Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

83

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
content-repeater content-repeater
89
Content Repeater – Custom Posts Simplified <= 1.1.13 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.13 July 1, 2026
community-events community-events
93
Community Events <= 1.4.8 - Authenticated (Administrator+) Stored Cross Site Scripting LOW *-1.4.8 1.4.9 July 1, 2026
clictracker clictracker
91
WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
wp-ulike wp-ulike N/A WP ULike <= 4.6.4 - Race Condition LOW *-4.6.4 4.6.5 July 1, 2026
wha-puzzle wha-puzzle N/A WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting LOW *-1.0.9 July 1, 2026
quizlord quizlord N/A Quizlord <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
Smart Slider 3 smart-slider-3
90
Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection LOW *-3.5.1.9 3.5.1.11 July 1, 2026
Smart Slider 3 smart-slider-3
90
Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.5.1.9 3.5.1.11 July 1, 2026
miniorange-2-factor-authentication miniorange-2-factor-authentication
93
miniOrange's Google Authenticator <= 5.6.1 - Sensitive Data Exposure of Multifactor Backup Codes LOW *-5.6.1 5.6.2 July 1, 2026
image-map-pro image-map-pro
93
Image Map Pro < 5.6.9 - Cross-Site Request Forgery LOW [*, 5.6.9) 5.6.9 July 1, 2026
image-map-pro image-map-pro
93
Image Map Pro < 5.6.9 - Cross-Site Request Forgery LOW [*, 5.6.9) 5.6.9 July 1, 2026
googleanalytics googleanalytics
91
ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization LOW *-3.1.4 3.1.5 July 1, 2026
formassembly-web-forms formassembly-web-forms
93
WP-FormAssembly <= 2.0.5 - Authenticated (Contributor+) Arbitrary File Read LOW *-2.0.5 2.0.6 July 1, 2026
Defender Security – Malware Scanner, Login Security & Firewall defender-security
71
Defender Security <= 3.3.2 - Sensitive Information Disclosure LOW *-3.3.2 3.3.3 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 13.1.0.9 - Cross-Site Scripting LOW *-13.1.0.9 14.0.0 July 1, 2026
arforms-form-builder arforms-form-builder
95
ARForms Form Builder <= 1.5.6 - Unauthenticated Cross-Site Scripting LOW *-1.5.6 1.5.7 July 1, 2026
yith-woocommerce-gift-cards-premium yith-woocommerce-gift-cards-premium N/A Yith WooCommerce Gift Cards Premium <= 3.19.0 - Unauthenticated Arbitrary File Upload LOW *-3.19.0 3.20.0 July 1, 2026
wp-stripe-checkout wp-stripe-checkout N/A WP Stripe Checkout <= 1.2.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2.20 1.2.2.21 July 1, 2026
videojs-html5-player videojs-html5-player N/A Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.8 1.1.9 July 1, 2026
smsa-shipping-for-woocommerce smsa-shipping-for-woocommerce N/A SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download LOW *-1.0.4 1.0.5 July 1, 2026
responsive-lightbox2 responsive-lightbox2 N/A Responsive Lightbox2 <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 1, 2026
flowplayer6-video-player flowplayer6-video-player
93
Flowerplayer Video Player <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 1.0.5 July 1, 2026
easy-video-player easy-video-player
93
Easy Video Player <= 1.2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2.2 1.2.2.3 July 1, 2026
checkout-for-paypal checkout-for-paypal
93
Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.13 1.0.14 July 1, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery LOW *-5.1.0 5.1.1 July 1, 2026
zero-bs-crm zero-bs-crm N/A Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting LOW *-5.4.2 5.4.3 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion LOW *-5.6.6 5.6.7 July 1, 2026
woo-shipping-dpd-baltic woo-shipping-dpd-baltic N/A WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion LOW *-1.2.56 1.2.57 July 1, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-2.2.4 2.2.41 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.8.3 2.8.4 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.3 - Missing Authorization LOW *-2.8.3 2.8.4 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors – Car Dealer, Classifieds & Listing <= 1.4.3 - Unauthenticated Arbitrary File Upload LOW *-1.4.3 1.4.4 July 1, 2026
minimal-coming-soon-maintenance-mode minimal-coming-soon-maintenance-mode
93
Minimal Coming Soon – Coming Soon Page <= 2.33 - Authenticated (Administrator+) Cross-Site Scripting LOW *-2.33 2.35 July 1, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection LOW *-5.4.19 5.5.0 July 1, 2026
dokan-lite dokan-lite
93
Dokan <= 3.7.5 - Unauthenticated SQL Injection LOW *-3.7.5 3.7.6 July 1, 2026
directorist directorist
93
Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change LOW *-7.4.2.1 7.4.2.2 July 1, 2026
cooked-pro cooked-pro
93
Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection LOW [*, 1.7.5.7) 1.7.5.7 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion LOW *-5.6.5 5.6.6 July 1, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion LOW *-1.1.7 1.1.8 July 1, 2026
booking-calendar booking-calendar
91
Booking calendar, Appointment Booking System <= 3.2.1 - Unauthenticated Arbitrary File Upload LOW *-3.2.1 3.2.2 July 1, 2026
antihacker antihacker
97
Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install LOW *-4.19 4.20 July 1, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass LOW *-5.0.7 5.0.8 July 1, 2026
addons-for-elementor addons-for-elementor
93
Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-7.2.3 7.2.4 July 1, 2026
wp-external-links wp-external-links N/A External Links <= 2.55 - Authenticated (Administrator+) Cross-Site Scripting LOW *-2.55 2.56 July 1, 2026
speakout speakout N/A SpeakOut! Email Petitions <= 4.0.3 - Reflected Cross-Site Scripting LOW *-4.0.3 4.0.4 July 1, 2026
image-hover-effects image-hover-effects
93
Image Hover Effects <= 5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.4 5.5 July 1, 2026
tenweb-speed-optimizer tenweb-speed-optimizer N/A 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation LOW *-2.8.34 2.8.35 July 1, 2026
address-autocomplete-using-google-place-api address-autocomplete-using-google-place-api
95
Address Autocomplete Using Google Place Api <= 1.0.0 - Cross-Site Request Forgery LOW *-1.0.0 July 1, 2026
wptools wptools N/A WP Tools <= 3.42 - Missing Authorization to Select Plugin Installation LOW *-3.42 3.43 July 1, 2026
wp-memory wp-memory N/A Memory Usage <= 2.45 - Missing Authorization to Arbitrary Plugin Installation LOW *-2.45 2.46 July 1, 2026
WP Popular Posts wordpress-popular-posts N/A WordPress Popular Posts <= 6.0.5 - Unauthenticated Views Changes LOW *-6.0.5 6.1.0 July 1, 2026
stopbadbots stopbadbots N/A StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation LOW *-7.23 7.24 July 1, 2026
cardealer cardealer
93
Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation LOW *-3.04 3.05 July 1, 2026
wooswipe wooswipe N/A WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization LOW *-3.0.2 3.0.3 July 1, 2026
ultimate-tables ultimate-tables N/A ULTIMATE TABLES <= 1.6.5 - Reflected Cross-Site Scripting LOW *-1.6.5 July 1, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection LOW *-5.1.7 5.1.8 July 1, 2026
polldaddy polldaddy N/A Crowdsignal Dashboard <= 3.0.9 - Authorization Bypass LOW *-3.0.9 3.0.10 July 1, 2026
news-announcement-scroll news-announcement-scroll N/A News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting LOW *-8.8.8 9.0.0 July 1, 2026
ifeature-slider ifeature-slider
91
iFeature Slider <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2 July 1, 2026
flatpm-wp flatpm-wp
93
Flat PM <= 2.661 - Reflected Cross-Site Scripting LOW *-2.661 2.662 July 1, 2026
ezoic-integration ezoic-integration
93
Ezoic <= 2.8.8 - Missing Authorization to Stored Cross-Site Scripting LOW *-2.8.8 2.8.9 July 1, 2026
ezoic-integration ezoic-integration
93
Ezoic <= 2.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.8.8 2.8.9 July 1, 2026
essential-real-estate essential-real-estate
87
Essential Real Estate <= 3.9.5 - Reflected Cross-Site-Scripting LOW *-3.9.5 3.9.6 July 1, 2026
buddybadges buddybadges
91
Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection LOW *-1.0.0 July 1, 2026
auxin-elements auxin-elements
89
Shortcodes and extra features for Phlox theme <= 2.10.5 - PHP Objection Injection LOW *-2.10.5 2.10.7 July 1, 2026
anthologize anthologize
95
Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.8.0 0.8.1 July 1, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery LOW *-5.1.0 5.1.1 July 1, 2026
woo-shipping-dpd-baltic woo-shipping-dpd-baltic N/A WooCommerce Shipping – DPD baltic <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.8 1.2.11 July 1, 2026
Rich Showcase for Google Reviews widget-google-reviews
87
Plugin for Google Reviews <= 2.2.2 - Cross-Site Request Forgery LOW *-2.2.2 2.2.3 July 1, 2026
Rich Showcase for Google Reviews widget-google-reviews
87
Plugin for Google Reviews <= 2.2.2 - Missing Authorization LOW *-2.2.2 2.2.3 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery LOW *-2.8.3 2.8.4 July 1, 2026
svg-support svg-support N/A SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting LOW 2.5-2.5.1 2.5.2 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz and Survey Master <= 8.0.4 - Improper Input Validation LOW *-8.0.4 8.0.5 July 1, 2026
permalink-manager permalink-manager N/A Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery LOW *-2.2.20.1 2.2.20.2 July 1, 2026
easy-form-builder easy-form-builder
93
Easy Form Builder <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.3.8 3.4.0 July 1, 2026
donation-button donation-button
89
Donation Button <= 4.0.0 - Missing Authorization LOW *-4.0.0 July 1, 2026
donation-button donation-button
89
Donation Button <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.0 July 1, 2026
helloprint helloprint
91
Helloprint <= 1.4.6 - Reflected Cross-Site Scripting LOW *-1.4.6 1.4.7 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass LOW *-1.0.9.6 July 1, 2026
photospace photospace N/A Photospace Gallery <= 2.3.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.3.5 July 1, 2026
follow-me follow-me
91
Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-3.1.1 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.9.9 3.0.1 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update LOW *-2.9.9 3.0.1 July 1, 2026
comicbookmanagementsystemweeklypicks comicbookmanagementsystemweeklypicks
93
Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection LOW [*, 2.2.0) 2.2.0 July 1, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty chaty
88
Floating Chat Widget - Chaty <= 3.0.2 - Authenticated (Administrator+) SQL Injection LOW *-3.0.2 3.0.3 July 1, 2026
becustom becustom
93
Becustom <= 1.0.5.2 - Cross-Site Request Forgery LOW *-1.0.5.2 1.0.5.3 July 1, 2026
advanced-import advanced-import
97
Advanced Import <= 1.3.7 - Cross-Site Request Forgery LOW *-1.3.7 1.3.8 July 1, 2026
yith-woocommerce-zoom-magnifier yith-woocommerce-zoom-magnifier N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-2.14.0 2.15.0 July 1, 2026
yith-woocommerce-zoom-magnifier yith-woocommerce-zoom-magnifier N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery LOW *-2.14.0 2.15.0 July 1, 2026
yith-woocommerce-wishlist yith-woocommerce-wishlist N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-3.14.0 3.15.0 July 1, 2026
yith-woocommerce-wishlist yith-woocommerce-wishlist N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery LOW *-3.14.0 3.15.0 July 1, 2026
yith-woocommerce-waiting-list yith-woocommerce-waiting-list N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-1.21.0 1.21.1 July 1, 2026
yith-woocommerce-waiting-list yith-woocommerce-waiting-list N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery LOW *-1.21.0 1.21.1 July 1, 2026
yith-woocommerce-tab-manager yith-woocommerce-tab-manager N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-1.17.0 1.17.1 July 1, 2026
yith-woocommerce-tab-manager yith-woocommerce-tab-manager N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery LOW *-1.17.0 1.17.1 July 1, 2026
yith-woocommerce-subscription yith-woocommerce-subscription N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-2.16.0 2.16.1 July 1, 2026
yith-woocommerce-subscription yith-woocommerce-subscription N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery LOW *-2.16.0 2.16.1 July 1, 2026
yith-woocommerce-stripe yith-woocommerce-stripe N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-2.0.17 July 1, 2026
yith-woocommerce-stripe yith-woocommerce-stripe N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery LOW *-2.0.17 July 1, 2026
yith-woocommerce-social-login yith-woocommerce-social-login N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization LOW *-1.4.9 July 1, 2026
LOW

content-repeater

content-repeater

Score: 89/100 Content Repeater – Custom Posts Simplified <= 1.1.13 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.13 Patched: Updated: July 1, 2026
LOW

community-events

community-events

Score: 93/100 Community Events <= 1.4.8 - Authenticated (Administrator+) Stored Cross Site Scripting Affected: *-1.4.8 Patched: 1.4.9 Updated: July 1, 2026
LOW

clictracker

clictracker

Score: 91/100 WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

wp-ulike

wp-ulike

Score: N/A WP ULike <= 4.6.4 - Race Condition Affected: *-4.6.4 Patched: 4.6.5 Updated: July 1, 2026
LOW

wha-puzzle

wha-puzzle

Score: N/A WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 1, 2026
LOW

quizlord

quizlord

Score: N/A Quizlord <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

Smart Slider 3

smart-slider-3

Score: 90/100 Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection Affected: *-3.5.1.9 Patched: 3.5.1.11 Updated: July 1, 2026
LOW

Smart Slider 3

smart-slider-3

Score: 90/100 Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.1.9 Patched: 3.5.1.11 Updated: July 1, 2026
LOW

miniorange-2-factor-authentication

miniorange-2-factor-authentication

Score: 93/100 miniOrange's Google Authenticator <= 5.6.1 - Sensitive Data Exposure of Multifactor Backup Codes Affected: *-5.6.1 Patched: 5.6.2 Updated: July 1, 2026
LOW

image-map-pro

image-map-pro

Score: 93/100 Image Map Pro < 5.6.9 - Cross-Site Request Forgery Affected: [*, 5.6.9) Patched: 5.6.9 Updated: July 1, 2026
LOW

image-map-pro

image-map-pro

Score: 93/100 Image Map Pro < 5.6.9 - Cross-Site Request Forgery Affected: [*, 5.6.9) Patched: 5.6.9 Updated: July 1, 2026
LOW

googleanalytics

googleanalytics

Score: 91/100 ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization Affected: *-3.1.4 Patched: 3.1.5 Updated: July 1, 2026
LOW

formassembly-web-forms

formassembly-web-forms

Score: 93/100 WP-FormAssembly <= 2.0.5 - Authenticated (Contributor+) Arbitrary File Read Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 13.1.0.9 - Cross-Site Scripting Affected: *-13.1.0.9 Patched: 14.0.0 Updated: July 1, 2026
LOW

arforms-form-builder

arforms-form-builder

Score: 95/100 ARForms Form Builder <= 1.5.6 - Unauthenticated Cross-Site Scripting Affected: *-1.5.6 Patched: 1.5.7 Updated: July 1, 2026
LOW

yith-woocommerce-gift-cards-premium

yith-woocommerce-gift-cards-premium

Score: N/A Yith WooCommerce Gift Cards Premium <= 3.19.0 - Unauthenticated Arbitrary File Upload Affected: *-3.19.0 Patched: 3.20.0 Updated: July 1, 2026
LOW

wp-stripe-checkout

wp-stripe-checkout

Score: N/A WP Stripe Checkout <= 1.2.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2.20 Patched: 1.2.2.21 Updated: July 1, 2026
LOW

videojs-html5-player

videojs-html5-player

Score: N/A Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: July 1, 2026
LOW

smsa-shipping-for-woocommerce

smsa-shipping-for-woocommerce

Score: N/A SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-1.0.4 Patched: 1.0.5 Updated: July 1, 2026
LOW

responsive-lightbox2

responsive-lightbox2

Score: N/A Responsive Lightbox2 <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

flowplayer6-video-player

flowplayer6-video-player

Score: 93/100 Flowerplayer Video Player <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.0.5 Updated: July 1, 2026
LOW

easy-video-player

easy-video-player

Score: 93/100 Easy Video Player <= 1.2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2.2 Patched: 1.2.2.3 Updated: July 1, 2026
LOW

checkout-for-paypal

checkout-for-paypal

Score: 93/100 Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: 1.0.14 Updated: July 1, 2026
LOW

zero-bs-crm

zero-bs-crm

Score: N/A Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-5.4.2 Patched: 5.4.3 Updated: July 1, 2026
LOW

woo-shipping-dpd-baltic

woo-shipping-dpd-baltic

Score: N/A WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion Affected: *-1.2.56 Patched: 1.2.57 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.8.3 Patched: 2.8.4 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.3 - Missing Authorization Affected: *-2.8.3 Patched: 2.8.4 Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors – Car Dealer, Classifieds & Listing <= 1.4.3 - Unauthenticated Arbitrary File Upload Affected: *-1.4.3 Patched: 1.4.4 Updated: July 1, 2026
LOW

minimal-coming-soon-maintenance-mode

minimal-coming-soon-maintenance-mode

Score: 93/100 Minimal Coming Soon – Coming Soon Page <= 2.33 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-2.33 Patched: 2.35 Updated: July 1, 2026
LOW

dokan-lite

dokan-lite

Score: 93/100 Dokan <= 3.7.5 - Unauthenticated SQL Injection Affected: *-3.7.5 Patched: 3.7.6 Updated: July 1, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change Affected: *-7.4.2.1 Patched: 7.4.2.2 Updated: July 1, 2026
LOW

cooked-pro

cooked-pro

Score: 93/100 Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection Affected: [*, 1.7.5.7) Patched: 1.7.5.7 Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion Affected: *-5.6.5 Patched: 5.6.6 Updated: July 1, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion Affected: *-1.1.7 Patched: 1.1.8 Updated: July 1, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.1 - Unauthenticated Arbitrary File Upload Affected: *-3.2.1 Patched: 3.2.2 Updated: July 1, 2026
LOW

antihacker

antihacker

Score: 97/100 Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install Affected: *-4.19 Patched: 4.20 Updated: July 1, 2026
LOW

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Score: 72/100 All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass Affected: *-5.0.7 Patched: 5.0.8 Updated: July 1, 2026
LOW

addons-for-elementor

addons-for-elementor

Score: 93/100 Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-7.2.3 Patched: 7.2.4 Updated: July 1, 2026
LOW

wp-external-links

wp-external-links

Score: N/A External Links <= 2.55 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-2.55 Patched: 2.56 Updated: July 1, 2026
LOW

speakout

speakout

Score: N/A SpeakOut! Email Petitions <= 4.0.3 - Reflected Cross-Site Scripting Affected: *-4.0.3 Patched: 4.0.4 Updated: July 1, 2026
LOW

image-hover-effects

image-hover-effects

Score: 93/100 Image Hover Effects <= 5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.4 Patched: 5.5 Updated: July 1, 2026
LOW

tenweb-speed-optimizer

tenweb-speed-optimizer

Score: N/A 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation Affected: *-2.8.34 Patched: 2.8.35 Updated: July 1, 2026
LOW

address-autocomplete-using-google-place-api

address-autocomplete-using-google-place-api

Score: 95/100 Address Autocomplete Using Google Place Api <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wptools

wptools

Score: N/A WP Tools <= 3.42 - Missing Authorization to Select Plugin Installation Affected: *-3.42 Patched: 3.43 Updated: July 1, 2026
LOW

wp-memory

wp-memory

Score: N/A Memory Usage <= 2.45 - Missing Authorization to Arbitrary Plugin Installation Affected: *-2.45 Patched: 2.46 Updated: July 1, 2026
LOW

WP Popular Posts

wordpress-popular-posts

Score: N/A WordPress Popular Posts <= 6.0.5 - Unauthenticated Views Changes Affected: *-6.0.5 Patched: 6.1.0 Updated: July 1, 2026
LOW

stopbadbots

stopbadbots

Score: N/A StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation Affected: *-7.23 Patched: 7.24 Updated: July 1, 2026
LOW

cardealer

cardealer

Score: 93/100 Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation Affected: *-3.04 Patched: 3.05 Updated: July 1, 2026
LOW

wooswipe

wooswipe

Score: N/A WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization Affected: *-3.0.2 Patched: 3.0.3 Updated: July 1, 2026
LOW

ultimate-tables

ultimate-tables

Score: N/A ULTIMATE TABLES <= 1.6.5 - Reflected Cross-Site Scripting Affected: *-1.6.5 Patched: Updated: July 1, 2026
LOW

polldaddy

polldaddy

Score: N/A Crowdsignal Dashboard <= 3.0.9 - Authorization Bypass Affected: *-3.0.9 Patched: 3.0.10 Updated: July 1, 2026
LOW

news-announcement-scroll

news-announcement-scroll

Score: N/A News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting Affected: *-8.8.8 Patched: 9.0.0 Updated: July 1, 2026
LOW

ifeature-slider

ifeature-slider

Score: 91/100 iFeature Slider <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

flatpm-wp

flatpm-wp

Score: 93/100 Flat PM <= 2.661 - Reflected Cross-Site Scripting Affected: *-2.661 Patched: 2.662 Updated: July 1, 2026
LOW

ezoic-integration

ezoic-integration

Score: 93/100 Ezoic <= 2.8.8 - Missing Authorization to Stored Cross-Site Scripting Affected: *-2.8.8 Patched: 2.8.9 Updated: July 1, 2026
LOW

ezoic-integration

ezoic-integration

Score: 93/100 Ezoic <= 2.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.8.8 Patched: 2.8.9 Updated: July 1, 2026
LOW

essential-real-estate

essential-real-estate

Score: 87/100 Essential Real Estate <= 3.9.5 - Reflected Cross-Site-Scripting Affected: *-3.9.5 Patched: 3.9.6 Updated: July 1, 2026
LOW

buddybadges

buddybadges

Score: 91/100 Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.10.5 - PHP Objection Injection Affected: *-2.10.5 Patched: 2.10.7 Updated: July 1, 2026
LOW

anthologize

anthologize

Score: 95/100 Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.8.0 Patched: 0.8.1 Updated: July 1, 2026
LOW

woo-shipping-dpd-baltic

woo-shipping-dpd-baltic

Score: N/A WooCommerce Shipping – DPD baltic <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: 1.2.11 Updated: July 1, 2026
LOW

Rich Showcase for Google Reviews

widget-google-reviews

Score: 87/100 Plugin for Google Reviews <= 2.2.2 - Cross-Site Request Forgery Affected: *-2.2.2 Patched: 2.2.3 Updated: July 1, 2026
LOW

Rich Showcase for Google Reviews

widget-google-reviews

Score: 87/100 Plugin for Google Reviews <= 2.2.2 - Missing Authorization Affected: *-2.2.2 Patched: 2.2.3 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery Affected: *-2.8.3 Patched: 2.8.4 Updated: July 1, 2026
LOW

svg-support

svg-support

Score: N/A SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting Affected: 2.5-2.5.1 Patched: 2.5.2 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz and Survey Master <= 8.0.4 - Improper Input Validation Affected: *-8.0.4 Patched: 8.0.5 Updated: July 1, 2026
LOW

permalink-manager

permalink-manager

Score: N/A Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery Affected: *-2.2.20.1 Patched: 2.2.20.2 Updated: July 1, 2026
LOW

easy-form-builder

easy-form-builder

Score: 93/100 Easy Form Builder <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.3.8 Patched: 3.4.0 Updated: July 1, 2026
LOW

donation-button

donation-button

Score: 89/100 Donation Button <= 4.0.0 - Missing Authorization Affected: *-4.0.0 Patched: Updated: July 1, 2026
LOW

donation-button

donation-button

Score: 89/100 Donation Button <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.0 Patched: Updated: July 1, 2026
LOW

helloprint

helloprint

Score: 91/100 Helloprint <= 1.4.6 - Reflected Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass Affected: *-1.0.9.6 Patched: Updated: July 1, 2026
LOW

photospace

photospace

Score: N/A Photospace Gallery <= 2.3.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.3.5 Patched: Updated: July 1, 2026
LOW

follow-me

follow-me

Score: 91/100 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-3.1.1 Patched: Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.9.9 Patched: 3.0.1 Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update Affected: *-2.9.9 Patched: 3.0.1 Updated: July 1, 2026
LOW

comicbookmanagementsystemweeklypicks

comicbookmanagementsystemweeklypicks

Score: 93/100 Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection Affected: [*, 2.2.0) Patched: 2.2.0 Updated: July 1, 2026
LOW

becustom

becustom

Score: 93/100 Becustom <= 1.0.5.2 - Cross-Site Request Forgery Affected: *-1.0.5.2 Patched: 1.0.5.3 Updated: July 1, 2026
LOW

advanced-import

advanced-import

Score: 97/100 Advanced Import <= 1.3.7 - Cross-Site Request Forgery Affected: *-1.3.7 Patched: 1.3.8 Updated: July 1, 2026
LOW

yith-woocommerce-zoom-magnifier

yith-woocommerce-zoom-magnifier

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-2.14.0 Patched: 2.15.0 Updated: July 1, 2026
LOW

yith-woocommerce-zoom-magnifier

yith-woocommerce-zoom-magnifier

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Affected: *-2.14.0 Patched: 2.15.0 Updated: July 1, 2026
LOW

yith-woocommerce-wishlist

yith-woocommerce-wishlist

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-3.14.0 Patched: 3.15.0 Updated: July 1, 2026
LOW

yith-woocommerce-wishlist

yith-woocommerce-wishlist

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Affected: *-3.14.0 Patched: 3.15.0 Updated: July 1, 2026
LOW

yith-woocommerce-waiting-list

yith-woocommerce-waiting-list

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-1.21.0 Patched: 1.21.1 Updated: July 1, 2026
LOW

yith-woocommerce-waiting-list

yith-woocommerce-waiting-list

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Affected: *-1.21.0 Patched: 1.21.1 Updated: July 1, 2026
LOW

yith-woocommerce-tab-manager

yith-woocommerce-tab-manager

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-1.17.0 Patched: 1.17.1 Updated: July 1, 2026
LOW

yith-woocommerce-tab-manager

yith-woocommerce-tab-manager

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Affected: *-1.17.0 Patched: 1.17.1 Updated: July 1, 2026
LOW

yith-woocommerce-subscription

yith-woocommerce-subscription

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-2.16.0 Patched: 2.16.1 Updated: July 1, 2026
LOW

yith-woocommerce-subscription

yith-woocommerce-subscription

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Affected: *-2.16.0 Patched: 2.16.1 Updated: July 1, 2026
LOW

yith-woocommerce-stripe

yith-woocommerce-stripe

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-2.0.17 Patched: Updated: July 1, 2026
LOW

yith-woocommerce-stripe

yith-woocommerce-stripe

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Affected: *-2.0.17 Patched: Updated: July 1, 2026
LOW

yith-woocommerce-social-login

yith-woocommerce-social-login

Score: N/A YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Affected: *-1.4.9 Patched: Updated: July 1, 2026

Showing 27601 to 27700 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 08:33 UTC.