Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36313

Across tracked plugins

Affected Plugins

77

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
Real Media Library: Media Library Folder & File Manager real-media-library-lite
79
 Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-4.18.28 4.18.29 June 30, 2026
posts-and-users-stats posts-and-users-stats N/A Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection LOW *-1.1.3 1.1.4 June 30, 2026
php-execution-plugin php-execution-plugin N/A PHP Execution <= 1.0.0 - Cross Site Request Forgery LOW *-1.0.0 June 30, 2026
opening-hours opening-hours N/A We’re Open! <= 1.45 - Cross-Site Request Forgery LOW *-1.45 1.46 June 30, 2026
multi-rating multi-rating N/A Multi Rating <= 5.0.5 - Cross Site Request Forgery LOW *-5.0.5 5.0.6 June 30, 2026
multi-column-tag-map multi-column-tag-map N/A Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting LOW *-17.0.24 17.0.25 June 30, 2026
metform metform
93
 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting LOW *-3.1.2 3.2.0 June 30, 2026
marketing-performance marketing-performance
91
 Marketing Performance <= 2.0.0 - Unauthenticated Stored Cross Site Scripting LOW *-2.0.0 June 30, 2026
job-postings job-postings
91
 Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting LOW *-2.5.10.2 2.5.11 June 30, 2026
ip-vault-wp-firewall ip-vault-wp-firewall
91
 IP Vault – WP Firewall <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0 2.1 June 30, 2026
image-hover-effects-with-carousel image-hover-effects-with-carousel
91
 Image Hover Effects Plugin - Caption Hover with Carousel <= 2.8 - Unauthenticated Stored Cross Site Scripting LOW *-2.8 3.0 June 30, 2026
fv-wordpress-flowplayer fv-wordpress-flowplayer
93
 FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery LOW *-7.5.30.7210 7.5.31.7212 June 30, 2026
flexible-elementor-panel flexible-elementor-panel
93
 Flexible Elementor Panel <= 2.3.8 - Cross Site Request Forgery LOW *-2.3.8 2.3.9 June 30, 2026
easy-pie-coming-soon easy-pie-coming-soon
93
 EZP Coming Soon Page <= 1.0.7.3 - Authenticated (Admin+) Stored Cross Site Scripting LOW *-1.0.73 1.0.74 June 30, 2026
custom-add-user custom-add-user
91
 Custom Add User <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 June 30, 2026
commenter-emails commenter-emails
91
 Commenter Emails <= 2.6.1 - Unauthenticated CSV Injection LOW *-2.6.1 June 30, 2026
cc-custom-taxonmy cc-custom-taxonmy
91
 CC Custom Taxonomy <= 1.0.1 - Authenticated (Administrator+) Cross Site Scripting LOW *-1.0.1 June 30, 2026
booking-system booking-system
91
 Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.9.9.2.9) 2.9.9.2.9 June 30, 2026
bft-autoresponder bft-autoresponder
91
 Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.1 2.7.1.1 June 30, 2026
avalex avalex
93
 avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 3.0.4) 3.0.4 June 30, 2026
album-and-image-gallery-plus-lightbox album-and-image-gallery-plus-lightbox
97
 Album and Image Gallery plus Lightbox <= 1.6.2 - Missing Authorization LOW *-1.6.2. 1.6.3 June 30, 2026
1003-mortgage-application 1003-mortgage-application
93
 1003 Mortgage Application <= 1.75 - Unauthenticated CSV Injection LOW *-1.75 1.80 June 30, 2026
1003-mortgage-application 1003-mortgage-application
93
 1003 Mortgage Application <= 1.75 - Authenticated (Subscriber+) Arbitrary File Download LOW *-1.75 1.80 June 30, 2026
0mk-shortener 0mk-shortener
95
 0mk Shortener <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.2 June 30, 2026
wufoo-shortcode wufoo-shortcode N/A Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes LOW *-1.51 1.52 June 30, 2026
wp-opening-hours wp-opening-hours N/A Opening Hours <= 2.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.0 June 30, 2026
opening-hours opening-hours N/A We’re Open! <= 1.44 - Missing Authorization LOW *-1.44 1.45 June 30, 2026
ocean-extra ocean-extra N/A Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.1 2.1.2 June 30, 2026
kraken-image-optimizer kraken-image-optimizer
93
 Kraken.io Image Optimizer <= 2.6.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update LOW *-2.6.9 2.7.0 June 30, 2026
formidable formidable
93
 Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery LOW *-5.5.6 5.5.7 June 30, 2026
donations-block donations-block
93
 Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.0 2.1.0 June 30, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
 WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection LOW *-13.2.10 13.2.11 June 30, 2026
namaste-lms namaste-lms N/A Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.5.9.3 2.5.9.4 June 30, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
66
 GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection LOW *-2.2.23 2.2.24 June 30, 2026
correos-oficial correos-oficial
91
 Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download LOW *-1.3.0.0 June 30, 2026
bft-autoresponder bft-autoresponder
91
 Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.1.7.1 2.1.7.2 June 30, 2026
Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent
93
 Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting LOW *-2.10.1 2.10.2 June 30, 2026
Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent
93
 Beautiful Cookie Consent Banner <= 2.10.0 - Missing Authorization to Settings Update LOW *-2.10.0 2.10.1 June 30, 2026
wp-private-message wp-private-message N/A WP Private Message < 1.0.6 - Insecure Direct Object Reference LOW [*, 1.0.6) 1.0.6 June 30, 2026
wp-email-capture wp-email-capture N/A WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.9.3 3.10 June 30, 2026
wp-dark-mode wp-dark-mode N/A WP Dark Mode <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.0.6 4.0.0 June 30, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings seo-by-rank-math
85
 RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion LOW *-1.0.107.2 1.0.107.3 June 30, 2026
Robo Gallery – Photo & Image Slider robo-gallery N/A Robo Gallery Plugin <= 3.2.11 - Cross-Site Request Forgery LOW *-3.2.11 3.2.12 June 30, 2026
private-content private-content N/A PrivateContent <= 8.4.3 - Protection Mechanism Bypass LOW *-8.4.3 8.4.4 June 30, 2026
interactive-geo-maps interactive-geo-maps
93
 Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.8 1.5.9 June 30, 2026
gs-woocommerce-products-slider gs-woocommerce-products-slider
93
 GS Products Slider for WooCommerce <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.8 1.5.9 June 30, 2026
gs-portfolio gs-portfolio
93
 GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.6.0 1.6.1 June 30, 2026
gs-envato-portfolio gs-envato-portfolio
91
 GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.8 1.4.0 June 30, 2026
gs-books-showcase gs-books-showcase
93
 GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.0 1.3.1 June 30, 2026
embedstories embedstories
93
 EmbedStories <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.7.4 0.7.5 June 30, 2026
embedalbum-pro embedalbum-pro
93
 EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.27 1.1.28 June 30, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
 Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.1.0.4 3.1.0.5 June 30, 2026
backupbuddy backupbuddy
93
 BackupBuddy <= 8.8.2 - Reflected Cross-Site Scripting LOW *-8.8.2 8.8.3 June 30, 2026
ai-contact-us ai-contact-us
95
 AI Contact Us Form <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0 June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin woolentor-addons N/A WooLentor <= 2.5.3 - PHP Object Injection LOW *-2.5.3 2.5.4 June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin woolentor-addons N/A WooLentor <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.5.3 2.5.4 June 30, 2026
wpcomplete wpcomplete N/A WPComplete <= 2.9.4 - Reflected Cross-Site Scripting LOW [*, 2.9.5) 2.9.5 June 30, 2026
wp-table-manager wp-table-manager N/A WP Table Manager <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW [*, 3.5.3) 3.5.3 June 30, 2026
wp-table-manager wp-table-manager N/A WP Table Manager <= 3.5.2 - Missing Authorization LOW *-3.5.2 3.5.3 June 30, 2026
woocommerce-pdf-invoices-packing-slips woocommerce-pdf-invoices-packing-slips N/A WooCommerce PDF Invoices & Packing Slips <= 3.2.5 - Cross Site Request Forgery LOW *-3.2.5 3.2.6 June 30, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
 VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.5.12) 1.5.12 June 30, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting LOW *-2.8.10 2.8.11 June 30, 2026
unlimited-elements-for-elementor unlimited-elements-for-elementor N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS) LOW *-1.5.48 1.5.49 June 30, 2026
uncanny-learndash-toolkit uncanny-learndash-toolkit N/A Uncanny Toolkit for LearnDash <= 3.6.4.1 - Cross-Site Request Forgery to Arbitrary Plugin Install and Activation LOW *-3.6.4.1 3.6.4.2 June 30, 2026
tinymce-custom-styles tinymce-custom-styles N/A TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.2 1.1.3 June 30, 2026
survey-maker survey-maker N/A Survey Maker <= 3.2.0 - Missing Authorization LOW *-3.2.0 3.2.1 June 30, 2026
Site Reviews site-reviews N/A Site Reviews <= 6.2.0 - Unauthenticated CSV Injection LOW *-6.2.0 6.4.0 June 30, 2026
simple-photo-gallery simple-photo-gallery N/A Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection LOW *-1.8.1 June 30, 2026
simple-image-popup simple-image-popup N/A Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.6 2.0.0 June 30, 2026
quick-restaurant-menu quick-restaurant-menu N/A Quick Restaurant Menu <= 2.0.2 - Missing Authorization LOW *-2.0.2 2.1.0 June 30, 2026
quick-restaurant-menu quick-restaurant-menu N/A Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery LOW *-2.0.2 2.1.0 June 30, 2026
quick-restaurant-menu quick-restaurant-menu N/A Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting LOW *-2.0.2 2.1.0 June 30, 2026
quick-restaurant-menu quick-restaurant-menu N/A Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference LOW *-2.0.2 2.1.0 June 30, 2026
organization-chart organization-chart N/A Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.4.5) 1.4.5 June 30, 2026
organization-chart organization-chart N/A Organization chart <= 1.4.4 - Cross-Site Request Forgery LOW *-1.4.4 1.4.5 June 30, 2026
ns-facebook-pixel-for-wp ns-facebook-pixel-for-wp N/A Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.1 June 30, 2026
newsletter-optin-box newsletter-optin-box N/A Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection LOW *-1.10.3 1.11.0 June 30, 2026
namaste-lms namaste-lms N/A Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.5.9.2) 2.5.9.2 June 30, 2026
material-design-icons-for-elementor material-design-icons-for-elementor
93
 Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.4.2 1.4.3 June 30, 2026
limit-login-attempts-plus limit-login-attempts-plus
91
 Limit Login Attempts Plus <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.9 1.1.0 June 30, 2026
limit-login-attempts-plus limit-login-attempts-plus
91
 Limit Login Attempts Plus <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.9 1.1.0 June 30, 2026
js-support-ticket js-support-ticket
93
 JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload LOW *-2.7.1 2.7.2 June 30, 2026
js-support-ticket js-support-ticket
93
 JS Help Desk <= 2.7.1 - Missing Authorization LOW *-2.7.1 2.7.2 June 30, 2026
js-support-ticket js-support-ticket
93
 JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update LOW 2.7.1 2.7.2 June 30, 2026
js-support-ticket js-support-ticket
93
 JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection LOW *-2.7.1 2.7.2 June 30, 2026
js-support-ticket js-support-ticket
93
 JS Help Desk <= 2.7.1 - Cross-Site Request Forgery LOW *-2.7.1 2.7.2 June 30, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
 Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-4.9.9 5.0.0 June 30, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
 Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.9.9 5.0 June 30, 2026
glossary-by-codeat glossary-by-codeat
93
 Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.27 2.1.28 June 30, 2026
ecwid-shopping-cart ecwid-shopping-cart
93
 Ecwid Ecommerce Shopping Cart <= 6.11.3 - Cross Site Request Forgery LOW *-6.11.3 6.11.4 June 30, 2026
dh-anti-adblocker dh-anti-adblocker
93
 DH – Anti AdBlocker <= 36 - Cross-Site Request Forgery LOW *-36 37 June 30, 2026
contentstudio contentstudio
93
 ContentStudio <= 1.2.5 - Information Exposure LOW *-1.2.5 1.2.6 June 30, 2026
contentstudio contentstudio
93
 ContentStudio <= 1.2.5 - Authorization Bypass LOW *-1.2.5 1.2.6 June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services chatbot
66
 ChatBot <= 4.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Settings Reset LOW *-4.2.8 4.2.9 June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services chatbot
66
 ChatBot <= 4.3.0 - Authenticated (Admin+) Cross-Site Scripting LOW *-4.3.0 4.3.1 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
LOW

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Score: 79/100 Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.18.28 Patched: 4.18.29 Updated: June 30, 2026
LOW

posts-and-users-stats

posts-and-users-stats

Score: N/A Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026
LOW

php-execution-plugin

php-execution-plugin

Score: N/A PHP Execution <= 1.0.0 - Cross Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026
LOW

opening-hours

opening-hours

Score: N/A We’re Open! <= 1.45 - Cross-Site Request Forgery Affected: *-1.45 Patched: 1.46 Updated: June 30, 2026
LOW

multi-rating

multi-rating

Score: N/A Multi Rating <= 5.0.5 - Cross Site Request Forgery Affected: *-5.0.5 Patched: 5.0.6 Updated: June 30, 2026
LOW

multi-column-tag-map

multi-column-tag-map

Score: N/A Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-17.0.24 Patched: 17.0.25 Updated: June 30, 2026
LOW

metform

metform

Score: 93/100 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.1.2 Patched: 3.2.0 Updated: June 30, 2026
LOW

marketing-performance

marketing-performance

Score: 91/100 Marketing Performance <= 2.0.0 - Unauthenticated Stored Cross Site Scripting Affected: *-2.0.0 Patched: Updated: June 30, 2026
LOW

job-postings

job-postings

Score: 91/100 Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting Affected: *-2.5.10.2 Patched: 2.5.11 Updated: June 30, 2026
LOW

ip-vault-wp-firewall

ip-vault-wp-firewall

Score: 91/100 IP Vault – WP Firewall <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: June 30, 2026
LOW

image-hover-effects-with-carousel

image-hover-effects-with-carousel

Score: 91/100 Image Hover Effects Plugin - Caption Hover with Carousel <= 2.8 - Unauthenticated Stored Cross Site Scripting Affected: *-2.8 Patched: 3.0 Updated: June 30, 2026
LOW

fv-wordpress-flowplayer

fv-wordpress-flowplayer

Score: 93/100 FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery Affected: *-7.5.30.7210 Patched: 7.5.31.7212 Updated: June 30, 2026
LOW

flexible-elementor-panel

flexible-elementor-panel

Score: 93/100 Flexible Elementor Panel <= 2.3.8 - Cross Site Request Forgery Affected: *-2.3.8 Patched: 2.3.9 Updated: June 30, 2026
LOW

easy-pie-coming-soon

easy-pie-coming-soon

Score: 93/100 EZP Coming Soon Page <= 1.0.7.3 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-1.0.73 Patched: 1.0.74 Updated: June 30, 2026
LOW

custom-add-user

custom-add-user

Score: 91/100 Custom Add User <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026
LOW

commenter-emails

commenter-emails

Score: 91/100 Commenter Emails <= 2.6.1 - Unauthenticated CSV Injection Affected: *-2.6.1 Patched: Updated: June 30, 2026
LOW

cc-custom-taxonmy

cc-custom-taxonmy

Score: 91/100 CC Custom Taxonomy <= 1.0.1 - Authenticated (Administrator+) Cross Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026
LOW

booking-system

booking-system

Score: 91/100 Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.9.9.2.9) Patched: 2.9.9.2.9 Updated: June 30, 2026
LOW

bft-autoresponder

bft-autoresponder

Score: 91/100 Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.1 Patched: 2.7.1.1 Updated: June 30, 2026
LOW

avalex

avalex

Score: 93/100 avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 3.0.4) Patched: 3.0.4 Updated: June 30, 2026
LOW

album-and-image-gallery-plus-lightbox

album-and-image-gallery-plus-lightbox

Score: 97/100 Album and Image Gallery plus Lightbox <= 1.6.2 - Missing Authorization Affected: *-1.6.2. Patched: 1.6.3 Updated: June 30, 2026
LOW

1003-mortgage-application

1003-mortgage-application

Score: 93/100 1003 Mortgage Application <= 1.75 - Unauthenticated CSV Injection Affected: *-1.75 Patched: 1.80 Updated: June 30, 2026
LOW

1003-mortgage-application

1003-mortgage-application

Score: 93/100 1003 Mortgage Application <= 1.75 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-1.75 Patched: 1.80 Updated: June 30, 2026
LOW

0mk-shortener

0mk-shortener

Score: 95/100 0mk Shortener <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: June 30, 2026
LOW

wufoo-shortcode

wufoo-shortcode

Score: N/A Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes Affected: *-1.51 Patched: 1.52 Updated: June 30, 2026
LOW

wp-opening-hours

wp-opening-hours

Score: N/A Opening Hours <= 2.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: Updated: June 30, 2026
LOW

opening-hours

opening-hours

Score: N/A We’re Open! <= 1.44 - Missing Authorization Affected: *-1.44 Patched: 1.45 Updated: June 30, 2026
LOW

ocean-extra

ocean-extra

Score: N/A Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026
LOW

kraken-image-optimizer

kraken-image-optimizer

Score: 93/100 Kraken.io Image Optimizer <= 2.6.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update Affected: *-2.6.9 Patched: 2.7.0 Updated: June 30, 2026
LOW

formidable

formidable

Score: 93/100 Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery Affected: *-5.5.6 Patched: 5.5.7 Updated: June 30, 2026
LOW

donations-block

donations-block

Score: 93/100 Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.0 Patched: 2.1.0 Updated: June 30, 2026
LOW

namaste-lms

namaste-lms

Score: N/A Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.9.3 Patched: 2.5.9.4 Updated: June 30, 2026
LOW

correos-oficial

correos-oficial

Score: 91/100 Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download Affected: *-1.3.0.0 Patched: Updated: June 30, 2026
LOW

bft-autoresponder

bft-autoresponder

Score: 91/100 Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.7.1 Patched: 2.1.7.2 Updated: June 30, 2026
LOW

Beautiful Cookie Consent Banner

beautiful-and-responsive-cookie-consent

Score: 93/100 Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.10.1 Patched: 2.10.2 Updated: June 30, 2026
LOW

Beautiful Cookie Consent Banner

beautiful-and-responsive-cookie-consent

Score: 93/100 Beautiful Cookie Consent Banner <= 2.10.0 - Missing Authorization to Settings Update Affected: *-2.10.0 Patched: 2.10.1 Updated: June 30, 2026
LOW

wp-private-message

wp-private-message

Score: N/A WP Private Message < 1.0.6 - Insecure Direct Object Reference Affected: [*, 1.0.6) Patched: 1.0.6 Updated: June 30, 2026
LOW

wp-email-capture

wp-email-capture

Score: N/A WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.9.3 Patched: 3.10 Updated: June 30, 2026
LOW

wp-dark-mode

wp-dark-mode

Score: N/A WP Dark Mode <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.6 Patched: 4.0.0 Updated: June 30, 2026
LOW

private-content

private-content

Score: N/A PrivateContent <= 8.4.3 - Protection Mechanism Bypass Affected: *-8.4.3 Patched: 8.4.4 Updated: June 30, 2026
LOW

interactive-geo-maps

interactive-geo-maps

Score: 93/100 Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026
LOW

gs-woocommerce-products-slider

gs-woocommerce-products-slider

Score: 93/100 GS Products Slider for WooCommerce <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026
LOW

gs-portfolio

gs-portfolio

Score: 93/100 GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.6.0 Patched: 1.6.1 Updated: June 30, 2026
LOW

gs-envato-portfolio

gs-envato-portfolio

Score: 91/100 GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.8 Patched: 1.4.0 Updated: June 30, 2026
LOW

gs-books-showcase

gs-books-showcase

Score: 93/100 GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026
LOW

embedstories

embedstories

Score: 93/100 EmbedStories <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.7.4 Patched: 0.7.5 Updated: June 30, 2026
LOW

embedalbum-pro

embedalbum-pro

Score: 93/100 EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.27 Patched: 1.1.28 Updated: June 30, 2026
LOW

backupbuddy

backupbuddy

Score: 93/100 BackupBuddy <= 8.8.2 - Reflected Cross-Site Scripting Affected: *-8.8.2 Patched: 8.8.3 Updated: June 30, 2026
LOW

ai-contact-us

ai-contact-us

Score: 95/100 AI Contact Us Form <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026
LOW

wpcomplete

wpcomplete

Score: N/A WPComplete <= 2.9.4 - Reflected Cross-Site Scripting Affected: [*, 2.9.5) Patched: 2.9.5 Updated: June 30, 2026
LOW

wp-table-manager

wp-table-manager

Score: N/A WP Table Manager <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.5.3) Patched: 3.5.3 Updated: June 30, 2026
LOW

wp-table-manager

wp-table-manager

Score: N/A WP Table Manager <= 3.5.2 - Missing Authorization Affected: *-3.5.2 Patched: 3.5.3 Updated: June 30, 2026
LOW

woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips

Score: N/A WooCommerce PDF Invoices & Packing Slips <= 3.2.5 - Cross Site Request Forgery Affected: *-3.2.5 Patched: 3.2.6 Updated: June 30, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.5.12) Patched: 1.5.12 Updated: June 30, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.8.10 Patched: 2.8.11 Updated: June 30, 2026
LOW

unlimited-elements-for-elementor

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS) Affected: *-1.5.48 Patched: 1.5.49 Updated: June 30, 2026
LOW

uncanny-learndash-toolkit

uncanny-learndash-toolkit

Score: N/A Uncanny Toolkit for LearnDash <= 3.6.4.1 - Cross-Site Request Forgery to Arbitrary Plugin Install and Activation Affected: *-3.6.4.1 Patched: 3.6.4.2 Updated: June 30, 2026
LOW

tinymce-custom-styles

tinymce-custom-styles

Score: N/A TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: June 30, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker <= 3.2.0 - Missing Authorization Affected: *-3.2.0 Patched: 3.2.1 Updated: June 30, 2026
LOW

Site Reviews

site-reviews

Score: N/A Site Reviews <= 6.2.0 - Unauthenticated CSV Injection Affected: *-6.2.0 Patched: 6.4.0 Updated: June 30, 2026
LOW

simple-photo-gallery

simple-photo-gallery

Score: N/A Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection Affected: *-1.8.1 Patched: Updated: June 30, 2026
LOW

simple-image-popup

simple-image-popup

Score: N/A Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 2.0.0 Updated: June 30, 2026
LOW

quick-restaurant-menu

quick-restaurant-menu

Score: N/A Quick Restaurant Menu <= 2.0.2 - Missing Authorization Affected: *-2.0.2 Patched: 2.1.0 Updated: June 30, 2026
LOW

quick-restaurant-menu

quick-restaurant-menu

Score: N/A Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: 2.1.0 Updated: June 30, 2026
LOW

quick-restaurant-menu

quick-restaurant-menu

Score: N/A Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-2.0.2 Patched: 2.1.0 Updated: June 30, 2026
LOW

quick-restaurant-menu

quick-restaurant-menu

Score: N/A Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference Affected: *-2.0.2 Patched: 2.1.0 Updated: June 30, 2026
LOW

organization-chart

organization-chart

Score: N/A Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.4.5) Patched: 1.4.5 Updated: June 30, 2026
LOW

organization-chart

organization-chart

Score: N/A Organization chart <= 1.4.4 - Cross-Site Request Forgery Affected: *-1.4.4 Patched: 1.4.5 Updated: June 30, 2026
LOW

ns-facebook-pixel-for-wp

ns-facebook-pixel-for-wp

Score: N/A Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: June 30, 2026
LOW

newsletter-optin-box

newsletter-optin-box

Score: N/A Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection Affected: *-1.10.3 Patched: 1.11.0 Updated: June 30, 2026
LOW

namaste-lms

namaste-lms

Score: N/A Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.5.9.2) Patched: 2.5.9.2 Updated: June 30, 2026
LOW

material-design-icons-for-elementor

material-design-icons-for-elementor

Score: 93/100 Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026
LOW

limit-login-attempts-plus

limit-login-attempts-plus

Score: 91/100 Limit Login Attempts Plus <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026
LOW

limit-login-attempts-plus

limit-login-attempts-plus

Score: 91/100 Limit Login Attempts Plus <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.7.1 - Missing Authorization Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update Affected: 2.7.1 Patched: 2.7.2 Updated: June 30, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.7.1 - Cross-Site Request Forgery Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.9.9 Patched: 5.0.0 Updated: June 30, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.9.9 Patched: 5.0 Updated: June 30, 2026
LOW

glossary-by-codeat

glossary-by-codeat

Score: 93/100 Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.27 Patched: 2.1.28 Updated: June 30, 2026
LOW

ecwid-shopping-cart

ecwid-shopping-cart

Score: 93/100 Ecwid Ecommerce Shopping Cart <= 6.11.3 - Cross Site Request Forgery Affected: *-6.11.3 Patched: 6.11.4 Updated: June 30, 2026
LOW

dh-anti-adblocker

dh-anti-adblocker

Score: 93/100 DH – Anti AdBlocker <= 36 - Cross-Site Request Forgery Affected: *-36 Patched: 37 Updated: June 30, 2026
LOW

contentstudio

contentstudio

Score: 93/100 ContentStudio <= 1.2.5 - Information Exposure Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026
LOW

contentstudio

contentstudio

Score: 93/100 ContentStudio <= 1.2.5 - Authorization Bypass Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

Showing 26601 to 26700 of 36313 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 19:51 UTC.