Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
WP Go Maps (formerly WP Google Maps)	wp-google-maps	66	WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal	LOW	*-9.0.15	9.0.16	June 30, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters	wp-google-map-plugin	74	WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-4.3.9	4.4.0	June 30, 2026
wp-flipclock	wp-flipclock	N/A	WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting	LOW	*-1.7.4	1.8	June 30, 2026
wp-client-reports	wp-client-reports	N/A	WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure	LOW	*-1.0.16	1.0.17	June 30, 2026
wp-airbnb-review-slider	wp-airbnb-review-slider	N/A	WP Airbnb Review Slider <= 3.2 - Cross-Site Request Forgery	LOW	*-3.2	3.3	June 30, 2026
vikrentcar	vikrentcar	N/A	VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting	LOW	*-1.3.0	1.3.1	June 30, 2026
very-simple-google-maps	very-simple-google-maps	N/A	Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting	LOW	*-2.8.4	2.9	June 30, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting	LOW	*-2.3.0	2.3.1	June 30, 2026
unusedcss	unusedcss	N/A	RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.6.35	1.6.36	June 30, 2026
simple-staff-list	simple-staff-list	N/A	Simple Staff List <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.2.2	2.2.3	June 30, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.3.9.4 - Content Spoofing	LOW	*-6.3.9.4	6.3.9.5	June 30, 2026
quick-event-manager	quick-event-manager	N/A	Quick Event Manager <= 9.7.4 - Missing Authorization Checks	LOW	*-9.7.4	9.7.5	June 30, 2026
quick-event-manager	quick-event-manager	N/A	Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting	LOW	*-9.7.4	9.7.5	June 30, 2026
quick-event-manager	quick-event-manager	N/A	Quick Event Manager <= 9.7.4 - Cross-Site Request Forgery	LOW	*-9.7.4	9.7.5	June 30, 2026
pods	pods	N/A	Pods <= 2.9.10.2 - Cross-Site Request Forgery	LOW	*-2.9.10.2	2.9.11	June 30, 2026
pixelyoursite	pixelyoursite	N/A	PixelYourSite <= 9.3.0 - Cross-Site Request Forgery	LOW	*-9.3.0	9.3.1	June 30, 2026
participants-database	participants-database	N/A	Participants Database <= 2.4.5 - Cross Site Request Forgery	LOW	*-2.4.5	2.4.6	June 30, 2026
my-tickets	my-tickets	93	My Tickets <= 1.9.11 - Authorization Bypass	LOW	*-1.9.11	1.9.12	June 30, 2026
my-calendar	my-calendar	93	My Calendar <= 3.4.3 - Cross-Site Request Forgery	LOW	*-3.4.3	3.4.4	June 30, 2026
mailoptin	mailoptin	93	MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting	LOW	1.2.54.0	1.2.54.1	June 30, 2026
like-box	like-box	93	Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-0.8.39	0.8.40	June 30, 2026
learnpress	learnpress	93	LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection	LOW	*-4.1.7.3.2	4.2.0	June 30, 2026
learnpress	learnpress	93	LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion	LOW	*-4.1.7.3.2	4.2.0	June 30, 2026
image-hover-effects-visual-composer-extension	image-hover-effects-visual-composer-extension	93	Image Hover Effects For WPBakery Page Builder <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	LOW	*-4.0	5.0	June 30, 2026
heateor-social-comments	heateor-social-comments	93	WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.6.1	1.6.2	June 30, 2026
g-business-reviews-rating	g-business-reviews-rating	93	Reviews and Rating – Google My Business <= 4.14 - Missing Authorization	LOW	4.14	4.15	June 30, 2026
fl3r-feelbox	fl3r-feelbox	87	FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection	LOW	*-8..1		June 30, 2026
extensions-for-cf7	extensions-for-cf7	93	Extensions For CF7 <= 2.0.8 - Cross-Site Request Forgery	LOW	*-2.0.8	2.0.9	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks for Gutenberg <= 3.8.5 - Cross-Site Request Forgery	LOW	*-3.8.5	3.8.6	June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection	LOW	*-5.1.9.2	5.1.9.3	June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change	LOW	*-5.1.9.2	5.1.9.3	June 30, 2026
ctt-expresso-para-woocommerce	ctt-expresso-para-woocommerce	93	CTT Expresso para WooCommerce <= 3.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.11	3.2.12	June 30, 2026
conversational-forms	conversational-forms	93	Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.6	1.1.7	June 30, 2026
contact-us-page-contact-people	contact-us-page-contact-people	89	Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery	LOW	*-3.7.0	3.7.1	June 30, 2026
category-specific-rss-feed-menu	category-specific-rss-feed-menu	93	Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery	LOW	[*, 2.2)	2.2	June 30, 2026
bubble-menu	bubble-menu	93	Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery	LOW	*-3.0.1	3.0.2	June 30, 2026
Booking Calendar	booking	71	Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection	LOW	*-9.4.2	9.4.3.1	June 30, 2026
automatorwp	automatorwp	93	AutomatorWP <= 2.5.0 - Cross Site Request Forgery	LOW	*-2.5.0	2.5.1	June 30, 2026
armember-membership	armember-membership	95	ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure	LOW	*-3.4.10	3.4.11	June 30, 2026
amazonjs	amazonjs	95	Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode	LOW	*-0.10		June 30, 2026
youtube-shortcode	youtube-shortcode	N/A	Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.8.5		June 30, 2026
yet-another-related-posts-plugin	yet-another-related-posts-plugin	N/A	YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.30.2	5.30.3	June 30, 2026
wp-topbar	wp-topbar	N/A	WP TopBar <= 5.36 - Cross Site Request Forgery	LOW	*-5.36		June 30, 2026
wp-topbar	wp-topbar	N/A	WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection	LOW	*-5.36		June 30, 2026
wp-helper-lite	wp-helper-lite	N/A	WP Helper Premium <= 4.2.0 - Authenticated (Contributor+) SQL Injection	LOW	*-4.2.0	4.3.0	June 30, 2026
wp-fast-cache	wp-fast-cache	N/A	Fast Cache <= 1.5 - Cross-Site Request Forgery	LOW	*-1.5		June 30, 2026
wp-ecommerce-paypal	wp-ecommerce-paypal	N/A	Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.7.3	1.7.4	June 30, 2026
wordpress-tabs-slides	wordpress-tabs-slides	N/A	WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery	LOW	*-2.0.3		June 30, 2026
user-meta-manager	user-meta-manager	N/A	User Meta Manager <= 3.4.9 - Reflected Cross-Site Scripting	LOW	*-3.4.9		June 30, 2026
themify-portfolio-post	themify-portfolio-post	N/A	Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.2.1	1.2.2	June 30, 2026
theme-blvd-responsive-google-maps	theme-blvd-responsive-google-maps	N/A	Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-1.0.2		June 30, 2026
srs-simple-hits-counter	srs-simple-hits-counter	N/A	SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery	LOW	*-1.1.0	1.1.1	June 30, 2026
page-loading-effects	page-loading-effects	N/A	Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting	LOW	*-2.0.0	3.0.0	June 30, 2026
oi-yamaps	oi-yamaps	N/A	Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode	LOW	*-3.2.7		June 30, 2026
nice-paypal-button-lite	nice-paypal-button-lite	N/A	Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery	LOW	*-1.3.5		June 30, 2026
mts-url-shortener	mts-url-shortener	87	URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization	LOW	*-1.0.16		June 30, 2026
mapwiz	mapwiz	91	Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection	LOW	*-1.0.1		June 30, 2026
m-chart	m-chart	93	M Chart <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.4	1.10	June 30, 2026
jetwidgets-for-elementor	jetwidgets-for-elementor	93	JetWidgets For Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.13	1.0.14	June 30, 2026
interactive-polish-map	interactive-polish-map	93	Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting	LOW	*-1.2	1.2.1	June 30, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power)	gpt3-ai-content-generator	92	GPT AI Power <= 1.4.37 - Missing Authorization	LOW	*-1.4.37	1.4.38	June 30, 2026
give	give	93	GiveWP <= 2.23.2 - Unauthenticated SQL Injection	LOW	*-2.23.2	2.24	June 30, 2026
give	give	93	GiveWP <= 2.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.23.2	2.24	June 30, 2026
ebay-feeds-for-wordpress	ebay-feeds-for-wordpress	93	WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.3.1	3.4	June 30, 2026
Contact Form 7 – Dynamic Text Extension	contact-form-7-dynamic-text-extension	96	Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0.3	3.0.0	June 30, 2026
coming-soon-by-supsystic	coming-soon-by-supsystic	93	Coming Soon by Supsystic <= 1.7.10 - Cross Site Request Forgery	LOW	*-1.7.10	1.7.11	June 30, 2026
camera-slideshow	camera-slideshow	91	Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting	LOW	*-1.4.0.1		June 30, 2026
amr-shortcode-any-widget	amr-shortcode-any-widget	95	amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.0		June 30, 2026
admin-log	admin-log	95	Admin Log <= 1.50 - Cross-Site Request Forgery	LOW	*-1.50		June 30, 2026
templatesnext-toolkit	templatesnext-toolkit	N/A	TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.2.8	3.2.9	June 30, 2026
mainwp-wordfence-extension	mainwp-wordfence-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.7	4.0.8	June 30, 2026
mainwp-updraftplus-extension	mainwp-updraftplus-extension	93	MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization	LOW	*-4.0.6	4.0.7	June 30, 2026
mainwp-updraftplus-extension	mainwp-updraftplus-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.6	4.0.7	June 30, 2026
mainwp-staging-extension	mainwp-staging-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.3	4.0.4	June 30, 2026
mainwp-seo-extension	mainwp-seo-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.1	4.0.3	June 30, 2026
mainwp-rocket-extension	mainwp-rocket-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.3	4.0.4	June 30, 2026
mainwp-post-plus-extension	mainwp-post-plus-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.3	4.1.1	June 30, 2026
mainwp-post-dripper-extension	mainwp-post-dripper-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.4	4.0.5	June 30, 2026
mainwp-page-speed-extension	mainwp-page-speed-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.2	4.0.3	June 30, 2026
mainwp-maintenance-extension	mainwp-maintenance-extension	93	MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection	LOW	*-4.1.1	4.1.2	June 30, 2026
mainwp-maintenance-extension	mainwp-maintenance-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.1.1	4.1.2	June 30, 2026
mainwp-links-manager-extension	mainwp-links-manager-extension	91	MainWP Links Manager Extension <= 2.1 - Unauthenticated PHP Object Injection	LOW	*-2.1		June 30, 2026
mainwp-ithemes-security-extension	mainwp-ithemes-security-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.1.1	4.1.2	June 30, 2026
mainwp-google-analytics-extension	mainwp-google-analytics-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.4	4.0.5	June 30, 2026
mainwp-file-uploader-extension	mainwp-file-uploader-extension	93	MainWP File Uploader Extension <= 4.1 - Unauthenticated Arbitrary File Upload	LOW	*-4.1	4.1.1	June 30, 2026
mainwp-file-uploader-extension	mainwp-file-uploader-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.1	4.1.1	June 30, 2026
mainwp-favorites-extension	mainwp-favorites-extension	93	MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-4.0.10	4.0.11	June 30, 2026
mainwp-favorites-extension	mainwp-favorites-extension	93	MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation	LOW	*-4.0.10	4.0.11	June 30, 2026
mainwp-favorites-extension	mainwp-favorites-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.10	4.0.11	June 30, 2026
mainwp-comments-extension	mainwp-comments-extension	93	MainWP Comments Extension <= 4.0.6 - Missing Authorization	LOW	*-4.0.6	4.0.7	June 30, 2026
mainwp-comments-extension	mainwp-comments-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.6	4.0.7	June 30, 2026
mainwp-code-snippets-extension	mainwp-code-snippets-extension	93	MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-4.0.2	4.0.3	June 30, 2026
mainwp-code-snippets-extension	mainwp-code-snippets-extension	93	MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) PHP Code Injection	LOW	*-4.0.2	4.0.3	June 30, 2026
mainwp-code-snippets-extension	mainwp-code-snippets-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.2	4.0.3	June 30, 2026
mainwp-clone-extension	mainwp-clone-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.2	4.0.3	June 30, 2026
mainwp-buddy-extension	mainwp-buddy-extension	93	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0.1	4.0.3	June 30, 2026
mainwp-broken-links-checker-extension	mainwp-broken-links-checker-extension	87	MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection	LOW	*-4.0		June 30, 2026
mainwp-broken-links-checker-extension	mainwp-broken-links-checker-extension	87	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-4.0		June 30, 2026
mainwp-blogvault-backup-extension	mainwp-blogvault-backup-extension	91	MainWP (Various extensions) - Cross-Site Request Forgery	LOW	*-1.3	4.1.2	June 30, 2026
mainwp-blogvault-backup-extension	mainwp-blogvault-backup-extension	91	MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation	LOW	*-1.3		June 30, 2026

LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal Affected: *-9.0.15 Patched: 9.0.16 Updated: June 30, 2026

LOW

WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

wp-google-map-plugin

Score: 74/100 WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-4.3.9 Patched: 4.4.0 Updated: June 30, 2026

LOW

wp-flipclock

Score: N/A WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-1.7.4 Patched: 1.8 Updated: June 30, 2026

LOW

wp-client-reports

Score: N/A WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure Affected: *-1.0.16 Patched: 1.0.17 Updated: June 30, 2026

LOW

wp-airbnb-review-slider

Score: N/A WP Airbnb Review Slider <= 3.2 - Cross-Site Request Forgery Affected: *-3.2 Patched: 3.3 Updated: June 30, 2026

LOW

vikrentcar

Score: N/A VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

very-simple-google-maps

Score: N/A Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-2.8.4 Patched: 2.9 Updated: June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026

LOW

unusedcss

Score: N/A RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection Affected: *-1.6.35 Patched: 1.6.36 Updated: June 30, 2026

LOW

simple-staff-list

Score: N/A Simple Staff List <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.3.9.4 - Content Spoofing Affected: *-6.3.9.4 Patched: 6.3.9.5 Updated: June 30, 2026

LOW

quick-event-manager

Score: N/A Quick Event Manager <= 9.7.4 - Missing Authorization Checks Affected: *-9.7.4 Patched: 9.7.5 Updated: June 30, 2026

LOW

quick-event-manager

Score: N/A Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting Affected: *-9.7.4 Patched: 9.7.5 Updated: June 30, 2026

LOW

quick-event-manager

Score: N/A Quick Event Manager <= 9.7.4 - Cross-Site Request Forgery Affected: *-9.7.4 Patched: 9.7.5 Updated: June 30, 2026

LOW

pods

Score: N/A Pods <= 2.9.10.2 - Cross-Site Request Forgery Affected: *-2.9.10.2 Patched: 2.9.11 Updated: June 30, 2026

LOW

pixelyoursite

Score: N/A PixelYourSite <= 9.3.0 - Cross-Site Request Forgery Affected: *-9.3.0 Patched: 9.3.1 Updated: June 30, 2026

LOW

participants-database

Score: N/A Participants Database <= 2.4.5 - Cross Site Request Forgery Affected: *-2.4.5 Patched: 2.4.6 Updated: June 30, 2026

LOW

my-tickets

Score: 93/100 My Tickets <= 1.9.11 - Authorization Bypass Affected: *-1.9.11 Patched: 1.9.12 Updated: June 30, 2026

LOW

my-calendar

Score: 93/100 My Calendar <= 3.4.3 - Cross-Site Request Forgery Affected: *-3.4.3 Patched: 3.4.4 Updated: June 30, 2026

LOW

mailoptin

Score: 93/100 MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting Affected: 1.2.54.0 Patched: 1.2.54.1 Updated: June 30, 2026

LOW

like-box

Score: 93/100 Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-0.8.39 Patched: 0.8.40 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection Affected: *-4.1.7.3.2 Patched: 4.2.0 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion Affected: *-4.1.7.3.2 Patched: 4.2.0 Updated: June 30, 2026

LOW

image-hover-effects-visual-composer-extension

Score: 93/100 Image Hover Effects For WPBakery Page Builder <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-4.0 Patched: 5.0 Updated: June 30, 2026

LOW

Score: 93/100 WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

g-business-reviews-rating

Score: 93/100 Reviews and Rating – Google My Business <= 4.14 - Missing Authorization Affected: 4.14 Patched: 4.15 Updated: June 30, 2026

LOW

fl3r-feelbox

Score: 87/100 FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection Affected: *-8..1 Patched: Updated: June 30, 2026

LOW

extensions-for-cf7

Score: 93/100 Extensions For CF7 <= 2.0.8 - Cross-Site Request Forgery Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks for Gutenberg <= 3.8.5 - Cross-Site Request Forgery Affected: *-3.8.5 Patched: 3.8.6 Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection Affected: *-5.1.9.2 Patched: 5.1.9.3 Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change Affected: *-5.1.9.2 Patched: 5.1.9.3 Updated: June 30, 2026

LOW

ctt-expresso-para-woocommerce

Score: 93/100 CTT Expresso para WooCommerce <= 3.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.11 Patched: 3.2.12 Updated: June 30, 2026

LOW

conversational-forms

Score: 93/100 Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

contact-us-page-contact-people

Score: 89/100 Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery Affected: *-3.7.0 Patched: 3.7.1 Updated: June 30, 2026

LOW

category-specific-rss-feed-menu

Score: 93/100 Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery Affected: [*, 2.2) Patched: 2.2 Updated: June 30, 2026

LOW

bubble-menu

Score: 93/100 Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026

LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection Affected: *-9.4.2 Patched: 9.4.3.1 Updated: June 30, 2026

LOW

automatorwp

Score: 93/100 AutomatorWP <= 2.5.0 - Cross Site Request Forgery Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure Affected: *-3.4.10 Patched: 3.4.11 Updated: June 30, 2026

LOW

amazonjs

Score: 95/100 Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode Affected: *-0.10 Patched: Updated: June 30, 2026

LOW

youtube-shortcode

Score: N/A Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8.5 Patched: Updated: June 30, 2026

LOW

yet-another-related-posts-plugin

Score: N/A YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.30.2 Patched: 5.30.3 Updated: June 30, 2026

LOW

wp-topbar

Score: N/A WP TopBar <= 5.36 - Cross Site Request Forgery Affected: *-5.36 Patched: Updated: June 30, 2026

LOW

wp-topbar

Score: N/A WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection Affected: *-5.36 Patched: Updated: June 30, 2026

LOW

wp-helper-lite

Score: N/A WP Helper Premium <= 4.2.0 - Authenticated (Contributor+) SQL Injection Affected: *-4.2.0 Patched: 4.3.0 Updated: June 30, 2026

LOW

wp-fast-cache

Score: N/A Fast Cache <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

wp-ecommerce-paypal

Score: N/A Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7.3 Patched: 1.7.4 Updated: June 30, 2026

LOW

wordpress-tabs-slides

Score: N/A WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery Affected: *-2.0.3 Patched: Updated: June 30, 2026

LOW

user-meta-manager

Score: N/A User Meta Manager <= 3.4.9 - Reflected Cross-Site Scripting Affected: *-3.4.9 Patched: Updated: June 30, 2026

LOW

themify-portfolio-post

Score: N/A Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

theme-blvd-responsive-google-maps

Score: N/A Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

srs-simple-hits-counter

Score: N/A SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

page-loading-effects

Score: N/A Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting Affected: *-2.0.0 Patched: 3.0.0 Updated: June 30, 2026

LOW

oi-yamaps

Score: N/A Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode Affected: *-3.2.7 Patched: Updated: June 30, 2026

LOW

nice-paypal-button-lite

Score: N/A Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

mts-url-shortener

Score: 87/100 URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization Affected: *-1.0.16 Patched: Updated: June 30, 2026

LOW

mapwiz

Score: 91/100 Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

m-chart

Score: 93/100 M Chart <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.4 Patched: 1.10 Updated: June 30, 2026

LOW

jetwidgets-for-elementor

Score: 93/100 JetWidgets For Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: 1.0.14 Updated: June 30, 2026

LOW

interactive-polish-map

Score: 93/100 Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting Affected: *-1.2 Patched: 1.2.1 Updated: June 30, 2026

LOW

AI Puffer – Chat. Create. Automate. (formerly AI Power)

gpt3-ai-content-generator

Score: 92/100 GPT AI Power <= 1.4.37 - Missing Authorization Affected: *-1.4.37 Patched: 1.4.38 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.23.2 - Unauthenticated SQL Injection Affected: *-2.23.2 Patched: 2.24 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 2.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.23.2 Patched: 2.24 Updated: June 30, 2026

LOW

ebay-feeds-for-wordpress

Score: 93/100 WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.3.1 Patched: 3.4 Updated: June 30, 2026

LOW

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

Score: 96/100 Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.3 Patched: 3.0.0 Updated: June 30, 2026

LOW

coming-soon-by-supsystic

Score: 93/100 Coming Soon by Supsystic <= 1.7.10 - Cross Site Request Forgery Affected: *-1.7.10 Patched: 1.7.11 Updated: June 30, 2026

LOW

camera-slideshow

Score: 91/100 Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting Affected: *-1.4.0.1 Patched: Updated: June 30, 2026

LOW

amr-shortcode-any-widget

Score: 95/100 amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.0 Patched: Updated: June 30, 2026

LOW

admin-log

Score: 95/100 Admin Log <= 1.50 - Cross-Site Request Forgery Affected: *-1.50 Patched: Updated: June 30, 2026

LOW

templatesnext-toolkit

Score: N/A TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.2.8 Patched: 3.2.9 Updated: June 30, 2026

LOW

mainwp-wordfence-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026

LOW

mainwp-updraftplus-extension

Score: 93/100 MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

mainwp-updraftplus-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

mainwp-staging-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.3 Patched: 4.0.4 Updated: June 30, 2026

LOW

mainwp-seo-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.1 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-rocket-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.3 Patched: 4.0.4 Updated: June 30, 2026

LOW

mainwp-post-plus-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.3 Patched: 4.1.1 Updated: June 30, 2026

LOW

mainwp-post-dripper-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026

LOW

mainwp-page-speed-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-maintenance-extension

Score: 93/100 MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026

LOW

mainwp-maintenance-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026

LOW

mainwp-links-manager-extension

Score: 91/100 MainWP Links Manager Extension <= 2.1 - Unauthenticated PHP Object Injection Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

mainwp-ithemes-security-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026

LOW

mainwp-google-analytics-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026

LOW

mainwp-file-uploader-extension

Score: 93/100 MainWP File Uploader Extension <= 4.1 - Unauthenticated Arbitrary File Upload Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026

LOW

mainwp-file-uploader-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026

LOW

mainwp-favorites-extension

Score: 93/100 MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-4.0.10 Patched: 4.0.11 Updated: June 30, 2026

LOW

mainwp-favorites-extension

Score: 93/100 MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-4.0.10 Patched: 4.0.11 Updated: June 30, 2026

LOW

mainwp-favorites-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.10 Patched: 4.0.11 Updated: June 30, 2026

LOW

mainwp-comments-extension

Score: 93/100 MainWP Comments Extension <= 4.0.6 - Missing Authorization Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

mainwp-comments-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026

LOW

mainwp-code-snippets-extension

Score: 93/100 MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-code-snippets-extension

Score: 93/100 MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) PHP Code Injection Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-code-snippets-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-clone-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-buddy-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.1 Patched: 4.0.3 Updated: June 30, 2026

LOW

mainwp-broken-links-checker-extension

Score: 87/100 MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection Affected: *-4.0 Patched: Updated: June 30, 2026

LOW

mainwp-broken-links-checker-extension

Score: 87/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0 Patched: Updated: June 30, 2026

LOW

mainwp-blogvault-backup-extension

Score: 91/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-1.3 Patched: 4.1.2 Updated: June 30, 2026

LOW

mainwp-blogvault-backup-extension

Score: 91/100 MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-1.3 Patched: Updated: June 30, 2026

Showing 26801 to 26900 of 36319 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 22:32 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List