Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

70

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
Robo Gallery – Photo & Image Slider robo-gallery N/A Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization LOW *-3.2.9 3.2.11 July 1, 2026
quote-o-matic quote-o-matic N/A Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection LOW *-1.0.5 July 1, 2026
owm-weather owm-weather N/A OWM Weather <= 5.6.11 - Cross-Site Request Forgery LOW *-5.6.11 5.6.12 July 1, 2026
multimedial-images multimedial-images
91
multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection LOW * - 1.0b July 1, 2026
lws-tools lws-tools
93
LWS Plugins <= (Various Versions) - Missing Authorization Checks LOW *-2.1 2.2 July 1, 2026
lws-sms lws-sms
91
LWS Plugins <= (Various Versions) - Missing Authorization Checks LOW *-2.1 2.1.5 July 1, 2026
lws-optimize lws-optimize
93
LWS Plugins <= (Various Versions) - Missing Authorization Checks LOW *-1.5 1.6 July 1, 2026
lws-hide-login lws-hide-login
93
LWS Plugins <= (Various Versions) - Missing Authorization Checks LOW *-2.0.2 2.1 July 1, 2026
lws-cleaner lws-cleaner
93
LWS Plugins <= (Various Versions) - Missing Authorization Checks LOW *-2.0.3 2.1 July 1, 2026
lws-affiliation lws-affiliation
91
LWS Plugins <= (Various Versions) - Missing Authorization Checks LOW *-2.1 2.2 July 1, 2026
letsrecover-woocommerce-abandoned-cart letsrecover-woocommerce-abandoned-cart
93
LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action LOW *-1.1.0 1.2.0 July 1, 2026
launchpad-by-obox launchpad-by-obox
89
Launchpad <= 1.0.13 - Cross-Site Request Forgery LOW *-1.0.13 July 1, 2026
iubenda-cookie-law-solution iubenda-cookie-law-solution
93
iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation LOW *-3.3.2 3.3.3 July 1, 2026
gs-facebook-comments gs-facebook-comments
93
WP Social Comments <= 1.7.2 - Missing Authorization to Authenticated (Subscriber+) Settings Change LOW *-1.7.2 1.7.3 July 1, 2026
conditional-shipping-for-woocommerce conditional-shipping-for-woocommerce
93
Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery LOW *-2.3.1 2.3.2 July 1, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate 9.8.1 - 9.8.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW 9.8.1-9.8.4 9.8.5 July 1, 2026
demon-image-annotation demon-image-annotation
93
demon image annotation <= 5.0 - Improper Input Restriction Validation LOW *-5.0 5.1 July 1, 2026
wp-user wp-user N/A WP User <= 7.0 - Unauthenticated SQL Injection LOW *-7.0 July 1, 2026
wp-rss-by-publishers wp-rss-by-publishers N/A WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection LOW *-0.1 July 1, 2026
wp-rss-by-publishers wp-rss-by-publishers N/A WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection LOW *-0.1 July 1, 2026
wp-rss-by-publishers wp-rss-by-publishers N/A WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection LOW *-0.1 July 1, 2026
wp-lister-for-amazon wp-lister-for-amazon N/A WP-Lister Lite for Amazon <= 2.4.2 - Reflected Cross-Site Scripting LOW *-2.4.2 2.4.3 July 1, 2026
woo-vietnam-checkout woo-vietnam-checkout N/A Woocommerce Vietnam Checkout <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 2.0.5 July 1, 2026
team-members team-members N/A Team Members <= 5.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-5.2.0 5.2.1 July 1, 2026
sirv sirv N/A Image Optimizer, Resizer and CDN – Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-6.8.0 6.8.1 July 1, 2026
product-reviews-import-export-for-woocommerce product-reviews-import-export-for-woocommerce N/A Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection LOW *-1.4.8 1.4.9 July 1, 2026
letsrecover-woocommerce-abandoned-cart letsrecover-woocommerce-abandoned-cart
93
LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection LOW *-1.1.0 1.2.0 July 1, 2026
letsrecover-woocommerce-abandoned-cart letsrecover-woocommerce-abandoned-cart
93
LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection LOW *-1.1.0 1.2.0 July 1, 2026
email-customizer-woocommerce email-customizer-woocommerce
93
Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection LOW *-1.7.1 1.7.2 July 1, 2026
custom-field-template custom-field-template
93
Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection LOW *-2.5.7 2.5.8 July 1, 2026
cryptocurrency-widgets-pack cryptocurrency-widgets-pack
91
Cryptocurrency Widgets Pack <= 2.0 - Unauthenticated SQL Injection LOW *-1.8.1 2.0 July 1, 2026
clearpay-gateway-for-woocommerce clearpay-gateway-for-woocommerce
93
Clearpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting LOW *-3.5.0 3.5.1 July 1, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
All-In-One Security <= 5.1.2 - Information Disclosure LOW *-5.1.2 5.1.3 July 1, 2026
afterpay-gateway-for-woocommerce afterpay-gateway-for-woocommerce
97
Afterpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting LOW *-3.5.0 3.5.1 July 1, 2026
yotuwp-easy-youtube-embed yotuwp-easy-youtube-embed N/A Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.10 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.3.10 1.3.11 July 1, 2026
wholesale-market-for-woocommerce wholesale-market-for-woocommerce N/A Wholesale Market for WooCommerce <= 2.0.0 & Wholesale Market <= 2.2.1 - Cross-Site Request Forgery LOW *-2.0.0 2.0.1 July 1, 2026
wholesale-market wholesale-market N/A Wholesale Market for WooCommerce <= 2.0.0 & Wholesale Market <= 2.2.1 - Cross-Site Request Forgery LOW *-2.2.1 2.2.2 July 1, 2026
white-label-cms white-label-cms N/A White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection LOW *-2.4 2.5 July 1, 2026
qe-seo-handyman qe-seo-handyman N/A Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection LOW *-1.0 July 1, 2026
qe-seo-handyman qe-seo-handyman N/A Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection LOW *-1.0 July 1, 2026
moosend-email-marketing moosend-email-marketing
93
Moosend Website Connector <= 1.0.189 - Missing Authorization LOW *-1.0.189 1.0.190 July 1, 2026
joy-of-text joy-of-text
89
Joy Of Text Lite – SMS messaging for WordPress <= 2.3.0 - Unauthenticated SQL Injection LOW *-2.3.0 2.3.1 July 1, 2026
gm-woo-product-list-widget gm-woo-product-list-widget
91
Product list Widget for Woocommerce <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 1, 2026
wpforo wpforo N/A wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection LOW *-2.0.9 2.1.0 July 1, 2026
wp-social-sharing wp-social-sharing N/A WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.2 July 1, 2026
wp-calendar wp-calendar N/A WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting LOW *-1.5.3 July 1, 2026
wp-2fa wp-2fa N/A WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Missing Authorization LOW *-2.2.0 2.2.1 July 1, 2026
panda-pods-repeater-field panda-pods-repeater-field N/A Panda Pods Repeater Field <= 1.5.3 - Reflected Cross-Site Scripting LOW *-1.5.3 1.5.4 July 1, 2026
login-with-cognito login-with-cognito
93
Login with Cognito <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.8 1.4.9 July 1, 2026
gc-testimonials gc-testimonials
91
GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting LOW *-1.3.2 July 1, 2026
contentstudio contentstudio
93
ContentStudio <= 1.1.8 - Missing Authorization LOW *-1.1.8 1.1.9 July 1, 2026
bookingpress-appointment-booking bookingpress-appointment-booking
93
BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference LOW *-1.0.30 1.0.31 July 1, 2026
wp-user wp-user N/A WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-7.0 July 1, 2026
wp-ban wp-ban N/A WP-Ban <= 1.69 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.69 1.69.1 July 1, 2026
widgetkit-for-elementor widgetkit-for-elementor N/A All-in-One Addons for Elementor - WidgetKit <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.4.3 2.4.4 July 1, 2026
updraftcentral updraftcentral N/A UpdraftCentral Dashboard 0.8.23 - Server-Side Request Forgery LOW 0.8.23 0.8.24 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery LOW *-1.3.55 1.3.56 July 1, 2026
iubenda-cookie-law-solution iubenda-cookie-law-solution
93
iubenda <= 3.3.2 - Cross-Site Request Forgery LOW *-3.3.2 3.3.3 July 1, 2026
filter-gallery filter-gallery
93
WordPress Filter Gallery Plugin <= 0.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.1.5 0.1.6 July 1, 2026
build-app-online build-app-online
85
Build App Online <= 1.0.18 - Unauthenticated SQL Injection LOW *-1.0.18 1.0.19 July 1, 2026
add-to-home-screen-wp add-to-home-screen-wp
97
Add to home screen WP Plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0 2.1 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting LOW *-5.6.2 5.6.3 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization LOW *-2.8.5 2.8.6 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read LOW *-2.8.4 2.8.5 July 1, 2026
supra-csv-parser supra-csv-parser N/A Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via Cross-Site Request Forgery LOW *-4.0.3 July 1, 2026
stop-spammer-registrations-plugin stop-spammer-registrations-plugin N/A Stop Spammers Security <= 2022.5 - Unauthenticated PHP Object Injection LOW *-2022.5 2022.6 July 1, 2026
simple-podcasting simple-podcasting N/A simple-git < 3.15.0 - Remote Code Execution LOW *-1.3.0 1.4.0 July 1, 2026
post-teaser post-teaser N/A Post Teaser <= 4.1.5 - Cross-Site Request Forgery LOW *-4.1.5 July 1, 2026
maps-block-apple maps-block-apple
93
simple-git < 3.15.0 - Remote Code Execution LOW *-1.0.3 1.1.0 July 1, 2026
loginizer loginizer
93
Loginizer <= 1.7.5 - Cross-Site Request Forgery LOW [*, 1.7.6) 1.7.6 July 1, 2026
kwayy-html-sitemap kwayy-html-sitemap
93
Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting LOW *-3.1 4.0 July 1, 2026
insert-special-characters insert-special-characters
93
simple-git < 3.15.0 - Remote Code Execution LOW *-1.0.5 1.0.6 July 1, 2026
gd-bbpress-attachments gd-bbpress-attachments
93
GD bbPress Attachments <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.3.1 4.4 July 1, 2026
essential-real-estate essential-real-estate
87
Essential Real Estate <= 3.9.6 - Reflected Cross-Site-Scripting LOW *-3.9.6 4.0.0 July 1, 2026
elasticpress elasticpress
93
simple-git < 3.15.0 - Remote Code Execution LOW *-4.4.0 4.4.1 July 1, 2026
custom-content-by-country custom-content-by-country
93
Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery LOW 3.1.2 3.1.3 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[] LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order LOW *-19.1.4.1 19.1.5 July 1, 2026
LOW

Robo Gallery – Photo & Image Slider

robo-gallery

Score: N/A Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization Affected: *-3.2.9 Patched: 3.2.11 Updated: July 1, 2026
LOW

quote-o-matic

quote-o-matic

Score: N/A Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

owm-weather

owm-weather

Score: N/A OWM Weather <= 5.6.11 - Cross-Site Request Forgery Affected: *-5.6.11 Patched: 5.6.12 Updated: July 1, 2026
LOW

multimedial-images

multimedial-images

Score: 91/100 multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection Affected: * - 1.0b Patched: Updated: July 1, 2026
LOW

lws-tools

lws-tools

Score: 93/100 LWS Plugins <= (Various Versions) - Missing Authorization Checks Affected: *-2.1 Patched: 2.2 Updated: July 1, 2026
LOW

lws-sms

lws-sms

Score: 91/100 LWS Plugins <= (Various Versions) - Missing Authorization Checks Affected: *-2.1 Patched: 2.1.5 Updated: July 1, 2026
LOW

lws-optimize

lws-optimize

Score: 93/100 LWS Plugins <= (Various Versions) - Missing Authorization Checks Affected: *-1.5 Patched: 1.6 Updated: July 1, 2026
LOW

lws-hide-login

lws-hide-login

Score: 93/100 LWS Plugins <= (Various Versions) - Missing Authorization Checks Affected: *-2.0.2 Patched: 2.1 Updated: July 1, 2026
LOW

lws-cleaner

lws-cleaner

Score: 93/100 LWS Plugins <= (Various Versions) - Missing Authorization Checks Affected: *-2.0.3 Patched: 2.1 Updated: July 1, 2026
LOW

lws-affiliation

lws-affiliation

Score: 91/100 LWS Plugins <= (Various Versions) - Missing Authorization Checks Affected: *-2.1 Patched: 2.2 Updated: July 1, 2026
LOW

letsrecover-woocommerce-abandoned-cart

letsrecover-woocommerce-abandoned-cart

Score: 93/100 LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

launchpad-by-obox

launchpad-by-obox

Score: 89/100 Launchpad <= 1.0.13 - Cross-Site Request Forgery Affected: *-1.0.13 Patched: Updated: July 1, 2026
LOW

iubenda-cookie-law-solution

iubenda-cookie-law-solution

Score: 93/100 iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation Affected: *-3.3.2 Patched: 3.3.3 Updated: July 1, 2026
LOW

gs-facebook-comments

gs-facebook-comments

Score: 93/100 WP Social Comments <= 1.7.2 - Missing Authorization to Authenticated (Subscriber+) Settings Change Affected: *-1.7.2 Patched: 1.7.3 Updated: July 1, 2026
LOW

conditional-shipping-for-woocommerce

conditional-shipping-for-woocommerce

Score: 93/100 Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery Affected: *-2.3.1 Patched: 2.3.2 Updated: July 1, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate 9.8.1 - 9.8.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: 9.8.1-9.8.4 Patched: 9.8.5 Updated: July 1, 2026
LOW

demon-image-annotation

demon-image-annotation

Score: 93/100 demon image annotation <= 5.0 - Improper Input Restriction Validation Affected: *-5.0 Patched: 5.1 Updated: July 1, 2026
LOW

wp-user

wp-user

Score: N/A WP User <= 7.0 - Unauthenticated SQL Injection Affected: *-7.0 Patched: Updated: July 1, 2026
LOW

wp-rss-by-publishers

wp-rss-by-publishers

Score: N/A WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

wp-rss-by-publishers

wp-rss-by-publishers

Score: N/A WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

wp-rss-by-publishers

wp-rss-by-publishers

Score: N/A WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

wp-lister-for-amazon

wp-lister-for-amazon

Score: N/A WP-Lister Lite for Amazon <= 2.4.2 - Reflected Cross-Site Scripting Affected: *-2.4.2 Patched: 2.4.3 Updated: July 1, 2026
LOW

woo-vietnam-checkout

woo-vietnam-checkout

Score: N/A Woocommerce Vietnam Checkout <= 2.0.4 - Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

team-members

team-members

Score: N/A Team Members <= 5.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-5.2.0 Patched: 5.2.1 Updated: July 1, 2026
LOW

sirv

sirv

Score: N/A Image Optimizer, Resizer and CDN – Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.8.0 Patched: 6.8.1 Updated: July 1, 2026
LOW

product-reviews-import-export-for-woocommerce

product-reviews-import-export-for-woocommerce

Score: N/A Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection Affected: *-1.4.8 Patched: 1.4.9 Updated: July 1, 2026
LOW

letsrecover-woocommerce-abandoned-cart

letsrecover-woocommerce-abandoned-cart

Score: 93/100 LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

letsrecover-woocommerce-abandoned-cart

letsrecover-woocommerce-abandoned-cart

Score: 93/100 LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

email-customizer-woocommerce

email-customizer-woocommerce

Score: 93/100 Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection Affected: *-1.7.1 Patched: 1.7.2 Updated: July 1, 2026
LOW

custom-field-template

custom-field-template

Score: 93/100 Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.5.7 Patched: 2.5.8 Updated: July 1, 2026
LOW

cryptocurrency-widgets-pack

cryptocurrency-widgets-pack

Score: 91/100 Cryptocurrency Widgets Pack <= 2.0 - Unauthenticated SQL Injection Affected: *-1.8.1 Patched: 2.0 Updated: July 1, 2026
LOW

clearpay-gateway-for-woocommerce

clearpay-gateway-for-woocommerce

Score: 93/100 Clearpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting Affected: *-3.5.0 Patched: 3.5.1 Updated: July 1, 2026
LOW

afterpay-gateway-for-woocommerce

afterpay-gateway-for-woocommerce

Score: 97/100 Afterpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting Affected: *-3.5.0 Patched: 3.5.1 Updated: July 1, 2026
LOW

yotuwp-easy-youtube-embed

yotuwp-easy-youtube-embed

Score: N/A Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.10 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.3.10 Patched: 1.3.11 Updated: July 1, 2026
LOW

wholesale-market-for-woocommerce

wholesale-market-for-woocommerce

Score: N/A Wholesale Market for WooCommerce <= 2.0.0 & Wholesale Market <= 2.2.1 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: 2.0.1 Updated: July 1, 2026
LOW

wholesale-market

wholesale-market

Score: N/A Wholesale Market for WooCommerce <= 2.0.0 & Wholesale Market <= 2.2.1 - Cross-Site Request Forgery Affected: *-2.2.1 Patched: 2.2.2 Updated: July 1, 2026
LOW

white-label-cms

white-label-cms

Score: N/A White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.4 Patched: 2.5 Updated: July 1, 2026
LOW

qe-seo-handyman

qe-seo-handyman

Score: N/A Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

qe-seo-handyman

qe-seo-handyman

Score: N/A Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

moosend-email-marketing

moosend-email-marketing

Score: 93/100 Moosend Website Connector <= 1.0.189 - Missing Authorization Affected: *-1.0.189 Patched: 1.0.190 Updated: July 1, 2026
LOW

joy-of-text

joy-of-text

Score: 89/100 Joy Of Text Lite – SMS messaging for WordPress <= 2.3.0 - Unauthenticated SQL Injection Affected: *-2.3.0 Patched: 2.3.1 Updated: July 1, 2026
LOW

gm-woo-product-list-widget

gm-woo-product-list-widget

Score: 91/100 Product list Widget for Woocommerce <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection Affected: *-2.0.9 Patched: 2.1.0 Updated: July 1, 2026
LOW

wp-social-sharing

wp-social-sharing

Score: N/A WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 1, 2026
LOW

wp-calendar

wp-calendar

Score: N/A WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 1, 2026
LOW

wp-2fa

wp-2fa

Score: N/A WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Missing Authorization Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

panda-pods-repeater-field

panda-pods-repeater-field

Score: N/A Panda Pods Repeater Field <= 1.5.3 - Reflected Cross-Site Scripting Affected: *-1.5.3 Patched: 1.5.4 Updated: July 1, 2026
LOW

login-with-cognito

login-with-cognito

Score: 93/100 Login with Cognito <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.8 Patched: 1.4.9 Updated: July 1, 2026
LOW

gc-testimonials

gc-testimonials

Score: 91/100 GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: July 1, 2026
LOW

contentstudio

contentstudio

Score: 93/100 ContentStudio <= 1.1.8 - Missing Authorization Affected: *-1.1.8 Patched: 1.1.9 Updated: July 1, 2026
LOW

bookingpress-appointment-booking

bookingpress-appointment-booking

Score: 93/100 BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference Affected: *-1.0.30 Patched: 1.0.31 Updated: July 1, 2026
LOW

wp-user

wp-user

Score: N/A WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.0 Patched: Updated: July 1, 2026
LOW

wp-ban

wp-ban

Score: N/A WP-Ban <= 1.69 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.69 Patched: 1.69.1 Updated: July 1, 2026
LOW

widgetkit-for-elementor

widgetkit-for-elementor

Score: N/A All-in-One Addons for Elementor - WidgetKit <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.3 Patched: 2.4.4 Updated: July 1, 2026
LOW

updraftcentral

updraftcentral

Score: N/A UpdraftCentral Dashboard 0.8.23 - Server-Side Request Forgery Affected: 0.8.23 Patched: 0.8.24 Updated: July 1, 2026
LOW

iubenda-cookie-law-solution

iubenda-cookie-law-solution

Score: 93/100 iubenda <= 3.3.2 - Cross-Site Request Forgery Affected: *-3.3.2 Patched: 3.3.3 Updated: July 1, 2026
LOW

filter-gallery

filter-gallery

Score: 93/100 WordPress Filter Gallery Plugin <= 0.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1.5 Patched: 0.1.6 Updated: July 1, 2026
LOW

build-app-online

build-app-online

Score: 85/100 Build App Online <= 1.0.18 - Unauthenticated SQL Injection Affected: *-1.0.18 Patched: 1.0.19 Updated: July 1, 2026
LOW

add-to-home-screen-wp

add-to-home-screen-wp

Score: 97/100 Add to home screen WP Plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization Affected: *-2.8.5 Patched: 2.8.6 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-2.8.4 Patched: 2.8.5 Updated: July 1, 2026
LOW

supra-csv-parser

supra-csv-parser

Score: N/A Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via Cross-Site Request Forgery Affected: *-4.0.3 Patched: Updated: July 1, 2026
LOW

stop-spammer-registrations-plugin

stop-spammer-registrations-plugin

Score: N/A Stop Spammers Security <= 2022.5 - Unauthenticated PHP Object Injection Affected: *-2022.5 Patched: 2022.6 Updated: July 1, 2026
LOW

simple-podcasting

simple-podcasting

Score: N/A simple-git < 3.15.0 - Remote Code Execution Affected: *-1.3.0 Patched: 1.4.0 Updated: July 1, 2026
LOW

post-teaser

post-teaser

Score: N/A Post Teaser <= 4.1.5 - Cross-Site Request Forgery Affected: *-4.1.5 Patched: Updated: July 1, 2026
LOW

maps-block-apple

maps-block-apple

Score: 93/100 simple-git < 3.15.0 - Remote Code Execution Affected: *-1.0.3 Patched: 1.1.0 Updated: July 1, 2026
LOW

loginizer

loginizer

Score: 93/100 Loginizer <= 1.7.5 - Cross-Site Request Forgery Affected: [*, 1.7.6) Patched: 1.7.6 Updated: July 1, 2026
LOW

kwayy-html-sitemap

kwayy-html-sitemap

Score: 93/100 Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting Affected: *-3.1 Patched: 4.0 Updated: July 1, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 simple-git < 3.15.0 - Remote Code Execution Affected: *-1.0.5 Patched: 1.0.6 Updated: July 1, 2026
LOW

gd-bbpress-attachments

gd-bbpress-attachments

Score: 93/100 GD bbPress Attachments <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.3.1 Patched: 4.4 Updated: July 1, 2026
LOW

essential-real-estate

essential-real-estate

Score: 87/100 Essential Real Estate <= 3.9.6 - Reflected Cross-Site-Scripting Affected: *-3.9.6 Patched: 4.0.0 Updated: July 1, 2026
LOW

elasticpress

elasticpress

Score: 93/100 simple-git < 3.15.0 - Remote Code Execution Affected: *-4.4.0 Patched: 4.4.1 Updated: July 1, 2026
LOW

custom-content-by-country

custom-content-by-country

Score: 93/100 Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery Affected: 3.1.2 Patched: 3.1.3 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[] Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026

Showing 27401 to 27500 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 06:03 UTC.