Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

81

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
sitepress-multilingual-cms sitepress-multilingual-cms N/A WPML <= 4.5.13 - Cross-Site Request Forgery LOW *-4.5.13 4.5.14 July 1, 2026
sitepress-multilingual-cms sitepress-multilingual-cms N/A WPML <= 4.5.13 - Cross-Site Request Forgery LOW *-4.5.13 4.5.14 July 1, 2026
sitepress-multilingual-cms sitepress-multilingual-cms N/A WPML <= 4.5.10 - Missing Authorization to Settings Change LOW *-4.5.10 4.5.11 July 1, 2026
simple-video-embedder simple-video-embedder N/A Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2 July 1, 2026
seed-social seed-social N/A Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.3 2.0.4 July 1, 2026
quick-restaurant-reservations quick-restaurant-reservations N/A Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery LOW *-1.5.4 1.5.5 July 1, 2026
car-rental car-rental
91
Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.2 July 1, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages <= 1.9.10.68 - Authorization Bypass to Blocking Control Bypass LOW *-1.9.10.68 1.9.10.69 July 1, 2026
asgaros-forum asgaros-forum
97
Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery LOW *-2.1.0 2.2.0 July 1, 2026
wp-affiliate-platform wp-affiliate-platform N/A WP Affiliate Platform <= 6.3.9 - Reflected Cross-Site Scripting LOW *-6.3.9 6.4.0 July 1, 2026
wp-affiliate-platform wp-affiliate-platform N/A WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-6.3.9 6.4.0 July 1, 2026
wp-affiliate-platform wp-affiliate-platform N/A WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery LOW *-6.3.9 6.4.0 July 1, 2026
theme-demo-import theme-demo-import N/A Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload LOW *-1.1.3 July 1, 2026
salon-booking-system salon-booking-system N/A Salon booking system <= 7.9 - Reflected Cross-Site Scripting LOW *-7.9 7.9.4 July 1, 2026
oauth2-provider oauth2-provider N/A WP OAuth Server (OAuth Authentication) <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.2.1 4.2.2 July 1, 2026
form-vibes form-vibes
93
Form Vibes <= 1.4.5 - Authenticated (Admininstrator+) SQL Injection LOW *-1.4.5 1.4.6 July 1, 2026
3dprint 3dprint
95
3DPrint < 3.5.6.9 - Cross-Site Request Forgery to Arbitrary File Deletion LOW *-3.5.4.8 3.5.6.9 July 1, 2026
wp-user-merger wp-user-merger N/A WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection LOW *-1.5.2 1.5.3 July 1, 2026
wp-user-merger wp-user-merger N/A WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection LOW *-1.5.2 1.5.3 July 1, 2026
wp-user-merger wp-user-merger N/A WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection LOW *-1.5.2 1.5.3 July 1, 2026
wp-smart-contracts wp-smart-contracts N/A WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection LOW *-1.3.11 1.3.12 July 1, 2026
woo-checkout-field-editor-pro woo-checkout-field-editor-pro N/A Checkout Field Editor <= 1.7.2 - Authenticated (Admin+) PHP Object Injection LOW *-1.7.2 1.8.0 July 1, 2026
testimonial-slider testimonial-slider N/A Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery LOW *-1.3.1 1.3.2 July 1, 2026
seed-social seed-social N/A Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.2 2.0.3 July 1, 2026
loginpress loginpress
93
LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes LOW *-1.6.2 1.6.3 July 1, 2026
HTML Forms – Simple WordPress Forms Plugin html-forms
86
HTML Forms <= 1.3.24 - Authenticated (Administrator+) SQL Injection LOW *-1.3.24 1.3.25 July 1, 2026
cyklodev-wp-notify cyklodev-wp-notify
93
Cyklodev WP Notify <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.1 1.3.0 July 1, 2026
awesome-support awesome-support
93
Awesome Support <= 6.1.1 - Insecure Direct Object Reference to (Subscriber+) Ticket Export LOW *-6.1.1 6.1.2 July 1, 2026
wp-admin-ui-customize wp-admin-ui-customize N/A WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting LOW *-1.5.12 1.5.13 July 1, 2026
responsive-lightbox responsive-lightbox N/A Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.4.1 2.4.2 July 1, 2026
paypal-donations paypal-donations N/A Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.9.8 1.9.9 July 1, 2026
jeg-elementor-kit jeg-elementor-kit
93
Jeg Elementor Kit <= 2.5.6 - Authorization Bypass LOW *-2.5.6 2.5.7 July 1, 2026
jeg-elementor-kit jeg-elementor-kit
93
Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass LOW *-2.5.6 2.5.7 July 1, 2026
find-and-replace-all find-and-replace-all
89
Find and Replace All <= 1.3 - Cross-Site Request Forgery to Arbitrary Content Replacement LOW *-1.3 July 1, 2026
find-and-replace-all find-and-replace-all
89
Find and Replace All <= 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.3 July 1, 2026
wpgform wpgform N/A Google Forms <= 0.95 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.95 July 1, 2026
vr-calendar-sync vr-calendar-sync N/A VR Calendar <= 2.3.3 - Cross-Site Request Forgery LOW *-2.3.3 2.3.4 July 1, 2026
photo-gallery photo-gallery N/A Photo Gallery by 10Web <= 1.8.0 - Reflected Cross-Site Scripting LOW *-1.8.0 1.8.1 July 1, 2026
login-form-recaptcha login-form-recaptcha
91
reCAPTCHA <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6 July 1, 2026
image-hover-effects-css3 image-hover-effects-css3
91
Image Hover Effects Css3 <= 4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.5 July 1, 2026
get-site-to-phone-by-qr-code get-site-to-phone-by-qr-code
91
Showing URL in QR Code <= 0.0.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-0.0.1 July 1, 2026
fancier-author-box fancier-author-box
91
Fancier Author Box by ThematoSoup <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4 July 1, 2026
export-woocommerce-customer-list export-woocommerce-customer-list
93
Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection LOW *-2.0.67 2.0.69 July 1, 2026
Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent
93
Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.9.0 2.9.1 July 1, 2026
analytics-for-wp analytics-for-wp
95
Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.1 July 1, 2026
001-prime-strategy-translate-accelerator 001-prime-strategy-translate-accelerator
95
001 Prime Strategy Translate Accelerator <= 1.1.1 - Missing Authorization LOW *-1.1.1 July 1, 2026
wp-email-template wp-email-template N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.6.2 2.6.3 July 1, 2026
woocommerce-products-quick-view woocommerce-products-quick-view N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.0.1 2.0.2 July 1, 2026
woocommerce-product-sort-and-display woocommerce-product-sort-and-display N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.2.2 2.2.3 July 1, 2026
woocommerce-dynamic-gallery woocommerce-dynamic-gallery N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-3.0.1 3.0.2 July 1, 2026
woocommerce-compare-products woocommerce-compare-products N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.8.2 2.8.3 July 1, 2026
woo-widget-product-slideshow woo-widget-product-slideshow N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-1.9.1 1.9.2 July 1, 2026
video-thumbnails video-thumbnails N/A Video Thumbnails <= 2.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.12.3 July 1, 2026
salat-times salat-times N/A Salat Times < = 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.2.1 3.2.2 July 1, 2026
owm-weather owm-weather N/A OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection LOW *-5.6.8 5.6.9 July 1, 2026
jeeng-push-notifications jeeng-push-notifications
93
Jeeng Push Notifications <= 2.0.3 - Cross-Site Request Forgery LOW *-2.0.3 2.0.4 July 1, 2026
jeeng-push-notifications jeeng-push-notifications
93
Jeeng Push Notifications <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.3 2.0.4 July 1, 2026
font-awesome-4-menus font-awesome-4-menus
89
Font Awesome 4 Menus <= 4.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.7.0 July 1, 2026
find-and-replace-all find-and-replace-all
89
Find and Replace All <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW 1.2 1.3 July 1, 2026
download-plugin download-plugin
93
Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure LOW *-1.6.2 2.0.0 July 1, 2026
contact-us-page-contact-people contact-us-page-contact-people
89
a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-3.6.1 3.6.2 July 1, 2026
am-hili-affiliate-manager-for-publishers am-hili-affiliate-manager-for-publishers
95
AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
agenteasy-properties agenteasy-properties
95
AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.4 July 1, 2026
administrator-z administrator-z
95
Administrator Z <= 2022.9.28 - Unauthorized File Upload via ACF LOW *-2022.9.28 2022.9.29 July 1, 2026
accessibility accessibility
97
Accessibility <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping LOW *-1.0.2 1.0.3 July 1, 2026
a3-responsive-slider a3-responsive-slider
97
a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.2.0 2.2.1 July 1, 2026
a3-portfolio a3-portfolio
97
a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-3.0.1 3.0.2 July 1, 2026
a3 Lazy Load a3-lazy-load
95
a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.6.0 2.6.1 July 1, 2026
4ecps-webforms 4ecps-webforms
95
4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.2.17 0.2.18 July 1, 2026
watchtowerhq watchtowerhq N/A WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Download LOW *-3.6.15 3.6.16 July 1, 2026
watchtowerhq watchtowerhq N/A WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Deletion LOW *-3.6.15 3.6.16 July 1, 2026
permalink-manager permalink-manager N/A Permalink Manager Lite <= 2.2.20 - Missing Authorization LOW *-2.2.20 2.2.20.1 July 1, 2026
miniorange-2-factor-authentication miniorange-2-factor-authentication
93
miniOrange's Google Authenticator <= 5.6.1 - Cross-Site Request Forgery to Malware Scan Termination LOW *-5.6.1 5.6.2 July 1, 2026
homepage-pop-up homepage-pop-up
89
Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.5 July 1, 2026
homepage-pop-up homepage-pop-up
89
Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery LOW *-1.2.5 July 1, 2026
download-monitor download-monitor
93
Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure LOW *-4.7.2 4.7.3 July 1, 2026
contact-us-page-contact-people contact-us-page-contact-people
89
Contact Us Page – Contact People <= 3.6.1 - Cross-Site Request Forgery to Settings Reset LOW *-3.6.1 3.6.2 July 1, 2026
authorizer authorizer
93
phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation LOW [*, 1.6.0) 1.6.0 July 1, 2026
mantenimiento-web mantenimiento-web
93
Mantenimiento web <= 0.8 - Cross-Site Request Forgery LOW *-0.8 0.9 July 1, 2026
wpdeepl wpdeepl N/A DeepL Pro API Translation <= 1.7.4 - Sensitive Information Disclosure LOW *-1.7.4 1.7.5 July 1, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration wp-user-frontend N/A WP User Frontend <= 3.5.28 - Privilege Escalation LOW *-3.5.28 3.5.29 July 1, 2026
wp-polls wp-polls N/A WP-Polls <= 2.75.6 - IP Validation Bypass LOW *-2.75.6 2.76.0 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion LOW *-5.6.6 5.6.7 July 1, 2026
woo-wallet woo-wallet N/A TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference LOW *-1.4.3 1.4.4 July 1, 2026
subscribe-to-category subscribe-to-category N/A Subscribe to Category <= 2.7.3 - Missing Authorization LOW *-2.7.3 July 1, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations N/A Five Star Restaurant Reservations <= 2.4.11 - Missing Authorization to Stored Cross-Site Scripting LOW *-2.4.11 2.4.12 July 1, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker N/A Popup Maker <= 1.16.10 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.16.10 1.16.11 July 1, 2026
miniorange-2-factor-authentication miniorange-2-factor-authentication
93
miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change LOW *-5.6.1 5.6.2 July 1, 2026
menu-ordering-reservations menu-ordering-reservations
93
Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions LOW *-2.3.0 2.3.1 July 1, 2026
menu-ordering-reservations menu-ordering-reservations
93
Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery LOW *-2.3.1 2.3.2 July 1, 2026
gallery-images-ape gallery-images-ape
87
Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting LOW *-2.2.8 July 1, 2026
gallery-images-ape gallery-images-ape
87
Gallery Images Ape <= 2.2.8 - Missing Authorization LOW *-2.2.8 July 1, 2026
event-monster event-monster
93
Event Monster <= 1.2.0 - Authenticated (Administrator+) SQL Injection LOW *-1.2.0 1.2.1 July 1, 2026
content-egg content-egg
93
Content Egg <= 5.4.0 - Cross-Site Request Forgery LOW *-5.4.0 5.5.0 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion LOW *-5.6.4 5.6.5 July 1, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery LOW [*, 1.1.7) 1.1.7 July 1, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download LOW [*, 1.1.7) 1.1.7 July 1, 2026
addfreestats addfreestats
97
AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.15 4.16 July 1, 2026
yikes-inc-easy-custom-woocommerce-product-tabs yikes-inc-easy-custom-woocommerce-product-tabs N/A Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7.9 1.8.0 July 1, 2026
woo-wallet woo-wallet N/A TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via lock_unlock_terawallet LOW *-1.3.24 1.4.0 July 1, 2026
LOW

sitepress-multilingual-cms

sitepress-multilingual-cms

Score: N/A WPML <= 4.5.13 - Cross-Site Request Forgery Affected: *-4.5.13 Patched: 4.5.14 Updated: July 1, 2026
LOW

sitepress-multilingual-cms

sitepress-multilingual-cms

Score: N/A WPML <= 4.5.13 - Cross-Site Request Forgery Affected: *-4.5.13 Patched: 4.5.14 Updated: July 1, 2026
LOW

sitepress-multilingual-cms

sitepress-multilingual-cms

Score: N/A WPML <= 4.5.10 - Missing Authorization to Settings Change Affected: *-4.5.10 Patched: 4.5.11 Updated: July 1, 2026
LOW

simple-video-embedder

simple-video-embedder

Score: N/A Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 1, 2026
LOW

seed-social

seed-social

Score: N/A Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 1, 2026
LOW

quick-restaurant-reservations

quick-restaurant-reservations

Score: N/A Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery Affected: *-1.5.4 Patched: 1.5.5 Updated: July 1, 2026
LOW

car-rental

car-rental

Score: 91/100 Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 1, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: 2.2.0 Updated: July 1, 2026
LOW

wp-affiliate-platform

wp-affiliate-platform

Score: N/A WP Affiliate Platform <= 6.3.9 - Reflected Cross-Site Scripting Affected: *-6.3.9 Patched: 6.4.0 Updated: July 1, 2026
LOW

wp-affiliate-platform

wp-affiliate-platform

Score: N/A WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.3.9 Patched: 6.4.0 Updated: July 1, 2026
LOW

wp-affiliate-platform

wp-affiliate-platform

Score: N/A WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery Affected: *-6.3.9 Patched: 6.4.0 Updated: July 1, 2026
LOW

theme-demo-import

theme-demo-import

Score: N/A Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-1.1.3 Patched: Updated: July 1, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon booking system <= 7.9 - Reflected Cross-Site Scripting Affected: *-7.9 Patched: 7.9.4 Updated: July 1, 2026
LOW

oauth2-provider

oauth2-provider

Score: N/A WP OAuth Server (OAuth Authentication) <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: 4.2.2 Updated: July 1, 2026
LOW

form-vibes

form-vibes

Score: 93/100 Form Vibes <= 1.4.5 - Authenticated (Admininstrator+) SQL Injection Affected: *-1.4.5 Patched: 1.4.6 Updated: July 1, 2026
LOW

3dprint

3dprint

Score: 95/100 3DPrint < 3.5.6.9 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-3.5.4.8 Patched: 3.5.6.9 Updated: July 1, 2026
LOW

wp-user-merger

wp-user-merger

Score: N/A WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

wp-user-merger

wp-user-merger

Score: N/A WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

wp-user-merger

wp-user-merger

Score: N/A WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

wp-smart-contracts

wp-smart-contracts

Score: N/A WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection Affected: *-1.3.11 Patched: 1.3.12 Updated: July 1, 2026
LOW

woo-checkout-field-editor-pro

woo-checkout-field-editor-pro

Score: N/A Checkout Field Editor <= 1.7.2 - Authenticated (Admin+) PHP Object Injection Affected: *-1.7.2 Patched: 1.8.0 Updated: July 1, 2026
LOW

testimonial-slider

testimonial-slider

Score: N/A Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

seed-social

seed-social

Score: N/A Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: July 1, 2026
LOW

loginpress

loginpress

Score: 93/100 LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes Affected: *-1.6.2 Patched: 1.6.3 Updated: July 1, 2026
LOW

cyklodev-wp-notify

cyklodev-wp-notify

Score: 93/100 Cyklodev WP Notify <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.3.0 Updated: July 1, 2026
LOW

awesome-support

awesome-support

Score: 93/100 Awesome Support <= 6.1.1 - Insecure Direct Object Reference to (Subscriber+) Ticket Export Affected: *-6.1.1 Patched: 6.1.2 Updated: July 1, 2026
LOW

wp-admin-ui-customize

wp-admin-ui-customize

Score: N/A WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.5.12 Patched: 1.5.13 Updated: July 1, 2026
LOW

responsive-lightbox

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: 2.4.2 Updated: July 1, 2026
LOW

paypal-donations

paypal-donations

Score: N/A Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.9.8 Patched: 1.9.9 Updated: July 1, 2026
LOW

jeg-elementor-kit

jeg-elementor-kit

Score: 93/100 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass Affected: *-2.5.6 Patched: 2.5.7 Updated: July 1, 2026
LOW

jeg-elementor-kit

jeg-elementor-kit

Score: 93/100 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass Affected: *-2.5.6 Patched: 2.5.7 Updated: July 1, 2026
LOW

find-and-replace-all

find-and-replace-all

Score: 89/100 Find and Replace All <= 1.3 - Cross-Site Request Forgery to Arbitrary Content Replacement Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

find-and-replace-all

find-and-replace-all

Score: 89/100 Find and Replace All <= 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

wpgform

wpgform

Score: N/A Google Forms <= 0.95 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.95 Patched: Updated: July 1, 2026
LOW

vr-calendar-sync

vr-calendar-sync

Score: N/A VR Calendar <= 2.3.3 - Cross-Site Request Forgery Affected: *-2.3.3 Patched: 2.3.4 Updated: July 1, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery by 10Web <= 1.8.0 - Reflected Cross-Site Scripting Affected: *-1.8.0 Patched: 1.8.1 Updated: July 1, 2026
LOW

login-form-recaptcha

login-form-recaptcha

Score: 91/100 reCAPTCHA <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 1, 2026
LOW

image-hover-effects-css3

image-hover-effects-css3

Score: 91/100 Image Hover Effects Css3 <= 4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5 Patched: Updated: July 1, 2026
LOW

get-site-to-phone-by-qr-code

get-site-to-phone-by-qr-code

Score: 91/100 Showing URL in QR Code <= 0.0.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 1, 2026
LOW

fancier-author-box

fancier-author-box

Score: 91/100 Fancier Author Box by ThematoSoup <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

export-woocommerce-customer-list

export-woocommerce-customer-list

Score: 93/100 Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection Affected: *-2.0.67 Patched: 2.0.69 Updated: July 1, 2026
LOW

Beautiful Cookie Consent Banner

beautiful-and-responsive-cookie-consent

Score: 93/100 Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.9.0 Patched: 2.9.1 Updated: July 1, 2026
LOW

analytics-for-wp

analytics-for-wp

Score: 95/100 Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 1, 2026
LOW

001-prime-strategy-translate-accelerator

001-prime-strategy-translate-accelerator

Score: 95/100 001 Prime Strategy Translate Accelerator <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

wp-email-template

wp-email-template

Score: N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.6.2 Patched: 2.6.3 Updated: July 1, 2026
LOW

woocommerce-products-quick-view

woocommerce-products-quick-view

Score: N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.0.1 Patched: 2.0.2 Updated: July 1, 2026
LOW

woocommerce-product-sort-and-display

woocommerce-product-sort-and-display

Score: N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.2.2 Patched: 2.2.3 Updated: July 1, 2026
LOW

woocommerce-dynamic-gallery

woocommerce-dynamic-gallery

Score: N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-3.0.1 Patched: 3.0.2 Updated: July 1, 2026
LOW

woocommerce-compare-products

woocommerce-compare-products

Score: N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.8.2 Patched: 2.8.3 Updated: July 1, 2026
LOW

woo-widget-product-slideshow

woo-widget-product-slideshow

Score: N/A a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-1.9.1 Patched: 1.9.2 Updated: July 1, 2026
LOW

video-thumbnails

video-thumbnails

Score: N/A Video Thumbnails <= 2.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.12.3 Patched: Updated: July 1, 2026
LOW

salat-times

salat-times

Score: N/A Salat Times < = 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: July 1, 2026
LOW

owm-weather

owm-weather

Score: N/A OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection Affected: *-5.6.8 Patched: 5.6.9 Updated: July 1, 2026
LOW

jeeng-push-notifications

jeeng-push-notifications

Score: 93/100 Jeeng Push Notifications <= 2.0.3 - Cross-Site Request Forgery Affected: *-2.0.3 Patched: 2.0.4 Updated: July 1, 2026
LOW

jeeng-push-notifications

jeeng-push-notifications

Score: 93/100 Jeeng Push Notifications <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 1, 2026
LOW

font-awesome-4-menus

font-awesome-4-menus

Score: 89/100 Font Awesome 4 Menus <= 4.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.7.0 Patched: Updated: July 1, 2026
LOW

find-and-replace-all

find-and-replace-all

Score: 89/100 Find and Replace All <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: 1.2 Patched: 1.3 Updated: July 1, 2026
LOW

download-plugin

download-plugin

Score: 93/100 Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure Affected: *-1.6.2 Patched: 2.0.0 Updated: July 1, 2026
LOW

contact-us-page-contact-people

contact-us-page-contact-people

Score: 89/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-3.6.1 Patched: 3.6.2 Updated: July 1, 2026
LOW

am-hili-affiliate-manager-for-publishers

am-hili-affiliate-manager-for-publishers

Score: 95/100 AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

agenteasy-properties

agenteasy-properties

Score: 95/100 AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

administrator-z

administrator-z

Score: 95/100 Administrator Z <= 2022.9.28 - Unauthorized File Upload via ACF Affected: *-2022.9.28 Patched: 2022.9.29 Updated: July 1, 2026
LOW

accessibility

accessibility

Score: 97/100 Accessibility <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping Affected: *-1.0.2 Patched: 1.0.3 Updated: July 1, 2026
LOW

a3-responsive-slider

a3-responsive-slider

Score: 97/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

a3-portfolio

a3-portfolio

Score: 97/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-3.0.1 Patched: 3.0.2 Updated: July 1, 2026
LOW

a3 Lazy Load

a3-lazy-load

Score: 95/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.6.0 Patched: 2.6.1 Updated: July 1, 2026
LOW

4ecps-webforms

4ecps-webforms

Score: 95/100 4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2.17 Patched: 0.2.18 Updated: July 1, 2026
LOW

watchtowerhq

watchtowerhq

Score: N/A WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Download Affected: *-3.6.15 Patched: 3.6.16 Updated: July 1, 2026
LOW

watchtowerhq

watchtowerhq

Score: N/A WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Deletion Affected: *-3.6.15 Patched: 3.6.16 Updated: July 1, 2026
LOW

permalink-manager

permalink-manager

Score: N/A Permalink Manager Lite <= 2.2.20 - Missing Authorization Affected: *-2.2.20 Patched: 2.2.20.1 Updated: July 1, 2026
LOW

miniorange-2-factor-authentication

miniorange-2-factor-authentication

Score: 93/100 miniOrange's Google Authenticator <= 5.6.1 - Cross-Site Request Forgery to Malware Scan Termination Affected: *-5.6.1 Patched: 5.6.2 Updated: July 1, 2026
LOW

homepage-pop-up

homepage-pop-up

Score: 89/100 Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: July 1, 2026
LOW

homepage-pop-up

homepage-pop-up

Score: 89/100 Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery Affected: *-1.2.5 Patched: Updated: July 1, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure Affected: *-4.7.2 Patched: 4.7.3 Updated: July 1, 2026
LOW

contact-us-page-contact-people

contact-us-page-contact-people

Score: 89/100 Contact Us Page – Contact People <= 3.6.1 - Cross-Site Request Forgery to Settings Reset Affected: *-3.6.1 Patched: 3.6.2 Updated: July 1, 2026
LOW

authorizer

authorizer

Score: 93/100 phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation Affected: [*, 1.6.0) Patched: 1.6.0 Updated: July 1, 2026
LOW

mantenimiento-web

mantenimiento-web

Score: 93/100 Mantenimiento web <= 0.8 - Cross-Site Request Forgery Affected: *-0.8 Patched: 0.9 Updated: July 1, 2026
LOW

wpdeepl

wpdeepl

Score: N/A DeepL Pro API Translation <= 1.7.4 - Sensitive Information Disclosure Affected: *-1.7.4 Patched: 1.7.5 Updated: July 1, 2026
LOW

wp-polls

wp-polls

Score: N/A WP-Polls <= 2.75.6 - IP Validation Bypass Affected: *-2.75.6 Patched: 2.76.0 Updated: July 1, 2026
LOW

woo-wallet

woo-wallet

Score: N/A TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference Affected: *-1.4.3 Patched: 1.4.4 Updated: July 1, 2026
LOW

subscribe-to-category

subscribe-to-category

Score: N/A Subscribe to Category <= 2.7.3 - Missing Authorization Affected: *-2.7.3 Patched: Updated: July 1, 2026
LOW

miniorange-2-factor-authentication

miniorange-2-factor-authentication

Score: 93/100 miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change Affected: *-5.6.1 Patched: 5.6.2 Updated: July 1, 2026
LOW

menu-ordering-reservations

menu-ordering-reservations

Score: 93/100 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions Affected: *-2.3.0 Patched: 2.3.1 Updated: July 1, 2026
LOW

menu-ordering-reservations

menu-ordering-reservations

Score: 93/100 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery Affected: *-2.3.1 Patched: 2.3.2 Updated: July 1, 2026
LOW

gallery-images-ape

gallery-images-ape

Score: 87/100 Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-2.2.8 Patched: Updated: July 1, 2026
LOW

gallery-images-ape

gallery-images-ape

Score: 87/100 Gallery Images Ape <= 2.2.8 - Missing Authorization Affected: *-2.2.8 Patched: Updated: July 1, 2026
LOW

event-monster

event-monster

Score: 93/100 Event Monster <= 1.2.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

content-egg

content-egg

Score: 93/100 Content Egg <= 5.4.0 - Cross-Site Request Forgery Affected: *-5.4.0 Patched: 5.5.0 Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion Affected: *-5.6.4 Patched: 5.6.5 Updated: July 1, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery Affected: [*, 1.1.7) Patched: 1.1.7 Updated: July 1, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download Affected: [*, 1.1.7) Patched: 1.1.7 Updated: July 1, 2026
LOW

addfreestats

addfreestats

Score: 97/100 AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.15 Patched: 4.16 Updated: July 1, 2026
LOW

yikes-inc-easy-custom-woocommerce-product-tabs

yikes-inc-easy-custom-woocommerce-product-tabs

Score: N/A Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.9 Patched: 1.8.0 Updated: July 1, 2026
LOW

woo-wallet

woo-wallet

Score: N/A TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via lock_unlock_terawallet Affected: *-1.3.24 Patched: 1.4.0 Updated: July 1, 2026

Showing 27801 to 27900 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 10:31 UTC.