Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

89

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
mainwp-article-uploader-extension mainwp-article-uploader-extension
93
MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-4.0.2 4.0.3 June 30, 2026
mainwp-article-uploader-extension mainwp-article-uploader-extension
93
MainWP (Various extensions) - Cross-Site Request Forgery LOW *-4.0.2 4.0.3 June 30, 2026
mainwp-article-uploader-extension mainwp-article-uploader-extension
93
MainWP (Various extensions) - Missing Authorization to Arbitrary Page/Post Deletion LOW 4.0.2 4.0.3 June 30, 2026
location-weather location-weather
93
Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes LOW *-1.3.3 1.3.4 June 30, 2026
custom-404-pro custom-404-pro
91
Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery LOW *-3.7.1 3.7.2 June 30, 2026
boilerplate-extension boilerplate-extension
93
MainWP (Various extensions) - Cross-Site Request Forgery LOW *-4.1 4.1.1 June 30, 2026
boilerplate-extension boilerplate-extension
93
MainWP (Various extensions) - Missing Authorization to Arbitrary Page/Post Deletion LOW *-4.1 4.1.1 June 30, 2026
better-font-awesome better-font-awesome
93
Better Font Awesome <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes LOW *-2.0.3 2.0.4 June 30, 2026
yamaps yamaps N/A YaMaps <= 0.6.25 - Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.6.25 0.6.26 June 30, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-6.4 6.5 June 30, 2026
wp-fullcalendar wp-fullcalendar N/A WP FullCalendar <= 1.4.1 - Missing Authorization to Information Disclosure LOW *-1.4.1 1.5 June 30, 2026
wp-commentnavi wp-commentnavi N/A WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.12.1 1.12.2 June 30, 2026
wordpress-easy-paypal-payment-or-donation-accept-plugin wordpress-easy-paypal-payment-or-donation-accept-plugin N/A Easy Accept Payments for PayPal <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.9.9 4.9.10 June 30, 2026
widgetshortcode widgetshortcode N/A WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.3.5 June 30, 2026
widgets-on-pages widgets-on-pages N/A Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.0 1.7.0 June 30, 2026
widget-shortcode widget-shortcode N/A Widget Shortcode <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.3.5 June 30, 2026
utubevideo-gallery utubevideo-gallery N/A uTubeVideo Gallery <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.7 2.0.8 June 30, 2026
templatesnext-toolkit templatesnext-toolkit N/A TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.2.7 3.2.8 June 30, 2026
templatesnext-toolkit templatesnext-toolkit N/A TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.7 3.2.8 June 30, 2026
teachpress teachpress N/A teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting LOW *-8.1.8 8.1.9 June 30, 2026
simple-urls simple-urls N/A Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection LOW *-114 115 June 30, 2026
simple-urls simple-urls N/A Simple URLs <= 114 - Reflected Cross-Site Scripting LOW *-114 115 June 30, 2026
rich-table-of-content rich-table-of-content N/A Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.8 1.3.9 June 30, 2026
responsive-gallery-grid responsive-gallery-grid N/A Responsive Gallery Grid <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3.8 2.3.9 June 30, 2026
OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) oopspam-anti-spam N/A OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.35 1.1.36 June 30, 2026
meks-flexible-shortcodes meks-flexible-shortcodes
93
Meks Flexible Shortcodes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.4 1.3.5 June 30, 2026
mainwp-wordfence-extension mainwp-wordfence-extension
93
MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Plugin Settings Change LOW *-4.0.7 4.0.8 June 30, 2026
mainwp-wordfence-extension mainwp-wordfence-extension
93
MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.7 4.0.8 June 30, 2026
mainwp-updraftplus-extension mainwp-updraftplus-extension
93
MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.6 4.0.7 June 30, 2026
mainwp-staging-extension mainwp-staging-extension
93
MainWP Staging Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.3 4.0.4 June 30, 2026
mainwp-seo-extension mainwp-seo-extension
93
MainWP WordPress SEO Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.1 4.0.3 June 30, 2026
mainwp-rocket-extension mainwp-rocket-extension
93
MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Plugin Settings Change LOW *-4.0.3 4.0.4 June 30, 2026
mainwp-post-plus-extension mainwp-post-plus-extension
93
MainWP Post Plus Extension <= 4.0.3 - Missing Authorization to Arbitrary Page/Post Deletion LOW *-4.0.3 4.1.1 June 30, 2026
mainwp-post-dripper-extension mainwp-post-dripper-extension
93
MainWP Post Dripper Extension <= 4.0.4 - Missing Authorization to Arbitrary Page/Post Deletion LOW 4.0.4 4.0.5 June 30, 2026
mainwp-piwik-extension mainwp-piwik-extension
93
MainWP Matomo Extension <= 4.0.4 - Cross-Site Request Forgery LOW *-4.0.4 4.0.5 June 30, 2026
mainwp-page-speed-extension mainwp-page-speed-extension
93
MainWP Page Speed Extension <= 4.0.2 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.2 4.0.3 June 30, 2026
mainwp-maintenance-extension mainwp-maintenance-extension
93
MainWP Maintenance Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change LOW *-4.1.1 4.1.2 June 30, 2026
mainwp-ithemes-security-extension mainwp-ithemes-security-extension
93
MainWP iThemes Security Extension <= 4.1.1 - Missing Authorization to Arbitrary Plugin Activation LOW 4.1.1. 4.0.3 June 30, 2026
mainwp-google-analytics-extension mainwp-google-analytics-extension
93
MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection LOW *-4.0.4 4.0.5 June 30, 2026
mainwp-google-analytics-extension mainwp-google-analytics-extension
93
MainWP Google Analytics Extension <= 4.0.4 - Missing Authorization to Plugin Settings Change LOW *-4.0.4 4.0.5 June 30, 2026
mainwp-file-uploader-extension mainwp-file-uploader-extension
93
MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-4.1 4.1.1 June 30, 2026
mainwp-code-snippets-extension mainwp-code-snippets-extension
93
MainWP Code Snippets Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change LOW *-4.0.2 4.0.3 June 30, 2026
mainwp-clone-extension mainwp-clone-extension
93
MainWP Clone Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change LOW *-4.0.2 4.0.3 June 30, 2026
mainwp-buddy-extension mainwp-buddy-extension
93
MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.1 4.0.2 June 30, 2026
mainwp-broken-links-checker-extension mainwp-broken-links-checker-extension
87
MainWP Broken Link Checker <= 4.0 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0 June 30, 2026
mainwp-branding-extension mainwp-branding-extension
93
MainWP White Label Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change LOW *-4.1.1 4.1.2 June 30, 2026
kraken-image-optimizer kraken-image-optimizer
93
Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update LOW *-2.6.7 2.6.8 June 30, 2026
judgeme-product-reviews-woocommerce judgeme-product-reviews-woocommerce
93
Judge.me Product Reviews for WooCommerce <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.20 1.3.21 June 30, 2026
enable-media-replace enable-media-replace
93
Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload LOW *-4.0.1 4.0.2 June 30, 2026
customer-area customer-area
89
WP Customer Area <= 8.1.3 - Cross-Site Request Forgery LOW *-8.1.3 8.1.4 June 30, 2026
boilerplate-extension boilerplate-extension
93
MainWP Boilerplate Extension <= 4.1 - Missing Authorization to Plugin Settings Change LOW *-4.1 4.1.1 June 30, 2026
stream stream N/A Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure LOW *-3.9.1 3.9.2 June 30, 2026
simple-tooltips simple-tooltips N/A Simple Tooltips <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.3 2.1.4 June 30, 2026
pdf-generator-for-wp pdf-generator-for-wp N/A PDF Generator for Wordpress <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 1.1.2 June 30, 2026
mainwp-rocket-extension mainwp-rocket-extension
93
MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation LOW *-4.0.3 4.0.4 June 30, 2026
wp-private-content-plus wp-private-content-plus N/A WP Private Content Plus <= 3.4 - Authenticated(Admin+) Stored Cross-Site Scripting LOW *-3.4 3.5 June 30, 2026
yourchannel yourchannel N/A YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 June 30, 2026
yourchannel yourchannel N/A YourChannel <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'yrc_lang[Videos]' LOW *-1.2.1 1.2.2 June 30, 2026
wp-super-popup wp-super-popup N/A WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.2 June 30, 2026
wp-olivecart wp-olivecart N/A WP-OliveCart <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.3 June 30, 2026
wp-booklet wp-booklet N/A WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution LOW *-2.1.8 June 30, 2026
wp-better-emails wp-better-emails N/A WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.4 June 30, 2026
universal-star-rating universal-star-rating N/A Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery LOW *-2.1.0 June 30, 2026
superior-faq superior-faq N/A Superior FAQ <= 1.0.2 - Cross Site Request Forgery LOW *-1.0.2 June 30, 2026
stylist stylist N/A Extra Block Design, Style, CSS for ANY Gutenberg Blocks <= 0.2.6 - Cross-Site Request Forgery LOW *-0.2.6 0.2.7 June 30, 2026
Security Optimizer – The All-In-One Protection Plugin sg-security
83
SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection LOW *-1.3.0 1.3.1 June 30, 2026
no-api-amazon-affiliate no-api-amazon-affiliate N/A No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.2.2 4.4.0 June 30, 2026
mediamatic mediamatic
87
Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery LOW *-2.8.1 June 30, 2026
materialis-companion materialis-companion
93
Materialis Companion <= 1.3.39 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.39 1.3.40 June 30, 2026
map-multi-marker map-multi-marker
91
Map Multi Marker <= 3.2.1 - Reflected Cross-Site Scripting LOW *-3.2.1 June 30, 2026
magicform magicform
89
MagicForm <= 0.1 - Cross-Site Scripting LOW *-0.1 June 30, 2026
launchpad-by-obox launchpad-by-obox
89
Launchpad – Coming Soon & Maintenance Mode Plugin <= 1.0.13 - Authenticated (Administrator+) Cross-Site Scripting LOW *-1.0.13 June 30, 2026
ipblocklist ipblocklist
91
ipBlockList <= 1.0 - Cross Site Request Forgery LOW *-1.0 June 30, 2026
hover-image hover-image
91
Hover Image <= 1.4.1 - Cross-Site Request Forgery LOW *-1.4.1 June 30, 2026
happyforms happyforms
93
Happyforms <= 1.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks LOW *-1.21.1 1.22.0 June 30, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) google-analytics-for-wordpress
72
MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-8.12.0 8.12.1 June 30, 2026
google-analytics-dashboard-for-wp google-analytics-dashboard-for-wp
93
ExactMetrics <= 7.12.0 - Authenticated (Contributor+) Cross-Site Scripting LOW *-7.12.0 7.12.1 June 30, 2026
Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages freesoul-deactivate-plugins
79
Freesoul Deactivate Plugins <= 1.9.4.0 - Information Disclosure LOW *-1.9.4.0 1.9.4.1 June 30, 2026
eexamhall eexamhall
91
eExamhall <= 4.0 - Cross Site Request Forgery LOW *-4.0 June 30, 2026
dnui-delete-not-used-image-wordpress dnui-delete-not-used-image-wordpress
91
DNUI <= 2.8.1 - Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access LOW *-2.8.1 June 30, 2026
dashicons-cpt dashicons-cpt
91
Dashicons + Custom Post Types <= 1.0.2 - Missing Authorization LOW *-1.0.2 June 30, 2026
custom-404-pro custom-404-pro
91
Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection LOW *-3.7.0 3.7.1 June 30, 2026
crayon-syntax-highlighter crayon-syntax-highlighter
89
Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery LOW *-2.8.4 June 30, 2026
alfred-click-collect alfred-click-collect
95
alfred24 Click & Collect <= 1.1.7 - Authenticated (Administrator+) Stored Cross Site Scripting LOW *-1.1.7 June 30, 2026
acf-image-crop-add-on acf-image-crop-add-on
95
Advanced Custom Fields: Image Crop Add-on <= 1.4.12 - Improper Authorization LOW *-1.4.12 June 30, 2026
wpvr wpvr N/A WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-8.2.6 8.2.7 June 30, 2026
wp-blog-and-widgets wp-blog-and-widgets N/A WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3 2.3.1 June 30, 2026
tutor tutor N/A Tutor LMS <= 2.0.9 - Reflected Cross-Site Scripting LOW *-2.0.9 2.0.10 June 30, 2026
survey-maker survey-maker N/A Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection LOW *-3.1.1 3.1.2 June 30, 2026
simple-membership-wp-user-import simple-membership-wp-user-import N/A Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection LOW *-1.7 1.8 June 30, 2026
rafflepress rafflepress N/A Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.11.2 1.11.3 June 30, 2026
quick-event-manager quick-event-manager N/A Quick Event Manager <= 9.7.4 - Reflected Cross-Site Scripting LOW [*, 9.7.5) 9.7.5 June 30, 2026
paid-memberships-pro paid-memberships-pro N/A Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection LOW *-2.9.7 2.9.8 June 30, 2026
login-with-phone-number login-with-phone-number
93
Login with phone number <= 1.4.2 - Reflected Cross-Site Scripting LOW [*, 1.4.2) 1.4.2 June 30, 2026
leaflet-maps-marker leaflet-maps-marker
93
Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.12.6 3.12.7 June 30, 2026
jquery-t-countdown-widget jquery-t-countdown-widget
91
jQuery T(-) Countdown Widget <= 2.3.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde LOW *-2.3.23 2.3.24 June 30, 2026
html5-audio-player html5-audio-player
93
Html5 Audio Player <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.11 2.1.12 June 30, 2026
gamipress-button gamipress-button
93
GamiPress – Button <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.4 1.0.5 June 30, 2026
gamipress gamipress
93
GamiPress <= 2.5.0 - Cross-Site Request Forgery LOW *-2.5.0 2.5.1 June 30, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads < 3.1.0.4 - SQL Injection LOW *-3.1.0.3 3.1.0.4 June 30, 2026
LOW

mainwp-article-uploader-extension

mainwp-article-uploader-extension

Score: 93/100 MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-article-uploader-extension

mainwp-article-uploader-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-article-uploader-extension

mainwp-article-uploader-extension

Score: 93/100 MainWP (Various extensions) - Missing Authorization to Arbitrary Page/Post Deletion Affected: 4.0.2 Patched: 4.0.3 Updated: June 30, 2026
LOW

location-weather

location-weather

Score: 93/100 Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026
LOW

custom-404-pro

custom-404-pro

Score: 91/100 Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery Affected: *-3.7.1 Patched: 3.7.2 Updated: June 30, 2026
LOW

boilerplate-extension

boilerplate-extension

Score: 93/100 MainWP (Various extensions) - Cross-Site Request Forgery Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026
LOW

boilerplate-extension

boilerplate-extension

Score: 93/100 MainWP (Various extensions) - Missing Authorization to Arbitrary Page/Post Deletion Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026
LOW

better-font-awesome

better-font-awesome

Score: 93/100 Better Font Awesome <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026
LOW

yamaps

yamaps

Score: N/A YaMaps <= 0.6.25 - Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.6.25 Patched: 0.6.26 Updated: June 30, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-6.4 Patched: 6.5 Updated: June 30, 2026
LOW

wp-fullcalendar

wp-fullcalendar

Score: N/A WP FullCalendar <= 1.4.1 - Missing Authorization to Information Disclosure Affected: *-1.4.1 Patched: 1.5 Updated: June 30, 2026
LOW

wp-commentnavi

wp-commentnavi

Score: N/A WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.12.1 Patched: 1.12.2 Updated: June 30, 2026
LOW

wordpress-easy-paypal-payment-or-donation-accept-plugin

wordpress-easy-paypal-payment-or-donation-accept-plugin

Score: N/A Easy Accept Payments for PayPal <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.9.9 Patched: 4.9.10 Updated: June 30, 2026
LOW

widgetshortcode

widgetshortcode

Score: N/A WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.3.5 Patched: Updated: June 30, 2026
LOW

widgets-on-pages

widgets-on-pages

Score: N/A Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.7.0 Updated: June 30, 2026
LOW

widget-shortcode

widget-shortcode

Score: N/A Widget Shortcode <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.5 Patched: Updated: June 30, 2026
LOW

utubevideo-gallery

utubevideo-gallery

Score: N/A uTubeVideo Gallery <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.7 Patched: 2.0.8 Updated: June 30, 2026
LOW

templatesnext-toolkit

templatesnext-toolkit

Score: N/A TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.2.7 Patched: 3.2.8 Updated: June 30, 2026
LOW

templatesnext-toolkit

templatesnext-toolkit

Score: N/A TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.7 Patched: 3.2.8 Updated: June 30, 2026
LOW

teachpress

teachpress

Score: N/A teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-8.1.8 Patched: 8.1.9 Updated: June 30, 2026
LOW

simple-urls

simple-urls

Score: N/A Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection Affected: *-114 Patched: 115 Updated: June 30, 2026
LOW

simple-urls

simple-urls

Score: N/A Simple URLs <= 114 - Reflected Cross-Site Scripting Affected: *-114 Patched: 115 Updated: June 30, 2026
LOW

rich-table-of-content

rich-table-of-content

Score: N/A Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.8 Patched: 1.3.9 Updated: June 30, 2026
LOW

responsive-gallery-grid

responsive-gallery-grid

Score: N/A Responsive Gallery Grid <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.8 Patched: 2.3.9 Updated: June 30, 2026
LOW

meks-flexible-shortcodes

meks-flexible-shortcodes

Score: 93/100 Meks Flexible Shortcodes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026
LOW

mainwp-wordfence-extension

mainwp-wordfence-extension

Score: 93/100 MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Plugin Settings Change Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026
LOW

mainwp-wordfence-extension

mainwp-wordfence-extension

Score: 93/100 MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026
LOW

mainwp-updraftplus-extension

mainwp-updraftplus-extension

Score: 93/100 MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.6 Patched: 4.0.7 Updated: June 30, 2026
LOW

mainwp-staging-extension

mainwp-staging-extension

Score: 93/100 MainWP Staging Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.3 Patched: 4.0.4 Updated: June 30, 2026
LOW

mainwp-seo-extension

mainwp-seo-extension

Score: 93/100 MainWP WordPress SEO Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.1 Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-rocket-extension

mainwp-rocket-extension

Score: 93/100 MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Plugin Settings Change Affected: *-4.0.3 Patched: 4.0.4 Updated: June 30, 2026
LOW

mainwp-post-plus-extension

mainwp-post-plus-extension

Score: 93/100 MainWP Post Plus Extension <= 4.0.3 - Missing Authorization to Arbitrary Page/Post Deletion Affected: *-4.0.3 Patched: 4.1.1 Updated: June 30, 2026
LOW

mainwp-post-dripper-extension

mainwp-post-dripper-extension

Score: 93/100 MainWP Post Dripper Extension <= 4.0.4 - Missing Authorization to Arbitrary Page/Post Deletion Affected: 4.0.4 Patched: 4.0.5 Updated: June 30, 2026
LOW

mainwp-piwik-extension

mainwp-piwik-extension

Score: 93/100 MainWP Matomo Extension <= 4.0.4 - Cross-Site Request Forgery Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026
LOW

mainwp-page-speed-extension

mainwp-page-speed-extension

Score: 93/100 MainWP Page Speed Extension <= 4.0.2 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-maintenance-extension

mainwp-maintenance-extension

Score: 93/100 MainWP Maintenance Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026
LOW

mainwp-ithemes-security-extension

mainwp-ithemes-security-extension

Score: 93/100 MainWP iThemes Security Extension <= 4.1.1 - Missing Authorization to Arbitrary Plugin Activation Affected: 4.1.1. Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-google-analytics-extension

mainwp-google-analytics-extension

Score: 93/100 MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026
LOW

mainwp-google-analytics-extension

mainwp-google-analytics-extension

Score: 93/100 MainWP Google Analytics Extension <= 4.0.4 - Missing Authorization to Plugin Settings Change Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026
LOW

mainwp-file-uploader-extension

mainwp-file-uploader-extension

Score: 93/100 MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026
LOW

mainwp-code-snippets-extension

mainwp-code-snippets-extension

Score: 93/100 MainWP Code Snippets Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-clone-extension

mainwp-clone-extension

Score: 93/100 MainWP Clone Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026
LOW

mainwp-buddy-extension

mainwp-buddy-extension

Score: 93/100 MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026
LOW

mainwp-broken-links-checker-extension

mainwp-broken-links-checker-extension

Score: 87/100 MainWP Broken Link Checker <= 4.0 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0 Patched: Updated: June 30, 2026
LOW

mainwp-branding-extension

mainwp-branding-extension

Score: 93/100 MainWP White Label Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026
LOW

kraken-image-optimizer

kraken-image-optimizer

Score: 93/100 Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update Affected: *-2.6.7 Patched: 2.6.8 Updated: June 30, 2026
LOW

judgeme-product-reviews-woocommerce

judgeme-product-reviews-woocommerce

Score: 93/100 Judge.me Product Reviews for WooCommerce <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.20 Patched: 1.3.21 Updated: June 30, 2026
LOW

enable-media-replace

enable-media-replace

Score: 93/100 Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026
LOW

customer-area

customer-area

Score: 89/100 WP Customer Area <= 8.1.3 - Cross-Site Request Forgery Affected: *-8.1.3 Patched: 8.1.4 Updated: June 30, 2026
LOW

boilerplate-extension

boilerplate-extension

Score: 93/100 MainWP Boilerplate Extension <= 4.1 - Missing Authorization to Plugin Settings Change Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026
LOW

stream

stream

Score: N/A Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure Affected: *-3.9.1 Patched: 3.9.2 Updated: June 30, 2026
LOW

simple-tooltips

simple-tooltips

Score: N/A Simple Tooltips <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.3 Patched: 2.1.4 Updated: June 30, 2026
LOW

pdf-generator-for-wp

pdf-generator-for-wp

Score: N/A PDF Generator for Wordpress <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026
LOW

mainwp-rocket-extension

mainwp-rocket-extension

Score: 93/100 MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation Affected: *-4.0.3 Patched: 4.0.4 Updated: June 30, 2026
LOW

wp-private-content-plus

wp-private-content-plus

Score: N/A WP Private Content Plus <= 3.4 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: *-3.4 Patched: 3.5 Updated: June 30, 2026
LOW

yourchannel

yourchannel

Score: N/A YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026
LOW

yourchannel

yourchannel

Score: N/A YourChannel <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'yrc_lang[Videos]' Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026
LOW

wp-super-popup

wp-super-popup

Score: N/A WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 30, 2026
LOW

wp-olivecart

wp-olivecart

Score: N/A WP-OliveCart <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 30, 2026
LOW

wp-booklet

wp-booklet

Score: N/A WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution Affected: *-2.1.8 Patched: Updated: June 30, 2026
LOW

wp-better-emails

wp-better-emails

Score: N/A WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.4 Patched: Updated: June 30, 2026
LOW

universal-star-rating

universal-star-rating

Score: N/A Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: Updated: June 30, 2026
LOW

superior-faq

superior-faq

Score: N/A Superior FAQ <= 1.0.2 - Cross Site Request Forgery Affected: *-1.0.2 Patched: Updated: June 30, 2026
LOW

stylist

stylist

Score: N/A Extra Block Design, Style, CSS for ANY Gutenberg Blocks <= 0.2.6 - Cross-Site Request Forgery Affected: *-0.2.6 Patched: 0.2.7 Updated: June 30, 2026
LOW

no-api-amazon-affiliate

no-api-amazon-affiliate

Score: N/A No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.2.2 Patched: 4.4.0 Updated: June 30, 2026
LOW

mediamatic

mediamatic

Score: 87/100 Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery Affected: *-2.8.1 Patched: Updated: June 30, 2026
LOW

materialis-companion

materialis-companion

Score: 93/100 Materialis Companion <= 1.3.39 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.39 Patched: 1.3.40 Updated: June 30, 2026
LOW

map-multi-marker

map-multi-marker

Score: 91/100 Map Multi Marker <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: Updated: June 30, 2026
LOW

magicform

magicform

Score: 89/100 MagicForm <= 0.1 - Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 30, 2026
LOW

launchpad-by-obox

launchpad-by-obox

Score: 89/100 Launchpad – Coming Soon & Maintenance Mode Plugin <= 1.0.13 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.0.13 Patched: Updated: June 30, 2026
LOW

ipblocklist

ipblocklist

Score: 91/100 ipBlockList <= 1.0 - Cross Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026
LOW

hover-image

hover-image

Score: 91/100 Hover Image <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: Updated: June 30, 2026
LOW

happyforms

happyforms

Score: 93/100 Happyforms <= 1.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks Affected: *-1.21.1 Patched: 1.22.0 Updated: June 30, 2026
LOW

google-analytics-dashboard-for-wp

google-analytics-dashboard-for-wp

Score: 93/100 ExactMetrics <= 7.12.0 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-7.12.0 Patched: 7.12.1 Updated: June 30, 2026
LOW

eexamhall

eexamhall

Score: 91/100 eExamhall <= 4.0 - Cross Site Request Forgery Affected: *-4.0 Patched: Updated: June 30, 2026
LOW

dnui-delete-not-used-image-wordpress

dnui-delete-not-used-image-wordpress

Score: 91/100 DNUI <= 2.8.1 - Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access Affected: *-2.8.1 Patched: Updated: June 30, 2026
LOW

dashicons-cpt

dashicons-cpt

Score: 91/100 Dashicons + Custom Post Types <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: June 30, 2026
LOW

custom-404-pro

custom-404-pro

Score: 91/100 Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection Affected: *-3.7.0 Patched: 3.7.1 Updated: June 30, 2026
LOW

crayon-syntax-highlighter

crayon-syntax-highlighter

Score: 89/100 Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery Affected: *-2.8.4 Patched: Updated: June 30, 2026
LOW

alfred-click-collect

alfred-click-collect

Score: 95/100 alfred24 Click & Collect <= 1.1.7 - Authenticated (Administrator+) Stored Cross Site Scripting Affected: *-1.1.7 Patched: Updated: June 30, 2026
LOW

acf-image-crop-add-on

acf-image-crop-add-on

Score: 95/100 Advanced Custom Fields: Image Crop Add-on <= 1.4.12 - Improper Authorization Affected: *-1.4.12 Patched: Updated: June 30, 2026
LOW

wpvr

wpvr

Score: N/A WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-8.2.6 Patched: 8.2.7 Updated: June 30, 2026
LOW

wp-blog-and-widgets

wp-blog-and-widgets

Score: N/A WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3 Patched: 2.3.1 Updated: June 30, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 2.0.9 - Reflected Cross-Site Scripting Affected: *-2.0.9 Patched: 2.0.10 Updated: June 30, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.1.1 Patched: 3.1.2 Updated: June 30, 2026
LOW

simple-membership-wp-user-import

simple-membership-wp-user-import

Score: N/A Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection Affected: *-1.7 Patched: 1.8 Updated: June 30, 2026
LOW

rafflepress

rafflepress

Score: N/A Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.11.2 Patched: 1.11.3 Updated: June 30, 2026
LOW

quick-event-manager

quick-event-manager

Score: N/A Quick Event Manager <= 9.7.4 - Reflected Cross-Site Scripting Affected: [*, 9.7.5) Patched: 9.7.5 Updated: June 30, 2026
LOW

paid-memberships-pro

paid-memberships-pro

Score: N/A Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection Affected: *-2.9.7 Patched: 2.9.8 Updated: June 30, 2026
LOW

login-with-phone-number

login-with-phone-number

Score: 93/100 Login with phone number <= 1.4.2 - Reflected Cross-Site Scripting Affected: [*, 1.4.2) Patched: 1.4.2 Updated: June 30, 2026
LOW

leaflet-maps-marker

leaflet-maps-marker

Score: 93/100 Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.12.6 Patched: 3.12.7 Updated: June 30, 2026
LOW

jquery-t-countdown-widget

jquery-t-countdown-widget

Score: 91/100 jQuery T(-) Countdown Widget <= 2.3.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde Affected: *-2.3.23 Patched: 2.3.24 Updated: June 30, 2026
LOW

html5-audio-player

html5-audio-player

Score: 93/100 Html5 Audio Player <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.11 Patched: 2.1.12 Updated: June 30, 2026
LOW

gamipress-button

gamipress-button

Score: 93/100 GamiPress – Button <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.4 Patched: 1.0.5 Updated: June 30, 2026
LOW

gamipress

gamipress

Score: 93/100 GamiPress <= 2.5.0 - Cross-Site Request Forgery Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026

Showing 26901 to 27000 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 23:43 UTC.