026
wp-clone-by-wp-academy	wp-clone-by-wp-academy	N/A	Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision	LOW	*-2.3.7	2.3.8	June 30, 2026
webmention	webmention	N/A	Webmention <= 4.0.8 - Reflected Cross-Site Scripting via 'replytocom'	LOW	*-4.0.8	4.0.9	June 30, 2026
w4-post-list	w4-post-list	N/A	W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]'	LOW	*-2.4.4	2.4.5	June 30, 2026
UpdraftPlus: WP Backup & Migration Plugin	updraftplus	69	Updraft Plus <= 1.22.24 - Information Disclosure via updraft_ajaxrestore	LOW	*-1.22.24	1.23.1	June 30, 2026
side-menu-lite	side-menu-lite	N/A	Side Menu Lite <= 4.0 - Cross-Site Request Forgery to Item Deletion	LOW	*-4.0	4.0.1	June 30, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder	popup-maker	N/A	Popup Maker <= 1.18.0 - Cross-Site Request Forgery via init	LOW	*-1.18.0	1.18.1	June 30, 2026
image-over-image-vc-extension	image-over-image-vc-extension	93	Image Over Image For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	[*, 3.0)	3.0	June 30, 2026
ht-easy-google-analytics	ht-easy-google-analytics	93	HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 - Cross-Site Request Forgery via plugin_activation	LOW	*-1.0.6	1.0.7	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Cross-Site Request Forgery to Cross-Site Scripting via render_dropdown	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Unauthenticated CSV Injection	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Cross-Site Request Forgery via process_bulk_action	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Cross-Site Request Forgery via save	LOW	*-2.25.1	2.25.2	June 30, 2026
give	give	93	GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode	LOW	*-2.25.1	2.25.2	June 30, 2026
eps-301-redirects	eps-301-redirects	93	301 Redirects - Easy Redirect Manager <= 2.72 - Cross-Site Request Forgery via dismiss_notice	LOW	*-2.72	2.73	June 30, 2026
drag-n-drop-upload-cf7-pro	drag-n-drop-upload-cf7-pro	93	Drag and Drop Multiple File Upload PRO <= 2.10.9 - Directory Traversal	LOW	*-2.10.9	2.11.0	June 30, 2026
daily-prayer-time-for-mosques	daily-prayer-time-for-mosques	93	Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery	LOW	*-2023.03.08	2023.03.17	June 30, 2026
daily-prayer-time-for-mosques	daily-prayer-time-for-mosques	93	Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2023.03.20	2023.05.05	June 30, 2026
cforms2	cforms2	93	cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates	LOW	*-15.0.4	15.0.5	June 30, 2026
ays-popup-box	ays-popup-box	93	Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter	LOW	*-3.4.4	3.4.5	June 30, 2026
amazonsimpleadmin	amazonsimpleadmin	97	Affiliate Super Assistent <= 1.5.1 - Cross-Site Request Forgery to Settings Update and Cache Clearing	LOW	*-1.5.1	1.5.2	June 30, 2026
cmp-coming-soon-maintenance	cmp-coming-soon-maintenance	93	CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure	LOW	*-4.1.6	4.1.7	June 30, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative	wp-statistics	90	WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection	LOW	*-13.2.16	14.0	June 30, 2026
wp-membership	wp-membership	N/A	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.5.7)	1.5.7	June 30, 2026
wp-dark-mode	wp-dark-mode	N/A	WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style'	LOW	*-4.0.7	4.0.8	June 30, 2026
real-estate-pro	real-estate-pro	N/A	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.7.1)	1.7.1	June 30, 2026
producer-retailer	producer-retailer	N/A	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	*		June 30, 2026
photographer-directory	photographer-directory	N/A	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.0.9)	1.0.9	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details'	LOW	*-4.3.7	4.4	June 30, 2026
paytium	paytium	N/A	Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'	LOW	*-4.3.7	4.4	June 30, 2026
lawyer-directory	lawyer-directory	89	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.2.9)	1.2.9	June 30, 2026
institutions-directory	institutions-directory	87	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.3.1)	1.3.1	June 30, 2026
hotel-listing	hotel-listing	86	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.3.7)	1.3.7	June 30, 2026
formidable	formidable	93	Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header	LOW	*-6.0.1	6.1	June 30, 2026
fitness-trainer	fitness-trainer	91	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.4.1)	1.4.1	June 30, 2026
final-user-wp-frontend-user-profiles	final-user-wp-frontend-user-profiles	93	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.2.2)	1.2.2	June 30, 2026
doctor-listing	doctor-listing	93	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.3.6)	1.3.6	June 30, 2026
directory-pro	directory-pro	86	Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation	LOW	[*, 1.9.5)	1.9.5	June 30, 2026
cookie-notice	cookie-notice	93	Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_revoke_shortcode' Shortcode	LOW	*-2.4.6	2.4.7	June 30, 2026
complianz-gdpr-premium	complianz-gdpr-premium	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.4.1	6.4.2	June 30, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.4.1	6.4.2	June 30, 2026
zero-bs-crm	zero-bs-crm	N/A	Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-5.4.4	5.5.0	June 30, 2026
event-espresso-decaf	event-espresso-decaf	93	Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass	LOW	* - 4.10.44.decaf	4.10.45.decaf	June 30, 2026
decalog	decalog	93	DecaLog <= 3.7.0 - Cross-Site Request Forgery via get_settings_page	LOW	*-3.7.0	3.7.1	June 30, 2026
yet-another-stars-rating	yet-another-stars-rating	N/A	Yet Another Stars Rating <= 3.1.2 - Authenticated (Subscriber+) Cross-Site Scripting via Shortcodes	LOW	*-3.1.2	3.1.3	June 30, 2026
wpsimpletools-upload-limit	wpsimpletools-upload-limit	N/A	Manage Upload Limit <= 1.0.4 - Reflected Cross-Site Scripting via upload_limit	LOW	*-1.0.4		June 30, 2026
wpopal-core-features	wpopal-core-features	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-1.5.7		June 30, 2026
wp-translitera	wp-translitera	N/A	WP Translitera <= p1.2.5 - Cross-Site Request Forgery	LOW	* - p1.2.5		June 30, 2026
WP Meteor Website Speed Optimization Addon	wp-meteor	95	WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal	LOW	*-3.1.4	3.1.5	June 30, 2026
wp-clean-up	wp-clean-up	N/A	WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize	LOW	*-1.2.3		June 30, 2026
wp-amo	wp-amo	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-4.6.6		June 30, 2026
woovirtualwallet	woovirtualwallet	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-2.2.1		June 30, 2026
woovip	woovip	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-1.4.4		June 30, 2026
woosupply	woosupply	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-1.2.2.		June 30, 2026
watu	watu	N/A	Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting	LOW	*-3.3.9	3.3.9.1	June 30, 2026
types	types	N/A	Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload	LOW	*-3.4.17	3.4.18	June 30, 2026
totalpoll-lite	totalpoll-lite	N/A	Total Poll Lite <= 4.8.6 - Cross-Site Request Forgery	LOW	*-4.8.6	4.8.7	June 30, 2026
theme-minifier	theme-minifier	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-2.0		June 30, 2026
styles	styles	N/A	CSSTidy - Server-Side Request Forgery	LOW	*-1.2.3		June 30, 2026
schedulicity-online-appointment-booking	schedulicity-online-appointment-booking	N/A	Schedulicity - Easy Online Scheduling <= 2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.21		June 30, 2026

LOW

phonepe-payment-solutions

Score: N/A PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.0.15 Patched: 2.0.0 Updated: June 30, 2026

LOW

kopatheme

Score: 91/100 Kopa Framework <= 1.3.5 - Cross-Site Request Forgery Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

klaviyo

Score: 93/100 Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.7 Patched: 3.0.8 Updated: June 30, 2026

LOW

integration-dynamics

Score: 93/100 Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log Affected: *-1.3.12 Patched: 1.3.13 Updated: June 30, 2026

LOW

fluid-checkout

Score: 93/100 Fluid Checkout for WooCommerce – Lite <= 2.3.1 - Cross-Site Request Forgery via dismiss_notice Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

exxp-wp

Score: 91/100 Exxp <= 2.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.6.9 Patched: Updated: June 30, 2026

LOW

Data Tables Generator by Supsystic

data-tables-generator-by-supsystic

Score: 89/100 Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization Affected: *-1.10.25 Patched: 1.10.26 Updated: June 30, 2026

LOW

cms-press

Score: 91/100 CMS Press <= 0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2.3 Patched: Updated: June 30, 2026

LOW

weaverx-theme-support

Score: N/A Weaver Xtreme Theme Support <= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-6.2.5 Patched: 6.2.7 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'attach_rule' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'uucss_update_rule' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_page_cache' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ajax_deactivate' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'queue_posts' Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

mass-delete-unused-tags

Score: 93/100 Mass Delete Unused Tags <= 2.0.0 - Cross-Site Request Forgery via plugin_mass_delete_unused_tags_init Affected: *-2.0.0 Patched: 3.0.0 Updated: June 30, 2026

LOW

mass-delete-tags

Score: 93/100 Mass Delete Taxonomies <= 3.0.0 - Cross-Site Request Forgery via mp_plugin_mass_delete_tags_init Affected: *-3.0.0 Patched: 4.0.0 Updated: June 30, 2026

LOW

leadsnap

Score: 93/100 LeadSnap <= 1.23 - Unauthenticated PHP Object Injection via AJAX Affected: *-1.23 Patched: 1.24 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

auto-prune-posts

Score: 93/100 Auto Prune Posts <= 1.8.0 - Cross-Site Request Forgery via admin_menu Affected: *-1.8.0 Patched: 2.0.0 Updated: June 30, 2026

LOW

yikes-inc-easy-mailchimp-extender

Score: N/A Easy Forms for Mailchimp <= 6.8.8 - Authenticated (Administrator+) Cross-Site Scripting via Form Name Affected: *-6.8.8 Patched: 6.8.9 Updated: June 30, 2026

LOW

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder

popup-maker

Score: N/A Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state Affected: *-1.17.1 Patched: 1.18.0 Updated: June 30, 2026

LOW

wp-external-links

Score: N/A External Links <= 2.57 - Cross-Site Request Forgery via action_admin_action_wpel_dismiss_notice Affected: *-2.57 Patched: 2.58 Updated: June 30, 2026

LOW

wp-clone-by-wp-academy

Score: N/A Clone <= 2.3.7 - Cross-Site Request Forgery via wp_ajax_tifm_save_decision Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026

LOW

wp-clone-by-wp-academy

Score: N/A Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026

LOW

webmention

Score: N/A Webmention <= 4.0.8 - Reflected Cross-Site Scripting via 'replytocom' Affected: *-4.0.8 Patched: 4.0.9 Updated: June 30, 2026

LOW

w4-post-list

Score: N/A W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]' Affected: *-2.4.4 Patched: 2.4.5 Updated: June 30, 2026

LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 Updraft Plus <= 1.22.24 - Information Disclosure via updraft_ajaxrestore Affected: *-1.22.24 Patched: 1.23.1 Updated: June 30, 2026

LOW

side-menu-lite

Score: N/A Side Menu Lite <= 4.0 - Cross-Site Request Forgery to Item Deletion Affected: *-4.0 Patched: 4.0.1 Updated: June 30, 2026

LOW

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder

popup-maker

Score: N/A Popup Maker <= 1.18.0 - Cross-Site Request Forgery via init Affected: *-1.18.0 Patched: 1.18.1 Updated: June 30, 2026

LOW

image-over-image-vc-extension

Score: 93/100 Image Over Image For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: [*, 3.0) Patched: 3.0 Updated: June 30, 2026

LOW

ht-easy-google-analytics

Score: 93/100 HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 - Cross-Site Request Forgery via plugin_activation Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Cross-Site Request Forgery to Cross-Site Scripting via render_dropdown Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Unauthenticated CSV Injection Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Cross-Site Request Forgery via process_bulk_action Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Cross-Site Request Forgery via save Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode Affected: *-2.25.1 Patched: 2.25.2 Updated: June 30, 2026

LOW

eps-301-redirects

Score: 93/100 301 Redirects - Easy Redirect Manager <= 2.72 - Cross-Site Request Forgery via dismiss_notice Affected: *-2.72 Patched: 2.73 Updated: June 30, 2026

LOW

drag-n-drop-upload-cf7-pro

Score: 93/100 Drag and Drop Multiple File Upload PRO <= 2.10.9 - Directory Traversal Affected: *-2.10.9 Patched: 2.11.0 Updated: June 30, 2026

LOW

daily-prayer-time-for-mosques

Score: 93/100 Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery Affected: *-2023.03.08 Patched: 2023.03.17 Updated: June 30, 2026

LOW

daily-prayer-time-for-mosques

Score: 93/100 Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2023.03.20 Patched: 2023.05.05 Updated: June 30, 2026

LOW

cforms2

Score: 93/100 cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates Affected: *-15.0.4 Patched: 15.0.5 Updated: June 30, 2026

LOW

ays-popup-box

Score: 93/100 Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter Affected: *-3.4.4 Patched: 3.4.5 Updated: June 30, 2026

LOW

amazonsimpleadmin

Score: 97/100 Affiliate Super Assistent <= 1.5.1 - Cross-Site Request Forgery to Settings Update and Cache Clearing Affected: *-1.5.1 Patched: 1.5.2 Updated: June 30, 2026

LOW

cmp-coming-soon-maintenance

Score: 93/100 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure Affected: *-4.1.6 Patched: 4.1.7 Updated: June 30, 2026

LOW

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Score: 90/100 WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection Affected: *-13.2.16 Patched: 14.0 Updated: June 30, 2026

LOW

wp-membership

Score: N/A Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.5.7) Patched: 1.5.7 Updated: June 30, 2026

LOW

wp-dark-mode

Score: N/A WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style' Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026

LOW

real-estate-pro

Score: N/A Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.7.1) Patched: 1.7.1 Updated: June 30, 2026

LOW

producer-retailer

Score: N/A Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: * Patched: Updated: June 30, 2026

LOW

photographer-directory

Score: N/A Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.0.9) Patched: 1.0.9 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

paytium

Score: N/A Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile' Affected: *-4.3.7 Patched: 4.4 Updated: June 30, 2026

LOW

lawyer-directory

Score: 89/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.2.9) Patched: 1.2.9 Updated: June 30, 2026

LOW

institutions-directory

Score: 87/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.3.1) Patched: 1.3.1 Updated: June 30, 2026

LOW

hotel-listing

Score: 86/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.3.7) Patched: 1.3.7 Updated: June 30, 2026

LOW

formidable

Score: 93/100 Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header Affected: *-6.0.1 Patched: 6.1 Updated: June 30, 2026

LOW

fitness-trainer

Score: 91/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.4.1) Patched: 1.4.1 Updated: June 30, 2026

LOW

final-user-wp-frontend-user-profiles

Score: 93/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.2.2) Patched: 1.2.2 Updated: June 30, 2026

LOW

doctor-listing

Score: 93/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.3.6) Patched: 1.3.6 Updated: June 30, 2026

LOW

directory-pro

Score: 86/100 Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation Affected: [*, 1.9.5) Patched: 1.9.5 Updated: June 30, 2026

LOW

Score: 93/100 Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_revoke_shortcode' Shortcode Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026

LOW

complianz-gdpr-premium

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.4.1 Patched: 6.4.2 Updated: June 30, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.4.1 Patched: 6.4.2 Updated: June 30, 2026

LOW

zero-bs-crm

Score: N/A Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.4.4 Patched: 5.5.0 Updated: June 30, 2026

LOW

event-espresso-decaf

Score: 93/100 Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass Affected: * - 4.10.44.decaf Patched: 4.10.45.decaf Updated: June 30, 2026

LOW

decalog

Score: 93/100 DecaLog <= 3.7.0 - Cross-Site Request Forgery via get_settings_page Affected: *-3.7.0 Patched: 3.7.1 Updated: June 30, 2026

LOW

yet-another-stars-rating

Score: N/A Yet Another Stars Rating <= 3.1.2 - Authenticated (Subscriber+) Cross-Site Scripting via Shortcodes Affected: *-3.1.2 Patched: 3.1.3 Updated: June 30, 2026

LOW

wpsimpletools-upload-limit

Score: N/A Manage Upload Limit <= 1.0.4 - Reflected Cross-Site Scripting via upload_limit Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

wpopal-core-features

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-1.5.7 Patched: Updated: June 30, 2026

LOW

wp-translitera

Score: N/A WP Translitera <= p1.2.5 - Cross-Site Request Forgery Affected: * - p1.2.5 Patched: Updated: June 30, 2026

LOW

WP Meteor Website Speed Optimization Addon

wp-meteor

Score: 95/100 WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026

LOW

wp-clean-up

Score: N/A WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

wp-amo

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-4.6.6 Patched: Updated: June 30, 2026

LOW

woovirtualwallet

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-2.2.1 Patched: Updated: June 30, 2026

LOW

woovip

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-1.4.4 Patched: Updated: June 30, 2026

LOW

woosupply

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-1.2.2. Patched: Updated: June 30, 2026

LOW

watu

Score: N/A Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting Affected: *-3.3.9 Patched: 3.3.9.1 Updated: June 30, 2026

LOW

types

Score: N/A Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-3.4.17 Patched: 3.4.18 Updated: June 30, 2026

LOW

totalpoll-lite

Score: N/A Total Poll Lite <= 4.8.6 - Cross-Site Request Forgery Affected: *-4.8.6 Patched: 4.8.7 Updated: June 30, 2026

LOW

theme-minifier

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

styles

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

schedulicity-online-appointment-booking

Score: N/A Schedulicity - Easy Online Scheduling <= 2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.21 Patched: Updated: June 30, 2026

Showing 26001 to 26100 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 12:14 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List