Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
resize-at-upload-plus resize-at-upload-plus N/A Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery LOW *-1.3 June 30, 2026
qards-free qards-free N/A CSSTidy - Server-Side Request Forgery LOW *-1.0.5 June 30, 2026
phpfreechat phpfreechat N/A CSSTidy - Server-Side Request Forgery LOW *-2.0.8 June 30, 2026
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation optinmonster N/A OptinMonster <= 2.12.1 - Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode LOW *-2.12.1 2.12.2 June 30, 2026
new-adman new-adman N/A New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu LOW *-1.6.8 June 30, 2026
new-adman new-adman N/A New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.8 June 30, 2026
namaste-lms namaste-lms N/A Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters LOW *-2.5.9.9 2.6 June 30, 2026
leyka leyka
89
 Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting LOW *-3.29.2 3.30 June 30, 2026
leyka leyka
89
 Leyka <= 3.29.2 - Cross-Site Request Forgery LOW *-3.29.2 3.30 June 30, 2026
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider fluent-smtp
85
 FluentSMTP <= 2.2.2 - Authenticated (Author+) Stored Cross-Site Scripting via Email Logs LOW *-2.2.2 2.2.3 June 30, 2026
fareharbor fareharbor
93
 FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.6.6 3.6.7 June 30, 2026
elegant-custom-fonts elegant-custom-fonts
93
 Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery LOW *-1.0 1.0.1 June 30, 2026
custom-login-admin-front-end-css-with-multisite-support custom-login-admin-front-end-css-with-multisite-support
93
 CSSTidy - Server-Side Request Forgery LOW *-1.4.1 1.5 June 30, 2026
css-adder-by-agence-press css-adder-by-agence-press
91
 CSSTidy - Server-Side Request Forgery LOW *-1.5.0 June 30, 2026
cpo-content-types cpo-content-types
93
 CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.0 1.1.1 June 30, 2026
confirm-data confirm-data
91
 CSSTidy - Server-Side Request Forgery LOW *-1.0.7 June 30, 2026
classic-editor-and-classic-widgets classic-editor-and-classic-widgets
93
 Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page LOW *-1.2.5 1.2.6 June 30, 2026
blog-floating-button blog-floating-button
93
 Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery LOW *-1.4.12 1.4.13 June 30, 2026
amp-toolbox amp-toolbox
95
 CSSTidy - Server-Side Request Forgery LOW *-2.1.1 June 30, 2026
admin-css-mu admin-css-mu
97
 CSSTidy - Server-Side Request Forgery LOW *-2.6 2.7 June 30, 2026
about-me-3000 about-me-3000
95
 About Me 3000 widget <= 2.2.6 - Cross-Site Request Forgery to Plugin Settings Update LOW *-2.2.6 June 30, 2026
wpstream wpstream N/A WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings LOW *-4.4.10 4.4.10.6 June 30, 2026
wpdeepl wpdeepl N/A DeepL Pro API translation <= 2.1.4 - Cross-Site Request Forgery via saveSettings LOW *-2.1.4 2.1.5 June 30, 2026
wp-sms wp-sms N/A WP SMS <= 6.0.4 - Information Disclosure via REST API LOW *-6.0.4 6.0.4.1 June 30, 2026
Yoast SEO – Advanced SEO with real-time guidance and built-in AI wordpress-seo
89
 Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-20.2 20.2.1 June 30, 2026
woo-advanced-sales-report-email woo-advanced-sales-report-email N/A Sales Report Email for WooCommerce <= 2.8.0 - Missing Authorization for Email Functionality LOW *-2.8.0 June 30, 2026
the-very-simple-vimeo-shortcode the-very-simple-vimeo-shortcode N/A Simple Vimeo Shortcode <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode LOW *-2.9.1 June 30, 2026
simple-csv-xls-exporter simple-csv-xls-exporter N/A Simple CSV/XLS Exporter <= 1.5.8 - CSV Injection LOW *-1.5.8 June 30, 2026
search-in-place search-in-place N/A Search in Place <= 1.0.104 - Cross-Site Request Forgery to Feedback Submission LOW *-1.0.104 1.0.105 June 30, 2026
rife-elementor-extensions rife-elementor-extensions N/A Rife Elementor Extensions & Templates <= 1.1.10 - Missing Authorization via import_templates LOW *-1.1.10 1.2.0 June 30, 2026
nd-projects nd-projects N/A Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8 June 30, 2026
metform metform
93
 Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass LOW *-3.2.1 3.2.2 June 30, 2026
lws-tools lws-tools
93
 LWS Tools <= 2.3.1 - Cross-Site Request Forgery LOW *-2.3.1 2.4 June 30, 2026
jch-optimize jch-optimize
93
 JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings LOW *-3.2.2 3.2.3 June 30, 2026
instant-images instant-images
93
 Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download LOW *-5.1.0.1 5.1.0.2 June 30, 2026
gtmetrix-for-wordpress gtmetrix-for-wordpress
93
 GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url' LOW *-0.4.5 0.4.6 June 30, 2026
fontiran fontiran
87
 Fontiran <= 2.1 - Cross-Site Request Forgery LOW *-2.1 June 30, 2026
fontiran fontiran
87
 Fontiran <= 2.1 - Cross-Site Request Forgery LOW *-2.1 June 30, 2026
easy-testimonial-rotator easy-testimonial-rotator
93
 Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term LOW *-1.0.15 1.0.16 June 30, 2026
dokan-lite dokan-lite
93
 Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection LOW *-3.7.12 3.7.13 June 30, 2026
cookie-notice cookie-notice
93
 Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_policy_link' Shortcodes LOW *-2.4.6 2.4.7 June 30, 2026
clickfunnels clickfunnels
89
 ClickFunnels <= 3.1.1 - Cross-Site Request Forgery to Settings Update LOW *-3.1.1 June 30, 2026
cart-lift cart-lift
93
 Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 - Reflected Cross-Site Scripting via cart_search LOW *-3.1.5 3.1.6 June 30, 2026
Calculated Fields Form calculated-fields-form
70
 Calculated Fields Form <= 1.1.120 - Cross-Site Request Forgery LOW *-1.1.120 1.1.121 June 30, 2026
button-generation button-generation
93
 Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.3 2.3.4 June 30, 2026
add-expires-headers add-expires-headers
97
 Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder] LOW *-2.7 2.7.1 June 30, 2026
when-last-login when-last-login N/A When Last Login <= 1.2.1 - Cross-Site Request Forgery via wll_hide_subscription_notice LOW *-1.2.1 1.2.2 June 30, 2026
simply-gallery-block simply-gallery-block N/A Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_action_wizard LOW *-3.0.7 3.0.8 June 30, 2026
menu-shortcode menu-shortcode
91
 menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0 June 30, 2026
cp-contact-form-with-paypal cp-contact-form-with-paypal
93
 CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission LOW *-1.3.34 1.3.35 June 30, 2026
xml-sitemap-generator-for-google xml-sitemap-generator-for-google N/A XML Sitemap Generator for Google <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Changes LOW *-1.3.3 1.3.4 June 30, 2026
wp-time-slots-booking-form wp-time-slots-booking-form N/A WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission LOW *-1.1.76 1.1.77 June 30, 2026
wp-time-slots-booking-form wp-time-slots-booking-form N/A WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission LOW *-1.1.76 1.1.77 June 30, 2026
wp-social-bookmarking-light wp-social-bookmarking-light N/A WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery LOW *-2.0.7 June 30, 2026
wp-shamsi wp-shamsi N/A WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion LOW *-4.3.3 June 30, 2026
wp-repost wp-repost N/A WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping LOW *-0.1 June 30, 2026
wp-repost wp-repost N/A WP Repost <= 0.1 - Missing Authorization LOW *-0.1 June 30, 2026
wp-politic wp-politic N/A HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation LOW *-2.3.7 2.3.8 June 30, 2026
wp-plugin-manager wp-plugin-manager N/A WP Plugin Manager <= 1.1.7 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.1.7 1.1.8 June 30, 2026
wp-news-magazine wp-news-magazine N/A WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.1.9 1.2.0 June 30, 2026
WP Meteor Website Speed Optimization Addon wp-meteor
95
 WP Meteor Page Speed Optimization Topping <= 3.1.4 - Cross-Site Request Forgery via processAjaxNoticeDismiss LOW *-3.1.4 3.1.5 June 30, 2026
wp-insurance wp-insurance N/A WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation LOW *-2.1.3 2.1.4 June 30, 2026
wp-film-studio wp-film-studio N/A WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.3.4 1.3.5 June 30, 2026
wp-education wp-education N/A WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.2.6 1.2.7 June 30, 2026
wc-sales-notification wc-sales-notification N/A WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.2.2 1.2.3 June 30, 2026
smart-youtube smart-youtube N/A Smart YouTube PRO <= 4.3 - Cross-Site Request Forgery via handle_colorbox_options LOW *-4.3 June 30, 2026
Smart Slider 3 smart-slider-3
90
 Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.5.1.13 3.5.1.14 June 30, 2026
Simple File List simple-file-list
90
 Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-6.0.9 6.0.10 June 30, 2026
search-in-place search-in-place N/A Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission LOW *-1.0.104 1.0.105 June 30, 2026
rustolat rustolat N/A Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes LOW *-0.3 June 30, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration LOW *-8.0.10 8.1.0 June 30, 2026
quickswish quickswish N/A QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.0.9 1.1.0 June 30, 2026
preview-link-generator preview-link-generator N/A Preview Link Generator <= 1.0.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.0.3 1.0.4 June 30, 2026
paid-memberships-pro paid-memberships-pro N/A Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes LOW *-2.9.11 2.9.12 June 30, 2026
ooohboi-steroids-for-elementor ooohboi-steroids-for-elementor N/A OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion LOW *-2.1.3 2.1.5 June 30, 2026
no-external-links no-external-links N/A WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping LOW *-1.0.2 June 30, 2026
nex-forms-express-wp-form-builder nex-forms-express-wp-form-builder N/A NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-8.3.2 8.3.3 June 30, 2026
miniorange-login-with-eve-online-google-facebook miniorange-login-with-eve-online-google-facebook
93
 OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page LOW *-6.24.1 6.24.2 June 30, 2026
ht-slider-for-elementor ht-slider-for-elementor
93
 HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.3.9 1.4.0 June 30, 2026
ht-portfolio ht-portfolio
93
 HT Portfolio <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.1.5 1.1.6 June 30, 2026
ht-event ht-event
93
 HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation LOW *-1.4.5 1.4.6 June 30, 2026
ht-contactform ht-contactform
93
 Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.1.5 1.1.6 June 30, 2026
ever-compare ever-compare
93
 Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation LOW *-1.2.3 1.2.4 June 30, 2026
debug-assistant debug-assistant
93
 Debug Assistant <= 1.4 - Cross-Site Request Forgery via imlt_create_admin LOW *-1.4 1.5 June 30, 2026
debug-assistant debug-assistant
93
 Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4 1.5 June 30, 2026
Calculated Fields Form calculated-fields-form
70
 Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission LOW *-1.1.120 1.1.121 June 30, 2026
advanced-text-widget advanced-text-widget
95
 Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.2 June 30, 2026
advanced-text-widget advanced-text-widget
95
 Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice LOW *-2.1.2 June 30, 2026
accesspress-twitter-feed accesspress-twitter-feed
95
 WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache LOW *-1.6.9 June 30, 2026
accesspress-facebook-auto-post accesspress-facebook-auto-post
95
 Social Auto Poster <= 2.1.4 - Cross-Site Request Forgery to Plugin Settings Reset LOW *-2.1.4 June 30, 2026
99fy-core 99fy-core
97
 Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation LOW *-1.2.7 1.2.8 June 30, 2026
wp-google-tag-manager wp-google-tag-manager N/A WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery LOW *-1.1 June 30, 2026
woocommerce-wholesale-prices woocommerce-wholesale-prices N/A Wholesale Suite <= 2.1.5 - Missing Authorization to Plugin Settings Change LOW *-2.1.5 2.1.6 June 30, 2026
woocommerce-multiple-customer-addresses woocommerce-multiple-customer-addresses N/A WooCommerce Multiple Customer Addresses & Shipping <= 21.6 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Address Creation/Deletion/View/Updates LOW [*, 21.7) 21.7 June 30, 2026
simple-slug-translate simple-slug-translate N/A Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping LOW *-2.7.2 2.7.3 June 30, 2026
shortcodes-ultimate shortcodes-ultimate N/A Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure LOW *-5.12.7 5.12.8 June 30, 2026
shortcodes-ultimate shortcodes-ultimate N/A Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Arbitrary Post Access via Shortcode LOW *-5.12.7 5.12.8 June 30, 2026
sheets-to-wp-table-live-sync sheets-to-wp-table-live-sync N/A Sheets To WP Table Live Sync <= 2.12.15 - Cross-Site Request Forgery LOW *-2.12.15 2.13.0 June 30, 2026
read-more-excerpt-link read-more-excerpt-link N/A Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update LOW *-1.6.0 1.6.1 June 30, 2026
publish-to-schedule publish-to-schedule N/A Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.5.4 4.5.5 June 30, 2026
LOW

resize-at-upload-plus

resize-at-upload-plus

Score: N/A Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: June 30, 2026
LOW

qards-free

qards-free

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-1.0.5 Patched: Updated: June 30, 2026
LOW

phpfreechat

phpfreechat

Score: N/A CSSTidy - Server-Side Request Forgery Affected: *-2.0.8 Patched: Updated: June 30, 2026
LOW

new-adman

new-adman

Score: N/A New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu Affected: *-1.6.8 Patched: Updated: June 30, 2026
LOW

new-adman

new-adman

Score: N/A New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.8 Patched: Updated: June 30, 2026
LOW

namaste-lms

namaste-lms

Score: N/A Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters Affected: *-2.5.9.9 Patched: 2.6 Updated: June 30, 2026
LOW

leyka

leyka

Score: 89/100 Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.29.2 Patched: 3.30 Updated: June 30, 2026
LOW

leyka

leyka

Score: 89/100 Leyka <= 3.29.2 - Cross-Site Request Forgery Affected: *-3.29.2 Patched: 3.30 Updated: June 30, 2026
LOW

fareharbor

fareharbor

Score: 93/100 FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.6.6 Patched: 3.6.7 Updated: June 30, 2026
LOW

elegant-custom-fonts

elegant-custom-fonts

Score: 93/100 Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: 1.0.1 Updated: June 30, 2026
LOW

css-adder-by-agence-press

css-adder-by-agence-press

Score: 91/100 CSSTidy - Server-Side Request Forgery Affected: *-1.5.0 Patched: Updated: June 30, 2026
LOW

cpo-content-types

cpo-content-types

Score: 93/100 CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026
LOW

confirm-data

confirm-data

Score: 91/100 CSSTidy - Server-Side Request Forgery Affected: *-1.0.7 Patched: Updated: June 30, 2026
LOW

classic-editor-and-classic-widgets

classic-editor-and-classic-widgets

Score: 93/100 Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026
LOW

blog-floating-button

blog-floating-button

Score: 93/100 Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery Affected: *-1.4.12 Patched: 1.4.13 Updated: June 30, 2026
LOW

amp-toolbox

amp-toolbox

Score: 95/100 CSSTidy - Server-Side Request Forgery Affected: *-2.1.1 Patched: Updated: June 30, 2026
LOW

admin-css-mu

admin-css-mu

Score: 97/100 CSSTidy - Server-Side Request Forgery Affected: *-2.6 Patched: 2.7 Updated: June 30, 2026
LOW

about-me-3000

about-me-3000

Score: 95/100 About Me 3000 widget <= 2.2.6 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.2.6 Patched: Updated: June 30, 2026
LOW

wpstream

wpstream

Score: N/A WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings Affected: *-4.4.10 Patched: 4.4.10.6 Updated: June 30, 2026
LOW

wpdeepl

wpdeepl

Score: N/A DeepL Pro API translation <= 2.1.4 - Cross-Site Request Forgery via saveSettings Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026
LOW

wp-sms

wp-sms

Score: N/A WP SMS <= 6.0.4 - Information Disclosure via REST API Affected: *-6.0.4 Patched: 6.0.4.1 Updated: June 30, 2026
LOW

woo-advanced-sales-report-email

woo-advanced-sales-report-email

Score: N/A Sales Report Email for WooCommerce <= 2.8.0 - Missing Authorization for Email Functionality Affected: *-2.8.0 Patched: Updated: June 30, 2026
LOW

the-very-simple-vimeo-shortcode

the-very-simple-vimeo-shortcode

Score: N/A Simple Vimeo Shortcode <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-2.9.1 Patched: Updated: June 30, 2026
LOW

simple-csv-xls-exporter

simple-csv-xls-exporter

Score: N/A Simple CSV/XLS Exporter <= 1.5.8 - CSV Injection Affected: *-1.5.8 Patched: Updated: June 30, 2026
LOW

search-in-place

search-in-place

Score: N/A Search in Place <= 1.0.104 - Cross-Site Request Forgery to Feedback Submission Affected: *-1.0.104 Patched: 1.0.105 Updated: June 30, 2026
LOW

rife-elementor-extensions

rife-elementor-extensions

Score: N/A Rife Elementor Extensions & Templates <= 1.1.10 - Missing Authorization via import_templates Affected: *-1.1.10 Patched: 1.2.0 Updated: June 30, 2026
LOW

nd-projects

nd-projects

Score: N/A Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: June 30, 2026
LOW

metform

metform

Score: 93/100 Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026
LOW

lws-tools

lws-tools

Score: 93/100 LWS Tools <= 2.3.1 - Cross-Site Request Forgery Affected: *-2.3.1 Patched: 2.4 Updated: June 30, 2026
LOW

jch-optimize

jch-optimize

Score: 93/100 JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-3.2.2 Patched: 3.2.3 Updated: June 30, 2026
LOW

instant-images

instant-images

Score: 93/100 Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download Affected: *-5.1.0.1 Patched: 5.1.0.2 Updated: June 30, 2026
LOW

gtmetrix-for-wordpress

gtmetrix-for-wordpress

Score: 93/100 GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url' Affected: *-0.4.5 Patched: 0.4.6 Updated: June 30, 2026
LOW

fontiran

fontiran

Score: 87/100 Fontiran <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: June 30, 2026
LOW

fontiran

fontiran

Score: 87/100 Fontiran <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: June 30, 2026
LOW

easy-testimonial-rotator

easy-testimonial-rotator

Score: 93/100 Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term Affected: *-1.0.15 Patched: 1.0.16 Updated: June 30, 2026
LOW

dokan-lite

dokan-lite

Score: 93/100 Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection Affected: *-3.7.12 Patched: 3.7.13 Updated: June 30, 2026
LOW

cookie-notice

cookie-notice

Score: 93/100 Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_policy_link' Shortcodes Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026
LOW

clickfunnels

clickfunnels

Score: 89/100 ClickFunnels <= 3.1.1 - Cross-Site Request Forgery to Settings Update Affected: *-3.1.1 Patched: Updated: June 30, 2026
LOW

cart-lift

cart-lift

Score: 93/100 Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 - Reflected Cross-Site Scripting via cart_search Affected: *-3.1.5 Patched: 3.1.6 Updated: June 30, 2026
LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 1.1.120 - Cross-Site Request Forgery Affected: *-1.1.120 Patched: 1.1.121 Updated: June 30, 2026
LOW

button-generation

button-generation

Score: 93/100 Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.3 Patched: 2.3.4 Updated: June 30, 2026
LOW

add-expires-headers

add-expires-headers

Score: 97/100 Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder] Affected: *-2.7 Patched: 2.7.1 Updated: June 30, 2026
LOW

when-last-login

when-last-login

Score: N/A When Last Login <= 1.2.1 - Cross-Site Request Forgery via wll_hide_subscription_notice Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026
LOW

simply-gallery-block

simply-gallery-block

Score: N/A Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_action_wizard Affected: *-3.0.7 Patched: 3.0.8 Updated: June 30, 2026
LOW

menu-shortcode

menu-shortcode

Score: 91/100 menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0 Patched: Updated: June 30, 2026
LOW

cp-contact-form-with-paypal

cp-contact-form-with-paypal

Score: 93/100 CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission Affected: *-1.3.34 Patched: 1.3.35 Updated: June 30, 2026
LOW

xml-sitemap-generator-for-google

xml-sitemap-generator-for-google

Score: N/A XML Sitemap Generator for Google <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Changes Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026
LOW

wp-time-slots-booking-form

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission Affected: *-1.1.76 Patched: 1.1.77 Updated: June 30, 2026
LOW

wp-time-slots-booking-form

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission Affected: *-1.1.76 Patched: 1.1.77 Updated: June 30, 2026
LOW

wp-social-bookmarking-light

wp-social-bookmarking-light

Score: N/A WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery Affected: *-2.0.7 Patched: Updated: June 30, 2026
LOW

wp-shamsi

wp-shamsi

Score: N/A WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion Affected: *-4.3.3 Patched: Updated: June 30, 2026
LOW

wp-repost

wp-repost

Score: N/A WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping Affected: *-0.1 Patched: Updated: June 30, 2026
LOW

wp-repost

wp-repost

Score: N/A WP Repost <= 0.1 - Missing Authorization Affected: *-0.1 Patched: Updated: June 30, 2026
LOW

wp-politic

wp-politic

Score: N/A HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026
LOW

wp-plugin-manager

wp-plugin-manager

Score: N/A WP Plugin Manager <= 1.1.7 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026
LOW

wp-news-magazine

wp-news-magazine

Score: N/A WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.1.9 Patched: 1.2.0 Updated: June 30, 2026
LOW

WP Meteor Website Speed Optimization Addon

wp-meteor

Score: 95/100 WP Meteor Page Speed Optimization Topping <= 3.1.4 - Cross-Site Request Forgery via processAjaxNoticeDismiss Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026
LOW

wp-insurance

wp-insurance

Score: N/A WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation Affected: *-2.1.3 Patched: 2.1.4 Updated: June 30, 2026
LOW

wp-film-studio

wp-film-studio

Score: N/A WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026
LOW

wp-education

wp-education

Score: N/A WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.2.6 Patched: 1.2.7 Updated: June 30, 2026
LOW

wc-sales-notification

wc-sales-notification

Score: N/A WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026
LOW

smart-youtube

smart-youtube

Score: N/A Smart YouTube PRO <= 4.3 - Cross-Site Request Forgery via handle_colorbox_options Affected: *-4.3 Patched: Updated: June 30, 2026
LOW

Smart Slider 3

smart-slider-3

Score: 90/100 Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.1.13 Patched: 3.5.1.14 Updated: June 30, 2026
LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.0.9 Patched: 6.0.10 Updated: June 30, 2026
LOW

search-in-place

search-in-place

Score: N/A Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission Affected: *-1.0.104 Patched: 1.0.105 Updated: June 30, 2026
LOW

rustolat

rustolat

Score: N/A Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes Affected: *-0.3 Patched: Updated: June 30, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration Affected: *-8.0.10 Patched: 8.1.0 Updated: June 30, 2026
LOW

quickswish

quickswish

Score: N/A QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026
LOW

preview-link-generator

preview-link-generator

Score: N/A Preview Link Generator <= 1.0.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026
LOW

paid-memberships-pro

paid-memberships-pro

Score: N/A Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes Affected: *-2.9.11 Patched: 2.9.12 Updated: June 30, 2026
LOW

ooohboi-steroids-for-elementor

ooohboi-steroids-for-elementor

Score: N/A OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion Affected: *-2.1.3 Patched: 2.1.5 Updated: June 30, 2026
LOW

no-external-links

no-external-links

Score: N/A WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping Affected: *-1.0.2 Patched: Updated: June 30, 2026
LOW

nex-forms-express-wp-form-builder

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-8.3.2 Patched: 8.3.3 Updated: June 30, 2026
LOW

miniorange-login-with-eve-online-google-facebook

miniorange-login-with-eve-online-google-facebook

Score: 93/100 OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page Affected: *-6.24.1 Patched: 6.24.2 Updated: June 30, 2026
LOW

ht-slider-for-elementor

ht-slider-for-elementor

Score: 93/100 HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.3.9 Patched: 1.4.0 Updated: June 30, 2026
LOW

ht-portfolio

ht-portfolio

Score: 93/100 HT Portfolio <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026
LOW

ht-event

ht-event

Score: 93/100 HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026
LOW

ht-contactform

ht-contactform

Score: 93/100 Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026
LOW

ever-compare

ever-compare

Score: 93/100 Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026
LOW

debug-assistant

debug-assistant

Score: 93/100 Debug Assistant <= 1.4 - Cross-Site Request Forgery via imlt_create_admin Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026
LOW

debug-assistant

debug-assistant

Score: 93/100 Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026
LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission Affected: *-1.1.120 Patched: 1.1.121 Updated: June 30, 2026
LOW

advanced-text-widget

advanced-text-widget

Score: 95/100 Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: Updated: June 30, 2026
LOW

advanced-text-widget

advanced-text-widget

Score: 95/100 Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice Affected: *-2.1.2 Patched: Updated: June 30, 2026
LOW

accesspress-twitter-feed

accesspress-twitter-feed

Score: 95/100 WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache Affected: *-1.6.9 Patched: Updated: June 30, 2026
LOW

accesspress-facebook-auto-post

accesspress-facebook-auto-post

Score: 95/100 Social Auto Poster <= 2.1.4 - Cross-Site Request Forgery to Plugin Settings Reset Affected: *-2.1.4 Patched: Updated: June 30, 2026
LOW

99fy-core

99fy-core

Score: 97/100 Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026
LOW

wp-google-tag-manager

wp-google-tag-manager

Score: N/A WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 30, 2026
LOW

woocommerce-wholesale-prices

woocommerce-wholesale-prices

Score: N/A Wholesale Suite <= 2.1.5 - Missing Authorization to Plugin Settings Change Affected: *-2.1.5 Patched: 2.1.6 Updated: June 30, 2026
LOW

woocommerce-multiple-customer-addresses

woocommerce-multiple-customer-addresses

Score: N/A WooCommerce Multiple Customer Addresses & Shipping <= 21.6 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Address Creation/Deletion/View/Updates Affected: [*, 21.7) Patched: 21.7 Updated: June 30, 2026
LOW

simple-slug-translate

simple-slug-translate

Score: N/A Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping Affected: *-2.7.2 Patched: 2.7.3 Updated: June 30, 2026
LOW

shortcodes-ultimate

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure Affected: *-5.12.7 Patched: 5.12.8 Updated: June 30, 2026
LOW

shortcodes-ultimate

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Arbitrary Post Access via Shortcode Affected: *-5.12.7 Patched: 5.12.8 Updated: June 30, 2026
LOW

sheets-to-wp-table-live-sync

sheets-to-wp-table-live-sync

Score: N/A Sheets To WP Table Live Sync <= 2.12.15 - Cross-Site Request Forgery Affected: *-2.12.15 Patched: 2.13.0 Updated: June 30, 2026
LOW

read-more-excerpt-link

read-more-excerpt-link

Score: N/A Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.6.0 Patched: 1.6.1 Updated: June 30, 2026
LOW

publish-to-schedule

publish-to-schedule

Score: N/A Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5.4 Patched: 4.5.5 Updated: June 30, 2026

Showing 26101 to 26200 of 36283 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 13:26 UTC.