Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36319Across tracked plugins
Affected Plugins
94With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| my-calendar | my-calendar |
93
|
My Calendar <= 3.3.24.1 - Cross-Site Request Forgery | LOW | *-3.3.24.1 | 3.3.25 | July 1, 2026 | |
| members-import | members-import |
91
|
Members Import <= 1.4.2 - Self Cross-Site Scripting | LOW | *-1.4.2 | July 1, 2026 | ||
| media-element-html5-video-and-audio-player | media-element-html5-video-and-audio-player |
91
|
MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.2.8 | July 1, 2026 | ||
| mailjet-for-wordpress | mailjet-for-wordpress |
93
|
Mailjet Email Marketing <= 5.3 - Authenticated (Admin+) Cross-Site Scripting | LOW | *-5.3 | 5.3.1 | July 1, 2026 | |
| knowledgebase | knowledgebase |
93
|
Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block | LOW | *-2.1.1 | 2.1.2 | July 1, 2026 | |
| joli-table-of-contents | joli-table-of-contents |
93
|
Joli Table of Contents <= 1.3.9 - Cross-Site Request Forgery | LOW | *-1.3.9 | 2.0.0 | July 1, 2026 | |
| icon-widget | icon-widget |
93
|
Icon Widget <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.2.6 | 1.3.0 | July 1, 2026 | |
| cpt-bootstrap-carousel | cpt-bootstrap-carousel |
91
|
CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.12 | 1.13 | July 1, 2026 | |
| bold-timeline-lite | bold-timeline-lite |
93
|
Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.1.4 | 1.1.5 | July 1, 2026 | |
| blockonomics-bitcoin-payments | blockonomics-bitcoin-payments |
93
|
WordPress Bitcoin Payments – Blockonomics <= 3.5.7 - Reflected Cross-Site Scripting | LOW | *-3.5.7 | 3.5.8 | July 1, 2026 | |
| accordion-shortcodes | accordion-shortcodes |
95
|
Accordion Shortcodes <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.4.2 | July 1, 2026 | ||
| Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | woocommerce-jetpack |
65
|
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery | LOW | *-6.0.0 | 6.0.1 | July 1, 2026 | |
| google-analyticator | google-analyticator |
93
|
Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection | LOW | *-6.5.5 | 6.5.6 | July 1, 2026 | |
| booster-plus-for-woocommerce | booster-plus-for-woocommerce |
93
|
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery | LOW | *-6.0.0 | 6.0.1 | July 1, 2026 | |
| booster-elite-for-woocommerce | booster-elite-for-woocommerce |
93
|
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery | LOW | *-6.0.0 | 6.0.1 | July 1, 2026 | |
| wp-google-my-business-auto-publish | wp-google-my-business-auto-publish | N/A | WP Google My Business Auto Publish <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.3 | 3.4 | July 1, 2026 | |
| wd-google-maps | wd-google-maps | N/A | 10WebMapBuilder <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.71 | 1.0.72 | July 1, 2026 | |
| video-conferencing-with-zoom-api | video-conferencing-with-zoom-api | N/A | Video Conferencing with Zoom <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.0.9 | 4.0.10 | July 1, 2026 | |
| top-10 | top-10 | N/A | Top 10 – Popular posts plugin for WordPress <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks | LOW | *-3.2.2 | 3.2.3 | July 1, 2026 | |
| gs-logo-slider | gs-logo-slider |
93
|
GS Logo Slider – Ticker, Grid, List, Table & Filter Views <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.3.7 | 3.3.8 | July 1, 2026 | |
| GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | geodirectory |
66
|
GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.2.21 | 2.2.22 | July 1, 2026 | |
| genesis-columns-advanced | genesis-columns-advanced |
93
|
Genesis Columns Advanced <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.0.3 | 2.0.4 | July 1, 2026 | |
| content-protector | content-protector |
93
|
Passster – Password Protection <= 3.5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.5.5.7 | 3.5.5.8 | July 1, 2026 | |
| content-protector | content-protector |
93
|
Passster <= 3.5.5.8 - Missing Authentication leading to Sensitive Information Disclosure (Private Post Leakage) | LOW | *-3.5.5.8 | 3.5.5.9 | July 1, 2026 | |
| content-control | content-control |
93
|
Content Control <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.1.9 | 1.1.10 | July 1, 2026 | |
| wpzoom-portfolio | wpzoom-portfolio | N/A | WPZOOM Portfolio <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.2.1 | 1.2.2 | July 1, 2026 | |
| wp-popups-lite | wp-popups-lite | N/A | WP Popups <= 2.1.4.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode | LOW | *-2.1.4.7 | 2.1.4.8 | July 1, 2026 | |
| word-balloon | word-balloon | N/A | Word Balloon <= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.19.2 | 4.19.3 | July 1, 2026 | |
| Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider | woo-product-slider | N/A | Product Slider for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.6.3 | 2.6.4 | July 1, 2026 | |
| user-verification | user-verification | N/A | User Verification <= 1.0.93 - Privilege Escalation | LOW | *-1.0.93 | 1.0.94 | July 1, 2026 | |
| structured-content | structured-content | N/A | Structured Content <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.5.0 | 1.5.1 | July 1, 2026 | |
| shiftnav-responsive-mobile-menu | shiftnav-responsive-mobile-menu | N/A | ShiftNav – Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.7.1 | 1.7.2 | July 1, 2026 | |
| print-o-matic | print-o-matic | N/A | Print-O-Matic <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.1.7 | 2.1.8 | July 1, 2026 | |
| OneClick Chat to Order | oneclick-whatsapp-order |
99
|
OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.4.1 | 1.0.4.2 | July 1, 2026 | |
| jquery-collapse-o-matic | jquery-collapse-o-matic |
89
|
Collapse-O-Matic <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.8.2 | 1.8.3 | July 1, 2026 | |
| imageseo | imageseo |
93
|
Optimize images ALT Text <= 2.0.7 - Cross-Site Request Forgery | LOW | *-2.0.7 | 2.0.8 | July 1, 2026 | |
| brutebank | brutebank |
93
|
BruteBank - WP Security & Firewall <= 1.8 - Cross-Site Request Forgery | LOW | *-1.8 | 1.9 | July 1, 2026 | |
| WP Statistics – Simple, privacy-friendly Google Analytics alternative | wp-statistics |
90
|
WP Statistics <= 13.2.8 - Authenticated (Admin+) SQL Injection | LOW | *-13.2.8 | 13.2.9 | July 1, 2026 | |
| wp-limit-login-attempts | wp-limit-login-attempts | N/A | WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass | LOW | *-2.6.4 | July 1, 2026 | ||
| wordpress-simple-paypal-shopping-cart | wordpress-simple-paypal-shopping-cart | N/A | WordPress Simple PayPal Shopping Cart <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.6.1 | 4.6.2 | July 1, 2026 | |
| sitemap | sitemap | N/A | Sitemap <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.3 | 4.4 | July 1, 2026 | |
| search-filter | search-filter | N/A | Search & Filter <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.2.15 | 1.2.16 | July 1, 2026 | |
| rate-my-post | rate-my-post | N/A | Rate my Post – WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.3.8 | 3.3.9 | July 1, 2026 | |
| pardakht-delkhah | pardakht-delkhah | N/A | Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting | LOW | *-2.9.2 | 2.9.3 | July 1, 2026 | |
| page-list | page-list | N/A | Page-list <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.2 | 5.3 | July 1, 2026 | |
| page-builder-add | page-builder-add | N/A | Landing Page Builder <= 1.4.9.8.9 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode | LOW | *-1.4.9.8.9 | 1.4.9.9 | July 1, 2026 | |
| login-logout-menu | login-logout-menu |
93
|
Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.3.3 | 1.4.0 | July 1, 2026 | |
| login-as-customer-or-user | login-as-customer-or-user |
91
|
Login as User or Customer <= 3.2 - Privilege Escalation | LOW | *-3.2 | 3.3 | July 1, 2026 | |
| hashbar-wp-notification-bar | hashbar-wp-notification-bar |
93
|
HashBar – WordPress Notification Bar <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.3.5 | 1.3.6 | July 1, 2026 | |
| google-analyticator | google-analyticator |
93
|
Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection | LOW | *-6.5.5 | 6.5.6 | July 1, 2026 | |
| FluentAuth – The Ultimate Authorization & Security Plugin for WordPress | fluent-security |
90
|
FluentAuth <= 1.0.1 - IP Spoofing to Protection Mechanism Bypass | LOW | *-1.0.1 | 1.0.2 | July 1, 2026 | |
| facebook-page-feed-graph-api | facebook-page-feed-graph-api |
93
|
Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.8.3 | 1.9.0 | July 1, 2026 | |
| eu-cookie-law | eu-cookie-law |
91
|
EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.1.6 | July 1, 2026 | ||
| Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | easy-facebook-likebox |
72
|
Easy Social Feed <= 6.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-6.3.9 | 6.4.0 | July 1, 2026 | |
| easy-appointments | easy-appointments |
93
|
Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.10.7 | 3.11.0 | July 1, 2026 | |
| compact-wp-audio-player | compact-wp-audio-player |
93
|
Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9.7 | 1.9.8 | July 1, 2026 | |
| cbxpetition | cbxpetition |
93
|
CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQL Injection | LOW | *-1.0.3 | 2.0.0 | July 1, 2026 | |
| wp-upg | wp-upg | N/A | User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution | LOW | 2.19 | July 1, 2026 | ||
| easy-bootstrap-shortcodes | easy-bootstrap-shortcodes |
91
|
Easy Bootstrap Shortcode <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.5.4 | July 1, 2026 | ||
| conditional-payment-methods-for-woocommerce | conditional-payment-methods-for-woocommerce |
91
|
Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection | LOW | *-1.0 | July 1, 2026 | ||
| agile-store-locator | agile-store-locator |
97
|
Store Locator WordPress <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.4.8 | 1.4.9 | July 1, 2026 | |
| wp-user-avatar | wp-user-avatar | N/A | ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-4.5.0 | 4.5.1 | July 1, 2026 | |
| wp-user-avatar | wp-user-avatar | N/A | ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings | LOW | *-4.5.0 | 4.5.1 | July 1, 2026 | |
| wp-spell-check | wp-spell-check | N/A | WP Spell Check <= 9.12 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-9.12 | 9.13 | July 1, 2026 | |
| wp-spell-check | wp-spell-check | N/A | WP Spell Check <= 9.12 - Cross-Site Request Forgery | LOW | *-9.12 | 9.13 | July 1, 2026 | |
| waiting | waiting | N/A | Waiting: One-click countdowns <= 0.6.2 - Missing Authorization | LOW | *-0.6.2 | July 1, 2026 | ||
| waiting | waiting | N/A | Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting | LOW | *-0.6.2 | July 1, 2026 | ||
| waiting | waiting | N/A | Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery | LOW | *-0.6.2 | July 1, 2026 | ||
| usc-e-shop | usc-e-shop | N/A | Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.8.8 | 2.8.9 | July 1, 2026 | |
| tickera-event-ticketing-system | tickera-event-ticketing-system | N/A | Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes | LOW | *-3.4.9.9 | 3.5.1.0 | July 1, 2026 | |
| themify-portfolio-post | themify-portfolio-post | N/A | Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.2.0 | 1.2.1 | July 1, 2026 | |
| super-socializer | super-socializer | N/A | Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-7.13.44 | 7.13.45 | July 1, 2026 | |
| simple-podcasting | simple-podcasting | N/A | json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution | LOW | *-1.3.0 | 1.4.0 | July 1, 2026 | |
| show-all-comments-in-one-page | show-all-comments-in-one-page | N/A | Show All Comments <= 7.0.0 - Reflected Cross-Site Scripting | LOW | *-7.0.0 | 7.0.1 | July 1, 2026 | |
| rss-import | rss-import | N/A | RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | LOW | *-4.6.1 | July 1, 2026 | ||
| real-cookie-banner | real-cookie-banner | N/A | Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.4.9 | 3.4.10 | July 1, 2026 | |
| mashsharer | mashsharer |
91
|
Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | LOW | *-3.8.6 | 3.8.7 | July 1, 2026 | |
| maps-block-apple | maps-block-apple |
93
|
json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution | LOW | *-1.0.3 | 1.1.0 | July 1, 2026 | |
| link-library | link-library |
93
|
Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-7.4 | 7.4.1 | July 1, 2026 | |
| justified-gallery | justified-gallery |
93
|
Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.7.0 | 1.7.1 | July 1, 2026 | |
| greenshift-animation-and-page-builder-blocks | greenshift-animation-and-page-builder-blocks |
93
|
Greenshift – animation and page builder blocks <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-4.8.8 | 4.8.9 | July 1, 2026 | |
| MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | google-analytics-for-wordpress |
72
|
MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics | LOW | *-8.9.0 | 8.9.1 | July 1, 2026 | |
| formidablepro-2-pdf | formidablepro-2-pdf |
93
|
Formidable PRO2PDF <= 3.09 - Authenticated (Admin+) SQL Injection | LOW | *-3.09 | 3.10 | July 1, 2026 | |
| events-made-easy | events-made-easy |
91
|
Events Made Easy <= 2.3.16 - Missing Authorization | LOW | *-2.3.16 | 2.3.17 | July 1, 2026 | |
| Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ | easy-accordion-free |
93
|
Easy Accordion <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.1.20 | 2.2.0 | July 1, 2026 | |
| Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages | convertkit |
88
|
ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.0.4 | 2.0.5 | July 1, 2026 | |
| Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | wp-carousel-free | N/A | Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.5.2 | 2.5.3 | July 1, 2026 | |
| testimonial-free | testimonial-free | N/A | Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode | LOW | *-2.5.11 | 2.6.0 | July 1, 2026 | |
| survey-maker | survey-maker | N/A | Survey Maker – Best WordPress Survey Plugin <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.1.1 | 3.1.2 | July 1, 2026 | |
| subscribe2 | subscribe2 | N/A | Subscribe2 <= 10.37 - Cross-Site Request Forgery | LOW | *-10.37 | 10.38 | July 1, 2026 | |
| interactive-3d-flipbook-powered-physics-engine | interactive-3d-flipbook-powered-physics-engine |
93
|
3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.13.2 | 1.13.3 | July 1, 2026 | |
| font-awesome | font-awesome |
93
|
Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | LOW | *-4.3.1 | 4.3.2 | July 1, 2026 | |
| wp-video-lightbox | wp-video-lightbox | N/A | WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.9.6 | 1.9.7 | July 1, 2026 | |
| wp-attachments | wp-attachments | N/A | WP Attachments <= 5.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-5.0.5 | 5.0.6 | July 1, 2026 | |
| woo-products-widgets-for-elementor | woo-products-widgets-for-elementor | N/A | Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting | LOW | *-1.0.7 | 1.0.8 | July 1, 2026 | |
| wck-custom-fields-and-custom-post-types-creator | wck-custom-fields-and-custom-post-types-creator | N/A | Custom Post Types and Custom Fields creator <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.3.2 | 2.3.3 | July 1, 2026 | |
| userswp | userswp | N/A | UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection | LOW | *-1.2.3.9 | 1.2.3.10 | July 1, 2026 | |
| simple-membership | simple-membership | N/A | Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode | LOW | *-4.2.1 | 4.2.2 | July 1, 2026 | |
| seriously-simple-podcasting | seriously-simple-podcasting | N/A | Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | LOW | *-2.19.0 | 2.19.1 | July 1, 2026 | |
| sassy-social-share | sassy-social-share | N/A | Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.3.44 | 3.3.45 | July 1, 2026 |
my-calendar
my-calendar
members-import
members-import
media-element-html5-video-and-audio-player
media-element-html5-video-and-audio-player
mailjet-for-wordpress
mailjet-for-wordpress
knowledgebase
knowledgebase
joli-table-of-contents
joli-table-of-contents
icon-widget
icon-widget
cpt-bootstrap-carousel
cpt-bootstrap-carousel
bold-timeline-lite
bold-timeline-lite
blockonomics-bitcoin-payments
blockonomics-bitcoin-payments
accordion-shortcodes
accordion-shortcodes
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
woocommerce-jetpack
google-analyticator
google-analyticator
booster-plus-for-woocommerce
booster-plus-for-woocommerce
booster-elite-for-woocommerce
booster-elite-for-woocommerce
wp-google-my-business-auto-publish
wp-google-my-business-auto-publish
wd-google-maps
wd-google-maps
video-conferencing-with-zoom-api
video-conferencing-with-zoom-api
top-10
top-10
gs-logo-slider
gs-logo-slider
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
geodirectory
genesis-columns-advanced
genesis-columns-advanced
content-protector
content-protector
content-protector
content-protector
content-control
content-control
wpzoom-portfolio
wpzoom-portfolio
wp-popups-lite
wp-popups-lite
word-balloon
word-balloon
Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider
woo-product-slider
user-verification
user-verification
structured-content
structured-content
shiftnav-responsive-mobile-menu
shiftnav-responsive-mobile-menu
print-o-matic
print-o-matic
OneClick Chat to Order
oneclick-whatsapp-order
jquery-collapse-o-matic
jquery-collapse-o-matic
imageseo
imageseo
brutebank
brutebank
WP Statistics – Simple, privacy-friendly Google Analytics alternative
wp-statistics
wp-limit-login-attempts
wp-limit-login-attempts
wordpress-simple-paypal-shopping-cart
wordpress-simple-paypal-shopping-cart
sitemap
sitemap
search-filter
search-filter
rate-my-post
rate-my-post
pardakht-delkhah
pardakht-delkhah
page-list
page-list
page-builder-add
page-builder-add
login-logout-menu
login-logout-menu
login-as-customer-or-user
login-as-customer-or-user
hashbar-wp-notification-bar
hashbar-wp-notification-bar
google-analyticator
google-analyticator
FluentAuth – The Ultimate Authorization & Security Plugin for WordPress
fluent-security
facebook-page-feed-graph-api
facebook-page-feed-graph-api
eu-cookie-law
eu-cookie-law
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
easy-facebook-likebox
easy-appointments
easy-appointments
compact-wp-audio-player
compact-wp-audio-player
cbxpetition
cbxpetition
wp-upg
wp-upg
easy-bootstrap-shortcodes
easy-bootstrap-shortcodes
conditional-payment-methods-for-woocommerce
conditional-payment-methods-for-woocommerce
agile-store-locator
agile-store-locator
wp-user-avatar
wp-user-avatar
wp-user-avatar
wp-user-avatar
wp-spell-check
wp-spell-check
wp-spell-check
wp-spell-check
waiting
waiting
waiting
waiting
waiting
waiting
usc-e-shop
usc-e-shop
tickera-event-ticketing-system
tickera-event-ticketing-system
themify-portfolio-post
themify-portfolio-post
super-socializer
super-socializer
simple-podcasting
simple-podcasting
show-all-comments-in-one-page
show-all-comments-in-one-page
rss-import
rss-import
real-cookie-banner
real-cookie-banner
mashsharer
mashsharer
maps-block-apple
maps-block-apple
link-library
link-library
justified-gallery
justified-gallery
greenshift-animation-and-page-builder-blocks
greenshift-animation-and-page-builder-blocks
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)
google-analytics-for-wordpress
formidablepro-2-pdf
formidablepro-2-pdf
events-made-easy
events-made-easy
Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ
easy-accordion-free
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages
convertkit
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel
wp-carousel-free
testimonial-free
testimonial-free
survey-maker
survey-maker
subscribe2
subscribe2
interactive-3d-flipbook-powered-physics-engine
interactive-3d-flipbook-powered-physics-engine
font-awesome
font-awesome
wp-video-lightbox
wp-video-lightbox
wp-attachments
wp-attachments
woo-products-widgets-for-elementor
woo-products-widgets-for-elementor
wck-custom-fields-and-custom-post-types-creator
wck-custom-fields-and-custom-post-types-creator
userswp
userswp
simple-membership
simple-membership
seriously-simple-podcasting
seriously-simple-podcasting
sassy-social-share
sassy-social-share
Showing 27101 to 27200 of 36319 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 1, 2026 at 02:19 UTC.