Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
album-and-image-gallery-plus-lightbox	album-and-image-gallery-plus-lightbox	97	Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode	LOW	*-2.1.7	2.1.8	June 30, 2026
advanced-custom-fields-font-awesome	advanced-custom-fields-font-awesome	97	Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.0.1	5.0.2	June 30, 2026
accessibe	accessibe	97	Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure	LOW	*-2.11	2.12	June 30, 2026
wp-downloadmanager	wp-downloadmanager	N/A	WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter	LOW	*-1.69	1.69.1	June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment	LOW	*-6.0.6.9	6.0.7.0	June 30, 2026
blog2social	blog2social	93	Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification	LOW	*-8.7.4	8.7.5	June 30, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz \| GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-7.4.3	7.4.4	June 30, 2026
user-submitted-posts	user-submitted-posts	N/A	User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter	LOW	*-20260113	20260217	June 30, 2026
video-share-vod	video-share-vod	N/A	Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values	LOW	*-2.7.11	2.7.12	June 30, 2026
wpnakama	wpnakama	N/A	WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter	LOW	*-0.6.5	0.6.6	June 30, 2026
so-widgets-bundle	so-widgets-bundle	N/A	SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	*-1.70.4	1.71.0	June 30, 2026
community-events	community-events	93	Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter	LOW	*-1.5.7	1.5.8	June 30, 2026
wp-event-aggregator	wp-event-aggregator	N/A	WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.8.7	1.9.0	June 30, 2026
business-directory-plugin	business-directory-plugin	93	Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification	LOW	*-6.4.20	6.4.21	June 30, 2026
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management	74	EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter	LOW	*-4.2.8.4	4.2.8.5	June 30, 2026
wp-downloadmanager	wp-downloadmanager	N/A	WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter	LOW	*-1.69	1.69.1	June 30, 2026
Dam Spam	dam-spam	84	Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion	LOW	*-1.0.8	1.0.9	June 30, 2026
YayMail – WooCommerce Email Customizer	yaymail	N/A	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint	LOW	*-4.3.2	4.3.3	June 30, 2026
kali-forms	kali-forms	93	Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure	LOW	*-2.4.8	2.4.9	June 30, 2026
YayMail – WooCommerce Email Customizer	yaymail	N/A	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation	LOW	*-4.3.2	4.3.3	June 30, 2026
YayMail – WooCommerce Email Customizer	yaymail	N/A	YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements	LOW	*-4.3.2	4.3.3	June 30, 2026
YayMail – WooCommerce Email Customizer	yaymail	N/A	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action	LOW	*-4.3.2	4.3.3	June 30, 2026
woo-custom-product-addons	woo-custom-product-addons	N/A	Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter	LOW	*-3.1.0	3.1.1	June 30, 2026
private-comment	private-comment	N/A	Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting	LOW	*-0.0.4	0.0.5	June 30, 2026
interactivecalculator	interactivecalculator	93	InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.0.3	1.0.4	June 30, 2026
woo-cart-all-in-one	woo-cart-all-in-one	N/A	Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting	LOW	*-1.1.21	1.1.22	June 30, 2026
Download Manager	download-manager	63	Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter	LOW	*-3.3.46	3.3.47	June 30, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	kadence-blocks	91	Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload	LOW	*-3.6.1	3.6.2	June 30, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	kadence-blocks	91	Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter	LOW	*-3.6.1	3.6.2	June 30, 2026
taskbuilder	taskbuilder	N/A	Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation	LOW	*-5.0.2	5.0.3	June 30, 2026
taskbuilder	taskbuilder	N/A	Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters	LOW	*-5.0.2	5.0.3	June 30, 2026
woocommerce-pdf-invoices-packing-slips	woocommerce-pdf-invoices-packing-slips	N/A	PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification	LOW	*-5.6.0	5.7.0	June 30, 2026
wp-keybase-verification	wp-keybase-verification	N/A	Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update	LOW	*-1.4.5	1.4.6	June 30, 2026
Membership Plugin – Kadence Memberships	restrict-content	N/A	Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings	LOW	*-3.2.18	3.2.19	June 30, 2026
wp-plugin-info-card	wp-plugin-info-card	N/A	WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation	LOW	*-6.2.0	6.3.0	June 30, 2026
vk-all-in-one-expansion-unit	vk-all-in-one-expansion-unit	N/A	VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title	LOW	*-9.112.3	9.112.4	June 30, 2026
tickera-event-ticketing-system	tickera-event-ticketing-system	N/A	Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update	LOW	*-3.5.6.4	3.5.6.5	June 30, 2026
popup-box	popup-box	N/A	Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.12	3.2.13	June 30, 2026
frontend-user-notes	frontend-user-notes	93	Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification	LOW	*-2.1.0	2.1.1	June 30, 2026
woo-order-splitter	woo-order-splitter	N/A	Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure	LOW	*-5.3.5	5.3.6	June 30, 2026
wp-404-auto-redirect-to-similar-post	wp-404-auto-redirect-to-similar-post	N/A	WP 404 Auto Redirect <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0.5	1.0.6	June 30, 2026
emailkit	emailkit	93	EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification	LOW	*-1.6.2	1.6.3	June 30, 2026
filepicker-media-uploader	filepicker-media-uploader	91	Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-2.0.8		June 30, 2026
url-shortify	url-shortify	N/A	URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter	LOW	*-1.12.1	1.12.2	June 30, 2026
frontend-post-submission-manager-lite	frontend-post-submission-manager-lite	93	Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter	LOW	1.0.0-1.2.7	1.2.8	June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons	N/A	ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action	LOW	*-3.3.2	3.3.3	June 30, 2026
business-directory-plugin	business-directory-plugin	93	Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter	LOW	*-6.4.21	6.4.22	June 30, 2026
display-during-conditional-shortcode	display-during-conditional-shortcode	93	Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter	LOW	*-1.2	1.3	June 30, 2026
rentfetch	rentfetch	N/A	Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter	LOW	*-0.32.6	0.32.7	June 30, 2026
wp-ultimate-csv-importer	wp-ultimate-csv-importer	N/A	WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name	LOW	*-7.37	7.38	June 30, 2026
WP Compress – Instant Performance & Speed Optimization	wp-compress-image-optimizer	61	Compress <= 6.60.28 - Missing Authorization	LOW	*-6.60.28	6.60.29	June 30, 2026
wp-all-export	wp-all-export	N/A	WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling	LOW	*-1.4.14	1.4.15	June 30, 2026
woocommerce-ajax-filters	woocommerce-ajax-filters	N/A	Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility	LOW	*-3.1.9.6	3.1.9.7	June 30, 2026
wolmart-core	wolmart-core	N/A	Wolmart Core <= 1.9.6 - Unauthenticated SQL Injection	LOW	*-1.9.6	1.9.7	June 30, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member	N/A	Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters	LOW	*-2.11.1	2.11.2	June 30, 2026
simple-ajax-chat	simple-ajax-chat	N/A	Simple Ajax Chat <= 20251121 - Unauthenticated Information Exposure	LOW	*-20251121	20260217	June 30, 2026
panda-pods-repeater-field	panda-pods-repeater-field	N/A	Panda Pods Repeater Field <= 1.5.12 - Missing Authorization	LOW	*-1.5.12	1.5.13	June 30, 2026
Frontend File Manager Plugin	nmedia-user-file-uploader	86	Frontend File Manager <= 23.5 - Missing Authorization	LOW	*-23.5		June 30, 2026
Brevo – Email, SMS, Web Push, Chat, and more.	mailin	76	Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling	LOW	*-3.3.0	3.3.1	June 30, 2026
court-reservation	court-reservation	89	Court Reservation – Manage Your Court Bookings Online < 1.10.9 - Cross-Site Request Forgery	LOW	[*, 1.10.9)	1.10.9	June 30, 2026
bookster	bookster	93	Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw'	LOW	*-2.1.1	2.2.0	June 30, 2026
Booking Calendar	booking	71	Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification	LOW	*-10.14.14	10.14.15	June 30, 2026
applay-shortcodes	applay-shortcodes	95	Applay - Shortcodes <= 3.7 - Authenticated (Contributor+) PHP Object Injection	LOW	*-3.7		June 30, 2026
academy	academy	97	Academy LMS <= 3.5.3 - Missing Authorization	LOW	*-3.5.3	3.5.4	June 30, 2026
wp-rss-aggregator	wp-rss-aggregator	N/A	RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter	LOW	*-5.0.10	5.0.11	June 30, 2026
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management	74	EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint	LOW	*-4.2.8.4	4.2.8.5	June 30, 2026
zarinpal-woocommerce-payment-gateway	zarinpal-woocommerce-payment-gateway	N/A	Zarinpal Gateway for WooCommerce <= 5.0.16 - Improper Access Control to Payment Status Update	LOW	*-5.0.16	5.0.17	June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.50.2	1.50.3	June 30, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters	wp-google-map-plugin	74	WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion	LOW	*-4.8.6	4.8.7	June 30, 2026
revenue	revenue	N/A	WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation	LOW	*-2.1.3	2.1.4	June 30, 2026
zero-bs-crm	zero-bs-crm	N/A	Jetpack CRM <= 6.7.0 - Unauthenticated Local File Inclusion	LOW	*-6.7.0	6.7.1	June 30, 2026
woo-razorpay	woo-razorpay	N/A	Razorpay for WooCommerce <= 4.8.3 - Missing Authorization	LOW	*-4.8.3	4.8.4	June 30, 2026
turbo-manager	turbo-manager	N/A	Turbo Manager < 4.0.8 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 4.0.8)	4.0.8	June 30, 2026
open-user-map	open-user-map	N/A	Open User Map <= 1.4.16 - Authenticated (Subscriber+) Arbitrary File Download	LOW	*-1.4.16	1.4.17	June 30, 2026
modal-dialog	modal-dialog	93	Modal Dialog <= 3.5.16 - Authenticated (Admin+) Remote Code Execution	LOW	*-3.5.16	3.5.17	June 30, 2026
medilink-core	medilink-core	93	Medilink-Core < 2.0.7 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 2.0.7)	2.0.7	June 30, 2026
link-whisper	link-whisper	93	Link Whisper Free <= 0.9.2 - Reflected Cross-Site Scripting	LOW	*-0.9.2	0.9.3	June 30, 2026
leadlovers-forms	leadlovers-forms	91	leadlovers forms <= 1.0.2 - Missing Authorization	LOW	*-1.0.2		June 30, 2026
geo-to-lat	geo-to-lat	93	Geo to Lat <= 1.0.19 - Authenticated (Contributor+) SQL Injection	LOW	*-1.0.19	1.1	June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic < 6.0.7.2 - Missing Authorization	LOW	[*, 6.0.7.2)	6.0.7.2	June 30, 2026
collapsing-categories	collapsing-categories	93	Collapsing Categories <= 3.0.9 - Authenticated (Contributor+) SQL Injection	LOW	*-3.0.9	3.0.12	June 30, 2026
collapsing-archives	collapsing-archives	93	Collapsing Archives <= 3.0.7 - Authenticated (Contributor+) SQL Injection	LOW	*-3.0.7	3.0.8	June 30, 2026
Calculated Fields Form	calculated-fields-form	70	Calculated Fields Form <= 5.4.4.1 - Missing Authorization	LOW	*-5.4.4.1	5.4.4.2	June 30, 2026
banner-management-for-woocommerce	banner-management-for-woocommerce	91	Woocommerce Category Banner Management <= 2.5.1 - Authenticated (Contributor+) PHP Object Injection	LOW	*-2.5.1		June 30, 2026
wp-simple-html-sitemap	wp-simple-html-sitemap	N/A	Simple HTML Sitemap <= 3.8 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.8		June 30, 2026
Rich Showcase for Google Reviews	widget-google-reviews	87	Rich Showcase for Google Reviews <= 6.9.4.3 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-6.9.4.3	6.9.4.4	June 30, 2026
video-conferencing-with-zoom-api	video-conferencing-with-zoom-api	N/A	Video Conferencing with Zoom <= 4.6.6 - Missing Authorization	LOW	*-4.6.6	4.6.7	June 30, 2026
unitechpay-paiements-mobile-money	unitechpay-paiements-mobile-money	N/A	UnitechPay <= 1.0.2 - Missing Authorization	LOW	*-1.0.2		June 30, 2026
totalpoll-lite	totalpoll-lite	N/A	Total Poll Lite <= 4.12.0 - Missing Authorization	LOW	*-4.12.0		June 30, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder	sureforms	N/A	SureForms <= 2.2.1 - Missing Authorization	LOW	*-2.2.1	2.2.2	June 30, 2026
sprout-invoices	sprout-invoices	N/A	Client Invoicing by Sprout Invoices <= 20.8.8 - Missing Authorization	LOW	*-20.8.8	20.8.9	June 30, 2026
mp3-music-player-by-sonaar	mp3-music-player-by-sonaar	N/A	MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.11 - Unauthenticated Server-Side Request Forgery	LOW	*-5.11	5.12	June 30, 2026
leaflet-map	leaflet-map	93	Leaflet Map <= 3.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.4	3.4.5	June 30, 2026
igms-direct-booking	igms-direct-booking	91	iGMS Direct Booking <= 1.3 - Missing Authorization	LOW	*-1.3		June 30, 2026
icon-list-block	icon-list-block	93	Icon List Block <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.3	1.2.4	June 30, 2026
hydra-booking	hydra-booking	93	Hydra Booking <= 1.1.38 - Authenticated (Hydra host+) Stored Cross-Site Scripting	LOW	*-1.1.38	1.1.39	June 30, 2026
global-payments-woocommerce	global-payments-woocommerce	93	GlobalPayments WooCommerce <= 1.18.3 - Unauthenticated Server-Side Request Forgery	LOW	*-1.18.3	1.18.4	June 30, 2026
free-php-version-info	free-php-version-info	93	WPLifeCycle <= 3.3.1 - Missing Authorization	LOW	*-3.3.1	4.0	June 30, 2026
Gallery by FooGallery	foogallery	82	FooGallery <= 3.1.11 - Missing Authorization	LOW	*-3.1.11	3.1.13	June 30, 2026
Gallery by FooGallery	foogallery	82	FooGallery <= 3.1.11 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.1.11	3.1.13	June 30, 2026

LOW

album-and-image-gallery-plus-lightbox

Score: 97/100 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode Affected: *-2.1.7 Patched: 2.1.8 Updated: June 30, 2026

LOW

advanced-custom-fields-font-awesome

Score: 97/100 Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.1 Patched: 5.0.2 Updated: June 30, 2026

LOW

accessibe

Score: 97/100 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure Affected: *-2.11 Patched: 2.12 Updated: June 30, 2026

LOW

wp-downloadmanager

Score: N/A WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter Affected: *-1.69 Patched: 1.69.1 Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment Affected: *-6.0.6.9 Patched: 6.0.7.0 Updated: June 30, 2026

LOW

blog2social

Score: 93/100 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification Affected: *-8.7.4 Patched: 8.7.5 Updated: June 30, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz | GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-7.4.3 Patched: 7.4.4 Updated: June 30, 2026

LOW

user-submitted-posts

Score: N/A User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter Affected: *-20260113 Patched: 20260217 Updated: June 30, 2026

LOW

video-share-vod

Score: N/A Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values Affected: *-2.7.11 Patched: 2.7.12 Updated: June 30, 2026

LOW

wpnakama

Score: N/A WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter Affected: *-0.6.5 Patched: 0.6.6 Updated: June 30, 2026

LOW

so-widgets-bundle

Score: N/A SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-1.70.4 Patched: 1.71.0 Updated: June 30, 2026

LOW

community-events

Score: 93/100 Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter Affected: *-1.5.7 Patched: 1.5.8 Updated: June 30, 2026

LOW

wp-event-aggregator

Score: N/A WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.8.7 Patched: 1.9.0 Updated: June 30, 2026

LOW

business-directory-plugin

Score: 93/100 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification Affected: *-6.4.20 Patched: 6.4.21 Updated: June 30, 2026

LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter Affected: *-4.2.8.4 Patched: 4.2.8.5 Updated: June 30, 2026

LOW

wp-downloadmanager

Score: N/A WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter Affected: *-1.69 Patched: 1.69.1 Updated: June 30, 2026

LOW

Dam Spam

dam-spam

Score: 84/100 Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

LOW

YayMail – WooCommerce Email Customizer

yaymail

Score: N/A YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

kali-forms

Score: 93/100 Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure Affected: *-2.4.8 Patched: 2.4.9 Updated: June 30, 2026

LOW

YayMail – WooCommerce Email Customizer

yaymail

Score: N/A YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

YayMail – WooCommerce Email Customizer

yaymail

Score: N/A YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

YayMail – WooCommerce Email Customizer

yaymail

Score: N/A YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

woo-custom-product-addons

Score: N/A Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter Affected: *-3.1.0 Patched: 3.1.1 Updated: June 30, 2026

LOW

private-comment

Score: N/A Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting Affected: *-0.0.4 Patched: 0.0.5 Updated: June 30, 2026

LOW

interactivecalculator

Score: 93/100 InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

woo-cart-all-in-one

Score: N/A Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting Affected: *-1.1.21 Patched: 1.1.22 Updated: June 30, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter Affected: *-3.3.46 Patched: 3.3.47 Updated: June 30, 2026

LOW

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

Score: 91/100 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload Affected: *-3.6.1 Patched: 3.6.2 Updated: June 30, 2026

LOW

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

Score: 91/100 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter Affected: *-3.6.1 Patched: 3.6.2 Updated: June 30, 2026

LOW

taskbuilder

Score: N/A Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation Affected: *-5.0.2 Patched: 5.0.3 Updated: June 30, 2026

LOW

taskbuilder

Score: N/A Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters Affected: *-5.0.2 Patched: 5.0.3 Updated: June 30, 2026

LOW

woocommerce-pdf-invoices-packing-slips

Score: N/A PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification Affected: *-5.6.0 Patched: 5.7.0 Updated: June 30, 2026

LOW

wp-keybase-verification

Score: N/A Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

Membership Plugin – Kadence Memberships

restrict-content

Score: N/A Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings Affected: *-3.2.18 Patched: 3.2.19 Updated: June 30, 2026

LOW

wp-plugin-info-card

Score: N/A WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation Affected: *-6.2.0 Patched: 6.3.0 Updated: June 30, 2026

LOW

vk-all-in-one-expansion-unit

Score: N/A VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title Affected: *-9.112.3 Patched: 9.112.4 Updated: June 30, 2026

LOW

tickera-event-ticketing-system

Score: N/A Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update Affected: *-3.5.6.4 Patched: 3.5.6.5 Updated: June 30, 2026

LOW

popup-box

Score: N/A Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.12 Patched: 3.2.13 Updated: June 30, 2026

LOW

frontend-user-notes

Score: 93/100 Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification Affected: *-2.1.0 Patched: 2.1.1 Updated: June 30, 2026

LOW

woo-order-splitter

Score: N/A Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure Affected: *-5.3.5 Patched: 5.3.6 Updated: June 30, 2026

LOW

wp-404-auto-redirect-to-similar-post

Score: N/A WP 404 Auto Redirect <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: 1.0.6 Updated: June 30, 2026

LOW

emailkit

Score: 93/100 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

filepicker-media-uploader

Score: 91/100 Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-2.0.8 Patched: Updated: June 30, 2026

LOW

url-shortify

Score: N/A URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter Affected: *-1.12.1 Patched: 1.12.2 Updated: June 30, 2026

LOW

frontend-post-submission-manager-lite

Score: 93/100 Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter Affected: 1.0.0-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

Score: N/A ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action Affected: *-3.3.2 Patched: 3.3.3 Updated: June 30, 2026

LOW

business-directory-plugin

Score: 93/100 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter Affected: *-6.4.21 Patched: 6.4.22 Updated: June 30, 2026

LOW

display-during-conditional-shortcode

Score: 93/100 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

rentfetch

Score: N/A Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter Affected: *-0.32.6 Patched: 0.32.7 Updated: June 30, 2026

LOW

wp-ultimate-csv-importer

Score: N/A WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name Affected: *-7.37 Patched: 7.38 Updated: June 30, 2026

LOW

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Score: 61/100 Compress <= 6.60.28 - Missing Authorization Affected: *-6.60.28 Patched: 6.60.29 Updated: June 30, 2026

LOW

wp-all-export

Score: N/A WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling Affected: *-1.4.14 Patched: 1.4.15 Updated: June 30, 2026

LOW

woocommerce-ajax-filters

Score: N/A Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility Affected: *-3.1.9.6 Patched: 3.1.9.7 Updated: June 30, 2026

LOW

wolmart-core

Score: N/A Wolmart Core <= 1.9.6 - Unauthenticated SQL Injection Affected: *-1.9.6 Patched: 1.9.7 Updated: June 30, 2026

LOW

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Score: N/A Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters Affected: *-2.11.1 Patched: 2.11.2 Updated: June 30, 2026

LOW

simple-ajax-chat

Score: N/A Simple Ajax Chat <= 20251121 - Unauthenticated Information Exposure Affected: *-20251121 Patched: 20260217 Updated: June 30, 2026

LOW

panda-pods-repeater-field

Score: N/A Panda Pods Repeater Field <= 1.5.12 - Missing Authorization Affected: *-1.5.12 Patched: 1.5.13 Updated: June 30, 2026

LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 23.5 - Missing Authorization Affected: *-23.5 Patched: Updated: June 30, 2026

LOW

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Score: 76/100 Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026

LOW

court-reservation

Score: 89/100 Court Reservation – Manage Your Court Bookings Online < 1.10.9 - Cross-Site Request Forgery Affected: [*, 1.10.9) Patched: 1.10.9 Updated: June 30, 2026

LOW

bookster

Score: 93/100 Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' Affected: *-2.1.1 Patched: 2.2.0 Updated: June 30, 2026

LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification Affected: *-10.14.14 Patched: 10.14.15 Updated: June 30, 2026

LOW

applay-shortcodes

Score: 95/100 Applay - Shortcodes <= 3.7 - Authenticated (Contributor+) PHP Object Injection Affected: *-3.7 Patched: Updated: June 30, 2026

LOW

academy

Score: 97/100 Academy LMS <= 3.5.3 - Missing Authorization Affected: *-3.5.3 Patched: 3.5.4 Updated: June 30, 2026

LOW

wp-rss-aggregator

Score: N/A RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter Affected: *-5.0.10 Patched: 5.0.11 Updated: June 30, 2026

LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint Affected: *-4.2.8.4 Patched: 4.2.8.5 Updated: June 30, 2026

LOW

zarinpal-woocommerce-payment-gateway

Score: N/A Zarinpal Gateway for WooCommerce <= 5.0.16 - Improper Access Control to Payment Status Update Affected: *-5.0.16 Patched: 5.0.17 Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.50.2 Patched: 1.50.3 Updated: June 30, 2026

LOW

WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

wp-google-map-plugin

Score: 74/100 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion Affected: *-4.8.6 Patched: 4.8.7 Updated: June 30, 2026

LOW

revenue

Score: N/A WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Affected: *-2.1.3 Patched: 2.1.4 Updated: June 30, 2026

LOW

zero-bs-crm

Score: N/A Jetpack CRM <= 6.7.0 - Unauthenticated Local File Inclusion Affected: *-6.7.0 Patched: 6.7.1 Updated: June 30, 2026

LOW

woo-razorpay

Score: N/A Razorpay for WooCommerce <= 4.8.3 - Missing Authorization Affected: *-4.8.3 Patched: 4.8.4 Updated: June 30, 2026

LOW

turbo-manager

Score: N/A Turbo Manager < 4.0.8 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 4.0.8) Patched: 4.0.8 Updated: June 30, 2026

LOW

open-user-map

Score: N/A Open User Map <= 1.4.16 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-1.4.16 Patched: 1.4.17 Updated: June 30, 2026

LOW

modal-dialog

Score: 93/100 Modal Dialog <= 3.5.16 - Authenticated (Admin+) Remote Code Execution Affected: *-3.5.16 Patched: 3.5.17 Updated: June 30, 2026

LOW

medilink-core

Score: 93/100 Medilink-Core < 2.0.7 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 2.0.7) Patched: 2.0.7 Updated: June 30, 2026

LOW

link-whisper

Score: 93/100 Link Whisper Free <= 0.9.2 - Reflected Cross-Site Scripting Affected: *-0.9.2 Patched: 0.9.3 Updated: June 30, 2026

LOW

leadlovers-forms

Score: 91/100 leadlovers forms <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

geo-to-lat

Score: 93/100 Geo to Lat <= 1.0.19 - Authenticated (Contributor+) SQL Injection Affected: *-1.0.19 Patched: 1.1 Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic < 6.0.7.2 - Missing Authorization Affected: [*, 6.0.7.2) Patched: 6.0.7.2 Updated: June 30, 2026

LOW

collapsing-categories

Score: 93/100 Collapsing Categories <= 3.0.9 - Authenticated (Contributor+) SQL Injection Affected: *-3.0.9 Patched: 3.0.12 Updated: June 30, 2026

LOW

collapsing-archives

Score: 93/100 Collapsing Archives <= 3.0.7 - Authenticated (Contributor+) SQL Injection Affected: *-3.0.7 Patched: 3.0.8 Updated: June 30, 2026

LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 5.4.4.1 - Missing Authorization Affected: *-5.4.4.1 Patched: 5.4.4.2 Updated: June 30, 2026

LOW

banner-management-for-woocommerce

Score: 91/100 Woocommerce Category Banner Management <= 2.5.1 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.5.1 Patched: Updated: June 30, 2026

LOW

wp-simple-html-sitemap

Score: N/A Simple HTML Sitemap <= 3.8 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.8 Patched: Updated: June 30, 2026

LOW

Rich Showcase for Google Reviews

widget-google-reviews

Score: 87/100 Rich Showcase for Google Reviews <= 6.9.4.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-6.9.4.3 Patched: 6.9.4.4 Updated: June 30, 2026

LOW

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom <= 4.6.6 - Missing Authorization Affected: *-4.6.6 Patched: 4.6.7 Updated: June 30, 2026

LOW

unitechpay-paiements-mobile-money

Score: N/A UnitechPay <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

totalpoll-lite

Score: N/A Total Poll Lite <= 4.12.0 - Missing Authorization Affected: *-4.12.0 Patched: Updated: June 30, 2026

LOW

SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder

sureforms

Score: N/A SureForms <= 2.2.1 - Missing Authorization Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

sprout-invoices

Score: N/A Client Invoicing by Sprout Invoices <= 20.8.8 - Missing Authorization Affected: *-20.8.8 Patched: 20.8.9 Updated: June 30, 2026

LOW

mp3-music-player-by-sonaar

Score: N/A MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.11 - Unauthenticated Server-Side Request Forgery Affected: *-5.11 Patched: 5.12 Updated: June 30, 2026

LOW

leaflet-map

Score: 93/100 Leaflet Map <= 3.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.4 Patched: 3.4.5 Updated: June 30, 2026

LOW

igms-direct-booking

Score: 91/100 iGMS Direct Booking <= 1.3 - Missing Authorization Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

icon-list-block

Score: 93/100 Icon List Block <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

hydra-booking

Score: 93/100 Hydra Booking <= 1.1.38 - Authenticated (Hydra host+) Stored Cross-Site Scripting Affected: *-1.1.38 Patched: 1.1.39 Updated: June 30, 2026

LOW

global-payments-woocommerce

Score: 93/100 GlobalPayments WooCommerce <= 1.18.3 - Unauthenticated Server-Side Request Forgery Affected: *-1.18.3 Patched: 1.18.4 Updated: June 30, 2026

LOW

free-php-version-info

Score: 93/100 WPLifeCycle <= 3.3.1 - Missing Authorization Affected: *-3.3.1 Patched: 4.0 Updated: June 30, 2026

LOW

Gallery by FooGallery

foogallery

Score: 82/100 FooGallery <= 3.1.11 - Missing Authorization Affected: *-3.1.11 Patched: 3.1.13 Updated: June 30, 2026

LOW

Gallery by FooGallery

foogallery

Score: 82/100 FooGallery <= 3.1.11 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.1.11 Patched: 3.1.13 Updated: June 30, 2026

Showing 2601 to 2700 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 05:20 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List