Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

72

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
Appointment Hour Booking <= 1.3.71 - Missing Authorization LOW *-1.3.71 1.3.72 July 1, 2026
appointment-booking-calendar appointment-booking-calendar
97
Appointment Booking Calendar <= 1.3.69 - Missing Authorization LOW *-1.3.69 1.3.70 July 1, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery LOW *-4.1.5 4.1.6 July 1, 2026
Advanced Coupons for WooCommerce Coupons & Store Credit advanced-coupons-for-woocommerce-free
80
Advanced Coupons for WooCommerce Coupons <= 4.5 - Cross-Site Request Forgery LOW *-4.5 4.5.0.1 July 1, 2026
wp-glossary wp-glossary N/A WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.2 July 1, 2026
evaluate evaluate
91
Evaluate <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
captainform captainform
89
Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery LOW *-2.5.3 July 1, 2026
wpdiscuz wpdiscuz N/A Comments – wpDiscuz <= 7.4.2 - Insecure Direct Object References LOW *-7.4.2 7.5 July 1, 2026
wp-bootstrap-gallery wp-bootstrap-gallery N/A WP Bootstrap Gallery <= 1.1 - Missing Authorization LOW *-1.1 July 1, 2026
wp-best-quiz wp-best-quiz N/A WP Best Quiz <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal LOW 1.0-2.5.0 2.5.1 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes LOW *-2.5.0 2.5.1 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options LOW *-2.5.0 2.5.1 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select LOW *-2.5.0 2.5.1 July 1, 2026
slideshow-se slideshow-se N/A Slideshow SE <= 2.5.5 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.5.5 2.5.6 July 1, 2026
slideshow-se slideshow-se N/A Slideshow SE <= 2.5.5 - Authenticated (Subscriber+) Cross-Site Scripting LOW *-2.5.5 2.5.6 July 1, 2026
my-wpdb my-wpdb
93
My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution LOW [*, 2.5) 2.5 July 1, 2026
modula-best-grid-gallery modula-best-grid-gallery
93
Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change LOW *-2.6.9 2.6.91 July 1, 2026
creative-mail-by-constant-contact creative-mail-by-constant-contact
95
Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Plugin Deactivation LOW *-1.5.4 1.6.0 July 1, 2026
creative-mail-by-constant-contact creative-mail-by-constant-contact
95
Creative Mail <= 1.5.4 - Cross-Site Request Forgery LOW *-1.5.4 1.6.0 July 1, 2026
creative-mail-by-constant-contact creative-mail-by-constant-contact
95
Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Settings Disconnect LOW *-1.5.4 1.6.0 July 1, 2026
api2cart-bridge-connector api2cart-bridge-connector
97
Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload LOW 1.1.0 1.2.0 July 1, 2026
api2cart-bridge-connector api2cart-bridge-connector
97
Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution LOW *-1.1.0 1.2.0 July 1, 2026
all-in-one-seo-pack-pro all-in-one-seo-pack-pro
97
All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery LOW *-4.2.5.1 4.2.6 July 1, 2026
zoho-crm-forms zoho-crm-forms N/A Zoho CRM Lead Magnet <= 1.7.5.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.7.5.8 1.7.5.9 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.6.6 - Cross-Site Request Forgery LOW *-5.6.6 5.6.7 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download LOW *-5.6.6 5.6.7 July 1, 2026
syncee-global-dropshipping syncee-global-dropshipping N/A Syncee – Global Dropshipping <= 1.0.9 - Missing Authorization. LOW *-1.0.9 1.0.10 July 1, 2026
syncee-for-suppliers syncee-for-suppliers N/A Syncee for Suppliers <= 1.0.5 - Missing Authorization to Sensitive Information Disclosure LOW *-1.0.5 1.0.10 July 1, 2026
super-testimonial super-testimonial N/A Testimonials <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.6 2.7 July 1, 2026
spacer spacer N/A Spacer <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.6 3.0.7 July 1, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure LOW *-5.0.3 5.0.4 July 1, 2026
gallery-with-thumbnail-slider gallery-with-thumbnail-slider
91
Gallery with thumbnail slider <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0 6.1 July 1, 2026
event-monster event-monster
93
Event Monster – Event Management, Tickets Booking, Upcoming Event <= 1.1.20 - Cross-Site Request Forgery LOW *-1.1.20 1.2.0 July 1, 2026
Database Addon for Contact Form 7 – CFDB7 contact-form-cfdb7
89
Contact Form 7 Database Addon <= 1.2.6.3 - CSV Injection LOW *-1.2.6.3 1.2.6.5 July 1, 2026
buddyforms buddyforms
89
BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting LOW *-2.7.2 2.7.3 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download LOW *-5.6.4 5.6.5 July 1, 2026
backup backup
93
Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.9 1.6.9.1 July 1, 2026
Web Stories web-stories
85
Web Stories <= 1.24.0 - Server Side Request Forgery LOW *-1.24.0 1.25.0 July 1, 2026
reSmush.it : The original free image compressor and optimizer plugin resmushit-image-optimizer N/A reSmush.it Image Optimizer <= 0.4.6 - Cross-Site Request Forgery LOW *-0.4.6 0.4.7 July 1, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery LOW *-4.1.5 4.1.6 July 1, 2026
seo-redirection seo-redirection N/A SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery LOW *-8.9 9.1 July 1, 2026
wpqa wpqa N/A WPQA < 5.9 - Cross-Site Request Forgery LOW [*, 5.9) 5.9 July 1, 2026
GEO Plugin by Squirrly SEO squirrly-seo N/A SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload LOW *-12.1.10 12.1.11 July 1, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update LOW *-9.7.1 9.7.2 July 1, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization LOW *-4.1.5 4.1.6 July 1, 2026
wip-custom-login wip-custom-login N/A WIP Custom Login <= 1.2.7 - Missing Authorization LOW *-1.2.7 1.2.8 July 1, 2026
traffic-manager traffic-manager N/A Traffic Manager <= 1.4.5 - Missing Authorization LOW *-1.4.5 July 1, 2026
traffic-manager traffic-manager N/A Traffic Manager <= 1.4.5 - Missing Authorization to Stored Cross-Site Scripting LOW *-1.4.5 July 1, 2026
td-composer td-composer N/A tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation LOW [*, 3.5) 3.5 July 1, 2026
searchwp searchwp N/A SearchWP Premium <= 4.2.5 - Authenticated (Subscriber+) Nonce Leakage and Authorization Bypass LOW *-4.2.5 4.2.6 July 1, 2026
related-posts-for-wp related-posts-for-wp N/A Related Posts for WordPress <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.2 2.1.3 July 1, 2026
phone-orders-for-woocommerce phone-orders-for-woocommerce N/A Phone Orders for WooCommerce <= 3.7.1 - Cross-Site Request Forgery LOW *-3.7.1 3.7.2 July 1, 2026
phone-orders-for-woocommerce phone-orders-for-woocommerce N/A Phone Orders for WooCommerce <= 3.7.1 - Missing Authorization LOW *-3.7.1 3.7.2 July 1, 2026
ip-blacklist-cloud ip-blacklist-cloud
87
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection LOW *-5.00 July 1, 2026
ip-blacklist-cloud ip-blacklist-cloud
87
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.00 July 1, 2026
corona-virus-covid-19-banner corona-virus-covid-19-banner
93
Corona Virus (COVID-19) Banner & Live Data <= 1.7.0.6 - Cross-Site Request Forgery LOW *-1.7.0.6 1.8.0.0 July 1, 2026
auto-upload-images auto-upload-images
93
Auto Upload Images <= 3.3 - Cross-Site Request Forgery LOW *-3.3 3.3.1 July 1, 2026
auto-upload-images auto-upload-images
93
Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.3 3.3.1 July 1, 2026
advanced-floating-content-lite advanced-floating-content-lite
97
Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 July 1, 2026
2kb-amazon-affiliates-store 2kb-amazon-affiliates-store
95
2kb Amazon Affiliates Store <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.5 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.10 - Cross-Site Request Forgery LOW *-7.3.10 7.3.11 July 1, 2026
wp-pagebuilder wp-pagebuilder N/A WP Page Builder <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.2.6 1.2.7 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection LOW *-7.3.4 7.3.5 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference LOW *-7.3.6 7.3.7 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.10 - Unauthenticated Stored Cross-Site Scripting LOW *-7.3.10 7.3.11 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.4 - Reflected Cross-Site Scripting LOW *-7.3.4 7.3.5 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.10 - Missing Authorization LOW *-7.3.10 7.3.11 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.3.4 7.3.5 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.3.4 7.3.5 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.10 - Sensitive Information Disclosure LOW *-7.3.10 7.3.11 July 1, 2026
dpt-oauth-client dpt-oauth-client
89
OAuth Client by DigitialPixies <= 1.1.0 - Cross-Site Request Forgery LOW *-1.1.0 July 1, 2026
dpt-oauth-client dpt-oauth-client
89
OAuth Client by DigitialPixies <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.0 July 1, 2026
Database for Contact Form 7, WPforms, Elementor forms contact-form-entries
84
Contact Form Entries <= 1.2.9 - CSV Injection LOW *-1.2.9 1.3.0 July 1, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages <= 1.9.10.68 - Server-Side Request Forgery LOW *-1.9.10.68 1.9.10.69 July 1, 2026
woo-order-export-lite woo-order-export-lite N/A Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery LOW *-3.3.2 3.3.3 July 1, 2026
super-testimonial-pro super-testimonial-pro N/A Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 July 1, 2026
super-testimonial super-testimonial N/A Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.6 2.7 July 1, 2026
mantenimiento-web mantenimiento-web
93
Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.13 0.14 July 1, 2026
ldd-directory-lite ldd-directory-lite
91
LDD Directory Lite - <= 3.5 - Reflected Cross-Site Scripting LOW *-3.5 3.6 July 1, 2026
integration-for-szamlazzhu-woocommerce integration-for-szamlazzhu-woocommerce
93
Integration for Szamlazz.hu & WooCommerce <= 5.6.3.2 - Cross-Site Request Forgery LOW *-5.6.3.2 5.6.3.3 July 1, 2026
hungarian-pickup-points-for-woocommerce hungarian-pickup-points-for-woocommerce
93
Csomagpontok és szállítási címkék WooCommerce hez <= 1.9.0.2 - Cross-Site Request Forgery LOW *-1.9.0.2 1.9.0.3 July 1, 2026
Simple SEO cds-simple-seo
92
Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation LOW *-1.8.12 1.8.13 July 1, 2026
Simple SEO cds-simple-seo
92
Simple SEO <= 1.8.12 - Cross-Site Request Forgery LOW *-1.8.12 1.8.13 July 1, 2026
wpforms wpforms N/A WPForms Pro <= 1.7.6 - CSV Injection LOW *-1.7.6 1.7.7 July 1, 2026
woocommerce-wholesale-prices woocommerce-wholesale-prices N/A Wholesale Suite <= 2.1.5 - Cross-Site Request Forgery LOW *-2.1.5 2.1.5.1 July 1, 2026
webmaster-tools-verification webmaster-tools-verification N/A Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation LOW *-1.2 July 1, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting LOW *-5.1.0 5.1.1 July 1, 2026
wp-attachments wp-attachments N/A WP Attachments <= 5.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.0.4 5.0.5 July 1, 2026
integracao-rd-station integracao-rd-station
93
RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion LOW *-5.1.3 5.2.0 July 1, 2026
gutenberg gutenberg
97
WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks LOW *-14.3.0 14.3.1 July 1, 2026
chat-bubble chat-bubble
89
Chat Bubble <= 2.2 - Unauthenticated Stored Cross-Site Scripting LOW *-2.2 2.3 July 1, 2026
advanced-custom-fields advanced-custom-fields
97
Advanced Custom Fields <= 6.0.2 - Authenticated (Contributor+) Information Disclosure LOW *-6.0.2 6.0.3 July 1, 2026
wp-hide wp-hide N/A WP Hide <= 0.0.2 - Missing Authorization to Settings Update LOW *-0.0.2 July 1, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal LOW *-3.6.8 3.6.9 July 1, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload LOW *-3.6.8 3.6.9 July 1, 2026
woocommerce-dropshipping woocommerce-dropshipping N/A WooCommerce Dropshipping Premium <= 4.3 - Unauthenticated SQL Injection LOW *-4.3 4.4 July 1, 2026
unitegallery unitegallery N/A Portfolio Gallery <= 1.0 - Missing Authorization LOW *-1.0 July 1, 2026
role-based-pricing-for-woocommerce role-based-pricing-for-woocommerce N/A Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.6.1 1.6.2 July 1, 2026
role-based-pricing-for-woocommerce role-based-pricing-for-woocommerce N/A Role Based Pricing for WooCommerce <= 1.6.2 - Missing Authorization to PHAR Deserialization LOW *-1.6.2 1.6.3 July 1, 2026
LOW

appointment-booking-calendar

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.3.69 - Missing Authorization Affected: *-1.3.69 Patched: 1.3.70 Updated: July 1, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery Affected: *-4.1.5 Patched: 4.1.6 Updated: July 1, 2026
LOW

wp-glossary

wp-glossary

Score: N/A WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.2 Patched: Updated: July 1, 2026
LOW

evaluate

evaluate

Score: 91/100 Evaluate <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

captainform

captainform

Score: 89/100 Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery Affected: *-2.5.3 Patched: Updated: July 1, 2026
LOW

wpdiscuz

wpdiscuz

Score: N/A Comments – wpDiscuz <= 7.4.2 - Insecure Direct Object References Affected: *-7.4.2 Patched: 7.5 Updated: July 1, 2026
LOW

wp-bootstrap-gallery

wp-bootstrap-gallery

Score: N/A WP Bootstrap Gallery <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

wp-best-quiz

wp-best-quiz

Score: N/A WP Best Quiz <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

slideshow-se

slideshow-se

Score: N/A Slideshow SE <= 2.5.5 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.5.5 Patched: 2.5.6 Updated: July 1, 2026
LOW

slideshow-se

slideshow-se

Score: N/A Slideshow SE <= 2.5.5 - Authenticated (Subscriber+) Cross-Site Scripting Affected: *-2.5.5 Patched: 2.5.6 Updated: July 1, 2026
LOW

my-wpdb

my-wpdb

Score: 93/100 My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution Affected: [*, 2.5) Patched: 2.5 Updated: July 1, 2026
LOW

modula-best-grid-gallery

modula-best-grid-gallery

Score: 93/100 Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change Affected: *-2.6.9 Patched: 2.6.91 Updated: July 1, 2026
LOW

creative-mail-by-constant-contact

creative-mail-by-constant-contact

Score: 95/100 Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Plugin Deactivation Affected: *-1.5.4 Patched: 1.6.0 Updated: July 1, 2026
LOW

creative-mail-by-constant-contact

creative-mail-by-constant-contact

Score: 95/100 Creative Mail <= 1.5.4 - Cross-Site Request Forgery Affected: *-1.5.4 Patched: 1.6.0 Updated: July 1, 2026
LOW

creative-mail-by-constant-contact

creative-mail-by-constant-contact

Score: 95/100 Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Settings Disconnect Affected: *-1.5.4 Patched: 1.6.0 Updated: July 1, 2026
LOW

api2cart-bridge-connector

api2cart-bridge-connector

Score: 97/100 Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload Affected: 1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

api2cart-bridge-connector

api2cart-bridge-connector

Score: 97/100 Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

all-in-one-seo-pack-pro

all-in-one-seo-pack-pro

Score: 97/100 All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery Affected: *-4.2.5.1 Patched: 4.2.6 Updated: July 1, 2026
LOW

zoho-crm-forms

zoho-crm-forms

Score: N/A Zoho CRM Lead Magnet <= 1.7.5.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.7.5.8 Patched: 1.7.5.9 Updated: July 1, 2026
LOW

syncee-global-dropshipping

syncee-global-dropshipping

Score: N/A Syncee – Global Dropshipping <= 1.0.9 - Missing Authorization. Affected: *-1.0.9 Patched: 1.0.10 Updated: July 1, 2026
LOW

syncee-for-suppliers

syncee-for-suppliers

Score: N/A Syncee for Suppliers <= 1.0.5 - Missing Authorization to Sensitive Information Disclosure Affected: *-1.0.5 Patched: 1.0.10 Updated: July 1, 2026
LOW

super-testimonial

super-testimonial

Score: N/A Testimonials <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6 Patched: 2.7 Updated: July 1, 2026
LOW

spacer

spacer

Score: N/A Spacer <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.6 Patched: 3.0.7 Updated: July 1, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure Affected: *-5.0.3 Patched: 5.0.4 Updated: July 1, 2026
LOW

gallery-with-thumbnail-slider

gallery-with-thumbnail-slider

Score: 91/100 Gallery with thumbnail slider <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.0 Patched: 6.1 Updated: July 1, 2026
LOW

event-monster

event-monster

Score: 93/100 Event Monster – Event Management, Tickets Booking, Upcoming Event <= 1.1.20 - Cross-Site Request Forgery Affected: *-1.1.20 Patched: 1.2.0 Updated: July 1, 2026
LOW

buddyforms

buddyforms

Score: 89/100 BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting Affected: *-2.7.2 Patched: 2.7.3 Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download Affected: *-5.6.4 Patched: 5.6.5 Updated: July 1, 2026
LOW

backup

backup

Score: 93/100 Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.9 Patched: 1.6.9.1 Updated: July 1, 2026
LOW

Web Stories

web-stories

Score: 85/100 Web Stories <= 1.24.0 - Server Side Request Forgery Affected: *-1.24.0 Patched: 1.25.0 Updated: July 1, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery Affected: *-4.1.5 Patched: 4.1.6 Updated: July 1, 2026
LOW

seo-redirection

seo-redirection

Score: N/A SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery Affected: *-8.9 Patched: 9.1 Updated: July 1, 2026
LOW

wpqa

wpqa

Score: N/A WPQA < 5.9 - Cross-Site Request Forgery Affected: [*, 5.9) Patched: 5.9 Updated: July 1, 2026
LOW

GEO Plugin by Squirrly SEO

squirrly-seo

Score: N/A SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-12.1.10 Patched: 12.1.11 Updated: July 1, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update Affected: *-9.7.1 Patched: 9.7.2 Updated: July 1, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization Affected: *-4.1.5 Patched: 4.1.6 Updated: July 1, 2026
LOW

wip-custom-login

wip-custom-login

Score: N/A WIP Custom Login <= 1.2.7 - Missing Authorization Affected: *-1.2.7 Patched: 1.2.8 Updated: July 1, 2026
LOW

traffic-manager

traffic-manager

Score: N/A Traffic Manager <= 1.4.5 - Missing Authorization Affected: *-1.4.5 Patched: Updated: July 1, 2026
LOW

traffic-manager

traffic-manager

Score: N/A Traffic Manager <= 1.4.5 - Missing Authorization to Stored Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 1, 2026
LOW

td-composer

td-composer

Score: N/A tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation Affected: [*, 3.5) Patched: 3.5 Updated: July 1, 2026
LOW

searchwp

searchwp

Score: N/A SearchWP Premium <= 4.2.5 - Authenticated (Subscriber+) Nonce Leakage and Authorization Bypass Affected: *-4.2.5 Patched: 4.2.6 Updated: July 1, 2026
LOW

related-posts-for-wp

related-posts-for-wp

Score: N/A Related Posts for WordPress <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 1, 2026
LOW

phone-orders-for-woocommerce

phone-orders-for-woocommerce

Score: N/A Phone Orders for WooCommerce <= 3.7.1 - Cross-Site Request Forgery Affected: *-3.7.1 Patched: 3.7.2 Updated: July 1, 2026
LOW

phone-orders-for-woocommerce

phone-orders-for-woocommerce

Score: N/A Phone Orders for WooCommerce <= 3.7.1 - Missing Authorization Affected: *-3.7.1 Patched: 3.7.2 Updated: July 1, 2026
LOW

ip-blacklist-cloud

ip-blacklist-cloud

Score: 87/100 IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection Affected: *-5.00 Patched: Updated: July 1, 2026
LOW

ip-blacklist-cloud

ip-blacklist-cloud

Score: 87/100 IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.00 Patched: Updated: July 1, 2026
LOW

corona-virus-covid-19-banner

corona-virus-covid-19-banner

Score: 93/100 Corona Virus (COVID-19) Banner & Live Data <= 1.7.0.6 - Cross-Site Request Forgery Affected: *-1.7.0.6 Patched: 1.8.0.0 Updated: July 1, 2026
LOW

auto-upload-images

auto-upload-images

Score: 93/100 Auto Upload Images <= 3.3 - Cross-Site Request Forgery Affected: *-3.3 Patched: 3.3.1 Updated: July 1, 2026
LOW

auto-upload-images

auto-upload-images

Score: 93/100 Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3 Patched: 3.3.1 Updated: July 1, 2026
LOW

advanced-floating-content-lite

advanced-floating-content-lite

Score: 97/100 Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

2kb-amazon-affiliates-store

2kb-amazon-affiliates-store

Score: 95/100 2kb Amazon Affiliates Store <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.10 - Cross-Site Request Forgery Affected: *-7.3.10 Patched: 7.3.11 Updated: July 1, 2026
LOW

wp-pagebuilder

wp-pagebuilder

Score: N/A WP Page Builder <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference Affected: *-7.3.6 Patched: 7.3.7 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.10 - Unauthenticated Stored Cross-Site Scripting Affected: *-7.3.10 Patched: 7.3.11 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.4 - Reflected Cross-Site Scripting Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.10 - Missing Authorization Affected: *-7.3.10 Patched: 7.3.11 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.10 - Sensitive Information Disclosure Affected: *-7.3.10 Patched: 7.3.11 Updated: July 1, 2026
LOW

dpt-oauth-client

dpt-oauth-client

Score: 89/100 OAuth Client by DigitialPixies <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

dpt-oauth-client

dpt-oauth-client

Score: 89/100 OAuth Client by DigitialPixies <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

woo-order-export-lite

woo-order-export-lite

Score: N/A Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery Affected: *-3.3.2 Patched: 3.3.3 Updated: July 1, 2026
LOW

super-testimonial-pro

super-testimonial-pro

Score: N/A Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

super-testimonial

super-testimonial

Score: N/A Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6 Patched: 2.7 Updated: July 1, 2026
LOW

mantenimiento-web

mantenimiento-web

Score: 93/100 Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.13 Patched: 0.14 Updated: July 1, 2026
LOW

ldd-directory-lite

ldd-directory-lite

Score: 91/100 LDD Directory Lite - <= 3.5 - Reflected Cross-Site Scripting Affected: *-3.5 Patched: 3.6 Updated: July 1, 2026
LOW

integration-for-szamlazzhu-woocommerce

integration-for-szamlazzhu-woocommerce

Score: 93/100 Integration for Szamlazz.hu & WooCommerce <= 5.6.3.2 - Cross-Site Request Forgery Affected: *-5.6.3.2 Patched: 5.6.3.3 Updated: July 1, 2026
LOW

hungarian-pickup-points-for-woocommerce

hungarian-pickup-points-for-woocommerce

Score: 93/100 Csomagpontok és szállítási címkék WooCommerce hez <= 1.9.0.2 - Cross-Site Request Forgery Affected: *-1.9.0.2 Patched: 1.9.0.3 Updated: July 1, 2026
LOW

Simple SEO

cds-simple-seo

Score: 92/100 Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation Affected: *-1.8.12 Patched: 1.8.13 Updated: July 1, 2026
LOW

Simple SEO

cds-simple-seo

Score: 92/100 Simple SEO <= 1.8.12 - Cross-Site Request Forgery Affected: *-1.8.12 Patched: 1.8.13 Updated: July 1, 2026
LOW

wpforms

wpforms

Score: N/A WPForms Pro <= 1.7.6 - CSV Injection Affected: *-1.7.6 Patched: 1.7.7 Updated: July 1, 2026
LOW

woocommerce-wholesale-prices

woocommerce-wholesale-prices

Score: N/A Wholesale Suite <= 2.1.5 - Cross-Site Request Forgery Affected: *-2.1.5 Patched: 2.1.5.1 Updated: July 1, 2026
LOW

webmaster-tools-verification

webmaster-tools-verification

Score: N/A Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting Affected: *-5.1.0 Patched: 5.1.1 Updated: July 1, 2026
LOW

wp-attachments

wp-attachments

Score: N/A WP Attachments <= 5.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.0.4 Patched: 5.0.5 Updated: July 1, 2026
LOW

integracao-rd-station

integracao-rd-station

Score: 93/100 RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion Affected: *-5.1.3 Patched: 5.2.0 Updated: July 1, 2026
LOW

gutenberg

gutenberg

Score: 97/100 WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks Affected: *-14.3.0 Patched: 14.3.1 Updated: July 1, 2026
LOW

chat-bubble

chat-bubble

Score: 89/100 Chat Bubble <= 2.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: July 1, 2026
LOW

advanced-custom-fields

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 6.0.2 - Authenticated (Contributor+) Information Disclosure Affected: *-6.0.2 Patched: 6.0.3 Updated: July 1, 2026
LOW

wp-hide

wp-hide

Score: N/A WP Hide <= 0.0.2 - Missing Authorization to Settings Update Affected: *-0.0.2 Patched: Updated: July 1, 2026
LOW

woocommerce-dropshipping

woocommerce-dropshipping

Score: N/A WooCommerce Dropshipping Premium <= 4.3 - Unauthenticated SQL Injection Affected: *-4.3 Patched: 4.4 Updated: July 1, 2026
LOW

unitegallery

unitegallery

Score: N/A Portfolio Gallery <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

role-based-pricing-for-woocommerce

role-based-pricing-for-woocommerce

Score: N/A Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.6.1 Patched: 1.6.2 Updated: July 1, 2026
LOW

role-based-pricing-for-woocommerce

role-based-pricing-for-woocommerce

Score: N/A Role Based Pricing for WooCommerce <= 1.6.2 - Missing Authorization to PHAR Deserialization Affected: *-1.6.2 Patched: 1.6.3 Updated: July 1, 2026

Showing 27901 to 28000 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 11:37 UTC.