Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36319Across tracked plugins
Affected Plugins
82With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| anual-archive | anual-archive |
95
|
Annual Archive <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.5.5 | 1.6.0 | July 1, 2026 | |
| youtube-channel | youtube-channel | N/A | YouTube Channel < 3.0.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.0.12.1 | 3.23.0 | July 1, 2026 | |
| wpfunnels | wpfunnels | N/A | WPFunnels <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde | LOW | *-2.6.8 | 2.6.9 | July 1, 2026 | |
| wp-show-posts | wp-show-posts | N/A | WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.3 | 1.1.4 | July 1, 2026 | |
| wordprezi | wordprezi | N/A | WordPrezi <= 0.8.2 - Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode | LOW | *-0.8.2 | 0.9 | July 1, 2026 | |
| woocommerce-products-filter | woocommerce-products-filter | N/A | HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection | LOW | *-1.3.1 | 1.3.2 | July 1, 2026 | |
| wd-google-maps | wd-google-maps | N/A | 10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection | LOW | *-1.0.72 | 1.0.73 | July 1, 2026 | |
| wc-vendors | wc-vendors | N/A | WC Vendors Marketplace <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode | LOW | *-2.4.4 | 2.4.5 | July 1, 2026 | |
| vimeo-video-autoplay-automute | vimeo-video-autoplay-automute | N/A | Vimeo Video Autoplay Automute <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0 | July 1, 2026 | ||
| send-pdf-for-contact-form-7 | send-pdf-for-contact-form-7 | N/A | Send PDF for Contact Form 7 <= 0.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-0.9.9.1 | 0.9.9.2 | July 1, 2026 | |
| responsivevoice-text-to-speech | responsivevoice-text-to-speech | N/A | ResponsiveVoice Text To Speech <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.7.6 | 1.7.7 | July 1, 2026 | |
| naver-map | naver-map |
91
|
Naver Map <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.1.0 | July 1, 2026 | ||
| hide_my_wp | hide_my_wp |
91
|
Hide My WP < 6.2.9 - Unauthenticated SQL Injection | LOW | [*, 6.2.9) | 6.2.9 | July 1, 2026 | |
| gamipress-vimeo-integration | gamipress-vimeo-integration |
93
|
GamiPress – Vimeo integration <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.8 | 1.0.9 | July 1, 2026 | |
| gallery-factory-lite | gallery-factory-lite |
91
|
Gallery Factory Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.0.0 | July 1, 2026 | ||
| flexible-captcha | flexible-captcha |
91
|
Flexible Captcha <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.1 | July 1, 2026 | ||
| ean-for-woocommerce | ean-for-woocommerce |
93
|
EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode | LOW | *-4.4.2 | 4.4.3 | July 1, 2026 | |
| cloak-front-end-email | cloak-front-end-email |
93
|
Cloak Front End Email <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.9.1 | 1.9.2 | July 1, 2026 | |
| breadcrumb | breadcrumb |
93
|
Breadcrumb <= 1.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5.32 | 1.5.33 | July 1, 2026 | |
| yourchannel | yourchannel | N/A | YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode | LOW | *-1.2.2 | 1.2.3 | July 1, 2026 | |
| wp-showhide | wp-showhide | N/A | WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.04 | 1.05 | July 1, 2026 | |
| user-meta-manager | user-meta-manager | N/A | User Meta Manager <= 3.4.9 - Cross Site Request Forgery | LOW | *-3.4.8 | July 1, 2026 | ||
| strong-testimonials | strong-testimonials | N/A | Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.0.2 | 3.0.3 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Import | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import | LOW | *-1.3.59 | 1.3.60 | July 1, 2026 | |
| pdfjs-viewer-shortcode | pdfjs-viewer-shortcode | N/A | PDF.js Viewer <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.1.7 | 2.1.8 | July 1, 2026 | |
| password-protect-page | password-protect-page | N/A | PPWP – WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.8.5 | 1.8.6 | July 1, 2026 | |
| page-views-count | page-views-count | N/A | Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.6.0 | 2.6.1 | July 1, 2026 | |
| mega_main_menu | mega_main_menu |
89
|
Mega Main Menu <= 2.2.2 - Information Disclosure | LOW | *-2.2.2 | July 1, 2026 | ||
| Event Booking Manager for WooCommerce | mage-eventpress |
82
|
Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.7.9 | 3.8.0 | July 1, 2026 | |
| easy-testimonials | easy-testimonials |
89
|
Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.9.2 | 3.9.3 | July 1, 2026 | |
| clean-login | clean-login |
93
|
Clean Login <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.13.6 | 1.13.7 | July 1, 2026 | |
| dsp_dating | dsp_dating |
93
|
WPDating <= 7.4.1 - Arbitrary File Upload | LOW | *-7.4.1 | 7.4.2 | July 1, 2026 | |
| exclusive-addons-for-elementor | exclusive-addons-for-elementor |
93
|
Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery | LOW | *-2.6.1 | 2.6.2 | July 1, 2026 | |
| wp-social-widget | wp-social-widget | N/A | WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.2.3 | 2.2.4 | July 1, 2026 | |
| Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs | wp-expand-tabs-free |
91
|
WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.1.16 | 2.1.17 | July 1, 2026 | |
| post-list-designer | post-list-designer | N/A | Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode | LOW | *-3.1 | 3.2 | July 1, 2026 | |
| post-carousel | post-carousel | N/A | Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.4.18 | 2.4.19 | July 1, 2026 | |
| miniorange-saml-20-single-sign-on | miniorange-saml-20-single-sign-on |
93
|
SAML Single Sign On – SSO Login Premium Multisite < 20.0.7 - Open Redirect | LOW | [16, 16.0.8), [12, 12.1.0), [20, 20.0.7) | 16.0.8 | July 1, 2026 | |
| cpo-companion | cpo-companion |
91
|
CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.4 | 1.1.0 | July 1, 2026 | |
| contentstudio | contentstudio |
93
|
ContentStudio <= 1.2.5 - Missing Authorization | LOW | *-1.2.5 | 1.2.6 | July 1, 2026 | |
| blog-designer-pack | blog-designer-pack |
93
|
News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode | LOW | *-3.2 | 3.3 | July 1, 2026 | |
| Widgets for Google Reviews | wp-reviews-plugin-for-google |
92
|
Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS | LOW | *-9.7.1 | 9.8 | July 1, 2026 | |
| wp-extended-search | wp-extended-search | N/A | WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.1.1 | 2.1.2 | July 1, 2026 | |
| social-warfare | social-warfare | N/A | Social Warfare <= 4.3.0 - Missing Authorization | LOW | *-4.3.0 | 4.3.1 | July 1, 2026 | |
| social-warfare | social-warfare | N/A | Social Warfare <= 4.3.1 - Cross-Site Request Forgery | LOW | *-4.3.1 | 4.4.0 | July 1, 2026 | |
| simple-file-downloader | simple-file-downloader | N/A | Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.4 | July 1, 2026 | ||
| pmpro-register-helper | pmpro-register-helper | N/A | Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.8 | 1.8.1 | July 1, 2026 | |
| cpo-companion | cpo-companion |
91
|
CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.0.4 | 1.1.0 | July 1, 2026 | |
| contextual-related-posts | contextual-related-posts |
93
|
Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute | LOW | *-3.3.0 | 3.3.1 | July 1, 2026 | |
| cc-child-pages | cc-child-pages |
93
|
CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.42 | 1.43 | July 1, 2026 | |
| youtube-channel-gallery | youtube-channel-gallery | N/A | Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.4 | July 1, 2026 | ||
| youtube-channel | youtube-channel | N/A | My YouTube Channel <= 3.0.12.1 - Missing Authorization | LOW | *-3.0.12.1 | 3.23.0 | July 1, 2026 | |
| youtube-channel | youtube-channel | N/A | My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.0.12.1 | 3.23.0 | July 1, 2026 | |
| wp-rss-retriever | wp-rss-retriever | N/A | WordPress RSS Feed Retriever <= 1.6.7 - Cross-Site Request Forgery | LOW | *-1.6.7 | 1.6.8 | July 1, 2026 | |
| wp-rss-retriever | wp-rss-retriever | N/A | WordPress RSS Feed Retriever <= 1.6.7 - Missing Authorization | LOW | *-1.6.7 | 1.6.8 | July 1, 2026 | |
| wp-meta-data-filter-and-taxonomy-filter | wp-meta-data-filter-and-taxonomy-filter | N/A | MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.3.0.1 | 1.3.1 | July 1, 2026 | |
| woocommerce-gateway-eway | woocommerce-gateway-eway | N/A | WooCommerce Eway Gateway <= 3.5.0 - Insecure Direct Object Reference | LOW | *-3.5.0 | 3.5.1 | July 1, 2026 | |
| woocommerce-chained-products | woocommerce-chained-products | N/A | WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update | LOW | [*, 2.12.0) | 2.12.0 | July 1, 2026 | |
| woo-product-slider-and-carousel-with-category | woo-product-slider-and-carousel-with-category | N/A | Product Slider and Carousel with Category for WooCommerce <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.7.1 | 2.8 | July 1, 2026 | |
| videojs-html5-video-player-for-wordpress | videojs-html5-video-player-for-wordpress | N/A | Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.5.0 | July 1, 2026 | ||
| video-sidebar-widgets | video-sidebar-widgets | N/A | Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.1 | July 1, 2026 | ||
| twitter-cards-meta | twitter-cards-meta | N/A | Twitter Cards Meta <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.9.1 | July 1, 2026 | ||
| tweet-old-post | tweet-old-post | N/A | Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection | LOW | *-9.0.10 | 9.0.11 | July 1, 2026 | |
| themify-shortcodes | themify-shortcodes | N/A | Themify Shortcodes <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.0.7 | 2.0.8 | July 1, 2026 | |
| social-sharing-toolkit | social-sharing-toolkit | N/A | Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.6 | July 1, 2026 | ||
| show-hidecollapse-expand | show-hidecollapse-expand | N/A | Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.2.5 | 1.3.0 | July 1, 2026 | |
| show-hidecollapse-expand | show-hidecollapse-expand | N/A | Show-Hide / Collapse-Expand <= 1.2.6 - Missing Authorization | LOW | *-1.2.6 | 1.3.0 | July 1, 2026 | |
| post-category-image-with-grid-and-slider | post-category-image-with-grid-and-slider | N/A | Post Category Image With Grid and Slider <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.4.7 | 1.4.8 | July 1, 2026 | |
| my-tickets | my-tickets |
93
|
My Tickets <= 1.9.10 - Cross-Site Request Forgery | LOW | *-1.9.10 | 1.9.11 | July 1, 2026 | |
| menu-ordering-reservations | menu-ordering-reservations |
93
|
Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting | LOW | *-2.3.5 | 2.3.6 | July 1, 2026 | |
| membership-for-woocommerce | membership-for-woocommerce |
93
|
Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload | LOW | *-2.1.6 | 2.1.7 | July 1, 2026 | |
| logaster-logo-generator | logaster-logo-generator |
89
|
Logaster Logo Generator <= 1.3 - Missing Authorization to Arbitrary Media Deletion and Creation | LOW | *-1.3 | July 1, 2026 | ||
| logaster-logo-generator | logaster-logo-generator |
89
|
Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery to Arbitrary Media Deletion and Creation | LOW | *-1.3 | July 1, 2026 | ||
| list-pages-shortcode | list-pages-shortcode |
93
|
List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.7.5 | 1.7.6 | July 1, 2026 | |
| lightbox-gallery | lightbox-gallery |
93
|
Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-0.9.4 | 0.9.5 | July 1, 2026 | |
| jetwidgets-for-elementor | jetwidgets-for-elementor |
93
|
JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update | LOW | *-1.0.12 | 1.0.13 | July 1, 2026 | |
| gigpress | gigpress |
91
|
GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.3.27 | 2.3.28 | July 1, 2026 | |
| fl3r-feelbox | fl3r-feelbox |
87
|
FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset | LOW | *-8.1 | July 1, 2026 | ||
| fl3r-feelbox | fl3r-feelbox |
87
|
FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting | LOW | *-8.1 | July 1, 2026 | ||
| feedzy-rss-feeds | feedzy-rss-feeds |
93
|
RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.1.0 | 4.1.1 | July 1, 2026 | |
| easy-pricing-tables | easy-pricing-tables |
93
|
Easy Pricing Tables <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.2.2 | 3.2.3 | July 1, 2026 | |
| dirtysuds-embed-pdf | dirtysuds-embed-pdf |
91
|
Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.6 | July 1, 2026 | ||
| blog-designer-for-post-and-widget | blog-designer-for-post-and-widget |
93
|
Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.3 | 2.4 | July 1, 2026 | |
| aawp | aawp |
97
|
Amazon Affiliate <= 3.12.2 - Reflected File Download | LOW | *-3.12.2 | 3.12.3 | July 1, 2026 | |
| wp-analytify | wp-analytify | N/A | Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery | LOW | *-4.2.3 | 4.3.0 | July 1, 2026 | |
| survey-maker | survey-maker | N/A | Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting | LOW | *-3.1.3 | 3.1.4 | July 1, 2026 | |
| simple-sitemap | simple-sitemap | N/A | Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.5.7 | 3.5.8 | July 1, 2026 | |
| portfolio-elementor | portfolio-elementor | N/A | Portfolio for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.3 | 2.3.1 | July 1, 2026 | |
| pixcodes | pixcodes | N/A | PixCodes <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.3.6 | 2.3.7 | July 1, 2026 | |
| pdf-viewer | pdf-viewer | N/A | PDF Viewer <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-0.1 | 1.0.0 | July 1, 2026 |
anual-archive
anual-archive
youtube-channel
youtube-channel
wpfunnels
wpfunnels
wp-show-posts
wp-show-posts
wordprezi
wordprezi
woocommerce-products-filter
woocommerce-products-filter
wd-google-maps
wd-google-maps
wc-vendors
wc-vendors
vimeo-video-autoplay-automute
vimeo-video-autoplay-automute
send-pdf-for-contact-form-7
send-pdf-for-contact-form-7
responsivevoice-text-to-speech
responsivevoice-text-to-speech
naver-map
naver-map
hide_my_wp
hide_my_wp
gamipress-vimeo-integration
gamipress-vimeo-integration
gallery-factory-lite
gallery-factory-lite
flexible-captcha
flexible-captcha
ean-for-woocommerce
ean-for-woocommerce
cloak-front-end-email
cloak-front-end-email
breadcrumb
breadcrumb
yourchannel
yourchannel
wp-showhide
wp-showhide
user-meta-manager
user-meta-manager
strong-testimonials
strong-testimonials
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
pdfjs-viewer-shortcode
pdfjs-viewer-shortcode
password-protect-page
password-protect-page
page-views-count
page-views-count
mega_main_menu
mega_main_menu
Event Booking Manager for WooCommerce
mage-eventpress
easy-testimonials
easy-testimonials
clean-login
clean-login
dsp_dating
dsp_dating
exclusive-addons-for-elementor
exclusive-addons-for-elementor
wp-social-widget
wp-social-widget
Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs
wp-expand-tabs-free
post-list-designer
post-list-designer
post-carousel
post-carousel
miniorange-saml-20-single-sign-on
miniorange-saml-20-single-sign-on
cpo-companion
cpo-companion
contentstudio
contentstudio
blog-designer-pack
blog-designer-pack
Widgets for Google Reviews
wp-reviews-plugin-for-google
wp-extended-search
wp-extended-search
social-warfare
social-warfare
social-warfare
social-warfare
simple-file-downloader
simple-file-downloader
pmpro-register-helper
pmpro-register-helper
cpo-companion
cpo-companion
contextual-related-posts
contextual-related-posts
cc-child-pages
cc-child-pages
youtube-channel-gallery
youtube-channel-gallery
youtube-channel
youtube-channel
youtube-channel
youtube-channel
wp-rss-retriever
wp-rss-retriever
wp-rss-retriever
wp-rss-retriever
wp-meta-data-filter-and-taxonomy-filter
wp-meta-data-filter-and-taxonomy-filter
woocommerce-gateway-eway
woocommerce-gateway-eway
woocommerce-chained-products
woocommerce-chained-products
woo-product-slider-and-carousel-with-category
woo-product-slider-and-carousel-with-category
videojs-html5-video-player-for-wordpress
videojs-html5-video-player-for-wordpress
video-sidebar-widgets
video-sidebar-widgets
twitter-cards-meta
twitter-cards-meta
tweet-old-post
tweet-old-post
themify-shortcodes
themify-shortcodes
social-sharing-toolkit
social-sharing-toolkit
show-hidecollapse-expand
show-hidecollapse-expand
show-hidecollapse-expand
show-hidecollapse-expand
post-category-image-with-grid-and-slider
post-category-image-with-grid-and-slider
my-tickets
my-tickets
menu-ordering-reservations
menu-ordering-reservations
membership-for-woocommerce
membership-for-woocommerce
logaster-logo-generator
logaster-logo-generator
logaster-logo-generator
logaster-logo-generator
list-pages-shortcode
list-pages-shortcode
lightbox-gallery
lightbox-gallery
jetwidgets-for-elementor
jetwidgets-for-elementor
gigpress
gigpress
fl3r-feelbox
fl3r-feelbox
fl3r-feelbox
fl3r-feelbox
feedzy-rss-feeds
feedzy-rss-feeds
easy-pricing-tables
easy-pricing-tables
dirtysuds-embed-pdf
dirtysuds-embed-pdf
blog-designer-for-post-and-widget
blog-designer-for-post-and-widget
aawp
aawp
wp-analytify
wp-analytify
survey-maker
survey-maker
simple-sitemap
simple-sitemap
portfolio-elementor
portfolio-elementor
pixcodes
pixcodes
pdf-viewer
pdf-viewer
Showing 27001 to 27100 of 36319 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 1, 2026 at 00:56 UTC.