Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36316

Across tracked plugins

Affected Plugins

71

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
booking-calendar booking-calendar
91
Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.2.3 3.2.4 June 30, 2026
booking-calendar booking-calendar
91
Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability LOW *-3.2.3 3.2.4 June 30, 2026
booking-calendar booking-calendar
91
Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery LOW *-3.2.3 3.2.4 June 30, 2026
bne-testimonials bne-testimonials
93
BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW [*, 2.0.8) 2.0.8 June 30, 2026
Blocksy Companion blocksy-companion N/A Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW [*, 1.8.68) 1.8.68 June 30, 2026
bbp-voting bbp-voting
93
bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.1.11.1) 2.1.11.1 June 30, 2026
advanced-form-integration advanced-form-integration
97
Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting LOW *-1.62.0 1.63.0 June 30, 2026
wp-client-logo-carousel wp-client-logo-carousel N/A Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.0.0 3.0.1 June 30, 2026
woo-gerencianet-official woo-gerencianet-official N/A Gerencianet Oficial <= 1.4.8 - Cross-Site Request Forgery LOW *-1.4.8 2.0.0 June 30, 2026
woo-gerencianet-official woo-gerencianet-official N/A Gerencianet Oficial <= 1.4.8 - Missing Authorization LOW *-1.4.8 2.0.0 June 30, 2026
wens-responsive-column-layout-shortcodes wens-responsive-column-layout-shortcodes N/A eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 June 30, 2026
olevmedia-shortcodes olevmedia-shortcodes N/A Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.9 June 30, 2026
oauth2-provider oauth2-provider N/A WP OAuth Server (OAuth Authentication) <= 4.2.5 -Cross-Site Request Forgery LOW *-4.2.5 4.3.0 June 30, 2026
hueman-addons hueman-addons
91
Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting LOW *-2.3.3 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
bootstrap-shortcodes bootstrap-shortcodes
72
BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 June 30, 2026
wp-responsive-testimonials-slider-and-widget wp-responsive-testimonials-slider-and-widget N/A WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5 June 30, 2026
wp-opening-hours wp-opening-hours N/A Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3.0 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation LOW *-2.3.1 2.3.2 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks LOW *-2.3.1 2.3.2 June 30, 2026
tenweb-speed-optimizer tenweb-speed-optimizer N/A 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection LOW *-2.12.22 2.12.23 June 30, 2026
loan-comparison loan-comparison
93
Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 1.5.3 June 30, 2026
loan-comparison loan-comparison
93
Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode LOW *-1.5.2 1.5.3 June 30, 2026
juicer juicer
93
Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.10.1 1.11 June 30, 2026
jobboardwp jobboardwp
93
JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation LOW *-1.2.2 1.2.3 June 30, 2026
intuitive-custom-post-order intuitive-custom-post-order
93
Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change LOW *-3.1.3 3.1.4 June 30, 2026
intuitive-custom-post-order intuitive-custom-post-order
93
Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection LOW *-3.1.4 3.1.5 June 30, 2026
getresponse-integration getresponse-integration
91
GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-5.5.31 5.5.32 June 30, 2026
easy-facebook-like-box easy-facebook-like-box
93
Easy Social Box / Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.1.2 4.1.3 June 30, 2026
baw-post-views-count baw-post-views-count
91
Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.0.2 June 30, 2026
baw-login-logout-menu baw-login-logout-menu
91
Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.3 June 30, 2026
auto-hide-admin-bar auto-hide-admin-bar
93
Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.6.1 1.6.2 June 30, 2026
youzify youzify N/A Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.1 1.2.2 June 30, 2026
wp-structuring-markup wp-structuring-markup N/A Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.8.1 June 30, 2026
wp-helper-lite wp-helper-lite N/A WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting LOW *-4.2.0 4.3.0 June 30, 2026
wp-font-awesome wp-font-awesome N/A WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.7.8 1.7.9 June 30, 2026
watu watu N/A Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting LOW *-3.3.8.1 3.3.8.2 June 30, 2026
watu watu N/A Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.3.8.2 3.3.8.3 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.14.11 1.15.0 June 30, 2026
ultimate-addons-for-beaver-builder-lite ultimate-addons-for-beaver-builder-lite N/A Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change LOW *-1.5.5 1.5.6 June 30, 2026
timed-content timed-content N/A Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.72 2.73 June 30, 2026
shortcode-for-font-awesome shortcode-for-font-awesome N/A Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.4 1.4.1 June 30, 2026
live-composer-page-builder live-composer-page-builder
91
Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.22 1.5.23 June 30, 2026
intuitive-custom-post-order intuitive-custom-post-order
93
Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change LOW *-3.1.3 3.1.4 June 30, 2026
intuitive-custom-post-order intuitive-custom-post-order
93
Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery LOW *-3.1.3 3.1.4 June 30, 2026
easy-affiliate-links easy-affiliate-links
93
Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings LOW *-3.7.0 3.7.1 June 30, 2026
customer-reviews-woocommerce customer-reviews-woocommerce
93
Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.16.0 5.17.0 June 30, 2026
zoho-forms zoho-forms N/A Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW 3.0.0 3.0.1 June 30, 2026
youtube-video-player youtube-video-player N/A YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.6.3 2.6.4 June 30, 2026
wp-yelp-review-slider wp-yelp-review-slider N/A WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection LOW *-7.0 7.1 June 30, 2026
wp-tripadvisor-review-slider wp-tripadvisor-review-slider N/A WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection LOW *-10.7 10.8 June 30, 2026
wp-terms-popup wp-terms-popup N/A WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.6.0 2.6.1 June 30, 2026
wp-popups-lite wp-popups-lite N/A WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.4.8 2.1.4.9 June 30, 2026
wp-parsidate wp-parsidate N/A Parsi Date <= 4.0.1 - Reflected Cross-Site Scripting LOW *-4.0.1 4.0.2 June 30, 2026
WP Google Review Slider wp-google-places-review-slider
70
WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection LOW *-11.7 11.8 June 30, 2026
wp-facebook-reviews wp-facebook-reviews N/A WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection LOW *-12.1 12.2 June 30, 2026
wp-airbnb-review-slider wp-airbnb-review-slider N/A WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection LOW *-3.2 3.3 June 30, 2026
woocommerce-products-slider woocommerce-products-slider N/A PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.13.41 1.13.42 June 30, 2026
Mercado Pago payments for WooCommerce woocommerce-mercadopago
94
Mercado Pago payments for WooCommerce <= 6.6.0 - Cross-Site Request Forgery LOW *-6.6.0 6.7.0 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm/Blocks Import LOW *-2.3.1 2.3.2 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update LOW *-2.3.1 2.3.2 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - HTML Injection in Emails LOW *-2.3.1 2.3.2 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing LOW *-2.3.1 2.3.2 June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass LOW *-2.3.1 2.3.2 June 30, 2026
ultimate-addons-for-beaver-builder-lite ultimate-addons-for-beaver-builder-lite N/A Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery LOW *-1.5.4 1.5.5 June 30, 2026
ultimate-addons-for-beaver-builder-lite ultimate-addons-for-beaver-builder-lite N/A Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization LOW *-1.5.4 1.5.5 June 30, 2026
twenty20 twenty20 N/A Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.9 1.6.0 June 30, 2026
spotlight-social-photo-feeds spotlight-social-photo-feeds N/A Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.2 1.4.3 June 30, 2026
paid-memberships-pro paid-memberships-pro N/A Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.9.8 2.9.9 June 30, 2026
name-directory name-directory N/A Name Directory <= 1.27.1 - Cross Site Request Forgery LOW *-1.27.1 1.27.2 June 30, 2026
modal-dialog modal-dialog
93
Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.5.9 3.5.10 June 30, 2026
material-design-icons-for-elementor material-design-icons-for-elementor
93
Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery LOW *-1.4.2 1.4.3 June 30, 2026
like-box like-box
93
Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.8.40 0.8.41 June 30, 2026
lightweight-accordion lightweight-accordion
93
Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.14 1.5.15 June 30, 2026
lightbox-popup lightbox-popup
93
Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.1.5 2.1.6 June 30, 2026
extensive-vc-addon extensive-vc-addon
89
Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion LOW *-1.9 1.9.1 June 30, 2026
customer-reviews-woocommerce customer-reviews-woocommerce
93
Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion LOW *-5.15.0 5.16.0 June 30, 2026
checkout-plugins-stripe-woo checkout-plugins-stripe-woo
93
Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery LOW *-1.4.10 1.4.11 June 30, 2026
booking-system booking-system
91
Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection LOW *-2.9.9.2.8 2.9.9.2.9 June 30, 2026
autoshare-for-twitter autoshare-for-twitter
93
decode-uri-component <= 0.2.1 - Denial of Service LOW *-1.2.1 1.3.0 June 30, 2026
my-tickets my-tickets
93
My Tickets <= 1.9.11 - Authorization Bypass LOW *-1.9.11 1.9.12 June 30, 2026
my-calendar my-calendar
93
My Calendar <= 3.4.3 - Cross-Site Request Forgery LOW *-3.4.3 3.4.4 June 30, 2026
wpfrom-email wpfrom-email N/A WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.8.8 1.8.9 June 30, 2026
wpdevart-vertical-menu wpdevart-vertical-menu N/A Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.8 1.5.9 June 30, 2026
wpdevart-vertical-menu wpdevart-vertical-menu N/A Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery LOW *-1.5.8 1.5.9 June 30, 2026
wpappninja wpappninja N/A WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes LOW *-11.13 11.14 June 30, 2026
wp-user-avatar wp-user-avatar N/A ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.5.3 4.5.4 June 30, 2026
wp-time-slots-booking-form wp-time-slots-booking-form N/A WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks LOW *-1.1.82 1.1.83 June 30, 2026
wp-time-slots-booking-form wp-time-slots-booking-form N/A WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting LOW *-1.1.81 1.1.82 June 30, 2026
wp-smart-preloader wp-smart-preloader N/A WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.15 1.15.1 June 30, 2026
wp-media-library-categories wp-media-library-categories N/A Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.9.9 2.0.0 June 30, 2026
WP Go Maps (formerly WP Google Maps) wp-google-maps
66
WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal LOW *-9.0.15 9.0.16 June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery Affected: *-3.2.3 Patched: 3.2.4 Updated: June 30, 2026
LOW

bne-testimonials

bne-testimonials

Score: 93/100 BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 2.0.8) Patched: 2.0.8 Updated: June 30, 2026
LOW

Blocksy Companion

blocksy-companion

Score: N/A Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 1.8.68) Patched: 1.8.68 Updated: June 30, 2026
LOW

bbp-voting

bbp-voting

Score: 93/100 bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.1.11.1) Patched: 2.1.11.1 Updated: June 30, 2026
LOW

advanced-form-integration

advanced-form-integration

Score: 97/100 Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting Affected: *-1.62.0 Patched: 1.63.0 Updated: June 30, 2026
LOW

wp-client-logo-carousel

wp-client-logo-carousel

Score: N/A Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.0 Patched: 3.0.1 Updated: June 30, 2026
LOW

woo-gerencianet-official

woo-gerencianet-official

Score: N/A Gerencianet Oficial <= 1.4.8 - Cross-Site Request Forgery Affected: *-1.4.8 Patched: 2.0.0 Updated: June 30, 2026
LOW

woo-gerencianet-official

woo-gerencianet-official

Score: N/A Gerencianet Oficial <= 1.4.8 - Missing Authorization Affected: *-1.4.8 Patched: 2.0.0 Updated: June 30, 2026
LOW

wens-responsive-column-layout-shortcodes

wens-responsive-column-layout-shortcodes

Score: N/A eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026
LOW

olevmedia-shortcodes

olevmedia-shortcodes

Score: N/A Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.9 Patched: Updated: June 30, 2026
LOW

oauth2-provider

oauth2-provider

Score: N/A WP OAuth Server (OAuth Authentication) <= 4.2.5 -Cross-Site Request Forgery Affected: *-4.2.5 Patched: 4.3.0 Updated: June 30, 2026
LOW

hueman-addons

hueman-addons

Score: 91/100 Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-2.3.3 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

bootstrap-shortcodes

bootstrap-shortcodes

Score: 72/100 BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: June 30, 2026
LOW

wp-responsive-testimonials-slider-and-widget

wp-responsive-testimonials-slider-and-widget

Score: N/A WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5 Patched: Updated: June 30, 2026
LOW

wp-opening-hours

wp-opening-hours

Score: N/A Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.0 Patched: Updated: June 30, 2026
LOW

tenweb-speed-optimizer

tenweb-speed-optimizer

Score: N/A 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection Affected: *-2.12.22 Patched: 2.12.23 Updated: June 30, 2026
LOW

loan-comparison

loan-comparison

Score: 93/100 Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.3 Updated: June 30, 2026
LOW

loan-comparison

loan-comparison

Score: 93/100 Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026
LOW

juicer

juicer

Score: 93/100 Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.10.1 Patched: 1.11 Updated: June 30, 2026
LOW

jobboardwp

jobboardwp

Score: 93/100 JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026
LOW

intuitive-custom-post-order

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026
LOW

intuitive-custom-post-order

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026
LOW

getresponse-integration

getresponse-integration

Score: 91/100 GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.5.31 Patched: 5.5.32 Updated: June 30, 2026
LOW

easy-facebook-like-box

easy-facebook-like-box

Score: 93/100 Easy Social Box / Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.1.2 Patched: 4.1.3 Updated: June 30, 2026
LOW

baw-post-views-count

baw-post-views-count

Score: 91/100 Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.2 Patched: Updated: June 30, 2026
LOW

baw-login-logout-menu

baw-login-logout-menu

Score: 91/100 Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.3 Patched: Updated: June 30, 2026
LOW

auto-hide-admin-bar

auto-hide-admin-bar

Score: 93/100 Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026
LOW

youzify

youzify

Score: N/A Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026
LOW

wp-structuring-markup

wp-structuring-markup

Score: N/A Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.8.1 Patched: Updated: June 30, 2026
LOW

wp-helper-lite

wp-helper-lite

Score: N/A WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting Affected: *-4.2.0 Patched: 4.3.0 Updated: June 30, 2026
LOW

wp-font-awesome

wp-font-awesome

Score: N/A WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7.8 Patched: 1.7.9 Updated: June 30, 2026
LOW

watu

watu

Score: N/A Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting Affected: *-3.3.8.1 Patched: 3.3.8.2 Updated: June 30, 2026
LOW

watu

watu

Score: N/A Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3.8.2 Patched: 3.3.8.3 Updated: June 30, 2026
LOW

ultimate-addons-for-beaver-builder-lite

ultimate-addons-for-beaver-builder-lite

Score: N/A Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026
LOW

timed-content

timed-content

Score: N/A Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.72 Patched: 2.73 Updated: June 30, 2026
LOW

shortcode-for-font-awesome

shortcode-for-font-awesome

Score: N/A Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.4 Patched: 1.4.1 Updated: June 30, 2026
LOW

live-composer-page-builder

live-composer-page-builder

Score: 91/100 Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.22 Patched: 1.5.23 Updated: June 30, 2026
LOW

intuitive-custom-post-order

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026
LOW

intuitive-custom-post-order

intuitive-custom-post-order

Score: 93/100 Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026
LOW

easy-affiliate-links

easy-affiliate-links

Score: 93/100 Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings Affected: *-3.7.0 Patched: 3.7.1 Updated: June 30, 2026
LOW

customer-reviews-woocommerce

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.16.0 Patched: 5.17.0 Updated: June 30, 2026
LOW

zoho-forms

zoho-forms

Score: N/A Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: 3.0.0 Patched: 3.0.1 Updated: June 30, 2026
LOW

youtube-video-player

youtube-video-player

Score: N/A YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.6.3 Patched: 2.6.4 Updated: June 30, 2026
LOW

wp-yelp-review-slider

wp-yelp-review-slider

Score: N/A WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection Affected: *-7.0 Patched: 7.1 Updated: June 30, 2026
LOW

wp-tripadvisor-review-slider

wp-tripadvisor-review-slider

Score: N/A WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection Affected: *-10.7 Patched: 10.8 Updated: June 30, 2026
LOW

wp-terms-popup

wp-terms-popup

Score: N/A WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026
LOW

wp-popups-lite

wp-popups-lite

Score: N/A WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.4.8 Patched: 2.1.4.9 Updated: June 30, 2026
LOW

wp-parsidate

wp-parsidate

Score: N/A Parsi Date <= 4.0.1 - Reflected Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026
LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection Affected: *-11.7 Patched: 11.8 Updated: June 30, 2026
LOW

wp-facebook-reviews

wp-facebook-reviews

Score: N/A WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection Affected: *-12.1 Patched: 12.2 Updated: June 30, 2026
LOW

wp-airbnb-review-slider

wp-airbnb-review-slider

Score: N/A WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.2 Patched: 3.3 Updated: June 30, 2026
LOW

woocommerce-products-slider

woocommerce-products-slider

Score: N/A PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.13.41 Patched: 1.13.42 Updated: June 30, 2026
LOW

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

Score: 94/100 Mercado Pago payments for WooCommerce <= 6.6.0 - Cross-Site Request Forgery Affected: *-6.6.0 Patched: 6.7.0 Updated: June 30, 2026
LOW

ultimate-addons-for-beaver-builder-lite

ultimate-addons-for-beaver-builder-lite

Score: N/A Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026
LOW

ultimate-addons-for-beaver-builder-lite

ultimate-addons-for-beaver-builder-lite

Score: N/A Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026
LOW

twenty20

twenty20

Score: N/A Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.9 Patched: 1.6.0 Updated: June 30, 2026
LOW

spotlight-social-photo-feeds

spotlight-social-photo-feeds

Score: N/A Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026
LOW

paid-memberships-pro

paid-memberships-pro

Score: N/A Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.9.8 Patched: 2.9.9 Updated: June 30, 2026
LOW

name-directory

name-directory

Score: N/A Name Directory <= 1.27.1 - Cross Site Request Forgery Affected: *-1.27.1 Patched: 1.27.2 Updated: June 30, 2026
LOW

modal-dialog

modal-dialog

Score: 93/100 Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.5.9 Patched: 3.5.10 Updated: June 30, 2026
LOW

material-design-icons-for-elementor

material-design-icons-for-elementor

Score: 93/100 Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026
LOW

like-box

like-box

Score: 93/100 Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.8.40 Patched: 0.8.41 Updated: June 30, 2026
LOW

lightweight-accordion

lightweight-accordion

Score: 93/100 Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.14 Patched: 1.5.15 Updated: June 30, 2026
LOW

lightbox-popup

lightbox-popup

Score: 93/100 Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: June 30, 2026
LOW

extensive-vc-addon

extensive-vc-addon

Score: 89/100 Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion Affected: *-1.9 Patched: 1.9.1 Updated: June 30, 2026
LOW

customer-reviews-woocommerce

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion Affected: *-5.15.0 Patched: 5.16.0 Updated: June 30, 2026
LOW

checkout-plugins-stripe-woo

checkout-plugins-stripe-woo

Score: 93/100 Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery Affected: *-1.4.10 Patched: 1.4.11 Updated: June 30, 2026
LOW

booking-system

booking-system

Score: 91/100 Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection Affected: *-2.9.9.2.8 Patched: 2.9.9.2.9 Updated: June 30, 2026
LOW

autoshare-for-twitter

autoshare-for-twitter

Score: 93/100 decode-uri-component <= 0.2.1 - Denial of Service Affected: *-1.2.1 Patched: 1.3.0 Updated: June 30, 2026
LOW

my-tickets

my-tickets

Score: 93/100 My Tickets <= 1.9.11 - Authorization Bypass Affected: *-1.9.11 Patched: 1.9.12 Updated: June 30, 2026
LOW

my-calendar

my-calendar

Score: 93/100 My Calendar <= 3.4.3 - Cross-Site Request Forgery Affected: *-3.4.3 Patched: 3.4.4 Updated: June 30, 2026
LOW

wpfrom-email

wpfrom-email

Score: N/A WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.8 Patched: 1.8.9 Updated: June 30, 2026
LOW

wpdevart-vertical-menu

wpdevart-vertical-menu

Score: N/A Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026
LOW

wpdevart-vertical-menu

wpdevart-vertical-menu

Score: N/A Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026
LOW

wpappninja

wpappninja

Score: N/A WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-11.13 Patched: 11.14 Updated: June 30, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5.3 Patched: 4.5.4 Updated: June 30, 2026
LOW

wp-time-slots-booking-form

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks Affected: *-1.1.82 Patched: 1.1.83 Updated: June 30, 2026
LOW

wp-time-slots-booking-form

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-1.1.81 Patched: 1.1.82 Updated: June 30, 2026
LOW

wp-smart-preloader

wp-smart-preloader

Score: N/A WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.15 Patched: 1.15.1 Updated: June 30, 2026
LOW

wp-media-library-categories

wp-media-library-categories

Score: N/A Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: 2.0.0 Updated: June 30, 2026
LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal Affected: *-9.0.15 Patched: 9.0.16 Updated: June 30, 2026

Showing 26701 to 26800 of 36316 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 21:21 UTC.