Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

64

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[] LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id LOW *-19.1.5 19.1.5.1 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS LOW *-19.1.4.1 19.1.5 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting LOW [*, 6.0.0) 6.0.0 July 1, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting LOW [*, 6.0.0) 6.0.0 July 1, 2026
autoshare-for-twitter autoshare-for-twitter
93
simple-git < 3.15.0 - Remote Code Execution LOW *-1.2.1 1.3.0 July 1, 2026
Autoptimize autoptimize
87
Autoptimize <= 3.0.4 - Sensitive Information Disclosure LOW *-3.0.4 3.1.0 July 1, 2026
acf-quickedit-fields acf-quickedit-fields
97
ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference LOW *-3.2.2 3.2.3 July 1, 2026
WP Mail Log wp-mail-log N/A WP Mail Log <= 1.0.1 - Cross-Site Request Forgery LOW *-1.0.1 1.0.2 July 1, 2026
wp-inject wp-inject N/A ImageInject <= 1.18 - Authenticated (Admin+) Stored XSS LOW *-1.18 July 1, 2026
WP Google Review Slider wp-google-places-review-slider
70
WP Google Review Slider <= 11.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-11.5 11.6 July 1, 2026
sunshine-photo-cart sunshine-photo-cart N/A Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery LOW *-2.9.13 2.9.14 July 1, 2026
sunshine-photo-cart sunshine-photo-cart N/A Sunshine Photo Cart <= 2.9.13 - Missing Authorization LOW *-2.9.13 2.9.14 July 1, 2026
simple-basic-contact-form simple-basic-contact-form N/A Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-20220207 20221201 July 1, 2026
post-teaser post-teaser N/A Post Teaser <= 4.1.5 - Missing Authorization LOW *-4.1.5 July 1, 2026
plugin-logic plugin-logic N/A Plugin Logic <= 1.0.7 - Authenticated (Administrator+) SQL Injection LOW *-1.0.7 1.0.8 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying LOW *-1.3.2.4 1.3.2.5 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef LOW *-1.3.2 1.3.2.1 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf LOW *-1.3.2 1.3.2.1 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip LOW *-1.3.2.3 1.3.2.4 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key LOW *-1.3.2.2 1.3.2.3 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion LOW *-1.3.2.4 1.3.2.5 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf LOW *-1.3.2 1.3.2.1 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date LOW *-1.3.2.3 1.3.2.4 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf LOW *-1.3.2 1.3.2.1 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID LOW *-1.3.2.2 1.3.2.3 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf LOW *-1.3.2 1.3.2.1 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion LOW *-1.3.2.4 1.3.2.5 July 1, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn LOW *-1.3.2.2 1.3.2.3 July 1, 2026
bulk-delete-users-by-email bulk-delete-users-by-email
93
Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery LOW *-1.2 2.0.0 July 1, 2026
bulk-delete-users-by-email bulk-delete-users-by-email
93
Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 2.0.0 July 1, 2026
advanced-booking-calendar advanced-booking-calendar
95
Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection LOW *-1.7.1 July 1, 2026
Kadence Starter Templates — Predesigned Website Templates kadence-starter-templates
90
Starter Templates by Kadence WP <= 1.2.16 - Authenticated (Admin+) PHP Object Injection LOW *-1.2.16 1.2.17 July 1, 2026
google-apps-login google-apps-login
93
Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.4.4 3.4.5 July 1, 2026
armember armember
97
ARMember Premium <= 5.5.1 - Privilege Escalation LOW *-5.5.1 5.6 July 1, 2026
advanced-booking-calendar advanced-booking-calendar
95
Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery LOW *-1.7.1 July 1, 2026
wptools wptools N/A WP Tools <= 3.41 - Missing Authorization leading to Authenticated (Subscriber+) Authorization Bypass LOW *-3.41 3.43 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.6.8 - Cross-Site Request Forgery LOW *-5.6.8 6.0.0 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read LOW 2.6.10-2.8.4 2.8.5 July 1, 2026
slider-wd slider-wd N/A Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.2.52 1.2.53 July 1, 2026
paytium paytium N/A Paytium <= 4.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.3.6 4.3.7 July 1, 2026
iws-geo-form-fields iws-geo-form-fields
91
IWS - Geo Form Fields <= 1.0 - Unauthenticated SQL Injection LOW *-1.0 July 1, 2026
export-users-data-csv export-users-data-csv
93
Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection LOW *-2.1 2.2 July 1, 2026
eventify eventify
91
Eventify <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1 July 1, 2026
easy-wp-smtp easy-wp-smtp
93
Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Arbitrary File Deletion LOW *-1.5.1 1.5.2 July 1, 2026
easy-wp-smtp easy-wp-smtp
93
Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Remote Code Execution LOW *-1.5.1 1.5.2 July 1, 2026
easy-wp-smtp easy-wp-smtp
93
Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal LOW *-1.5.1 1.5.2 July 1, 2026
apptivo-business-site apptivo-business-site
95
Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.0.12 3.0.14 July 1, 2026
aio-time-clock-lite aio-time-clock-lite
97
All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.320 1.3.321 July 1, 2026
1app-business-forms 1app-business-forms
95
1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
wp-csv-exporter wp-csv-exporter N/A WP CSV Exporter <= 1.3.6 - CSV Injection LOW *-1.3.6 1.3.7 July 1, 2026
super-progressive-web-apps super-progressive-web-apps N/A Super Progressive Web Apps <= 2.2.8 - Missing Authorization LOW *-2.2.8 2.2.9 July 1, 2026
simplepress simplepress N/A Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification LOW *-6.8 6.8.1 July 1, 2026
simplepress simplepress N/A Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion LOW *-6.8 6.8.1 July 1, 2026
simplepress simplepress N/A Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies LOW *-6.8 6.8.1 July 1, 2026
simplepress simplepress N/A Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value LOW *-6.8 6.8.1 July 1, 2026
simplepress simplepress N/A Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures LOW *-6.8 6.8.1 July 1, 2026
sassy-social-share sassy-social-share N/A Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting LOW *-3.3.3 3.3.4 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer LOW *-8.0.4 8.0.5 July 1, 2026
paytm-payments paytm-payments N/A Paytm Payment Gateway <= 2.7.0 - Unauthenticated Server-Side Request Forgery LOW *-2.7.0 2.7.3 July 1, 2026
menu-items-visibility-control menu-items-visibility-control
91
Menu Item Visibility Control <= 0.5 - Authenticated (Admin+) Remote Code Execution LOW *-0.5 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.59 - Refleced Cross-Site Scripting LOW *-3.2.59 3.2.60 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery-pro contest-gallery-pro
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id LOW *-19.1.4.1 19.1.5 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate LOW *-19.1.4.1 19.1.5 July 1, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form LOW *-1.3.72 1.3.73 July 1, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
Appointment Hour Booking <= 1.3.72 - CSV Injection LOW *-1.3.72 1.3.73 July 1, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass LOW *-1.3.72 1.3.73 July 1, 2026
wp-shamsi wp-shamsi N/A WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation LOW *-4.1.0 4.1.1 July 1, 2026
woocommerce-wholesale-prices woocommerce-wholesale-prices N/A Wholesale Suite <= 2.1.5 - Authenticated (Subscriber+) Cross-Site Scripting LOW *-2.1.5 2.1.5.1 July 1, 2026
wholesale-market-for-woocommerce wholesale-market-for-woocommerce N/A Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download LOW *-1.0.7 1.0.8 July 1, 2026
wholesale-market-for-woocommerce wholesale-market-for-woocommerce N/A Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download LOW *-1.0.6 1.0.7 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery LOW *-2.8.3 2.8.4 July 1, 2026
theme-translation-for-polylang theme-translation-for-polylang N/A Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization LOW *-3.2.16 3.2.17 July 1, 2026
popup-manager popup-manager N/A Popup Manager <= 1.6.6 - Missing Authorization to Arbitrary Popup Deletion LOW *-1.6.6 July 1, 2026
popup-manager popup-manager N/A Popup Manager <= 1.6.6 - Unauthenticated Stored Cross-Site Scripting LOW *-1.6.6 July 1, 2026
pie-register pie-register N/A Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion LOW *-3.8.1.2 3.8.1.3 July 1, 2026
photo-gallery photo-gallery N/A Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.8.2 1.8.3 July 1, 2026
joomsport-sports-league-results-management joomsport-sports-league-results-management
93
JoomSport <= 5.2.7 - Unauthenticated SQL Injection LOW *-5.2.7 5.2.8 July 1, 2026
jobboardwp jobboardwp
93
JobBoardWP <= 1.2.1 - Unauthenticated Arbitrary File Upload LOW *-1.2.1 1.2.2 July 1, 2026
inpost-gallery inpost-gallery
93
InPost Gallery <= 2.1.4.1 - Local File Inclusion LOW *-2.1.4 2.1.4.1 July 1, 2026
flying-press flying-press
93
FlyingPress <= 3.9.6 - Missing Authorization LOW *-3.9.6 3.9.7 July 1, 2026
external-media external-media
89
External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.35 1.0.36 July 1, 2026
directorist directorist
93
Directorist <= 7.4.3 - Authenticated (Subscriber+) Sensitive Information Disclosure LOW *-7.4.3 7.4.4 July 1, 2026
Better Click To Share – Shareable Quote Boxes for X (Twitter) better-click-to-tweet
95
Better Click To Tweet <= 5.10.3 - Cross-Site Request Forgery LOW *-5.10.3 5.10.4 July 1, 2026
Better Click To Share – Shareable Quote Boxes for X (Twitter) better-click-to-tweet
95
Better Click To Tweet <= 5.10.3 - Missing Authorization LOW *-5.10.3 5.10.4 July 1, 2026
age-gate age-gate
97
Age Gate <= 2.13.4 - Open Redirect LOW [*, 2.13.5) 2.13.5 July 1, 2026
wpforo wpforo N/A wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change LOW *-2.0.5 2.0.6 July 1, 2026
uncanny-learndash-toolkit uncanny-learndash-toolkit N/A Uncanny Toolkit for LearnDash <= 3.6.3 - Cross-Site Request Forgery LOW *-3.6.3 3.6.4 July 1, 2026
photo-gallery photo-gallery N/A Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.7 - Open Redirect LOW *-1.8.7 1.8.8 July 1, 2026
organization-chart organization-chart N/A Organization chart <= 1.4.1 - Cross-Site Request Forgery LOW 1.4.1 1.4.2 July 1, 2026
organization-chart organization-chart N/A Organization chart <= 1.4.1 - Missing Authorization LOW *-1.4.1 1.4.2 July 1, 2026
download-monitor download-monitor
93
Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export LOW *-4.7.51 4.7.52 July 1, 2026
authenticator authenticator
93
Authenticator <= 1.3.0 - Missing Authorization LOW *-1.3.0 1.3.1 July 1, 2026
woo-refund-and-exchange-lite woo-refund-and-exchange-lite N/A Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload LOW *-4.0.8 4.0.9 July 1, 2026
kenta-blocks kenta-blocks
93
Kenta Gutenberg Blocks <= 1.0.7 - Missing Authorization LOW *-1.0.7 1.1.0 July 1, 2026
content-repeater content-repeater
89
Content Repeater <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.3 July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[] Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id Affected: *-19.1.5 Patched: 19.1.5.1 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting Affected: [*, 6.0.0) Patched: 6.0.0 Updated: July 1, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting Affected: [*, 6.0.0) Patched: 6.0.0 Updated: July 1, 2026
LOW

autoshare-for-twitter

autoshare-for-twitter

Score: 93/100 simple-git < 3.15.0 - Remote Code Execution Affected: *-1.2.1 Patched: 1.3.0 Updated: July 1, 2026
LOW

Autoptimize

autoptimize

Score: 87/100 Autoptimize <= 3.0.4 - Sensitive Information Disclosure Affected: *-3.0.4 Patched: 3.1.0 Updated: July 1, 2026
LOW

acf-quickedit-fields

acf-quickedit-fields

Score: 97/100 ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-3.2.2 Patched: 3.2.3 Updated: July 1, 2026
LOW

WP Mail Log

wp-mail-log

Score: N/A WP Mail Log <= 1.0.1 - Cross-Site Request Forgery Affected: *-1.0.1 Patched: 1.0.2 Updated: July 1, 2026
LOW

wp-inject

wp-inject

Score: N/A ImageInject <= 1.18 - Authenticated (Admin+) Stored XSS Affected: *-1.18 Patched: Updated: July 1, 2026
LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 WP Google Review Slider <= 11.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-11.5 Patched: 11.6 Updated: July 1, 2026
LOW

sunshine-photo-cart

sunshine-photo-cart

Score: N/A Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery Affected: *-2.9.13 Patched: 2.9.14 Updated: July 1, 2026
LOW

sunshine-photo-cart

sunshine-photo-cart

Score: N/A Sunshine Photo Cart <= 2.9.13 - Missing Authorization Affected: *-2.9.13 Patched: 2.9.14 Updated: July 1, 2026
LOW

simple-basic-contact-form

simple-basic-contact-form

Score: N/A Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-20220207 Patched: 20221201 Updated: July 1, 2026
LOW

post-teaser

post-teaser

Score: N/A Post Teaser <= 4.1.5 - Missing Authorization Affected: *-4.1.5 Patched: Updated: July 1, 2026
LOW

plugin-logic

plugin-logic

Score: N/A Plugin Logic <= 1.0.7 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying Affected: *-1.3.2.4 Patched: 1.3.2.5 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef Affected: *-1.3.2 Patched: 1.3.2.1 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip Affected: *-1.3.2.3 Patched: 1.3.2.4 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion Affected: *-1.3.2.4 Patched: 1.3.2.5 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date Affected: *-1.3.2.3 Patched: 1.3.2.4 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion Affected: *-1.3.2.4 Patched: 1.3.2.5 Updated: July 1, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: July 1, 2026
LOW

bulk-delete-users-by-email

bulk-delete-users-by-email

Score: 93/100 Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: 2.0.0 Updated: July 1, 2026
LOW

bulk-delete-users-by-email

bulk-delete-users-by-email

Score: 93/100 Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: 2.0.0 Updated: July 1, 2026
LOW

advanced-booking-calendar

advanced-booking-calendar

Score: 95/100 Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection Affected: *-1.7.1 Patched: Updated: July 1, 2026
LOW

google-apps-login

google-apps-login

Score: 93/100 Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.4.4 Patched: 3.4.5 Updated: July 1, 2026
LOW

armember

armember

Score: 97/100 ARMember Premium <= 5.5.1 - Privilege Escalation Affected: *-5.5.1 Patched: 5.6 Updated: July 1, 2026
LOW

advanced-booking-calendar

advanced-booking-calendar

Score: 95/100 Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery Affected: *-1.7.1 Patched: Updated: July 1, 2026
LOW

wptools

wptools

Score: N/A WP Tools <= 3.41 - Missing Authorization leading to Authenticated (Subscriber+) Authorization Bypass Affected: *-3.41 Patched: 3.43 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read Affected: 2.6.10-2.8.4 Patched: 2.8.5 Updated: July 1, 2026
LOW

slider-wd

slider-wd

Score: N/A Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.2.52 Patched: 1.2.53 Updated: July 1, 2026
LOW

paytium

paytium

Score: N/A Paytium <= 4.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.3.6 Patched: 4.3.7 Updated: July 1, 2026
LOW

iws-geo-form-fields

iws-geo-form-fields

Score: 91/100 IWS - Geo Form Fields <= 1.0 - Unauthenticated SQL Injection Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

export-users-data-csv

export-users-data-csv

Score: 93/100 Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection Affected: *-2.1 Patched: 2.2 Updated: July 1, 2026
LOW

eventify

eventify

Score: 91/100 Eventify <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

easy-wp-smtp

easy-wp-smtp

Score: 93/100 Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Arbitrary File Deletion Affected: *-1.5.1 Patched: 1.5.2 Updated: July 1, 2026
LOW

easy-wp-smtp

easy-wp-smtp

Score: 93/100 Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Remote Code Execution Affected: *-1.5.1 Patched: 1.5.2 Updated: July 1, 2026
LOW

easy-wp-smtp

easy-wp-smtp

Score: 93/100 Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal Affected: *-1.5.1 Patched: 1.5.2 Updated: July 1, 2026
LOW

apptivo-business-site

apptivo-business-site

Score: 95/100 Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.0.12 Patched: 3.0.14 Updated: July 1, 2026
LOW

aio-time-clock-lite

aio-time-clock-lite

Score: 97/100 All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.320 Patched: 1.3.321 Updated: July 1, 2026
LOW

1app-business-forms

1app-business-forms

Score: 95/100 1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wp-csv-exporter

wp-csv-exporter

Score: N/A WP CSV Exporter <= 1.3.6 - CSV Injection Affected: *-1.3.6 Patched: 1.3.7 Updated: July 1, 2026
LOW

super-progressive-web-apps

super-progressive-web-apps

Score: N/A Super Progressive Web Apps <= 2.2.8 - Missing Authorization Affected: *-2.2.8 Patched: 2.2.9 Updated: July 1, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification Affected: *-6.8 Patched: 6.8.1 Updated: July 1, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion Affected: *-6.8 Patched: 6.8.1 Updated: July 1, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies Affected: *-6.8 Patched: 6.8.1 Updated: July 1, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value Affected: *-6.8 Patched: 6.8.1 Updated: July 1, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures Affected: *-6.8 Patched: 6.8.1 Updated: July 1, 2026
LOW

sassy-social-share

sassy-social-share

Score: N/A Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting Affected: *-3.3.3 Patched: 3.3.4 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer Affected: *-8.0.4 Patched: 8.0.5 Updated: July 1, 2026
LOW

paytm-payments

paytm-payments

Score: N/A Paytm Payment Gateway <= 2.7.0 - Unauthenticated Server-Side Request Forgery Affected: *-2.7.0 Patched: 2.7.3 Updated: July 1, 2026
LOW

menu-items-visibility-control

menu-items-visibility-control

Score: 91/100 Menu Item Visibility Control <= 0.5 - Authenticated (Admin+) Remote Code Execution Affected: *-0.5 Patched: Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.59 - Refleced Cross-Site Scripting Affected: *-3.2.59 Patched: 3.2.60 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery-pro

contest-gallery-pro

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate Affected: *-19.1.4.1 Patched: 19.1.5 Updated: July 1, 2026
LOW

Appointment Hour Booking – Booking Calendar

appointment-hour-booking

Score: 97/100 Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form Affected: *-1.3.72 Patched: 1.3.73 Updated: July 1, 2026
LOW

wp-shamsi

wp-shamsi

Score: N/A WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation Affected: *-4.1.0 Patched: 4.1.1 Updated: July 1, 2026
LOW

woocommerce-wholesale-prices

woocommerce-wholesale-prices

Score: N/A Wholesale Suite <= 2.1.5 - Authenticated (Subscriber+) Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.5.1 Updated: July 1, 2026
LOW

wholesale-market-for-woocommerce

wholesale-market-for-woocommerce

Score: N/A Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

wholesale-market-for-woocommerce

wholesale-market-for-woocommerce

Score: N/A Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download Affected: *-1.0.6 Patched: 1.0.7 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery Affected: *-2.8.3 Patched: 2.8.4 Updated: July 1, 2026
LOW

theme-translation-for-polylang

theme-translation-for-polylang

Score: N/A Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization Affected: *-3.2.16 Patched: 3.2.17 Updated: July 1, 2026
LOW

popup-manager

popup-manager

Score: N/A Popup Manager <= 1.6.6 - Missing Authorization to Arbitrary Popup Deletion Affected: *-1.6.6 Patched: Updated: July 1, 2026
LOW

popup-manager

popup-manager

Score: N/A Popup Manager <= 1.6.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.6.6 Patched: Updated: July 1, 2026
LOW

pie-register

pie-register

Score: N/A Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion Affected: *-3.8.1.2 Patched: 3.8.1.3 Updated: July 1, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.8.2 Patched: 1.8.3 Updated: July 1, 2026
LOW

joomsport-sports-league-results-management

joomsport-sports-league-results-management

Score: 93/100 JoomSport <= 5.2.7 - Unauthenticated SQL Injection Affected: *-5.2.7 Patched: 5.2.8 Updated: July 1, 2026
LOW

jobboardwp

jobboardwp

Score: 93/100 JobBoardWP <= 1.2.1 - Unauthenticated Arbitrary File Upload Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

inpost-gallery

inpost-gallery

Score: 93/100 InPost Gallery <= 2.1.4.1 - Local File Inclusion Affected: *-2.1.4 Patched: 2.1.4.1 Updated: July 1, 2026
LOW

flying-press

flying-press

Score: 93/100 FlyingPress <= 3.9.6 - Missing Authorization Affected: *-3.9.6 Patched: 3.9.7 Updated: July 1, 2026
LOW

external-media

external-media

Score: 89/100 External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.35 Patched: 1.0.36 Updated: July 1, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 7.4.3 - Authenticated (Subscriber+) Sensitive Information Disclosure Affected: *-7.4.3 Patched: 7.4.4 Updated: July 1, 2026
LOW

age-gate

age-gate

Score: 97/100 Age Gate <= 2.13.4 - Open Redirect Affected: [*, 2.13.5) Patched: 2.13.5 Updated: July 1, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

uncanny-learndash-toolkit

uncanny-learndash-toolkit

Score: N/A Uncanny Toolkit for LearnDash <= 3.6.3 - Cross-Site Request Forgery Affected: *-3.6.3 Patched: 3.6.4 Updated: July 1, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.7 - Open Redirect Affected: *-1.8.7 Patched: 1.8.8 Updated: July 1, 2026
LOW

organization-chart

organization-chart

Score: N/A Organization chart <= 1.4.1 - Cross-Site Request Forgery Affected: 1.4.1 Patched: 1.4.2 Updated: July 1, 2026
LOW

organization-chart

organization-chart

Score: N/A Organization chart <= 1.4.1 - Missing Authorization Affected: *-1.4.1 Patched: 1.4.2 Updated: July 1, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export Affected: *-4.7.51 Patched: 4.7.52 Updated: July 1, 2026
LOW

authenticator

authenticator

Score: 93/100 Authenticator <= 1.3.0 - Missing Authorization Affected: *-1.3.0 Patched: 1.3.1 Updated: July 1, 2026
LOW

woo-refund-and-exchange-lite

woo-refund-and-exchange-lite

Score: N/A Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload Affected: *-4.0.8 Patched: 4.0.9 Updated: July 1, 2026
LOW

kenta-blocks

kenta-blocks

Score: 93/100 Kenta Gutenberg Blocks <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 1.1.0 Updated: July 1, 2026
LOW

content-repeater

content-repeater

Score: 89/100 Content Repeater <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 1, 2026

Showing 27501 to 27600 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 07:26 UTC.