Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36306

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
under-construction-page	under-construction-page	N/A	Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice	LOW	*-3.96	3.97	June 30, 2026
under-construction-page	under-construction-page	N/A	Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot	LOW	*-3.96	3.97	June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode	LOW	*-5.12.6	5.12.7	June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-5.12.6	5.12.7	June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting	LOW	*-5.12.6	5.12.7	June 30, 2026
quick-paypal-payments	quick-paypal-payments	N/A	Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-5.7.25	5.7.26	June 30, 2026
podlove-podcasting-plugin-for-wordpress	podlove-podcasting-plugin-for-wordpress	N/A	Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery	LOW	*-3.8.3	3.8.4	June 30, 2026
link-juice-keeper	link-juice-keeper	93	Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	*-2.0.2	2.0.3	June 30, 2026
scriptless-social-sharing	scriptless-social-sharing	N/A	Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options	LOW	*-3.2.1	3.2.2	June 30, 2026
All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements	mystickyelements	85	My Sticky Elements <= 2.0.8 - Authenticated (Admin+) SQL Injection	LOW	2.0.8	2.0.9	June 30, 2026
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager	insert-headers-and-footers	86	WPCode <= 2.0.6 - Missing Authorization to Sensitive Key Disclosure/Update	LOW	*-2.0.6	2.0.7	June 30, 2026
imagemagick-engine	imagemagick-engine	93	ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization	LOW	*-1.7.5	1.7.6	June 30, 2026
Rich Showcase for Google Reviews	widget-google-reviews	87	Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.2.3	2.2.4	June 30, 2026
weixin-robot-advanced	weixin-robot-advanced	N/A	微信机器人高级版 <= 6.2.1 - Reflected Cross Site Scripting	LOW	*-6.2.1		June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion	LOW	*-8.0.8	8.0.9	June 30, 2026
postmatic	postmatic	N/A	Replyable – Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice	LOW	*-2.2.9	2.2.10	June 30, 2026
yellow-yard	yellow-yard	N/A	Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.7.27	2.8.12	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object	LOW	*-2.18.16	2.18.17	June 30, 2026
slider-by-supsystic	slider-by-supsystic	N/A	Slider by Supsystic <= 1.8.6 - Cross-Site Request Forgery	LOW	*-1.8.6	1.8.7	June 30, 2026
interactive-geo-maps	interactive-geo-maps	93	Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.5.9	1.5.11	June 30, 2026
dk-pricr-responsive-pricing-table	dk-pricr-responsive-pricing-table	93	Responsive Pricing Table <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.1.6	5.1.7	June 30, 2026
auto-post-thumbnail	auto-post-thumbnail	93	Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 - Authenticated (Author+) Arbitrary File Upload	LOW	*-3.9.15	3.9.16	June 30, 2026
Redirection for Contact Form 7	wpcf7-redirect	N/A	Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation	LOW	*-2.7.0	2.8.0	June 30, 2026
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance	wp-optimize	76	WP-Optimize <= 3.2.11 - Cross-Site Request Forgery	LOW	*-3.2.11	3.2.12	June 30, 2026
wp-auto-affiliate-links	wp-auto-affiliate-links	N/A	Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change	LOW	*-6.2.1.5	6.2.1.6	June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons	N/A	ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates	LOW	*-2.5.1	2.5.2	June 30, 2026
Mercado Pago payments for WooCommerce	woocommerce-mercadopago	94	Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery	LOW	*-6.3.1	6.4.0	June 30, 2026
woo-multi-currency	woo-multi-currency	N/A	CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval	LOW	*-2.1.25	2.1.26	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders	LOW	*-2.18.16	2.18.17	June 30, 2026
wicked-folders	wicked-folders	N/A	Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders	LOW	*-2.18.16	2.18.17	June 30, 2026
visualizer	visualizer	N/A	Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting	LOW	*-3.9.1	3.9.2	June 30, 2026
quick-contact-form	quick-contact-form	N/A	Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.0.3.1	8.0.4	June 30, 2026
quick-contact-form	quick-contact-form	N/A	Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure	LOW	*-8.0.3.1	8.0.4	June 30, 2026
qubely	qubely	N/A	Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option	LOW	*-1.8.4	1.8.5	June 30, 2026
pie-register	pie-register	N/A	Pie Register <= 3.8.2.2 - Open Redirect	LOW	*-3.8.2.2	3.8.2.3	June 30, 2026
paypal-brasil-para-woocommerce	paypal-brasil-para-woocommerce	N/A	PayPal Brasil para WooCommerce <= 1.4.2 - Cross-Site Request Forgery	LOW	*-1.4.2	1.4.3	June 30, 2026
icegram-rainmaker	icegram-rainmaker	93	Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode	LOW	*-1.3.8	1.3.9	June 30, 2026
gigpress	gigpress	91	GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.3.28	2.3.29	June 30, 2026
forms-gutenberg	forms-gutenberg	91	Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure	LOW	*-2.2.8.3	2.2.9	June 30, 2026
enhanced-e-commerce-for-woocommerce-store	enhanced-e-commerce-for-woocommerce-store	93	All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 - Cross-Site Request Forgery	LOW	*-5.2.3	5.2.4	June 30, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress	email-subscribers	65	Icegram Express <= 5.5.2 - Unauthenticated CSV Injection	LOW	*-5.5.2	5.5.3	June 30, 2026
ecommerce-product-catalog	ecommerce-product-catalog	93	Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.3.4	3.3.5	June 30, 2026
cost-of-goods-for-woocommerce	cost-of-goods-for-woocommerce	93	Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs	LOW	*-2.8.6	2.8.7	June 30, 2026
cost-of-goods-for-woocommerce	cost-of-goods-for-woocommerce	93	Cost of Goods for WooCommerce <= 2.8.6 - Cross-Site Request Forgery in save_costs	LOW	*-2.8.6	2.8.7	June 30, 2026
comments-import-export-woocommerce	comments-import-export-woocommerce	93	WordPress Comments Import & Export <= 2.3.1 - CSV Injection	LOW	*-2.3.1	2.3.2	June 30, 2026
codepeople-post-map	codepeople-post-map	93	Google Maps CP <= 1.0.43 - Cross-Site Request Forgery via feedback_action	LOW	*-1.0.43	1.0.44	June 30, 2026
codepeople-post-map	codepeople-post-map	93	Google Maps CP <= 1.0.43 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission	LOW	*-1.0.43	1.0.44	June 30, 2026
chained-quiz	chained-quiz	93	Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.3.2.5	1.3.2.6	June 30, 2026
booking-calendar-contact-form	booking-calendar-contact-form	93	Booking Calendar Contact Form <= 1.2.34 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission	LOW	*-1.2.34	1.2.35	June 30, 2026
booking-calendar-contact-form	booking-calendar-contact-form	93	Booking Calendar Contact Form <= 1.2.34 - Cross-Site Request Forgery via cpdexbccf_feedback	LOW	*-1.2.34	1.2.35	June 30, 2026
bft-autoresponder	bft-autoresponder	91	Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.7.1	2.7.1.1	June 30, 2026
bft-autoresponder	bft-autoresponder	91	Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.7.1	2.7.1.1	June 30, 2026
album-and-image-gallery-plus-lightbox	album-and-image-gallery-plus-lightbox	97	Album and Image Gallery plus Lightbox <= 1.6.2 - Cross-Site Request Forgery	LOW	*-1.6.2	1.6.3	June 30, 2026
ajax-search-lite	ajax-search-lite	97	Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure	LOW	*-4.10.3	4.11	June 30, 2026
a2-optimized-wp	a2-optimized-wp	97	A2 Optimized WP <= 3.0.4 - Cross Site Request Forgery	LOW	*-3.0.4	3.0.5	June 30, 2026
0mk-shortener	0mk-shortener	95	0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.2		June 30, 2026
webinar-ignition	webinar-ignition	N/A	WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.14.2	2.14.3	June 30, 2026
watu	watu	N/A	Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.3.8	3.3.8.1	June 30, 2026
vk-all-in-one-expansion-unit	vk-all-in-one-expansion-unit	N/A	VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-9.85.0.1	9.86.0.0	June 30, 2026
user-activity	user-activity	N/A	User Activity <= 1.0.1 - IP Address Spoofing	LOW	*-1.0.1		June 30, 2026
similar-posts	similar-posts	N/A	Similar Posts – Best Related Posts Plugin for WordPress <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.1.6		June 30, 2026
podlove-podcasting-plugin-for-wordpress	podlove-podcasting-plugin-for-wordpress	N/A	Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.8.2	3.8.3	June 30, 2026
gs-instagram-portfolio	gs-instagram-portfolio	89	GS Insever Portfolio <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.4.4	1.4.5	June 30, 2026
gallery-album	gallery-album	83	Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 30, 2026
auto-youtube-importer	auto-youtube-importer	93	Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3	1.0.4	June 30, 2026
wp-htpasswd	wp-htpasswd	N/A	WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-1.7		June 30, 2026
Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs	wp-expand-tabs-free	91	WP Tabs <= 2.1.14 - Cross Site Request Forgery	LOW	*-2.1.14	2.1.15	June 30, 2026
WP Booking System – Booking Calendar	wp-booking-system	N/A	WP Booking System <= 2.0.18 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-2.0.18	2.0.18.1	June 30, 2026
wp-auto-affiliate-links	wp-auto-affiliate-links	N/A	Auto Affiliate Links <= 6.3 - Cross-Site Request Forgery via aalDeleteLink function	LOW	*-6.3	6.3.0.1	June 30, 2026
woocommerce-delivery-notes	woocommerce-delivery-notes	N/A	Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 - Reflected Cross-Site Scripting	LOW	*-4.7.1	4.7.2	June 30, 2026
wc-shortcodes	wc-shortcodes	N/A	Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.67		June 30, 2026
usersnap	usersnap	N/A	Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-4.16	4.17	June 30, 2026
Simple History – Track, Log, and Audit WordPress Changes	simple-history	77	Simple History <= 3.3.1 - Authenticated (Subscriber+) CSV Injection	LOW	*-3.3.1	3.4.0	June 30, 2026
side-cart-woocommerce	side-cart-woocommerce	N/A	Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery	LOW	[*, 2.1)	2.1	June 30, 2026
shortpixel-adaptive-images	shortpixel-adaptive-images	N/A	ShortPixel Adaptive Images <= 3.6.1 - Reflected Cross-Site Scripting	LOW	*-3.6.1	3.6.2	June 30, 2026
Robo Gallery – Photo & Image Slider	robo-gallery	N/A	Robo Gallery <= 3.2.9 - Cross-Site Request Forgery via getPluginStatus	LOW	*-3.2.9	3.2.11	June 30, 2026
Real Media Library: Media Library Folder & File Manager	real-media-library-lite	79	Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-4.18.28	4.18.29	June 30, 2026
posts-and-users-stats	posts-and-users-stats	N/A	Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection	LOW	*-1.1.3	1.1.4	June 30, 2026
php-execution-plugin	php-execution-plugin	N/A	PHP Execution <= 1.0.0 - Cross Site Request Forgery	LOW	*-1.0.0		June 30, 2026
opening-hours	opening-hours	N/A	We’re Open! <= 1.45 - Cross-Site Request Forgery	LOW	*-1.45	1.46	June 30, 2026
multi-rating	multi-rating	N/A	Multi Rating <= 5.0.5 - Cross Site Request Forgery	LOW	*-5.0.5	5.0.6	June 30, 2026
multi-column-tag-map	multi-column-tag-map	N/A	Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting	LOW	*-17.0.24	17.0.25	June 30, 2026
metform	metform	93	Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.1.2	3.2.0	June 30, 2026

LOW

under-construction-page

Score: N/A Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice Affected: *-3.96 Patched: 3.97 Updated: June 30, 2026

LOW

under-construction-page

Score: N/A Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot Affected: *-3.96 Patched: 3.97 Updated: June 30, 2026

LOW

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode Affected: *-5.12.6 Patched: 5.12.7 Updated: June 30, 2026

LOW

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-5.12.6 Patched: 5.12.7 Updated: June 30, 2026

LOW

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-5.12.6 Patched: 5.12.7 Updated: June 30, 2026

LOW

quick-paypal-payments

Score: N/A Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.7.25 Patched: 5.7.26 Updated: June 30, 2026

LOW

podlove-podcasting-plugin-for-wordpress

Score: N/A Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery Affected: *-3.8.3 Patched: 3.8.4 Updated: June 30, 2026

LOW

link-juice-keeper

Score: 93/100 Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

scriptless-social-sharing

Score: N/A Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026

LOW

All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements

mystickyelements

Score: 85/100 My Sticky Elements <= 2.0.8 - Authenticated (Admin+) SQL Injection Affected: 2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

Score: 86/100 WPCode <= 2.0.6 - Missing Authorization to Sensitive Key Disclosure/Update Affected: *-2.0.6 Patched: 2.0.7 Updated: June 30, 2026

LOW

imagemagick-engine

Score: 93/100 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization Affected: *-1.7.5 Patched: 1.7.6 Updated: June 30, 2026

LOW

Rich Showcase for Google Reviews

widget-google-reviews

Score: 87/100 Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

weixin-robot-advanced

Score: N/A 微信机器人高级版 <= 6.2.1 - Reflected Cross Site Scripting Affected: *-6.2.1 Patched: Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion Affected: *-8.0.8 Patched: 8.0.9 Updated: June 30, 2026

LOW

Score: N/A Replyable – Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice Affected: *-2.2.9 Patched: 2.2.10 Updated: June 30, 2026

LOW

yellow-yard

Score: N/A Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.7.27 Patched: 2.8.12 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

slider-by-supsystic

Score: N/A Slider by Supsystic <= 1.8.6 - Cross-Site Request Forgery Affected: *-1.8.6 Patched: 1.8.7 Updated: June 30, 2026

LOW

interactive-geo-maps

Score: 93/100 Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.5.9 Patched: 1.5.11 Updated: June 30, 2026

LOW

dk-pricr-responsive-pricing-table

Score: 93/100 Responsive Pricing Table <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.6 Patched: 5.1.7 Updated: June 30, 2026

LOW

auto-post-thumbnail

Score: 93/100 Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 - Authenticated (Author+) Arbitrary File Upload Affected: *-3.9.15 Patched: 3.9.16 Updated: June 30, 2026

LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation Affected: *-2.7.0 Patched: 2.8.0 Updated: June 30, 2026

LOW

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Score: 76/100 WP-Optimize <= 3.2.11 - Cross-Site Request Forgery Affected: *-3.2.11 Patched: 3.2.12 Updated: June 30, 2026

LOW

wp-auto-affiliate-links

Score: N/A Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change Affected: *-6.2.1.5 Patched: 6.2.1.6 Updated: June 30, 2026

LOW

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

Score: N/A ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

Score: 94/100 Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery Affected: *-6.3.1 Patched: 6.4.0 Updated: June 30, 2026

LOW

woo-multi-currency

Score: N/A CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval Affected: *-2.1.25 Patched: 2.1.26 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

wicked-folders

Score: N/A Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders Affected: *-2.18.16 Patched: 2.18.17 Updated: June 30, 2026

LOW

visualizer

Score: N/A Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting Affected: *-3.9.1 Patched: 3.9.2 Updated: June 30, 2026

LOW

quick-contact-form

Score: N/A Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.0.3.1 Patched: 8.0.4 Updated: June 30, 2026

LOW

quick-contact-form

Score: N/A Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure Affected: *-8.0.3.1 Patched: 8.0.4 Updated: June 30, 2026

LOW

qubely

Score: N/A Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option Affected: *-1.8.4 Patched: 1.8.5 Updated: June 30, 2026

LOW

pie-register

Score: N/A Pie Register <= 3.8.2.2 - Open Redirect Affected: *-3.8.2.2 Patched: 3.8.2.3 Updated: June 30, 2026

LOW

paypal-brasil-para-woocommerce

Score: N/A PayPal Brasil para WooCommerce <= 1.4.2 - Cross-Site Request Forgery Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

icegram-rainmaker

Score: 93/100 Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode Affected: *-1.3.8 Patched: 1.3.9 Updated: June 30, 2026

LOW

gigpress

Score: 91/100 GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection Affected: *-2.3.28 Patched: 2.3.29 Updated: June 30, 2026

LOW

forms-gutenberg

Score: 91/100 Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure Affected: *-2.2.8.3 Patched: 2.2.9 Updated: June 30, 2026

LOW

enhanced-e-commerce-for-woocommerce-store

Score: 93/100 All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 - Cross-Site Request Forgery Affected: *-5.2.3 Patched: 5.2.4 Updated: June 30, 2026

LOW

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Score: 65/100 Icegram Express <= 5.5.2 - Unauthenticated CSV Injection Affected: *-5.5.2 Patched: 5.5.3 Updated: June 30, 2026

LOW

ecommerce-product-catalog

Score: 93/100 Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.3.4 Patched: 3.3.5 Updated: June 30, 2026

LOW

cost-of-goods-for-woocommerce

Score: 93/100 Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs Affected: *-2.8.6 Patched: 2.8.7 Updated: June 30, 2026

LOW

cost-of-goods-for-woocommerce

Score: 93/100 Cost of Goods for WooCommerce <= 2.8.6 - Cross-Site Request Forgery in save_costs Affected: *-2.8.6 Patched: 2.8.7 Updated: June 30, 2026

LOW

comments-import-export-woocommerce

Score: 93/100 WordPress Comments Import & Export <= 2.3.1 - CSV Injection Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

codepeople-post-map

Score: 93/100 Google Maps CP <= 1.0.43 - Cross-Site Request Forgery via feedback_action Affected: *-1.0.43 Patched: 1.0.44 Updated: June 30, 2026

LOW

codepeople-post-map

Score: 93/100 Google Maps CP <= 1.0.43 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission Affected: *-1.0.43 Patched: 1.0.44 Updated: June 30, 2026

LOW

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.2.5 Patched: 1.3.2.6 Updated: June 30, 2026

LOW

booking-calendar-contact-form

Score: 93/100 Booking Calendar Contact Form <= 1.2.34 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission Affected: *-1.2.34 Patched: 1.2.35 Updated: June 30, 2026

LOW

booking-calendar-contact-form

Score: 93/100 Booking Calendar Contact Form <= 1.2.34 - Cross-Site Request Forgery via cpdexbccf_feedback Affected: *-1.2.34 Patched: 1.2.35 Updated: June 30, 2026

LOW

bft-autoresponder

Score: 91/100 Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.7.1 Patched: 2.7.1.1 Updated: June 30, 2026

LOW

bft-autoresponder

Score: 91/100 Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.7.1 Patched: 2.7.1.1 Updated: June 30, 2026

LOW

album-and-image-gallery-plus-lightbox

Score: 97/100 Album and Image Gallery plus Lightbox <= 1.6.2 - Cross-Site Request Forgery Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

ajax-search-lite

Score: 97/100 Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure Affected: *-4.10.3 Patched: 4.11 Updated: June 30, 2026

LOW

a2-optimized-wp

Score: 97/100 A2 Optimized WP <= 3.0.4 - Cross Site Request Forgery Affected: *-3.0.4 Patched: 3.0.5 Updated: June 30, 2026

LOW

0mk-shortener

Score: 95/100 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: June 30, 2026

LOW

webinar-ignition

Score: N/A WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.14.2 Patched: 2.14.3 Updated: June 30, 2026

LOW

watu

Score: N/A Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3.8 Patched: 3.3.8.1 Updated: June 30, 2026

LOW

vk-all-in-one-expansion-unit

Score: N/A VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-9.85.0.1 Patched: 9.86.0.0 Updated: June 30, 2026

LOW

user-activity

Score: N/A User Activity <= 1.0.1 - IP Address Spoofing Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

similar-posts

Score: N/A Similar Posts – Best Related Posts Plugin for WordPress <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.6 Patched: Updated: June 30, 2026

LOW

podlove-podcasting-plugin-for-wordpress

Score: N/A Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.8.2 Patched: 3.8.3 Updated: June 30, 2026

LOW

gs-instagram-portfolio

Score: 89/100 GS Insever Portfolio <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.4.4 Patched: 1.4.5 Updated: June 30, 2026

LOW

gallery-album

Score: 83/100 Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

auto-youtube-importer

Score: 93/100 Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

wp-htpasswd

Score: N/A WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs

wp-expand-tabs-free

Score: 91/100 WP Tabs <= 2.1.14 - Cross Site Request Forgery Affected: *-2.1.14 Patched: 2.1.15 Updated: June 30, 2026

LOW

WP Booking System – Booking Calendar

wp-booking-system

Score: N/A WP Booking System <= 2.0.18 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-2.0.18 Patched: 2.0.18.1 Updated: June 30, 2026

LOW

wp-auto-affiliate-links

Score: N/A Auto Affiliate Links <= 6.3 - Cross-Site Request Forgery via aalDeleteLink function Affected: *-6.3 Patched: 6.3.0.1 Updated: June 30, 2026

LOW

woocommerce-delivery-notes

Score: N/A Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 - Reflected Cross-Site Scripting Affected: *-4.7.1 Patched: 4.7.2 Updated: June 30, 2026

LOW

wc-shortcodes

Score: N/A Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.67 Patched: Updated: June 30, 2026

LOW

usersnap

Score: N/A Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-4.16 Patched: 4.17 Updated: June 30, 2026

LOW

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Score: 77/100 Simple History <= 3.3.1 - Authenticated (Subscriber+) CSV Injection Affected: *-3.3.1 Patched: 3.4.0 Updated: June 30, 2026

LOW

side-cart-woocommerce

Score: N/A Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery Affected: [*, 2.1) Patched: 2.1 Updated: June 30, 2026

LOW

shortpixel-adaptive-images

Score: N/A ShortPixel Adaptive Images <= 3.6.1 - Reflected Cross-Site Scripting Affected: *-3.6.1 Patched: 3.6.2 Updated: June 30, 2026

LOW

Robo Gallery – Photo & Image Slider

robo-gallery

Score: N/A Robo Gallery <= 3.2.9 - Cross-Site Request Forgery via getPluginStatus Affected: *-3.2.9 Patched: 3.2.11 Updated: June 30, 2026

LOW

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Score: 79/100 Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.18.28 Patched: 4.18.29 Updated: June 30, 2026

LOW

posts-and-users-stats

Score: N/A Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

php-execution-plugin

Score: N/A PHP Execution <= 1.0.0 - Cross Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

opening-hours

Score: N/A We’re Open! <= 1.45 - Cross-Site Request Forgery Affected: *-1.45 Patched: 1.46 Updated: June 30, 2026

LOW

multi-rating

Score: N/A Multi Rating <= 5.0.5 - Cross Site Request Forgery Affected: *-5.0.5 Patched: 5.0.6 Updated: June 30, 2026

LOW

multi-column-tag-map

Score: N/A Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-17.0.24 Patched: 17.0.25 Updated: June 30, 2026

LOW

metform

Score: 93/100 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.1.2 Patched: 3.2.0 Updated: June 30, 2026

Showing 26501 to 26600 of 36306 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 18:31 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List