Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36316

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.2.3	3.2.4	June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability	LOW	*-3.2.3	3.2.4	June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery	LOW	*-3.2.3	3.2.4	June 30, 2026
bne-testimonials	bne-testimonials	93	BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 2.0.8)	2.0.8	June 30, 2026
Blocksy Companion	blocksy-companion	N/A	Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 1.8.68)	1.8.68	June 30, 2026
bbp-voting	bbp-voting	93	bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 2.1.11.1)	2.1.11.1	June 30, 2026
advanced-form-integration	advanced-form-integration	97	Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting	LOW	*-1.62.0	1.63.0	June 30, 2026
wp-client-logo-carousel	wp-client-logo-carousel	N/A	Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.0.0	3.0.1	June 30, 2026
woo-gerencianet-official	woo-gerencianet-official	N/A	Gerencianet Oficial <= 1.4.8 - Cross-Site Request Forgery	LOW	*-1.4.8	2.0.0	June 30, 2026
woo-gerencianet-official	woo-gerencianet-official	N/A	Gerencianet Oficial <= 1.4.8 - Missing Authorization	LOW	*-1.4.8	2.0.0	June 30, 2026
wens-responsive-column-layout-shortcodes	wens-responsive-column-layout-shortcodes	N/A	eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3		June 30, 2026
olevmedia-shortcodes	olevmedia-shortcodes	N/A	Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.9		June 30, 2026
oauth2-provider	oauth2-provider	N/A	WP OAuth Server (OAuth Authentication) <= 4.2.5 -Cross-Site Request Forgery	LOW	*-4.2.5	4.3.0	June 30, 2026
hueman-addons	hueman-addons	91	Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting	LOW	*-2.3.3		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
bootstrap-shortcodes	bootstrap-shortcodes	72	BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0		June 30, 2026
wp-responsive-testimonials-slider-and-widget	wp-responsive-testimonials-slider-and-widget	N/A	WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.5		June 30, 2026
wp-opening-hours	wp-opening-hours	N/A	Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.3.0		June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation	LOW	*-2.3.1	2.3.2	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks	LOW	*-2.3.1	2.3.2	June 30, 2026
tenweb-speed-optimizer	tenweb-speed-optimizer	N/A	10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection	LOW	*-2.12.22	2.12.23	June 30, 2026
loan-comparison	loan-comparison	93	Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting	LOW	*-1.5.1	1.5.3	June 30, 2026
loan-comparison	loan-comparison	93	Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode	LOW	*-1.5.2	1.5.3	June 30, 2026
juicer	juicer	93	Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.10.1	1.11	June 30, 2026
jobboardwp	jobboardwp	93	JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation	LOW	*-1.2.2	1.2.3	June 30, 2026
intuitive-custom-post-order	intuitive-custom-post-order	93	Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change	LOW	*-3.1.3	3.1.4	June 30, 2026
intuitive-custom-post-order	intuitive-custom-post-order	93	Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection	LOW	*-3.1.4	3.1.5	June 30, 2026
getresponse-integration	getresponse-integration	91	GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.5.31	5.5.32	June 30, 2026
easy-facebook-like-box	easy-facebook-like-box	93	Easy Social Box / Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.1.2	4.1.3	June 30, 2026
baw-post-views-count	baw-post-views-count	91	Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.0.2		June 30, 2026
baw-login-logout-menu	baw-login-logout-menu	91	Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.3.3		June 30, 2026
auto-hide-admin-bar	auto-hide-admin-bar	93	Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.6.1	1.6.2	June 30, 2026
youzify	youzify	N/A	Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.2.1	1.2.2	June 30, 2026
wp-structuring-markup	wp-structuring-markup	N/A	Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.8.1		June 30, 2026
wp-helper-lite	wp-helper-lite	N/A	WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting	LOW	*-4.2.0	4.3.0	June 30, 2026
wp-font-awesome	wp-font-awesome	N/A	WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.7.8	1.7.9	June 30, 2026
watu	watu	N/A	Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting	LOW	*-3.3.8.1	3.3.8.2	June 30, 2026
watu	watu	N/A	Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.3.8.2	3.3.8.3	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.14.11	1.15.0	June 30, 2026
ultimate-addons-for-beaver-builder-lite	ultimate-addons-for-beaver-builder-lite	N/A	Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change	LOW	*-1.5.5	1.5.6	June 30, 2026
timed-content	timed-content	N/A	Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.72	2.73	June 30, 2026
shortcode-for-font-awesome	shortcode-for-font-awesome	N/A	Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.4	1.4.1	June 30, 2026
live-composer-page-builder	live-composer-page-builder	91	Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.5.22	1.5.23	June 30, 2026
intuitive-custom-post-order	intuitive-custom-post-order	93	Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change	LOW	*-3.1.3	3.1.4	June 30, 2026
intuitive-custom-post-order	intuitive-custom-post-order	93	Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery	LOW	*-3.1.3	3.1.4	June 30, 2026
easy-affiliate-links	easy-affiliate-links	93	Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings	LOW	*-3.7.0	3.7.1	June 30, 2026
customer-reviews-woocommerce	customer-reviews-woocommerce	93	Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.16.0	5.17.0	June 30, 2026
zoho-forms	zoho-forms	N/A	Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	3.0.0	3.0.1	June 30, 2026
youtube-video-player	youtube-video-player	N/A	YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.6.3	2.6.4	June 30, 2026
wp-yelp-review-slider	wp-yelp-review-slider	N/A	WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection	LOW	*-7.0	7.1	June 30, 2026
wp-tripadvisor-review-slider	wp-tripadvisor-review-slider	N/A	WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection	LOW	*-10.7	10.8	June 30, 2026
wp-terms-popup	wp-terms-popup	N/A	WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.6.0	2.6.1	June 30, 2026
wp-popups-lite	wp-popups-lite	N/A	WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.4.8	2.1.4.9	June 30, 2026
wp-parsidate	wp-parsidate	N/A	Parsi Date <= 4.0.1 - Reflected Cross-Site Scripting	LOW	*-4.0.1	4.0.2	June 30, 2026
WP Google Review Slider	wp-google-places-review-slider	70	WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection	LOW	*-11.7	11.8	June 30, 2026
wp-facebook-reviews	wp-facebook-reviews	N/A	WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection	LOW	*-12.1	12.2	June 30, 2026
wp-airbnb-review-slider	wp-airbnb-review-slider	N/A	WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.2	3.3	June 30, 2026
woocommerce-products-slider	woocommerce-products-slider	N/A	PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.13.41	1.13.42	June 30, 2026
Mercado Pago payments for WooCommerce	woocommerce-mercadopago	94	Mercado Pago payments for WooCommerce <= 6.6.0 - Cross-Site Request Forgery	LOW	*-6.6.0	6.7.0	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm/Blocks Import	LOW	*-2.3.1	2.3.2	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update	LOW	*-2.3.1	2.3.2	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - HTML Injection in Emails	LOW	*-2.3.1	2.3.2	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing	LOW	*-2.3.1	2.3.2	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass	LOW	*-2.3.1	2.3.2	June 30, 2026
ultimate-addons-for-beaver-builder-lite	ultimate-addons-for-beaver-builder-lite	N/A	Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery	LOW	*-1.5.4	1.5.5	June 30, 2026
ultimate-addons-for-beaver-builder-lite	ultimate-addons-for-beaver-builder-lite	N/A	Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization	LOW	*-1.5.4	1.5.5	June 30, 2026
twenty20	twenty20	N/A	Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.5.9	1.6.0	June 30, 2026
spotlight-social-photo-feeds	spotlight-social-photo-feeds	N/A	Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.2	1.4.3	June 30, 2026
paid-memberships-pro	paid-memberships-pro	N/A	Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.9.8	2.9.9	June 30, 2026
name-directory	name-directory	N/A	Name Directory <= 1.27.1 - Cross Site Request Forgery	LOW	*-1.27.1	1.27.2	June 30, 2026
modal-dialog	modal-dialog	93	Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.5.9	3.5.10	June 30, 2026
material-design-icons-for-elementor	material-design-icons-for-elementor	93	Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery	LOW	*-1.4.2	1.4.3	June 30, 2026
like-box	like-box	93	Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.8.40	0.8.41	June 30, 2026
lightweight-accordion	lightweight-accordion	93	Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.5.14	1.5.15	June 30, 2026
lightbox-popup	lightbox-popup	93	Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.1.5	2.1.6	June 30, 2026
extensive-vc-addon	extensive-vc-addon	89	Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion	LOW	*-1.9	1.9.1	June 30, 2026
customer-reviews-woocommerce	customer-reviews-woocommerce	93	Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-5.15.0	5.16.0	June 30, 2026
checkout-plugins-stripe-woo	checkout-plugins-stripe-woo	93	Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery	LOW	*-1.4.10	1.4.11	June 30, 2026
booking-system	booking-system	91	Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.9.9.2.8	2.9.9.2.9	June 30, 2026
autoshare-for-twitter	autoshare-for-twitter	93	decode-uri-component <= 0.2.1 - Denial of Service	LOW	*-1.2.1	1.3.0	June 30, 2026
my-tickets	my-tickets	93	My Tickets <= 1.9.11 - Authorization Bypass	LOW	*-1.9.11	1.9.12	June 30, 2026
my-calendar	my-calendar	93	My Calendar <= 3.4.3 - Cross-Site Request Forgery	LOW	*-3.4.3	3.4.4	June 30, 2026
wpfrom-email	wpfrom-email	N/A	WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.8.8	1.8.9	June 30, 2026
wpdevart-vertical-menu	wpdevart-vertical-menu	N/A	Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.8	1.5.9	June 30, 2026
wpdevart-vertical-menu	wpdevart-vertical-menu	N/A	Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery	LOW	*-1.5.8	1.5.9	June 30, 2026
wpappninja	wpappninja	N/A	WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-11.13	11.14	June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.5.3	4.5.4	June 30, 2026
wp-time-slots-booking-form	wp-time-slots-booking-form	N/A	WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks	LOW	*-1.1.82	1.1.83	June 30, 2026
wp-time-slots-booking-form	wp-time-slots-booking-form	N/A	WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-1.1.81	1.1.82	June 30, 2026
wp-smart-preloader	wp-smart-preloader	N/A	WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.15	1.15.1	June 30, 2026
wp-media-library-categories	wp-media-library-categories	N/A	Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.9.9	2.0.0	June 30, 2026
WP Go Maps (formerly WP Google Maps)	wp-google-maps	66	WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal	LOW	*-9.0.15	9.0.16	June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026

LOW

bne-testimonials

Score: 93/100 BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 2.0.8) Patched: 2.0.8 Updated: June 30, 2026

LOW

Blocksy Companion

blocksy-companion

Score: N/A Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 1.8.68) Patched: 1.8.68 Updated: June 30, 2026

LOW

bbp-voting

Score: 93/100 bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.1.11.1) Patched: 2.1.11.1 Updated: June 30, 2026

LOW

Score: 97/100 Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting Affected: *-1.62.0 Patched: 1.63.0 Updated: June 30, 2026

LOW

wp-client-logo-carousel

Score: N/A Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.0 Patched: 3.0.1 Updated: June 30, 2026

LOW

woo-gerencianet-official

Score: N/A Gerencianet Oficial <= 1.4.8 - Cross-Site Request Forgery Affected: *-1.4.8 Patched: 2.0.0 Updated: June 30, 2026

LOW

woo-gerencianet-official

Score: N/A Gerencianet Oficial <= 1.4.8 - Missing Authorization Affected: *-1.4.8 Patched: 2.0.0 Updated: June 30, 2026

LOW

wens-responsive-column-layout-shortcodes

Score: N/A eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

olevmedia-shortcodes

Score: N/A Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

oauth2-provider

Score: N/A WP OAuth Server (OAuth Authentication) <= 4.2.5 -Cross-Site Request Forgery Affected: *-4.2.5 Patched: 4.3.0 Updated: June 30, 2026

LOW

hueman-addons

Score: 91/100 Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-2.3.3 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026

LOW

wp-responsive-testimonials-slider-and-widget

Score: N/A WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

wp-opening-hours

Score: N/A Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.0 Patched: Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

tenweb-speed-optimizer

Score: N/A 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection Affected: *-2.12.22 Patched: 2.12.23 Updated: June 30, 2026

LOW

loan-comparison

Score: 93/100 Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.3 Updated: June 30, 2026

LOW

loan-comparison

Score: 93/100 Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

juicer

Score: 93/100 Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.10.1 Patched: 1.11 Updated: June 30, 2026

LOW

jobboardwp

Score: 93/100 JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026

LOW

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026

LOW

getresponse-integration

Score: 91/100 GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.5.31 Patched: 5.5.32 Updated: June 30, 2026

LOW

easy-facebook-like-box

Score: 93/100 Easy Social Box / Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.1.2 Patched: 4.1.3 Updated: June 30, 2026

LOW

baw-post-views-count

Score: 91/100 Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.2 Patched: Updated: June 30, 2026

LOW

baw-login-logout-menu

Score: 91/100 Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.3 Patched: Updated: June 30, 2026

LOW

auto-hide-admin-bar

Score: 93/100 Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

youzify

Score: N/A Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

wp-structuring-markup

Score: N/A Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.8.1 Patched: Updated: June 30, 2026

LOW

wp-helper-lite

Score: N/A WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting Affected: *-4.2.0 Patched: 4.3.0 Updated: June 30, 2026

LOW

wp-font-awesome

Score: N/A WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7.8 Patched: 1.7.9 Updated: June 30, 2026

LOW

watu

Score: N/A Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting Affected: *-3.3.8.1 Patched: 3.3.8.2 Updated: June 30, 2026

LOW

watu

Score: N/A Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3.8.2 Patched: 3.3.8.3 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.14.11 Patched: 1.15.0 Updated: June 30, 2026

LOW

ultimate-addons-for-beaver-builder-lite

Score: N/A Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

timed-content

Score: N/A Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.72 Patched: 2.73 Updated: June 30, 2026

LOW

shortcode-for-font-awesome

Score: N/A Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.4 Patched: 1.4.1 Updated: June 30, 2026

LOW

live-composer-page-builder

Score: 91/100 Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.22 Patched: 1.5.23 Updated: June 30, 2026

LOW

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

easy-affiliate-links

Score: 93/100 Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings Affected: *-3.7.0 Patched: 3.7.1 Updated: June 30, 2026

LOW

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.16.0 Patched: 5.17.0 Updated: June 30, 2026

LOW

zoho-forms

Score: N/A Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: 3.0.0 Patched: 3.0.1 Updated: June 30, 2026

LOW

youtube-video-player

Score: N/A YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.6.3 Patched: 2.6.4 Updated: June 30, 2026

LOW

wp-yelp-review-slider

Score: N/A WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection Affected: *-7.0 Patched: 7.1 Updated: June 30, 2026

LOW

wp-tripadvisor-review-slider

Score: N/A WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection Affected: *-10.7 Patched: 10.8 Updated: June 30, 2026

LOW

wp-terms-popup

Score: N/A WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026

LOW

wp-popups-lite

Score: N/A WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.4.8 Patched: 2.1.4.9 Updated: June 30, 2026

LOW

wp-parsidate

Score: N/A Parsi Date <= 4.0.1 - Reflected Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026

LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection Affected: *-11.7 Patched: 11.8 Updated: June 30, 2026

LOW

wp-facebook-reviews

Score: N/A WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection Affected: *-12.1 Patched: 12.2 Updated: June 30, 2026

LOW

wp-airbnb-review-slider

Score: N/A WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.2 Patched: 3.3 Updated: June 30, 2026

LOW

woocommerce-products-slider

Score: N/A PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.13.41 Patched: 1.13.42 Updated: June 30, 2026

LOW

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

Score: 94/100 Mercado Pago payments for WooCommerce <= 6.6.0 - Cross-Site Request Forgery Affected: *-6.6.0 Patched: 6.7.0 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm/Blocks Import Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - HTML Injection in Emails Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

ultimate-addons-for-beaver-builder-lite

Score: N/A Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026

LOW

ultimate-addons-for-beaver-builder-lite

Score: N/A Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026

LOW

twenty20

Score: N/A Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.9 Patched: 1.6.0 Updated: June 30, 2026

LOW

spotlight-social-photo-feeds

Score: N/A Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

paid-memberships-pro

Score: N/A Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.9.8 Patched: 2.9.9 Updated: June 30, 2026

LOW

name-directory

Score: N/A Name Directory <= 1.27.1 - Cross Site Request Forgery Affected: *-1.27.1 Patched: 1.27.2 Updated: June 30, 2026

LOW

modal-dialog

Score: 93/100 Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.5.9 Patched: 3.5.10 Updated: June 30, 2026

LOW

material-design-icons-for-elementor

Score: 93/100 Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

like-box

Score: 93/100 Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.8.40 Patched: 0.8.41 Updated: June 30, 2026

LOW

lightweight-accordion

Score: 93/100 Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.14 Patched: 1.5.15 Updated: June 30, 2026

LOW

lightbox-popup

Score: 93/100 Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: June 30, 2026

LOW

extensive-vc-addon

Score: 89/100 Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion Affected: *-1.9 Patched: 1.9.1 Updated: June 30, 2026

LOW

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion Affected: *-5.15.0 Patched: 5.16.0 Updated: June 30, 2026

LOW

checkout-plugins-stripe-woo

Score: 93/100 Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery Affected: *-1.4.10 Patched: 1.4.11 Updated: June 30, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection Affected: *-2.9.9.2.8 Patched: 2.9.9.2.9 Updated: June 30, 2026

LOW

autoshare-for-twitter

Score: 93/100 decode-uri-component <= 0.2.1 - Denial of Service Affected: *-1.2.1 Patched: 1.3.0 Updated: June 30, 2026

LOW

my-tickets

Score: 93/100 My Tickets <= 1.9.11 - Authorization Bypass Affected: *-1.9.11 Patched: 1.9.12 Updated: June 30, 2026

LOW

my-calendar

Score: 93/100 My Calendar <= 3.4.3 - Cross-Site Request Forgery Affected: *-3.4.3 Patched: 3.4.4 Updated: June 30, 2026

LOW

wpfrom-email

Score: N/A WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.8 Patched: 1.8.9 Updated: June 30, 2026

LOW

wpdevart-vertical-menu

Score: N/A Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

wpdevart-vertical-menu

Score: N/A Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

wpappninja

Score: N/A WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-11.13 Patched: 11.14 Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026

LOW

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks Affected: *-1.1.82 Patched: 1.1.83 Updated: June 30, 2026

LOW

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-1.1.81 Patched: 1.1.82 Updated: June 30, 2026

LOW

wp-smart-preloader

Score: N/A WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.15 Patched: 1.15.1 Updated: June 30, 2026

LOW

wp-media-library-categories

Score: N/A Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: 2.0.0 Updated: June 30, 2026

LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal Affected: *-9.0.15 Patched: 9.0.16 Updated: June 30, 2026

Showing 26701 to 26800 of 36316 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 21:21 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List