Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

94

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
my-calendar my-calendar
93
My Calendar <= 3.3.24.1 - Cross-Site Request Forgery LOW *-3.3.24.1 3.3.25 July 1, 2026
members-import members-import
91
Members Import <= 1.4.2 - Self Cross-Site Scripting LOW *-1.4.2 July 1, 2026
media-element-html5-video-and-audio-player media-element-html5-video-and-audio-player
91
MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.2.8 July 1, 2026
mailjet-for-wordpress mailjet-for-wordpress
93
Mailjet Email Marketing <= 5.3 - Authenticated (Admin+) Cross-Site Scripting LOW *-5.3 5.3.1 July 1, 2026
knowledgebase knowledgebase
93
Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block LOW *-2.1.1 2.1.2 July 1, 2026
joli-table-of-contents joli-table-of-contents
93
Joli Table of Contents <= 1.3.9 - Cross-Site Request Forgery LOW *-1.3.9 2.0.0 July 1, 2026
icon-widget icon-widget
93
Icon Widget <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.6 1.3.0 July 1, 2026
cpt-bootstrap-carousel cpt-bootstrap-carousel
91
CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.12 1.13 July 1, 2026
bold-timeline-lite bold-timeline-lite
93
Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.4 1.1.5 July 1, 2026
blockonomics-bitcoin-payments blockonomics-bitcoin-payments
93
WordPress Bitcoin Payments – Blockonomics <= 3.5.7 - Reflected Cross-Site Scripting LOW *-3.5.7 3.5.8 July 1, 2026
accordion-shortcodes accordion-shortcodes
95
Accordion Shortcodes <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.4.2 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery LOW *-6.0.0 6.0.1 July 1, 2026
google-analyticator google-analyticator
93
Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection LOW *-6.5.5 6.5.6 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery LOW *-6.0.0 6.0.1 July 1, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery LOW *-6.0.0 6.0.1 July 1, 2026
wp-google-my-business-auto-publish wp-google-my-business-auto-publish N/A WP Google My Business Auto Publish <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.3 3.4 July 1, 2026
wd-google-maps wd-google-maps N/A 10WebMapBuilder <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.71 1.0.72 July 1, 2026
video-conferencing-with-zoom-api video-conferencing-with-zoom-api N/A Video Conferencing with Zoom <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.0.9 4.0.10 July 1, 2026
top-10 top-10 N/A Top 10 – Popular posts plugin for WordPress <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks LOW *-3.2.2 3.2.3 July 1, 2026
gs-logo-slider gs-logo-slider
93
GS Logo Slider – Ticker, Grid, List, Table & Filter Views <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.3.7 3.3.8 July 1, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
66
GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.2.21 2.2.22 July 1, 2026
genesis-columns-advanced genesis-columns-advanced
93
Genesis Columns Advanced <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.3 2.0.4 July 1, 2026
content-protector content-protector
93
Passster – Password Protection <= 3.5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.5.5.7 3.5.5.8 July 1, 2026
content-protector content-protector
93
Passster <= 3.5.5.8 - Missing Authentication leading to Sensitive Information Disclosure (Private Post Leakage) LOW *-3.5.5.8 3.5.5.9 July 1, 2026
content-control content-control
93
Content Control <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.9 1.1.10 July 1, 2026
wpzoom-portfolio wpzoom-portfolio N/A WPZOOM Portfolio <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.1 1.2.2 July 1, 2026
wp-popups-lite wp-popups-lite N/A WP Popups <= 2.1.4.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode LOW *-2.1.4.7 2.1.4.8 July 1, 2026
word-balloon word-balloon N/A Word Balloon <= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.19.2 4.19.3 July 1, 2026
Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider woo-product-slider N/A Product Slider for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.6.3 2.6.4 July 1, 2026
user-verification user-verification N/A User Verification <= 1.0.93 - Privilege Escalation LOW *-1.0.93 1.0.94 July 1, 2026
structured-content structured-content N/A Structured Content <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.0 1.5.1 July 1, 2026
shiftnav-responsive-mobile-menu shiftnav-responsive-mobile-menu N/A ShiftNav – Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.7.1 1.7.2 July 1, 2026
print-o-matic print-o-matic N/A Print-O-Matic <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.7 2.1.8 July 1, 2026
OneClick Chat to Order oneclick-whatsapp-order
99
OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.4.1 1.0.4.2 July 1, 2026
jquery-collapse-o-matic jquery-collapse-o-matic
89
Collapse-O-Matic <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.8.2 1.8.3 July 1, 2026
imageseo imageseo
93
Optimize images ALT Text <= 2.0.7 - Cross-Site Request Forgery LOW *-2.0.7 2.0.8 July 1, 2026
brutebank brutebank
93
BruteBank - WP Security & Firewall <= 1.8 - Cross-Site Request Forgery LOW *-1.8 1.9 July 1, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.2.8 - Authenticated (Admin+) SQL Injection LOW *-13.2.8 13.2.9 July 1, 2026
wp-limit-login-attempts wp-limit-login-attempts N/A WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass LOW *-2.6.4 July 1, 2026
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple PayPal Shopping Cart <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.6.1 4.6.2 July 1, 2026
sitemap sitemap N/A Sitemap <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.3 4.4 July 1, 2026
search-filter search-filter N/A Search & Filter <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.15 1.2.16 July 1, 2026
rate-my-post rate-my-post N/A Rate my Post – WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.3.8 3.3.9 July 1, 2026
pardakht-delkhah pardakht-delkhah N/A Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting LOW *-2.9.2 2.9.3 July 1, 2026
page-list page-list N/A Page-list <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.2 5.3 July 1, 2026
page-builder-add page-builder-add N/A Landing Page Builder <= 1.4.9.8.9 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode LOW *-1.4.9.8.9 1.4.9.9 July 1, 2026
login-logout-menu login-logout-menu
93
Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.3 1.4.0 July 1, 2026
login-as-customer-or-user login-as-customer-or-user
91
Login as User or Customer <= 3.2 - Privilege Escalation LOW *-3.2 3.3 July 1, 2026
hashbar-wp-notification-bar hashbar-wp-notification-bar
93
HashBar – WordPress Notification Bar <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.5 1.3.6 July 1, 2026
google-analyticator google-analyticator
93
Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection LOW *-6.5.5 6.5.6 July 1, 2026
FluentAuth – The Ultimate Authorization & Security Plugin for WordPress fluent-security
90
FluentAuth <= 1.0.1 - IP Spoofing to Protection Mechanism Bypass LOW *-1.0.1 1.0.2 July 1, 2026
facebook-page-feed-graph-api facebook-page-feed-graph-api
93
Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.8.3 1.9.0 July 1, 2026
eu-cookie-law eu-cookie-law
91
EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.1.6 July 1, 2026
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress easy-facebook-likebox
72
Easy Social Feed <= 6.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-6.3.9 6.4.0 July 1, 2026
easy-appointments easy-appointments
93
Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.10.7 3.11.0 July 1, 2026
compact-wp-audio-player compact-wp-audio-player
93
Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.7 1.9.8 July 1, 2026
cbxpetition cbxpetition
93
CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQL Injection LOW *-1.0.3 2.0.0 July 1, 2026
wp-upg wp-upg N/A User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution LOW 2.19 July 1, 2026
easy-bootstrap-shortcodes easy-bootstrap-shortcodes
91
Easy Bootstrap Shortcode <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.5.4 July 1, 2026
conditional-payment-methods-for-woocommerce conditional-payment-methods-for-woocommerce
91
Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection LOW *-1.0 July 1, 2026
agile-store-locator agile-store-locator
97
Store Locator WordPress <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.4.8 1.4.9 July 1, 2026
wp-user-avatar wp-user-avatar N/A ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.5.0 4.5.1 July 1, 2026
wp-user-avatar wp-user-avatar N/A ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings LOW *-4.5.0 4.5.1 July 1, 2026
wp-spell-check wp-spell-check N/A WP Spell Check <= 9.12 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-9.12 9.13 July 1, 2026
wp-spell-check wp-spell-check N/A WP Spell Check <= 9.12 - Cross-Site Request Forgery LOW *-9.12 9.13 July 1, 2026
waiting waiting N/A Waiting: One-click countdowns <= 0.6.2 - Missing Authorization LOW *-0.6.2 July 1, 2026
waiting waiting N/A Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting LOW *-0.6.2 July 1, 2026
waiting waiting N/A Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery LOW *-0.6.2 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.8.8 2.8.9 July 1, 2026
tickera-event-ticketing-system tickera-event-ticketing-system N/A Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes LOW *-3.4.9.9 3.5.1.0 July 1, 2026
themify-portfolio-post themify-portfolio-post N/A Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.0 1.2.1 July 1, 2026
super-socializer super-socializer N/A Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-7.13.44 7.13.45 July 1, 2026
simple-podcasting simple-podcasting N/A json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution LOW *-1.3.0 1.4.0 July 1, 2026
show-all-comments-in-one-page show-all-comments-in-one-page N/A Show All Comments <= 7.0.0 - Reflected Cross-Site Scripting LOW *-7.0.0 7.0.1 July 1, 2026
rss-import rss-import N/A RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode LOW *-4.6.1 July 1, 2026
real-cookie-banner real-cookie-banner N/A Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.4.9 3.4.10 July 1, 2026
mashsharer mashsharer
91
Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode LOW *-3.8.6 3.8.7 July 1, 2026
maps-block-apple maps-block-apple
93
json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution LOW *-1.0.3 1.1.0 July 1, 2026
link-library link-library
93
Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-7.4 7.4.1 July 1, 2026
justified-gallery justified-gallery
93
Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.0 1.7.1 July 1, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
Greenshift – animation and page builder blocks <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.8.8 4.8.9 July 1, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) google-analytics-for-wordpress
72
MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics LOW *-8.9.0 8.9.1 July 1, 2026
formidablepro-2-pdf formidablepro-2-pdf
93
Formidable PRO2PDF <= 3.09 - Authenticated (Admin+) SQL Injection LOW *-3.09 3.10 July 1, 2026
events-made-easy events-made-easy
91
Events Made Easy <= 2.3.16 - Missing Authorization LOW *-2.3.16 2.3.17 July 1, 2026
Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ easy-accordion-free
93
Easy Accordion <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.20 2.2.0 July 1, 2026
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages convertkit
88
ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.4 2.0.5 July 1, 2026
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel wp-carousel-free N/A Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.5.2 2.5.3 July 1, 2026
testimonial-free testimonial-free N/A Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode LOW *-2.5.11 2.6.0 July 1, 2026
survey-maker survey-maker N/A Survey Maker – Best WordPress Survey Plugin <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.1.1 3.1.2 July 1, 2026
subscribe2 subscribe2 N/A Subscribe2 <= 10.37 - Cross-Site Request Forgery LOW *-10.37 10.38 July 1, 2026
interactive-3d-flipbook-powered-physics-engine interactive-3d-flipbook-powered-physics-engine
93
3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.13.2 1.13.3 July 1, 2026
font-awesome font-awesome
93
Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode LOW *-4.3.1 4.3.2 July 1, 2026
wp-video-lightbox wp-video-lightbox N/A WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.9.6 1.9.7 July 1, 2026
wp-attachments wp-attachments N/A WP Attachments <= 5.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.0.5 5.0.6 July 1, 2026
woo-products-widgets-for-elementor woo-products-widgets-for-elementor N/A Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting LOW *-1.0.7 1.0.8 July 1, 2026
wck-custom-fields-and-custom-post-types-creator wck-custom-fields-and-custom-post-types-creator N/A Custom Post Types and Custom Fields creator <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.2 2.3.3 July 1, 2026
userswp userswp N/A UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection LOW *-1.2.3.9 1.2.3.10 July 1, 2026
simple-membership simple-membership N/A Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode LOW *-4.2.1 4.2.2 July 1, 2026
seriously-simple-podcasting seriously-simple-podcasting N/A Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode LOW *-2.19.0 2.19.1 July 1, 2026
sassy-social-share sassy-social-share N/A Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.44 3.3.45 July 1, 2026
LOW

my-calendar

my-calendar

Score: 93/100 My Calendar <= 3.3.24.1 - Cross-Site Request Forgery Affected: *-3.3.24.1 Patched: 3.3.25 Updated: July 1, 2026
LOW

members-import

members-import

Score: 91/100 Members Import <= 1.4.2 - Self Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: July 1, 2026
LOW

media-element-html5-video-and-audio-player

media-element-html5-video-and-audio-player

Score: 91/100 MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.2.8 Patched: Updated: July 1, 2026
LOW

mailjet-for-wordpress

mailjet-for-wordpress

Score: 93/100 Mailjet Email Marketing <= 5.3 - Authenticated (Admin+) Cross-Site Scripting Affected: *-5.3 Patched: 5.3.1 Updated: July 1, 2026
LOW

knowledgebase

knowledgebase

Score: 93/100 Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Affected: *-2.1.1 Patched: 2.1.2 Updated: July 1, 2026
LOW

joli-table-of-contents

joli-table-of-contents

Score: 93/100 Joli Table of Contents <= 1.3.9 - Cross-Site Request Forgery Affected: *-1.3.9 Patched: 2.0.0 Updated: July 1, 2026
LOW

icon-widget

icon-widget

Score: 93/100 Icon Widget <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.6 Patched: 1.3.0 Updated: July 1, 2026
LOW

cpt-bootstrap-carousel

cpt-bootstrap-carousel

Score: 91/100 CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.12 Patched: 1.13 Updated: July 1, 2026
LOW

bold-timeline-lite

bold-timeline-lite

Score: 93/100 Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.4 Patched: 1.1.5 Updated: July 1, 2026
LOW

blockonomics-bitcoin-payments

blockonomics-bitcoin-payments

Score: 93/100 WordPress Bitcoin Payments – Blockonomics <= 3.5.7 - Reflected Cross-Site Scripting Affected: *-3.5.7 Patched: 3.5.8 Updated: July 1, 2026
LOW

accordion-shortcodes

accordion-shortcodes

Score: 95/100 Accordion Shortcodes <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.4.2 Patched: Updated: July 1, 2026
LOW

google-analyticator

google-analyticator

Score: 93/100 Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection Affected: *-6.5.5 Patched: 6.5.6 Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery Affected: *-6.0.0 Patched: 6.0.1 Updated: July 1, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery Affected: *-6.0.0 Patched: 6.0.1 Updated: July 1, 2026
LOW

wp-google-my-business-auto-publish

wp-google-my-business-auto-publish

Score: N/A WP Google My Business Auto Publish <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.3 Patched: 3.4 Updated: July 1, 2026
LOW

wd-google-maps

wd-google-maps

Score: N/A 10WebMapBuilder <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.71 Patched: 1.0.72 Updated: July 1, 2026
LOW

video-conferencing-with-zoom-api

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.0.9 Patched: 4.0.10 Updated: July 1, 2026
LOW

top-10

top-10

Score: N/A Top 10 – Popular posts plugin for WordPress <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks Affected: *-3.2.2 Patched: 3.2.3 Updated: July 1, 2026
LOW

gs-logo-slider

gs-logo-slider

Score: 93/100 GS Logo Slider – Ticker, Grid, List, Table & Filter Views <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.3.7 Patched: 3.3.8 Updated: July 1, 2026
LOW

genesis-columns-advanced

genesis-columns-advanced

Score: 93/100 Genesis Columns Advanced <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.3 Patched: 2.0.4 Updated: July 1, 2026
LOW

content-protector

content-protector

Score: 93/100 Passster – Password Protection <= 3.5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.5.5.7 Patched: 3.5.5.8 Updated: July 1, 2026
LOW

content-protector

content-protector

Score: 93/100 Passster <= 3.5.5.8 - Missing Authentication leading to Sensitive Information Disclosure (Private Post Leakage) Affected: *-3.5.5.8 Patched: 3.5.5.9 Updated: July 1, 2026
LOW

content-control

content-control

Score: 93/100 Content Control <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.9 Patched: 1.1.10 Updated: July 1, 2026
LOW

wpzoom-portfolio

wpzoom-portfolio

Score: N/A WPZOOM Portfolio <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

wp-popups-lite

wp-popups-lite

Score: N/A WP Popups <= 2.1.4.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode Affected: *-2.1.4.7 Patched: 2.1.4.8 Updated: July 1, 2026
LOW

word-balloon

word-balloon

Score: N/A Word Balloon <= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.19.2 Patched: 4.19.3 Updated: July 1, 2026
LOW

user-verification

user-verification

Score: N/A User Verification <= 1.0.93 - Privilege Escalation Affected: *-1.0.93 Patched: 1.0.94 Updated: July 1, 2026
LOW

structured-content

structured-content

Score: N/A Structured Content <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.0 Patched: 1.5.1 Updated: July 1, 2026
LOW

shiftnav-responsive-mobile-menu

shiftnav-responsive-mobile-menu

Score: N/A ShiftNav – Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7.1 Patched: 1.7.2 Updated: July 1, 2026
LOW

print-o-matic

print-o-matic

Score: N/A Print-O-Matic <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.7 Patched: 2.1.8 Updated: July 1, 2026
LOW

OneClick Chat to Order

oneclick-whatsapp-order

Score: 99/100 OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.4.1 Patched: 1.0.4.2 Updated: July 1, 2026
LOW

jquery-collapse-o-matic

jquery-collapse-o-matic

Score: 89/100 Collapse-O-Matic <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8.2 Patched: 1.8.3 Updated: July 1, 2026
LOW

imageseo

imageseo

Score: 93/100 Optimize images ALT Text <= 2.0.7 - Cross-Site Request Forgery Affected: *-2.0.7 Patched: 2.0.8 Updated: July 1, 2026
LOW

brutebank

brutebank

Score: 93/100 BruteBank - WP Security & Firewall <= 1.8 - Cross-Site Request Forgery Affected: *-1.8 Patched: 1.9 Updated: July 1, 2026
LOW

wp-limit-login-attempts

wp-limit-login-attempts

Score: N/A WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass Affected: *-2.6.4 Patched: Updated: July 1, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.6.1 Patched: 4.6.2 Updated: July 1, 2026
LOW

sitemap

sitemap

Score: N/A Sitemap <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.3 Patched: 4.4 Updated: July 1, 2026
LOW

search-filter

search-filter

Score: N/A Search & Filter <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.15 Patched: 1.2.16 Updated: July 1, 2026
LOW

rate-my-post

rate-my-post

Score: N/A Rate my Post – WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.3.8 Patched: 3.3.9 Updated: July 1, 2026
LOW

pardakht-delkhah

pardakht-delkhah

Score: N/A Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.9.2 Patched: 2.9.3 Updated: July 1, 2026
LOW

page-list

page-list

Score: N/A Page-list <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2 Patched: 5.3 Updated: July 1, 2026
LOW

page-builder-add

page-builder-add

Score: N/A Landing Page Builder <= 1.4.9.8.9 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Affected: *-1.4.9.8.9 Patched: 1.4.9.9 Updated: July 1, 2026
LOW

login-logout-menu

login-logout-menu

Score: 93/100 Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.3 Patched: 1.4.0 Updated: July 1, 2026
LOW

login-as-customer-or-user

login-as-customer-or-user

Score: 91/100 Login as User or Customer <= 3.2 - Privilege Escalation Affected: *-3.2 Patched: 3.3 Updated: July 1, 2026
LOW

hashbar-wp-notification-bar

hashbar-wp-notification-bar

Score: 93/100 HashBar – WordPress Notification Bar <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.5 Patched: 1.3.6 Updated: July 1, 2026
LOW

google-analyticator

google-analyticator

Score: 93/100 Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection Affected: *-6.5.5 Patched: 6.5.6 Updated: July 1, 2026
LOW

facebook-page-feed-graph-api

facebook-page-feed-graph-api

Score: 93/100 Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8.3 Patched: 1.9.0 Updated: July 1, 2026
LOW

eu-cookie-law

eu-cookie-law

Score: 91/100 EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.6 Patched: Updated: July 1, 2026
LOW

easy-appointments

easy-appointments

Score: 93/100 Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.10.7 Patched: 3.11.0 Updated: July 1, 2026
LOW

compact-wp-audio-player

compact-wp-audio-player

Score: 93/100 Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.7 Patched: 1.9.8 Updated: July 1, 2026
LOW

cbxpetition

cbxpetition

Score: 93/100 CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQL Injection Affected: *-1.0.3 Patched: 2.0.0 Updated: July 1, 2026
LOW

wp-upg

wp-upg

Score: N/A User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution Affected: 2.19 Patched: Updated: July 1, 2026
LOW

easy-bootstrap-shortcodes

easy-bootstrap-shortcodes

Score: 91/100 Easy Bootstrap Shortcode <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.5.4 Patched: Updated: July 1, 2026
LOW

conditional-payment-methods-for-woocommerce

conditional-payment-methods-for-woocommerce

Score: 91/100 Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

agile-store-locator

agile-store-locator

Score: 97/100 Store Locator WordPress <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.4.8 Patched: 1.4.9 Updated: July 1, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5.0 Patched: 4.5.1 Updated: July 1, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings Affected: *-4.5.0 Patched: 4.5.1 Updated: July 1, 2026
LOW

wp-spell-check

wp-spell-check

Score: N/A WP Spell Check <= 9.12 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-9.12 Patched: 9.13 Updated: July 1, 2026
LOW

wp-spell-check

wp-spell-check

Score: N/A WP Spell Check <= 9.12 - Cross-Site Request Forgery Affected: *-9.12 Patched: 9.13 Updated: July 1, 2026
LOW

waiting

waiting

Score: N/A Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Affected: *-0.6.2 Patched: Updated: July 1, 2026
LOW

waiting

waiting

Score: N/A Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-0.6.2 Patched: Updated: July 1, 2026
LOW

waiting

waiting

Score: N/A Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery Affected: *-0.6.2 Patched: Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.8.8 Patched: 2.8.9 Updated: July 1, 2026
LOW

tickera-event-ticketing-system

tickera-event-ticketing-system

Score: N/A Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes Affected: *-3.4.9.9 Patched: 3.5.1.0 Updated: July 1, 2026
LOW

themify-portfolio-post

themify-portfolio-post

Score: N/A Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

super-socializer

super-socializer

Score: N/A Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-7.13.44 Patched: 7.13.45 Updated: July 1, 2026
LOW

simple-podcasting

simple-podcasting

Score: N/A json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution Affected: *-1.3.0 Patched: 1.4.0 Updated: July 1, 2026
LOW

show-all-comments-in-one-page

show-all-comments-in-one-page

Score: N/A Show All Comments <= 7.0.0 - Reflected Cross-Site Scripting Affected: *-7.0.0 Patched: 7.0.1 Updated: July 1, 2026
LOW

rss-import

rss-import

Score: N/A RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-4.6.1 Patched: Updated: July 1, 2026
LOW

real-cookie-banner

real-cookie-banner

Score: N/A Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.4.9 Patched: 3.4.10 Updated: July 1, 2026
LOW

mashsharer

mashsharer

Score: 91/100 Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-3.8.6 Patched: 3.8.7 Updated: July 1, 2026
LOW

maps-block-apple

maps-block-apple

Score: 93/100 json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution Affected: *-1.0.3 Patched: 1.1.0 Updated: July 1, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-7.4 Patched: 7.4.1 Updated: July 1, 2026
LOW

justified-gallery

justified-gallery

Score: 93/100 Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.0 Patched: 1.7.1 Updated: July 1, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.8.8 Patched: 4.8.9 Updated: July 1, 2026
LOW

formidablepro-2-pdf

formidablepro-2-pdf

Score: 93/100 Formidable PRO2PDF <= 3.09 - Authenticated (Admin+) SQL Injection Affected: *-3.09 Patched: 3.10 Updated: July 1, 2026
LOW

events-made-easy

events-made-easy

Score: 91/100 Events Made Easy <= 2.3.16 - Missing Authorization Affected: *-2.3.16 Patched: 2.3.17 Updated: July 1, 2026
LOW

testimonial-free

testimonial-free

Score: N/A Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode Affected: *-2.5.11 Patched: 2.6.0 Updated: July 1, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker – Best WordPress Survey Plugin <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.1 Patched: 3.1.2 Updated: July 1, 2026
LOW

subscribe2

subscribe2

Score: N/A Subscribe2 <= 10.37 - Cross-Site Request Forgery Affected: *-10.37 Patched: 10.38 Updated: July 1, 2026
LOW

interactive-3d-flipbook-powered-physics-engine

interactive-3d-flipbook-powered-physics-engine

Score: 93/100 3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.13.2 Patched: 1.13.3 Updated: July 1, 2026
LOW

font-awesome

font-awesome

Score: 93/100 Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-4.3.1 Patched: 4.3.2 Updated: July 1, 2026
LOW

wp-video-lightbox

wp-video-lightbox

Score: N/A WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.9.6 Patched: 1.9.7 Updated: July 1, 2026
LOW

wp-attachments

wp-attachments

Score: N/A WP Attachments <= 5.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.0.5 Patched: 5.0.6 Updated: July 1, 2026
LOW

woo-products-widgets-for-elementor

woo-products-widgets-for-elementor

Score: N/A Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

wck-custom-fields-and-custom-post-types-creator

wck-custom-fields-and-custom-post-types-creator

Score: N/A Custom Post Types and Custom Fields creator <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 1, 2026
LOW

userswp

userswp

Score: N/A UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection Affected: *-1.2.3.9 Patched: 1.2.3.10 Updated: July 1, 2026
LOW

simple-membership

simple-membership

Score: N/A Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode Affected: *-4.2.1 Patched: 4.2.2 Updated: July 1, 2026
LOW

seriously-simple-podcasting

seriously-simple-podcasting

Score: N/A Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-2.19.0 Patched: 2.19.1 Updated: July 1, 2026
LOW

sassy-social-share

sassy-social-share

Score: N/A Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.44 Patched: 3.3.45 Updated: July 1, 2026

Showing 27101 to 27200 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 02:19 UTC.