Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset	LOW	*-5.3.0	5.3.1	June 30, 2026
opening-hours	opening-hours	N/A	We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.46	1.47	June 30, 2026
gn-publisher	gn-publisher	93	GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting	LOW	*-1.5.5	1.5.6	June 30, 2026
dashboard-widgets-suite	dashboard-widgets-suite	93	Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.1	3.2.2	June 30, 2026
Maspik – Ultimate Spam Protection	contact-forms-anti-spam	78	Maspik – Spam blacklist <= 0.7.8 - Cross-Site Request Forgery	LOW	*-0.7.8	0.7.9	June 30, 2026
ajax-load-more	ajax-load-more	97	WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode	LOW	*-5.6.0.2	5.6.0.3	June 30, 2026
zendrop-dropshipping-and-fulfillment	zendrop-dropshipping-and-fulfillment	N/A	Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData	LOW	*-1.0.0	1.0.1	June 30, 2026
zendrop-dropshipping-and-fulfillment	zendrop-dropshipping-and-fulfillment	N/A	Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload	LOW	*-1.0.0	1.0.1	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.2 - Missing Authorization in 'startProcess' to Arbitrary Redirect via 'update_link_redirect' task	LOW	*-4.5.2	4.5.3	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap'	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore'	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation'	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps'	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings'	LOW	*-4.5.3	4.5.4	June 30, 2026
spotify-play-button-for-wordpress	spotify-play-button-for-wordpress	N/A	Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.05	2.06	June 30, 2026
phpinfo-wp	phpinfo-wp	N/A	phpinfo() WP <= 4.0 - Cross-Site Request Forgery	LOW	*-4.0	5.0	June 30, 2026
kb-support	kb-support	91	KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection	LOW	*-1.5.84	1.5.85	June 30, 2026
drag-and-drop-multiple-file-upload-for-woocommerce	drag-and-drop-multiple-file-upload-for-woocommerce	93	Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file	LOW	*-1.0.8	1.0.9	June 30, 2026
Drag and Drop Multiple File Upload for Contact Form 7	drag-and-drop-multiple-file-upload-contact-form-7	93	Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete	LOW	*-1.3.6.5	1.3.6.6	June 30, 2026
conditional-checkout-fields-for-woocommerce	conditional-checkout-fields-for-woocommerce	93	Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.3 - Missing Authorization	LOW	*-1.2.3	1.2.4	June 30, 2026
chat-bee	chat-bee	91	Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
baidu-submit-link	baidu-submit-link	93	多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery	LOW	*-4.2.5	4.2.6	June 30, 2026
asmember	asmember	95	asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.4		June 30, 2026
apollo13-framework-extensions	apollo13-framework-extensions	97	Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization	LOW	*-1.8.10	1.9.0	June 30, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2.9	4.3.0	June 30, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.2.9	4.3.0	June 30, 2026
youtube-channel	youtube-channel	N/A	My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion	LOW	*-3.23.3	3.23.4	June 30, 2026
wpappninja	wpappninja	N/A	WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-11.18	11.19	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode	LOW	*-4.9.3.2	4.9.3.3	June 30, 2026
wp-custom-login-page	wp-custom-login-page	N/A	Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0		June 30, 2026
wordpress-tooltips	wordpress-tooltips	N/A	WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery	LOW	*-8.2.5	8.2.7	June 30, 2026
ts-webfonts-for-conoha	ts-webfonts-for-conoha	N/A	TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.3	2.0.4	June 30, 2026
simple-youtube-responsive	simple-youtube-responsive	N/A	Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.5	3.0	June 30, 2026
simple-portfolio-gallery	simple-portfolio-gallery	N/A	Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.1		June 30, 2026
simple-podcasting	simple-podcasting	N/A	simple-git < 3.16.0 - Remote Code Execution	LOW	*-1.4.0	1.5.0	June 30, 2026
simple-local-avatars	simple-local-avatars	N/A	simple-git < 3.16.0 - Remote Code Execution	LOW	*-2.7.3	2.7.4	June 30, 2026
simple-local-avatars	simple-local-avatars	N/A	http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS)	LOW	*-2.7.3	2.7.4	June 30, 2026
retro-winamp-block	retro-winamp-block	N/A	simple-git < 3.16.0 - Remote Code Execution	LOW	[*, 1.3.0)	1.3.0	June 30, 2026
resume-upload-form	resume-upload-form	N/A	Upload Resume <= 1.2.0 - Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode	LOW	*-1.2.0		June 30, 2026
maps-block-apple	maps-block-apple	93	simple-git < 3.16.0 - Remote Code Execution	LOW	*-1.1.0	1.1.1	June 30, 2026
insecure-content-warning	insecure-content-warning	93	simple-git < 3.16.0 - Remote Code Execution	LOW	*-1.0.3	1.1.0	June 30, 2026
houzez-login-register	houzez-login-register	93	Houzez Login Register <= 2.6.3 - Privilege Escalation	LOW	*-2.6.3	2.6.4	June 30, 2026
gmace	gmace	87	GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal	LOW	*-1.5.2		June 30, 2026
gmace	gmace	87	GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client	LOW	*-1.5.2		June 30, 2026
for-the-visually-impaired	for-the-visually-impaired	91	For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes	LOW	*-0.58		June 30, 2026
drag-and-drop-multiple-file-upload-for-woocommerce	drag-and-drop-multiple-file-upload-for-woocommerce	93	Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Missing Authorization in upload and delete_file	LOW	*-1.0.8	1.0.9	June 30, 2026
cpt-speakers	cpt-speakers	91	CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
coupon-zen	coupon-zen	93	Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation	LOW	*-1.0.5	1.0.6	June 30, 2026
cm-answers	cm-answers	93	CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.1.9	3.2.0	June 30, 2026
all-in-one-favicon	all-in-one-favicon	97	All In One Favicon <= 4.7 - Authenticated(Admin+) Directory Traversal	LOW	*-4.7	4.8	June 30, 2026
ads-txt	ads-txt	97	simple-git < 3.16.0 - Remote Code Execution	LOW	*-1.4.2	1.4.3	June 30, 2026
admin-block-country	admin-block-country	95	Admin Block Country <= 7.1.4 - Cross-Site Request Forgery via admin_block_country_initial_page	LOW	*-7.1.4		June 30, 2026
wpb-advanced-faq	wpb-advanced-faq	N/A	WPB Advanced FAQ <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.6		June 30, 2026
wp-recentcomments	wp-recentcomments	N/A	WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure	LOW	*-2.2.7		June 30, 2026
wp-meta-seo	wp-meta-seo	N/A	WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-4.5.2	4.5.3	June 30, 2026
wp-auto-affiliate-links	wp-auto-affiliate-links	N/A	Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function	LOW	*-6.3.0.2	6.3.0.3	June 30, 2026
vk-all-in-one-expansion-unit	vk-all-in-one-expansion-unit	N/A	VK All in One Expansion Unit <= 9.87.0.1 - Reflected Cross-Site Scripting via REQUEST_URI	LOW	*-9.87.0.1	9.87.1.0	June 30, 2026
top-10	top-10	N/A	Top 10 – Popular posts plugin for WordPress <= 3.2.4 - Missing Authorization on tptn_chart_data	LOW	*-3.2.4	3.2.5	June 30, 2026
top-10	top-10	N/A	Top 10 – Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	*-3.2.4	3.2.5	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'LoadTab' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
peepso-core	peepso-core	N/A	Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery leading to Plugin/Subscription Deletion	LOW	*-6.0.2.0	6.0.3.0	June 30, 2026
paytm-payments	paytm-payments	N/A	Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'	LOW	*-2.7.3	2.7.7	June 30, 2026
hero-banner-ultimate	hero-banner-ultimate	93	Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-1.3.4	1.4	June 30, 2026
gotowp	gotowp	91	GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.1.1		June 30, 2026
etsy-shop	etsy-shop	93	Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-3.0.3	3.0.4	June 30, 2026
custom-content-shortcode	custom-content-shortcode	89	Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.0.2		June 30, 2026
custom-content-shortcode	custom-content-shortcode	89	Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode	LOW	*-4.0.2		June 30, 2026
client-portal	client-portal	93	Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function	LOW	*-1.1.8	1.1.9	June 30, 2026
cf7-zoho	cf7-zoho	93	Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function	LOW	*-1.2.2	1.2.3	June 30, 2026
Calculated Fields Form	calculated-fields-form	70	Calculated Fields Form <= 1.1.150 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.150	1.1.151	June 30, 2026
accordions-or-faqs	accordions-or-faqs	95	Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters	LOW	*-2.3.0	2.3.1	June 30, 2026
wp2syslog	wp2syslog	N/A	wp2syslog <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.5		June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting	LOW	*-4.5.4	4.5.5	June 30, 2026
woocommerce-for-japan	woocommerce-for-japan	N/A	Japanized For WooCommerce <= 2.5.4 - Reflected Cross-Site Scripting	LOW	*-2.5.4	2.5.5	June 30, 2026
tenweb-speed-optimizer	tenweb-speed-optimizer	N/A	10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting	LOW	*-2.13.44	2.13.45	June 30, 2026
strong-testimonials	strong-testimonials	N/A	Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-3.0.2	3.0.3	June 30, 2026
smart-logo-showcase-lite	smart-logo-showcase-lite	N/A	Smart Logo Showcase Lite <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.9		June 30, 2026
saan-world-clock	saan-world-clock	N/A	Saan World Clock <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.8		June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'redirectionPageContent' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'deleteRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'SaveSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'SaveSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'bulkDelete' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function	LOW	*-1.1.3	1.1.4	June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset Affected: *-5.3.0 Patched: 5.3.1 Updated: June 30, 2026

LOW

opening-hours

Score: N/A We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.46 Patched: 1.47 Updated: June 30, 2026

LOW

gn-publisher

Score: 93/100 GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

dashboard-widgets-suite

Score: 93/100 Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026

LOW

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

Score: 78/100 Maspik – Spam blacklist <= 0.7.8 - Cross-Site Request Forgery Affected: *-0.7.8 Patched: 0.7.9 Updated: June 30, 2026

LOW

Score: 97/100 WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode Affected: *-5.6.0.2 Patched: 5.6.0.3 Updated: June 30, 2026

LOW

zendrop-dropshipping-and-fulfillment

Score: N/A Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

zendrop-dropshipping-and-fulfillment

Score: N/A Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.2 - Missing Authorization in 'startProcess' to Arbitrary Redirect via 'update_link_redirect' task Affected: *-4.5.2 Patched: 4.5.3 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings' Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

spotify-play-button-for-wordpress

Score: N/A Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.05 Patched: 2.06 Updated: June 30, 2026

LOW

phpinfo-wp

Score: N/A phpinfo() WP <= 4.0 - Cross-Site Request Forgery Affected: *-4.0 Patched: 5.0 Updated: June 30, 2026

LOW

kb-support

Score: 91/100 KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection Affected: *-1.5.84 Patched: 1.5.85 Updated: June 30, 2026

LOW

drag-and-drop-multiple-file-upload-for-woocommerce

Score: 93/100 Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete Affected: *-1.3.6.5 Patched: 1.3.6.6 Updated: June 30, 2026

LOW

conditional-checkout-fields-for-woocommerce

Score: 93/100 Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.3 - Missing Authorization Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

chat-bee

Score: 91/100 Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

baidu-submit-link

Score: 93/100 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery Affected: *-4.2.5 Patched: 4.2.6 Updated: June 30, 2026

LOW

asmember

Score: 95/100 asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.4 Patched: Updated: June 30, 2026

LOW

apollo13-framework-extensions

Score: 97/100 Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization Affected: *-1.8.10 Patched: 1.9.0 Updated: June 30, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.9 Patched: 4.3.0 Updated: June 30, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.2.9 Patched: 4.3.0 Updated: June 30, 2026

LOW

youtube-channel

Score: N/A My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion Affected: *-3.23.3 Patched: 3.23.4 Updated: June 30, 2026

LOW

wpappninja

Score: N/A WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-11.18 Patched: 11.19 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode Affected: *-4.9.3.2 Patched: 4.9.3.3 Updated: June 30, 2026

LOW

wp-custom-login-page

Score: N/A Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

wordpress-tooltips

Score: N/A WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery Affected: *-8.2.5 Patched: 8.2.7 Updated: June 30, 2026

LOW

ts-webfonts-for-conoha

Score: N/A TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

simple-youtube-responsive

Score: N/A Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.5 Patched: 3.0 Updated: June 30, 2026

LOW

simple-portfolio-gallery

Score: N/A Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

simple-podcasting

Score: N/A simple-git < 3.16.0 - Remote Code Execution Affected: *-1.4.0 Patched: 1.5.0 Updated: June 30, 2026

LOW

simple-local-avatars

Score: N/A simple-git < 3.16.0 - Remote Code Execution Affected: *-2.7.3 Patched: 2.7.4 Updated: June 30, 2026

LOW

simple-local-avatars

Score: N/A http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS) Affected: *-2.7.3 Patched: 2.7.4 Updated: June 30, 2026

LOW

retro-winamp-block

Score: N/A simple-git < 3.16.0 - Remote Code Execution Affected: [*, 1.3.0) Patched: 1.3.0 Updated: June 30, 2026

LOW

resume-upload-form

Score: N/A Upload Resume <= 1.2.0 - Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

maps-block-apple

Score: 93/100 simple-git < 3.16.0 - Remote Code Execution Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

insecure-content-warning

Score: 93/100 simple-git < 3.16.0 - Remote Code Execution Affected: *-1.0.3 Patched: 1.1.0 Updated: June 30, 2026

LOW

houzez-login-register

Score: 93/100 Houzez Login Register <= 2.6.3 - Privilege Escalation Affected: *-2.6.3 Patched: 2.6.4 Updated: June 30, 2026

LOW

gmace

Score: 87/100 GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal Affected: *-1.5.2 Patched: Updated: June 30, 2026

LOW

gmace

Score: 87/100 GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client Affected: *-1.5.2 Patched: Updated: June 30, 2026

LOW

for-the-visually-impaired

Score: 91/100 For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes Affected: *-0.58 Patched: Updated: June 30, 2026

LOW

drag-and-drop-multiple-file-upload-for-woocommerce

Score: 93/100 Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Missing Authorization in upload and delete_file Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

LOW

cpt-speakers

Score: 91/100 CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

coupon-zen

Score: 93/100 Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation Affected: *-1.0.5 Patched: 1.0.6 Updated: June 30, 2026

LOW

cm-answers

Score: 93/100 CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.9 Patched: 3.2.0 Updated: June 30, 2026

LOW

all-in-one-favicon

Score: 97/100 All In One Favicon <= 4.7 - Authenticated(Admin+) Directory Traversal Affected: *-4.7 Patched: 4.8 Updated: June 30, 2026

LOW

ads-txt

Score: 97/100 simple-git < 3.16.0 - Remote Code Execution Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

admin-block-country

Score: 95/100 Admin Block Country <= 7.1.4 - Cross-Site Request Forgery via admin_block_country_initial_page Affected: *-7.1.4 Patched: Updated: June 30, 2026

LOW

wpb-advanced-faq

Score: N/A WPB Advanced FAQ <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

wp-recentcomments

Score: N/A WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure Affected: *-2.2.7 Patched: Updated: June 30, 2026

LOW

wp-meta-seo

Score: N/A WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection Affected: *-4.5.2 Patched: 4.5.3 Updated: June 30, 2026

LOW

wp-auto-affiliate-links

Score: N/A Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function Affected: *-6.3.0.2 Patched: 6.3.0.3 Updated: June 30, 2026

LOW

vk-all-in-one-expansion-unit

Score: N/A VK All in One Expansion Unit <= 9.87.0.1 - Reflected Cross-Site Scripting via REQUEST_URI Affected: *-9.87.0.1 Patched: 9.87.1.0 Updated: June 30, 2026

LOW

top-10

Score: N/A Top 10 – Popular posts plugin for WordPress <= 3.2.4 - Missing Authorization on tptn_chart_data Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

top-10

Score: N/A Top 10 – Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'LoadTab' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

peepso-core

Score: N/A Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery leading to Plugin/Subscription Deletion Affected: *-6.0.2.0 Patched: 6.0.3.0 Updated: June 30, 2026

LOW

paytm-payments

Score: N/A Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post' Affected: *-2.7.3 Patched: 2.7.7 Updated: June 30, 2026

LOW

hero-banner-ultimate

Score: 93/100 Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-1.3.4 Patched: 1.4 Updated: June 30, 2026

LOW

gotowp

Score: 91/100 GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.1.1 Patched: Updated: June 30, 2026

LOW

etsy-shop

Score: 93/100 Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-3.0.3 Patched: 3.0.4 Updated: June 30, 2026

LOW

custom-content-shortcode

Score: 89/100 Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.0.2 Patched: Updated: June 30, 2026

LOW

custom-content-shortcode

Score: 89/100 Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode Affected: *-4.0.2 Patched: Updated: June 30, 2026

LOW

client-portal

Score: 93/100 Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

cf7-zoho

Score: 93/100 Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026

LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 1.1.150 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.150 Patched: 1.1.151 Updated: June 30, 2026

LOW

accordions-or-faqs

Score: 95/100 Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026

LOW

wp2syslog

Score: N/A wp2syslog <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.5.4 Patched: 4.5.5 Updated: June 30, 2026

LOW

woocommerce-for-japan

Score: N/A Japanized For WooCommerce <= 2.5.4 - Reflected Cross-Site Scripting Affected: *-2.5.4 Patched: 2.5.5 Updated: June 30, 2026

LOW

tenweb-speed-optimizer

Score: N/A 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting Affected: *-2.13.44 Patched: 2.13.45 Updated: June 30, 2026

LOW

strong-testimonials

Score: N/A Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-3.0.2 Patched: 3.0.3 Updated: June 30, 2026

LOW

smart-logo-showcase-lite

Score: N/A Smart Logo Showcase Lite <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

saan-world-clock

Score: N/A Saan World Clock <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8 Patched: Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'redirectionPageContent' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'deleteRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'SaveSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'SaveSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'bulkDelete' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

Showing 26201 to 26300 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 14:45 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List