Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

82

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
anual-archive anual-archive
95
Annual Archive <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.5 1.6.0 July 1, 2026
youtube-channel youtube-channel N/A YouTube Channel < 3.0.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.0.12.1 3.23.0 July 1, 2026
wpfunnels wpfunnels N/A WPFunnels <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde LOW *-2.6.8 2.6.9 July 1, 2026
wp-show-posts wp-show-posts N/A WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 1, 2026
wordprezi wordprezi N/A WordPrezi <= 0.8.2 - Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode LOW *-0.8.2 0.9 July 1, 2026
woocommerce-products-filter woocommerce-products-filter N/A HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection LOW *-1.3.1 1.3.2 July 1, 2026
wd-google-maps wd-google-maps N/A 10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection LOW *-1.0.72 1.0.73 July 1, 2026
wc-vendors wc-vendors N/A WC Vendors Marketplace <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode LOW *-2.4.4 2.4.5 July 1, 2026
vimeo-video-autoplay-automute vimeo-video-autoplay-automute N/A Vimeo Video Autoplay Automute <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0 July 1, 2026
send-pdf-for-contact-form-7 send-pdf-for-contact-form-7 N/A Send PDF for Contact Form 7 <= 0.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.9.9.1 0.9.9.2 July 1, 2026
responsivevoice-text-to-speech responsivevoice-text-to-speech N/A ResponsiveVoice Text To Speech <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.7.6 1.7.7 July 1, 2026
naver-map naver-map
91
Naver Map <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.0 July 1, 2026
hide_my_wp hide_my_wp
91
Hide My WP < 6.2.9 - Unauthenticated SQL Injection LOW [*, 6.2.9) 6.2.9 July 1, 2026
gamipress-vimeo-integration gamipress-vimeo-integration
93
GamiPress – Vimeo integration <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.8 1.0.9 July 1, 2026
gallery-factory-lite gallery-factory-lite
91
Gallery Factory Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.0 July 1, 2026
flexible-captcha flexible-captcha
91
Flexible Captcha <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.1 July 1, 2026
ean-for-woocommerce ean-for-woocommerce
93
EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode LOW *-4.4.2 4.4.3 July 1, 2026
cloak-front-end-email cloak-front-end-email
93
Cloak Front End Email <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.9.1 1.9.2 July 1, 2026
breadcrumb breadcrumb
93
Breadcrumb <= 1.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.32 1.5.33 July 1, 2026
yourchannel yourchannel N/A YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode LOW *-1.2.2 1.2.3 July 1, 2026
wp-showhide wp-showhide N/A WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.04 1.05 July 1, 2026
user-meta-manager user-meta-manager N/A User Meta Manager <= 3.4.9 - Cross Site Request Forgery LOW *-3.4.8 July 1, 2026
strong-testimonials strong-testimonials N/A Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.0.2 3.0.3 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Import LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation LOW *-1.3.59 1.3.60 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import LOW *-1.3.59 1.3.60 July 1, 2026
pdfjs-viewer-shortcode pdfjs-viewer-shortcode N/A PDF.js Viewer <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.7 2.1.8 July 1, 2026
password-protect-page password-protect-page N/A PPWP – WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.8.5 1.8.6 July 1, 2026
page-views-count page-views-count N/A Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.0 2.6.1 July 1, 2026
mega_main_menu mega_main_menu
89
Mega Main Menu <= 2.2.2 - Information Disclosure LOW *-2.2.2 July 1, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.7.9 3.8.0 July 1, 2026
easy-testimonials easy-testimonials
89
Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.9.2 3.9.3 July 1, 2026
clean-login clean-login
93
Clean Login <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.13.6 1.13.7 July 1, 2026
dsp_dating dsp_dating
93
WPDating <= 7.4.1 - Arbitrary File Upload LOW *-7.4.1 7.4.2 July 1, 2026
exclusive-addons-for-elementor exclusive-addons-for-elementor
93
Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery LOW *-2.6.1 2.6.2 July 1, 2026
wp-social-widget wp-social-widget N/A WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.2.3 2.2.4 July 1, 2026
Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs wp-expand-tabs-free
91
WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.16 2.1.17 July 1, 2026
post-list-designer post-list-designer N/A Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode LOW *-3.1 3.2 July 1, 2026
post-carousel post-carousel N/A Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.4.18 2.4.19 July 1, 2026
miniorange-saml-20-single-sign-on miniorange-saml-20-single-sign-on
93
SAML Single Sign On – SSO Login Premium Multisite < 20.0.7 - Open Redirect LOW [16, 16.0.8), [12, 12.1.0), [20, 20.0.7) 16.0.8 July 1, 2026
cpo-companion cpo-companion
91
CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.4 1.1.0 July 1, 2026
contentstudio contentstudio
93
ContentStudio <= 1.2.5 - Missing Authorization LOW *-1.2.5 1.2.6 July 1, 2026
blog-designer-pack blog-designer-pack
93
News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode LOW *-3.2 3.3 July 1, 2026
Widgets for Google Reviews wp-reviews-plugin-for-google
92
Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS LOW *-9.7.1 9.8 July 1, 2026
wp-extended-search wp-extended-search N/A WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.1 2.1.2 July 1, 2026
social-warfare social-warfare N/A Social Warfare <= 4.3.0 - Missing Authorization LOW *-4.3.0 4.3.1 July 1, 2026
social-warfare social-warfare N/A Social Warfare <= 4.3.1 - Cross-Site Request Forgery LOW *-4.3.1 4.4.0 July 1, 2026
simple-file-downloader simple-file-downloader N/A Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.4 July 1, 2026
pmpro-register-helper pmpro-register-helper N/A Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.8 1.8.1 July 1, 2026
cpo-companion cpo-companion
91
CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.4 1.1.0 July 1, 2026
contextual-related-posts contextual-related-posts
93
Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute LOW *-3.3.0 3.3.1 July 1, 2026
cc-child-pages cc-child-pages
93
CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.42 1.43 July 1, 2026
youtube-channel-gallery youtube-channel-gallery N/A Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.4 July 1, 2026
youtube-channel youtube-channel N/A My YouTube Channel <= 3.0.12.1 - Missing Authorization LOW *-3.0.12.1 3.23.0 July 1, 2026
youtube-channel youtube-channel N/A My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.12.1 3.23.0 July 1, 2026
wp-rss-retriever wp-rss-retriever N/A WordPress RSS Feed Retriever <= 1.6.7 - Cross-Site Request Forgery LOW *-1.6.7 1.6.8 July 1, 2026
wp-rss-retriever wp-rss-retriever N/A WordPress RSS Feed Retriever <= 1.6.7 - Missing Authorization LOW *-1.6.7 1.6.8 July 1, 2026
wp-meta-data-filter-and-taxonomy-filter wp-meta-data-filter-and-taxonomy-filter N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.0.1 1.3.1 July 1, 2026
woocommerce-gateway-eway woocommerce-gateway-eway N/A WooCommerce Eway Gateway <= 3.5.0 - Insecure Direct Object Reference LOW *-3.5.0 3.5.1 July 1, 2026
woocommerce-chained-products woocommerce-chained-products N/A WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update LOW [*, 2.12.0) 2.12.0 July 1, 2026
woo-product-slider-and-carousel-with-category woo-product-slider-and-carousel-with-category N/A Product Slider and Carousel with Category for WooCommerce <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.7.1 2.8 July 1, 2026
videojs-html5-video-player-for-wordpress videojs-html5-video-player-for-wordpress N/A Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.5.0 July 1, 2026
video-sidebar-widgets video-sidebar-widgets N/A Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.1 July 1, 2026
twitter-cards-meta twitter-cards-meta N/A Twitter Cards Meta <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.1 July 1, 2026
tweet-old-post tweet-old-post N/A Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection LOW *-9.0.10 9.0.11 July 1, 2026
themify-shortcodes themify-shortcodes N/A Themify Shortcodes <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.7 2.0.8 July 1, 2026
social-sharing-toolkit social-sharing-toolkit N/A Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.6 July 1, 2026
show-hidecollapse-expand show-hidecollapse-expand N/A Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.5 1.3.0 July 1, 2026
show-hidecollapse-expand show-hidecollapse-expand N/A Show-Hide / Collapse-Expand <= 1.2.6 - Missing Authorization LOW *-1.2.6 1.3.0 July 1, 2026
post-category-image-with-grid-and-slider post-category-image-with-grid-and-slider N/A Post Category Image With Grid and Slider <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.4.7 1.4.8 July 1, 2026
my-tickets my-tickets
93
My Tickets <= 1.9.10 - Cross-Site Request Forgery LOW *-1.9.10 1.9.11 July 1, 2026
menu-ordering-reservations menu-ordering-reservations
93
Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting LOW *-2.3.5 2.3.6 July 1, 2026
membership-for-woocommerce membership-for-woocommerce
93
Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload LOW *-2.1.6 2.1.7 July 1, 2026
logaster-logo-generator logaster-logo-generator
89
Logaster Logo Generator <= 1.3 - Missing Authorization to Arbitrary Media Deletion and Creation LOW *-1.3 July 1, 2026
logaster-logo-generator logaster-logo-generator
89
Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery to Arbitrary Media Deletion and Creation LOW *-1.3 July 1, 2026
list-pages-shortcode list-pages-shortcode
93
List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.7.5 1.7.6 July 1, 2026
lightbox-gallery lightbox-gallery
93
Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.9.4 0.9.5 July 1, 2026
jetwidgets-for-elementor jetwidgets-for-elementor
93
JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update LOW *-1.0.12 1.0.13 July 1, 2026
gigpress gigpress
91
GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3.27 2.3.28 July 1, 2026
fl3r-feelbox fl3r-feelbox
87
FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset LOW *-8.1 July 1, 2026
fl3r-feelbox fl3r-feelbox
87
FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting LOW *-8.1 July 1, 2026
feedzy-rss-feeds feedzy-rss-feeds
93
RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.1.0 4.1.1 July 1, 2026
easy-pricing-tables easy-pricing-tables
93
Easy Pricing Tables <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.2.2 3.2.3 July 1, 2026
dirtysuds-embed-pdf dirtysuds-embed-pdf
91
Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.6 July 1, 2026
blog-designer-for-post-and-widget blog-designer-for-post-and-widget
93
Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3 2.4 July 1, 2026
aawp aawp
97
Amazon Affiliate <= 3.12.2 - Reflected File Download LOW *-3.12.2 3.12.3 July 1, 2026
wp-analytify wp-analytify N/A Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery LOW *-4.2.3 4.3.0 July 1, 2026
survey-maker survey-maker N/A Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting LOW *-3.1.3 3.1.4 July 1, 2026
simple-sitemap simple-sitemap N/A Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.5.7 3.5.8 July 1, 2026
portfolio-elementor portfolio-elementor N/A Portfolio for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3 2.3.1 July 1, 2026
pixcodes pixcodes N/A PixCodes <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3.6 2.3.7 July 1, 2026
pdf-viewer pdf-viewer N/A PDF Viewer <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.1 1.0.0 July 1, 2026
LOW

anual-archive

anual-archive

Score: 95/100 Annual Archive <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.5 Patched: 1.6.0 Updated: July 1, 2026
LOW

youtube-channel

youtube-channel

Score: N/A YouTube Channel < 3.0.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.12.1 Patched: 3.23.0 Updated: July 1, 2026
LOW

wpfunnels

wpfunnels

Score: N/A WPFunnels <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde Affected: *-2.6.8 Patched: 2.6.9 Updated: July 1, 2026
LOW

wp-show-posts

wp-show-posts

Score: N/A WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: July 1, 2026
LOW

wordprezi

wordprezi

Score: N/A WordPrezi <= 0.8.2 - Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode Affected: *-0.8.2 Patched: 0.9 Updated: July 1, 2026
LOW

woocommerce-products-filter

woocommerce-products-filter

Score: N/A HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

wd-google-maps

wd-google-maps

Score: N/A 10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection Affected: *-1.0.72 Patched: 1.0.73 Updated: July 1, 2026
LOW

wc-vendors

wc-vendors

Score: N/A WC Vendors Marketplace <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode Affected: *-2.4.4 Patched: 2.4.5 Updated: July 1, 2026
LOW

vimeo-video-autoplay-automute

vimeo-video-autoplay-automute

Score: N/A Vimeo Video Autoplay Automute <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

send-pdf-for-contact-form-7

send-pdf-for-contact-form-7

Score: N/A Send PDF for Contact Form 7 <= 0.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.9.9.1 Patched: 0.9.9.2 Updated: July 1, 2026
LOW

responsivevoice-text-to-speech

responsivevoice-text-to-speech

Score: N/A ResponsiveVoice Text To Speech <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7.6 Patched: 1.7.7 Updated: July 1, 2026
LOW

naver-map

naver-map

Score: 91/100 Naver Map <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

hide_my_wp

hide_my_wp

Score: 91/100 Hide My WP < 6.2.9 - Unauthenticated SQL Injection Affected: [*, 6.2.9) Patched: 6.2.9 Updated: July 1, 2026
LOW

gamipress-vimeo-integration

gamipress-vimeo-integration

Score: 93/100 GamiPress – Vimeo integration <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.8 Patched: 1.0.9 Updated: July 1, 2026
LOW

gallery-factory-lite

gallery-factory-lite

Score: 91/100 Gallery Factory Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

flexible-captcha

flexible-captcha

Score: 91/100 Flexible Captcha <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.1 Patched: Updated: July 1, 2026
LOW

ean-for-woocommerce

ean-for-woocommerce

Score: 93/100 EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode Affected: *-4.4.2 Patched: 4.4.3 Updated: July 1, 2026
LOW

cloak-front-end-email

cloak-front-end-email

Score: 93/100 Cloak Front End Email <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.9.1 Patched: 1.9.2 Updated: July 1, 2026
LOW

breadcrumb

breadcrumb

Score: 93/100 Breadcrumb <= 1.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.32 Patched: 1.5.33 Updated: July 1, 2026
LOW

yourchannel

yourchannel

Score: N/A YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode Affected: *-1.2.2 Patched: 1.2.3 Updated: July 1, 2026
LOW

wp-showhide

wp-showhide

Score: N/A WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.04 Patched: 1.05 Updated: July 1, 2026
LOW

user-meta-manager

user-meta-manager

Score: N/A User Meta Manager <= 3.4.9 - Cross Site Request Forgery Affected: *-3.4.8 Patched: Updated: July 1, 2026
LOW

strong-testimonials

strong-testimonials

Score: N/A Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.2 Patched: 3.0.3 Updated: July 1, 2026
LOW

pdfjs-viewer-shortcode

pdfjs-viewer-shortcode

Score: N/A PDF.js Viewer <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.7 Patched: 2.1.8 Updated: July 1, 2026
LOW

password-protect-page

password-protect-page

Score: N/A PPWP – WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8.5 Patched: 1.8.6 Updated: July 1, 2026
LOW

page-views-count

page-views-count

Score: N/A Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: 2.6.1 Updated: July 1, 2026
LOW

mega_main_menu

mega_main_menu

Score: 89/100 Mega Main Menu <= 2.2.2 - Information Disclosure Affected: *-2.2.2 Patched: Updated: July 1, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.7.9 Patched: 3.8.0 Updated: July 1, 2026
LOW

easy-testimonials

easy-testimonials

Score: 89/100 Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.9.2 Patched: 3.9.3 Updated: July 1, 2026
LOW

clean-login

clean-login

Score: 93/100 Clean Login <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.13.6 Patched: 1.13.7 Updated: July 1, 2026
LOW

dsp_dating

dsp_dating

Score: 93/100 WPDating <= 7.4.1 - Arbitrary File Upload Affected: *-7.4.1 Patched: 7.4.2 Updated: July 1, 2026
LOW

exclusive-addons-for-elementor

exclusive-addons-for-elementor

Score: 93/100 Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery Affected: *-2.6.1 Patched: 2.6.2 Updated: July 1, 2026
LOW

wp-social-widget

wp-social-widget

Score: N/A WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.2.3 Patched: 2.2.4 Updated: July 1, 2026
LOW

post-list-designer

post-list-designer

Score: N/A Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode Affected: *-3.1 Patched: 3.2 Updated: July 1, 2026
LOW

post-carousel

post-carousel

Score: N/A Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.4.18 Patched: 2.4.19 Updated: July 1, 2026
LOW

miniorange-saml-20-single-sign-on

miniorange-saml-20-single-sign-on

Score: 93/100 SAML Single Sign On – SSO Login Premium Multisite < 20.0.7 - Open Redirect Affected: [16, 16.0.8), [12, 12.1.0), [20, 20.0.7) Patched: 16.0.8 Updated: July 1, 2026
LOW

cpo-companion

cpo-companion

Score: 91/100 CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.4 Patched: 1.1.0 Updated: July 1, 2026
LOW

contentstudio

contentstudio

Score: 93/100 ContentStudio <= 1.2.5 - Missing Authorization Affected: *-1.2.5 Patched: 1.2.6 Updated: July 1, 2026
LOW

blog-designer-pack

blog-designer-pack

Score: 93/100 News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode Affected: *-3.2 Patched: 3.3 Updated: July 1, 2026
LOW

Widgets for Google Reviews

wp-reviews-plugin-for-google

Score: 92/100 Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS Affected: *-9.7.1 Patched: 9.8 Updated: July 1, 2026
LOW

wp-extended-search

wp-extended-search

Score: N/A WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.1 Patched: 2.1.2 Updated: July 1, 2026
LOW

social-warfare

social-warfare

Score: N/A Social Warfare <= 4.3.0 - Missing Authorization Affected: *-4.3.0 Patched: 4.3.1 Updated: July 1, 2026
LOW

social-warfare

social-warfare

Score: N/A Social Warfare <= 4.3.1 - Cross-Site Request Forgery Affected: *-4.3.1 Patched: 4.4.0 Updated: July 1, 2026
LOW

simple-file-downloader

simple-file-downloader

Score: N/A Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

pmpro-register-helper

pmpro-register-helper

Score: N/A Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8 Patched: 1.8.1 Updated: July 1, 2026
LOW

cpo-companion

cpo-companion

Score: 91/100 CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.1.0 Updated: July 1, 2026
LOW

contextual-related-posts

contextual-related-posts

Score: 93/100 Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute Affected: *-3.3.0 Patched: 3.3.1 Updated: July 1, 2026
LOW

cc-child-pages

cc-child-pages

Score: 93/100 CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.42 Patched: 1.43 Updated: July 1, 2026
LOW

youtube-channel-gallery

youtube-channel-gallery

Score: N/A Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.4 Patched: Updated: July 1, 2026
LOW

youtube-channel

youtube-channel

Score: N/A My YouTube Channel <= 3.0.12.1 - Missing Authorization Affected: *-3.0.12.1 Patched: 3.23.0 Updated: July 1, 2026
LOW

youtube-channel

youtube-channel

Score: N/A My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.12.1 Patched: 3.23.0 Updated: July 1, 2026
LOW

wp-rss-retriever

wp-rss-retriever

Score: N/A WordPress RSS Feed Retriever <= 1.6.7 - Cross-Site Request Forgery Affected: *-1.6.7 Patched: 1.6.8 Updated: July 1, 2026
LOW

wp-rss-retriever

wp-rss-retriever

Score: N/A WordPress RSS Feed Retriever <= 1.6.7 - Missing Authorization Affected: *-1.6.7 Patched: 1.6.8 Updated: July 1, 2026
LOW

wp-meta-data-filter-and-taxonomy-filter

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.0.1 Patched: 1.3.1 Updated: July 1, 2026
LOW

woocommerce-gateway-eway

woocommerce-gateway-eway

Score: N/A WooCommerce Eway Gateway <= 3.5.0 - Insecure Direct Object Reference Affected: *-3.5.0 Patched: 3.5.1 Updated: July 1, 2026
LOW

woocommerce-chained-products

woocommerce-chained-products

Score: N/A WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update Affected: [*, 2.12.0) Patched: 2.12.0 Updated: July 1, 2026
LOW

woo-product-slider-and-carousel-with-category

woo-product-slider-and-carousel-with-category

Score: N/A Product Slider and Carousel with Category for WooCommerce <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.7.1 Patched: 2.8 Updated: July 1, 2026
LOW

videojs-html5-video-player-for-wordpress

videojs-html5-video-player-for-wordpress

Score: N/A Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.5.0 Patched: Updated: July 1, 2026
LOW

video-sidebar-widgets

video-sidebar-widgets

Score: N/A Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.1 Patched: Updated: July 1, 2026
LOW

twitter-cards-meta

twitter-cards-meta

Score: N/A Twitter Cards Meta <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.1 Patched: Updated: July 1, 2026
LOW

tweet-old-post

tweet-old-post

Score: N/A Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection Affected: *-9.0.10 Patched: 9.0.11 Updated: July 1, 2026
LOW

themify-shortcodes

themify-shortcodes

Score: N/A Themify Shortcodes <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.7 Patched: 2.0.8 Updated: July 1, 2026
LOW

social-sharing-toolkit

social-sharing-toolkit

Score: N/A Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.6 Patched: Updated: July 1, 2026
LOW

show-hidecollapse-expand

show-hidecollapse-expand

Score: N/A Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.5 Patched: 1.3.0 Updated: July 1, 2026
LOW

show-hidecollapse-expand

show-hidecollapse-expand

Score: N/A Show-Hide / Collapse-Expand <= 1.2.6 - Missing Authorization Affected: *-1.2.6 Patched: 1.3.0 Updated: July 1, 2026
LOW

post-category-image-with-grid-and-slider

post-category-image-with-grid-and-slider

Score: N/A Post Category Image With Grid and Slider <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.4.7 Patched: 1.4.8 Updated: July 1, 2026
LOW

my-tickets

my-tickets

Score: 93/100 My Tickets <= 1.9.10 - Cross-Site Request Forgery Affected: *-1.9.10 Patched: 1.9.11 Updated: July 1, 2026
LOW

menu-ordering-reservations

menu-ordering-reservations

Score: 93/100 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-2.3.5 Patched: 2.3.6 Updated: July 1, 2026
LOW

membership-for-woocommerce

membership-for-woocommerce

Score: 93/100 Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload Affected: *-2.1.6 Patched: 2.1.7 Updated: July 1, 2026
LOW

logaster-logo-generator

logaster-logo-generator

Score: 89/100 Logaster Logo Generator <= 1.3 - Missing Authorization to Arbitrary Media Deletion and Creation Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

logaster-logo-generator

logaster-logo-generator

Score: 89/100 Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery to Arbitrary Media Deletion and Creation Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

list-pages-shortcode

list-pages-shortcode

Score: 93/100 List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7.5 Patched: 1.7.6 Updated: July 1, 2026
LOW

lightbox-gallery

lightbox-gallery

Score: 93/100 Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.9.4 Patched: 0.9.5 Updated: July 1, 2026
LOW

jetwidgets-for-elementor

jetwidgets-for-elementor

Score: 93/100 JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.12 Patched: 1.0.13 Updated: July 1, 2026
LOW

gigpress

gigpress

Score: 91/100 GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.27 Patched: 2.3.28 Updated: July 1, 2026
LOW

fl3r-feelbox

fl3r-feelbox

Score: 87/100 FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset Affected: *-8.1 Patched: Updated: July 1, 2026
LOW

fl3r-feelbox

fl3r-feelbox

Score: 87/100 FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting Affected: *-8.1 Patched: Updated: July 1, 2026
LOW

feedzy-rss-feeds

feedzy-rss-feeds

Score: 93/100 RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.1.0 Patched: 4.1.1 Updated: July 1, 2026
LOW

easy-pricing-tables

easy-pricing-tables

Score: 93/100 Easy Pricing Tables <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.2.2 Patched: 3.2.3 Updated: July 1, 2026
LOW

dirtysuds-embed-pdf

dirtysuds-embed-pdf

Score: 91/100 Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.6 Patched: Updated: July 1, 2026
LOW

blog-designer-for-post-and-widget

blog-designer-for-post-and-widget

Score: 93/100 Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3 Patched: 2.4 Updated: July 1, 2026
LOW

aawp

aawp

Score: 97/100 Amazon Affiliate <= 3.12.2 - Reflected File Download Affected: *-3.12.2 Patched: 3.12.3 Updated: July 1, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery Affected: *-4.2.3 Patched: 4.3.0 Updated: July 1, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: July 1, 2026
LOW

simple-sitemap

simple-sitemap

Score: N/A Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.5.7 Patched: 3.5.8 Updated: July 1, 2026
LOW

portfolio-elementor

portfolio-elementor

Score: N/A Portfolio for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3 Patched: 2.3.1 Updated: July 1, 2026
LOW

pixcodes

pixcodes

Score: N/A PixCodes <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.6 Patched: 2.3.7 Updated: July 1, 2026
LOW

pdf-viewer

pdf-viewer

Score: N/A PDF Viewer <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.1 Patched: 1.0.0 Updated: July 1, 2026

Showing 27001 to 27100 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 00:56 UTC.