Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36296

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'bulkDelete' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'statusBulkEdit' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Missing Authorization in 'saveRedirectSettings' function	LOW	*-1.1.3	1.1.4	June 30, 2026
redirect-redirection	redirect-redirection	N/A	Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'instantEditRedirect' function	LOW	*-1.1.3	1.1.4	June 30, 2026
real-kit	real-kit	N/A	real.Kit <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.1.0	5.1.1	June 30, 2026
read-more-excerpt-link	read-more-excerpt-link	N/A	Read More Excerpt Link <= 1.5 - Cross-Site Request Forgery	LOW	*-1.6	1.6.1	June 30, 2026
react-webcam	react-webcam	N/A	React Webcam <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.2.0		June 30, 2026
oauth2-provider	oauth2-provider	N/A	WP OAuth Server <= 4.2.5 - Authenticated (Subscriber+) Arbitrary Client Deletion (wo_ajax_remove_client)	LOW	*-4.2.5	4.3.0	June 30, 2026
oauth2-provider	oauth2-provider	N/A	WP OAuth Server <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client)	LOW	*-4.2.3	4.2.5	June 30, 2026
minify-html-markup	minify-html-markup	93	Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options	LOW	*-2.1.7	2.1.8	June 30, 2026
js-jobs	js-jobs	81	JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title	LOW	*-2.0.0	2.0.1	June 30, 2026
job-postings	job-postings	91	Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.5.10.2	2.5.11	June 30, 2026
iksweb	iksweb	93	Старт <= 3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.7	3.8	June 30, 2026
feed-them-social	feed-them-social	93	Feed Them Social <= 3.0.2 - Cross-Site Request Forgery	LOW	*-3.0.2	4.0.0	June 30, 2026
educare	educare	93	Educare – Students & Result Management System <= 1.4.3 - Cross-Site Request Forgery	LOW	*-1.4.3	1.4.4	June 30, 2026
client-portal	client-portal	93	Client Portal <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users	LOW	*-1.1.8	1.1.9	June 30, 2026
booking-ultra-pro	booking-ultra-pro	91	Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery	LOW	*-1.1.6	1.1.7	June 30, 2026
advanced-database-cleaner	advanced-database-cleaner	97	Advanced Database Cleaner <= 3.1.1 - Cross-Site Request Forgery via aDBc_save_settings_callback	LOW	*-3.1.1	3.1.2	June 30, 2026
wpdm-gutenberg-blocks	wpdm-gutenberg-blocks	N/A	Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-2.1.8	2.1.9	June 30, 2026
wpdatatables	wpdatatables	N/A	wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting	LOW	*-2.1.49	2.1.50	June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-4.5.4	4.5.5	June 30, 2026
wp-table-builder	wp-table-builder	N/A	WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.4.6	1.4.7	June 30, 2026
wp-stripe-donation	wp-stripe-donation	N/A	Accept Stripe Donation – AidWP <= 3.1.5 - Cross Site Request Forgery	LOW	*-3.1.5	3.1.6	June 30, 2026
wp-dynamic-keywords-injector	wp-dynamic-keywords-injector	N/A	WP Dynamic Keywords Injector <= 2.3.15 - Cross-Site Request Forgery	LOW	*-2.3.15	2.3.16	June 30, 2026
wp-custom-fields-search	wp-custom-fields-search	N/A	WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.34	1.2.35	June 30, 2026
wp-books-gallery	wp-books-gallery	N/A	WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes	LOW	*-4.4.8	4.4.9	June 30, 2026
wd-google-maps	wd-google-maps	N/A	10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters	LOW	*-1.0.72	1.0.73	June 30, 2026
visualizer	visualizer	N/A	Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-3.9.4	3.9.5	June 30, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution	LOW	*-5.5.15	5.5.16	June 30, 2026
video-background	video-background	N/A	Video Background <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.7.3	2.7.4	June 30, 2026
top-10	top-10	N/A	Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache	LOW	*-3.2.3	3.2.4	June 30, 2026
top-10	top-10	N/A	Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Cross-Site Request Forgery via tptn_ajax_clearcache	LOW	*-3.2.3	3.2.4	June 30, 2026
theme-tweaker-lite	theme-tweaker-lite	N/A	Theme Tweaker <= 5.20 - Cross-Site Request Forgery	LOW	*-5.20		June 30, 2026
the-post-grid	the-post-grid	N/A	The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 - Cross-Site Request Forgery in rttpg_spare_me	LOW	*-5.0.4	5.0.5	June 30, 2026
stock-market-charts-from-finviz	stock-market-charts-from-finviz	N/A	Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	*-1.0.1	1.0.2	June 30, 2026
sponsors-carousel	sponsors-carousel	N/A	Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show	LOW	*-4.0.2		June 30, 2026
social-login-wp	social-login-wp	N/A	Social Login WP <= 5.0.0.0 - Cross-Site Request Forgery	LOW	*-5.0.0.0		June 30, 2026
sitemap-index	sitemap-index	N/A	Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	*-1.2.3		June 30, 2026
publish-to-schedule	publish-to-schedule	N/A	Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes	LOW	*-4.4.2	4.5.4	June 30, 2026
protected-posts-logout-button	protected-posts-logout-button	N/A	Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting	LOW	*-1.4.5	1.4.6	June 30, 2026
peepso-core	peepso-core	N/A	Community by PeepSo <= 6.0.2.0 - Cross Site Request Forgery	LOW	*-6.0.2.0	6.0.3.0	June 30, 2026
paygreen-woocommerce	paygreen-woocommerce	N/A	PayGreen – Ancienne version <= 4.10.2 - Cross-Site Request Forgery	LOW	*-4.10.2		June 30, 2026
multiple-pages-generator-by-porthas	multiple-pages-generator-by-porthas	N/A	Multiple Page Generator Plugin <= 3.3.9 - Cross-Site Request Forgery	LOW	*-3.3.9	3.3.10	June 30, 2026
manage-shipyaari-shipping	manage-shipyaari-shipping	91	Shipyaari Shipping Management <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
gallery-videos	gallery-videos	93	Video Gallery – YouTube Gallery <= 1.7.6 - Missing Authorization	LOW	*-1.7.6	1.7.7	June 30, 2026
gallery-videos	gallery-videos	93	Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-1.7.6	1.7.7	June 30, 2026
exquisite-paypal-donation	exquisite-paypal-donation	91	Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	*-2.0.0		June 30, 2026
easy-google-analytics-for-wordpress	easy-google-analytics-for-wordpress	91	Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery	LOW	*-1.6.0		June 30, 2026
ditty-news-ticker	ditty-news-ticker	93	Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode	LOW	*-3.0.32	3.0.33	June 30, 2026
custom-settings	custom-settings	91	WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
css-js-manager	css-js-manager	93	CSS JS Manager <= 2.4.49 - Cross-Site Request Forgery	LOW	*-2.4.49	2.4.49.1	June 30, 2026
cp-multi-view-calendar	cp-multi-view-calendar	91	CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization	LOW	*-1.4.13	1.4.15	June 30, 2026
contextual-related-posts	contextual-related-posts	93	Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache	LOW	*-3.3.1	3.3.2	June 30, 2026
contextual-related-posts	contextual-related-posts	93	Contextual Related Posts <= 3.3.1 - Cross-Site Request Forgery in crpClearCache	LOW	*-3.3.1	3.3.2	June 30, 2026
companion-sitemap-generator	companion-sitemap-generator	93	Companion Sitemap Generator <= 4.5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.5.1.1	4.5.2	June 30, 2026
clio-grow-form	clio-grow-form	93	Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-1.0.0	1.0.1	June 30, 2026
circles-gallery	circles-gallery	91	Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings	LOW	*-1.0.10		June 30, 2026
buddyforms	buddyforms	89	BuddyForms <= 2.7.7 - PHAR Deserialization	LOW	*-2.7.7	2.7.8	June 30, 2026
bing-site-verification-using-meta-tag	bing-site-verification-using-meta-tag	91	Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings	LOW	*-1.0		June 30, 2026
astra-sites	astra-sites	93	Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.1.20 - Cross-Site Request Forgery in add_to_favorite	LOW	*-3.1.20	3.2.21	June 30, 2026
wp-coder	wp-coder	N/A	WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection	LOW	*-2.5.3	2.5.4	June 30, 2026
vslider	vslider	N/A	vSlider Multi Image Slider <= 4.1.2 - Missing Authorization	LOW	*-4.1.2		June 30, 2026
simple-pdf-viewer	simple-pdf-viewer	N/A	Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode	LOW	*-1.9		June 30, 2026
portfolio-slideshow	portfolio-slideshow	N/A	Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.13.0		June 30, 2026
google-maps-v3-shortcode	google-maps-v3-shortcode	91	Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.2.1		June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion	LOW	*-5.1.9.2	5.1.9.3	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function	LOW	*-4.1.5	4.1.6	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function	LOW	*-4.1.5	4.1.6	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function	LOW	*-4.1.5	4.1.6	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function	LOW	*-4.1.5	4.1.6	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function	LOW	*-4.1.5	4.1.6	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function	LOW	*-4.1.5	4.1.6	June 30, 2026
advanced-dynamic-pricing-for-woocommerce	advanced-dynamic-pricing-for-woocommerce	97	Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function	LOW	*-4.1.5	4.1.6	June 30, 2026
protected-posts-logout-button	protected-posts-logout-button	N/A	Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save	LOW	*-1.4.5	1.4.6	June 30, 2026
protected-posts-logout-button	protected-posts-logout-button	N/A	Protected Posts Logout Button <= 1.4.4 - Cross-Site Request Forgery to Settings Update	LOW	*-1.4.4	1.4.5	June 30, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection	LOW	*-3.05	3.06	June 30, 2026
campaign-url-builder	campaign-url-builder	93	Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.8.1	1.8.2	June 30, 2026
zeno-font-resizer	zeno-font-resizer	N/A	Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7.9	1.8.0	June 30, 2026
wp-post-comment-rating	wp-post-comment-rating	N/A	WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation	LOW	*		June 30, 2026
wp-insert	wp-insert	N/A	Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-2.5.0	2.5.1	June 30, 2026
wp-email-capture	wp-email-capture	N/A	WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery	LOW	*-3.9.3	3.10	June 30, 2026
wp-baidu-submit	wp-baidu-submit	N/A	WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.2.1		June 30, 2026
woo-wallet	woo-wallet	N/A	TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options	LOW	*-1.3.24	1.4.0	June 30, 2026
vslider	vslider	N/A	vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.1.2		June 30, 2026
VikBooking Hotel Booking Engine & PMS	vikbooking	95	VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function	LOW	*-1.5.12	1.6.0	June 30, 2026
VikBooking Hotel Booking Engine & PMS	vikbooking	95	VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in multiple functions in admin/controller.php	LOW	*-1.6.1	1.6.2	June 30, 2026
VikBooking Hotel Booking Engine & PMS	vikbooking	95	VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function	LOW	*-1.5.12	1.6.0	June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'bulkDelete' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'statusBulkEdit' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Missing Authorization in 'saveRedirectSettings' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

redirect-redirection

Score: N/A Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'instantEditRedirect' function Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

real-kit

Score: N/A real.Kit <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.1.0 Patched: 5.1.1 Updated: June 30, 2026

LOW

read-more-excerpt-link

Score: N/A Read More Excerpt Link <= 1.5 - Cross-Site Request Forgery Affected: *-1.6 Patched: 1.6.1 Updated: June 30, 2026

LOW

react-webcam

Score: N/A React Webcam <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

oauth2-provider

Score: N/A WP OAuth Server <= 4.2.5 - Authenticated (Subscriber+) Arbitrary Client Deletion (wo_ajax_remove_client) Affected: *-4.2.5 Patched: 4.3.0 Updated: June 30, 2026

LOW

oauth2-provider

Score: N/A WP OAuth Server <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client) Affected: *-4.2.3 Patched: 4.2.5 Updated: June 30, 2026

LOW

minify-html-markup

Score: 93/100 Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options Affected: *-2.1.7 Patched: 2.1.8 Updated: June 30, 2026

LOW

js-jobs

Score: 81/100 JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

job-postings

Score: 91/100 Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.5.10.2 Patched: 2.5.11 Updated: June 30, 2026

LOW

iksweb

Score: 93/100 Старт <= 3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

feed-them-social

Score: 93/100 Feed Them Social <= 3.0.2 - Cross-Site Request Forgery Affected: *-3.0.2 Patched: 4.0.0 Updated: June 30, 2026

LOW

educare

Score: 93/100 Educare – Students & Result Management System <= 1.4.3 - Cross-Site Request Forgery Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

client-portal

Score: 93/100 Client Portal <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

advanced-database-cleaner

Score: 97/100 Advanced Database Cleaner <= 3.1.1 - Cross-Site Request Forgery via aDBc_save_settings_callback Affected: *-3.1.1 Patched: 3.1.2 Updated: June 30, 2026

LOW

wpdm-gutenberg-blocks

Score: N/A Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-2.1.8 Patched: 2.1.9 Updated: June 30, 2026

LOW

wpdatatables

Score: N/A wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-2.1.49 Patched: 2.1.50 Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-4.5.4 Patched: 4.5.5 Updated: June 30, 2026

LOW

wp-table-builder

Score: N/A WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: June 30, 2026

LOW

wp-stripe-donation

Score: N/A Accept Stripe Donation – AidWP <= 3.1.5 - Cross Site Request Forgery Affected: *-3.1.5 Patched: 3.1.6 Updated: June 30, 2026

LOW

wp-dynamic-keywords-injector

Score: N/A WP Dynamic Keywords Injector <= 2.3.15 - Cross-Site Request Forgery Affected: *-2.3.15 Patched: 2.3.16 Updated: June 30, 2026

LOW

wp-custom-fields-search

Score: N/A WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.34 Patched: 1.2.35 Updated: June 30, 2026

LOW

wp-books-gallery

Score: N/A WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes Affected: *-4.4.8 Patched: 4.4.9 Updated: June 30, 2026

LOW

wd-google-maps

Score: N/A 10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters Affected: *-1.0.72 Patched: 1.0.73 Updated: June 30, 2026

LOW

visualizer

Score: N/A Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-3.9.4 Patched: 3.9.5 Updated: June 30, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution Affected: *-5.5.15 Patched: 5.5.16 Updated: June 30, 2026

LOW

video-background

Score: N/A Video Background <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.7.3 Patched: 2.7.4 Updated: June 30, 2026

LOW

top-10

Score: N/A Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026

LOW

top-10

Score: N/A Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Cross-Site Request Forgery via tptn_ajax_clearcache Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026

LOW

theme-tweaker-lite

Score: N/A Theme Tweaker <= 5.20 - Cross-Site Request Forgery Affected: *-5.20 Patched: Updated: June 30, 2026

LOW

Score: N/A The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 - Cross-Site Request Forgery in rttpg_spare_me Affected: *-5.0.4 Patched: 5.0.5 Updated: June 30, 2026

LOW

stock-market-charts-from-finviz

Score: N/A Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

sponsors-carousel

Score: N/A Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show Affected: *-4.0.2 Patched: Updated: June 30, 2026

LOW

social-login-wp

Score: N/A Social Login WP <= 5.0.0.0 - Cross-Site Request Forgery Affected: *-5.0.0.0 Patched: Updated: June 30, 2026

LOW

sitemap-index

Score: N/A Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

publish-to-schedule

Score: N/A Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes Affected: *-4.4.2 Patched: 4.5.4 Updated: June 30, 2026

LOW

protected-posts-logout-button

Score: N/A Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

peepso-core

Score: N/A Community by PeepSo <= 6.0.2.0 - Cross Site Request Forgery Affected: *-6.0.2.0 Patched: 6.0.3.0 Updated: June 30, 2026

LOW

paygreen-woocommerce

Score: N/A PayGreen – Ancienne version <= 4.10.2 - Cross-Site Request Forgery Affected: *-4.10.2 Patched: Updated: June 30, 2026

LOW

multiple-pages-generator-by-porthas

Score: N/A Multiple Page Generator Plugin <= 3.3.9 - Cross-Site Request Forgery Affected: *-3.3.9 Patched: 3.3.10 Updated: June 30, 2026

LOW

manage-shipyaari-shipping

Score: 91/100 Shipyaari Shipping Management <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

gallery-videos

Score: 93/100 Video Gallery – YouTube Gallery <= 1.7.6 - Missing Authorization Affected: *-1.7.6 Patched: 1.7.7 Updated: June 30, 2026

LOW

gallery-videos

Score: 93/100 Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-1.7.6 Patched: 1.7.7 Updated: June 30, 2026

LOW

exquisite-paypal-donation

Score: 91/100 Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

easy-google-analytics-for-wordpress

Score: 91/100 Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery Affected: *-1.6.0 Patched: Updated: June 30, 2026

LOW

ditty-news-ticker

Score: 93/100 Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode Affected: *-3.0.32 Patched: 3.0.33 Updated: June 30, 2026

LOW

custom-settings

Score: 91/100 WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

css-js-manager

Score: 93/100 CSS JS Manager <= 2.4.49 - Cross-Site Request Forgery Affected: *-2.4.49 Patched: 2.4.49.1 Updated: June 30, 2026

LOW

cp-multi-view-calendar

Score: 91/100 CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization Affected: *-1.4.13 Patched: 1.4.15 Updated: June 30, 2026

LOW

contextual-related-posts

Score: 93/100 Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

contextual-related-posts

Score: 93/100 Contextual Related Posts <= 3.3.1 - Cross-Site Request Forgery in crpClearCache Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

companion-sitemap-generator

Score: 93/100 Companion Sitemap Generator <= 4.5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.5.1.1 Patched: 4.5.2 Updated: June 30, 2026

LOW

clio-grow-form

Score: 93/100 Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

circles-gallery

Score: 91/100 Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings Affected: *-1.0.10 Patched: Updated: June 30, 2026

LOW

buddyforms

Score: 89/100 BuddyForms <= 2.7.7 - PHAR Deserialization Affected: *-2.7.7 Patched: 2.7.8 Updated: June 30, 2026

LOW

bing-site-verification-using-meta-tag

Score: 91/100 Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

astra-sites

Score: 93/100 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.1.20 - Cross-Site Request Forgery in add_to_favorite Affected: *-3.1.20 Patched: 3.2.21 Updated: June 30, 2026

LOW

wp-coder

Score: N/A WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection Affected: *-2.5.3 Patched: 2.5.4 Updated: June 30, 2026

LOW

vslider

Score: N/A vSlider Multi Image Slider <= 4.1.2 - Missing Authorization Affected: *-4.1.2 Patched: Updated: June 30, 2026

LOW

simple-pdf-viewer

Score: N/A Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode Affected: *-1.9 Patched: Updated: June 30, 2026

LOW

portfolio-slideshow

Score: N/A Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.13.0 Patched: Updated: June 30, 2026

LOW

google-maps-v3-shortcode

Score: 91/100 Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion Affected: *-5.1.9.2 Patched: 5.1.9.3 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026

LOW

protected-posts-logout-button

Score: N/A Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

protected-posts-logout-button

Score: N/A Protected Posts Logout Button <= 1.4.4 - Cross-Site Request Forgery to Settings Update Affected: *-1.4.4 Patched: 1.4.5 Updated: June 30, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection Affected: *-3.05 Patched: 3.06 Updated: June 30, 2026

LOW

campaign-url-builder

Score: 93/100 Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8.1 Patched: 1.8.2 Updated: June 30, 2026

LOW

zeno-font-resizer

Score: N/A Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.9 Patched: 1.8.0 Updated: June 30, 2026

LOW

wp-post-comment-rating

Score: N/A WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation Affected: * Patched: Updated: June 30, 2026

LOW

wp-insert

Score: N/A Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026

LOW

wp-email-capture

Score: N/A WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery Affected: *-3.9.3 Patched: 3.10 Updated: June 30, 2026

LOW

wp-baidu-submit

Score: N/A WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

woo-wallet

Score: N/A TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options Affected: *-1.3.24 Patched: 1.4.0 Updated: June 30, 2026

LOW

vslider

Score: N/A vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.1.2 Patched: Updated: June 30, 2026

LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function Affected: *-1.5.12 Patched: 1.6.0 Updated: June 30, 2026

LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in multiple functions in admin/controller.php Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function Affected: *-1.5.12 Patched: 1.6.0 Updated: June 30, 2026

Showing 26301 to 26400 of 36296 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 16:02 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List