Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

82

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
mihdan-public-post-preview mihdan-public-post-preview
93
Mihdan: Public Post Preview <= 1.9.9 - Missing Authorization LOW *-1.9.9 1.9.10 July 1, 2026
import-users-from-csv-with-meta import-users-from-csv-with-meta
93
Import and export users and customers <= 1.20.4 - Authenticated (Subscriber+) CSV Injection LOW *-1.20.4 1.20.5 July 1, 2026
imagemagick-engine imagemagick-engine
93
ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution LOW *-1.7.5 1.7.6 July 1, 2026
hbook hbook
91
Booking Calendar – Event Calendar <= 1.0.2 - Missing Authorization LOW *-1.0.2 July 1, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder fluentform
78
Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection LOW *-4.3.12 4.3.13 July 1, 2026
ecommerce-product-catalog ecommerce-product-catalog
93
eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting LOW *-3.0.71 3.0.72 July 1, 2026
ecommerce-product-catalog ecommerce-product-catalog
93
eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting LOW *-3.0.71 3.0.72 July 1, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion LOW *-2.11.7 3.0 July 1, 2026
complianz-gdpr-premium complianz-gdpr-premium
93
Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations LOW *-6.3.5 6.3.6 July 1, 2026
Complianz | GDPR/CCPA Cookie Consent complianz-gdpr
93
Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations LOW *-6.3.3 6.3.4 July 1, 2026
addify-product-stock-manager addify-product-stock-manager
97
Product Stock Manager < 1.0.5 - Missing Authorization and Cross-Site Request Forgery LOW [*, 1.0.5) 1.0.5 July 1, 2026
wpb-show-core wpb-show-core N/A WPB Show Core <= 2.2 - Reflected Cross-Site Scripting LOW * July 1, 2026
shortcodes-ultimate shortcodes-ultimate N/A Shortcodes Ultimate <= 5.12.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-5.12.0 5.12.1 July 1, 2026
shortcodes-ultimate shortcodes-ultimate N/A Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery LOW *-5.12.0 5.12.1 July 1, 2026
page-views-count page-views-count N/A Page View Count <= 2.5.5 - Cross-Site Request Forgery LOW *-2.5.5 2.5.6 July 1, 2026
highlight-focus highlight-focus
91
Highlight Focus <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1 July 1, 2026
account-manager-woocommerce account-manager-woocommerce
95
Account Manager for WooCommerce <= 2.1.1 - Missing Authorization LOW *-2.1.1 July 1, 2026
woocommerce-alidropship woocommerce-alidropship N/A ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium <= 1.1.0 - Sensitive Information Disclosure LOW *-1.1.0 1.1.1 July 1, 2026
optinly optinly N/A Optinly <= 1.0.18 - Missing Authorization to Plugin Settings Change LOW *-1.0.18 1.0.19 July 1, 2026
optinly optinly N/A Optinly <= 1.0.15 - Cross-Site Request Forgery LOW *-1.0.15 1.0.16 July 1, 2026
maps-block-apple maps-block-apple
93
loader-utils (JS package) < 2.0.3 - Prototype Pollution LOW *-1.0.3 1.1.0 July 1, 2026
insert-special-characters insert-special-characters
93
loader-utils (JS package) < 2.0.3 - Prototype Pollution LOW *-1.0.5 1.0.6 July 1, 2026
elasticpress elasticpress
93
loader-utils (JS package) < 2.0.3 - Prototype Pollution LOW *-4.3.1 4.4.0 July 1, 2026
accessibility accessibility
97
Accessibility <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 1, 2026
ab-press-optimizer-lite ab-press-optimizer-lite
95
AB Press Optimizer <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.1 July 1, 2026
5-anker-connect 5-anker-connect
97
5 Anker Connect <= 1.2.6 - Reflected Cross-Site Scripting LOW *-1.2.6 1.2.7 July 1, 2026
3com-asesor-de-cookies 3com-asesor-de-cookies
95
3com – Asesor de Cookies <= 3.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.4.3 July 1, 2026
wp-smart-import wp-smart-import N/A WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 1.0.3 July 1, 2026
simple-page-ordering simple-page-ordering N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-2.4.3 2.4.4 July 1, 2026
simple-page-ordering simple-page-ordering N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-2.4.3 2.4.4 July 1, 2026
restricted-site-access restricted-site-access N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-7.3.4 7.3.5 July 1, 2026
restricted-site-access restricted-site-access N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-7.3.4 7.3.5 July 1, 2026
insert-special-characters insert-special-characters
93
loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-1.0.5 1.0.6 July 1, 2026
insert-special-characters insert-special-characters
93
loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-1.0.5 1.0.6 July 1, 2026
elasticpress elasticpress
93
loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-4.3.1 4.4.0 July 1, 2026
elasticpress elasticpress
93
loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service LOW *-4.3.1 4.4.0 July 1, 2026
ecommerce-product-catalog ecommerce-product-catalog
93
eCommerce Product Catalog Plugin for WordPress <= 3.0.69 - Reflected Cross-Site Scripting LOW *-3.0.69 3.0.70 July 1, 2026
wp-total-hacks wp-total-hacks N/A WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting LOW *-4.7.2 July 1, 2026
WP Contact Slider – Contact Form Slider Widget wp-contact-slider N/A WP Contact Slider <= 2.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.4.7 2.4.8 July 1, 2026
Smart Slider 3 smart-slider-3
90
Smart Slider 3 <= 3.5.1.9 - PHP Object Injection LOW *-3.5.1.9 3.5.1.11 July 1, 2026
seosamba-webmasters seosamba-webmasters N/A SeoSamba for WordPress Webmasters <= 1.0.5 - Cross-Site Request Forgery LOW *-1.0.5 1.0.6 July 1, 2026
s2framework s2framework N/A s2Framework <= 4.1.5 - Reflected Cross-Site Scripting LOW *-4.1.5 4.1.6 July 1, 2026
rock-convert rock-convert N/A Rock Convert <= 2.10.2 - Reflected Cross-Site Scripting LOW *-2.10.2 2.11.0 July 1, 2026
rock-convert rock-convert N/A Rock Convert <= 2.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.10.2 2.11.0 July 1, 2026
ocean-extra ocean-extra N/A Ocean Extra <= 2.0.4 - Authenticated (Administrator+) PHP Object Injection LOW *-2.0.4 2.0.5 July 1, 2026
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More envira-gallery-lite
94
Gallery Plugin for WordPress – Envira Photo Gallery <= 1.8.4.6 - Reflected Cross-Site Scripting LOW [*, 1.8.4.7) 1.8.4.7 July 1, 2026
ecommerce-product-catalog ecommerce-product-catalog
93
eCommerce Product Catalog Plugin for WordPress <= 3.0.70 - Reflected Cross-Site Scripting LOW *-3.0.70 3.0.71 July 1, 2026
easy-wp-smtp easy-wp-smtp
93
Easy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection LOW *-1.4.9 1.5.0 July 1, 2026
customizer-export-import customizer-export-import
93
Customizer Export/Import <= 0.9.4 - Authenticated (Administrator+) PHP Object Injection LOW *-0.9.4 0.9.5 July 1, 2026
capability-manager-enhanced capability-manager-enhanced
93
PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection LOW *-2.5.1 2.5.2 July 1, 2026
capabilities-pro capabilities-pro
93
PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection LOW *-2.5.1 2.5.2 July 1, 2026
automatic-user-roles-switcher automatic-user-roles-switcher
93
Automatic User Roles Switcher <= 1.1.1 - Missing Authorization to Privilege Escalation LOW *-1.1.1 1.1.2 July 1, 2026
another-wordpress-classifieds-plugin another-wordpress-classifieds-plugin
97
AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection LOW *-4.2.1 4.3 July 1, 2026
subpages-extended subpages-extended N/A Subpages Extended <= 1.6.6 - Authenticated (Administrator+) Cross-Site Scripting LOW *-1.6.6 July 1, 2026
image-banner-widget image-banner-widget
91
Image/Banner Widget <= 1.4.5 - Authenticated (Administrator+) Cross-Site Scripting LOW *-1.4.5 July 1, 2026
billingo billingo
91
Official Integration for Billingo <= 3.3.9 - Reflected Cross-Site Scripting LOW *-3.3.9 3.4.0 July 1, 2026
wp-word-count wp-word-count N/A WP Word Count <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.2.3 3.2.4 July 1, 2026
adl-post-slider adl-post-slider
95
Post Slider <= 1.6.7 - Missing Authorization LOW *-1.6.7 July 1, 2026
wp-polls wp-polls N/A WP-Polls <= 2.76.0 - Race Condition LOW *-2.76.0 2.77.0 July 1, 2026
log-http-requests log-http-requests
93
Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting LOW *-1.3.1 1.3.2 July 1, 2026
create-block-theme create-block-theme
93
Create Block Theme <= 1.2.1 - Unauthenticated Arbitrary File Upload LOW *-1.2.1 1.2.2 July 1, 2026
wp-humanstxt wp-humanstxt N/A WP Humans.txt <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.6 July 1, 2026
woocommerce-product-vendors woocommerce-product-vendors N/A WooCommerce Products Vendor <= 2.1.65 - Insecure Direct Object Reference to Note Creation LOW *-2.1.65 2.1.66 July 1, 2026
woocommerce-product-vendors woocommerce-product-vendors N/A WooCommerce Products Vendor <= 2.1.68 - Insecure Direct Object Reference to Vendor Commission Percentage Update LOW *-2.1.68 2.1.69 July 1, 2026
woocommerce-product-vendors woocommerce-product-vendors N/A WooCommerce Products Vendor <= 2.1.65 - Unauthenticated SQL Injection LOW *-2.1.65 2.1.66 July 1, 2026
table-generator table-generator N/A Table Generator <= 1.3.0 - Missing Authorization to Table Modification LOW *-1.3.0 July 1, 2026
rock-convert rock-convert N/A Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.11.0 3.0.0 July 1, 2026
ip-blacklist-cloud ip-blacklist-cloud
87
IP Blacklist Cloud <= 5.00 - Reflected Cross-Site Scripting LOW *-5.00 July 1, 2026
fontmeister fontmeister
91
FontMeister <= 1.08 - Reflected Cross-Site Scripting LOW *-1.08 July 1, 2026
WP Super Cache wp-super-cache
82
WP Super Cache <= 1.8 - Unauthenticated Cache Poisoning LOW *-1.8 1.9 July 1, 2026
wp-all-export-pro wp-all-export-pro N/A WP ALL Export Pro <= 1.7.8 - Authenticated Remote Code Execution LOW *-1.7.8 1.7.9 July 1, 2026
wp-all-export-pro wp-all-export-pro N/A WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection LOW *-1.7.8 1.7.9 July 1, 2026
retain retain N/A Retain Live Chat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.1 July 1, 2026
related-posts-for-wp related-posts-for-wp N/A Related Posts for WordPress <= 2.1.1 - Reflected Cross-Site Scripting LOW *-2.1.1 2.1.2 July 1, 2026
quick-restaurant-menu quick-restaurant-menu N/A Quick Restaurant Menu <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.0.0 2.0.1 July 1, 2026
post-to-csv post-to-csv N/A Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection LOW *-1.3.8 1.3.9 July 1, 2026
learnpress learnpress
93
LearnPress <= 4.1.7.1 - Unauthenticated PHP Object Injection LOW *-4.1.7.1 4.1.7.2 July 1, 2026
Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk cleantalk-spam-protect
71
AntiSpam by CleanTalk <= 5.185 - Authenticated (Administrator+) SQL Injection LOW *-5.185 5.185.1 July 1, 2026
casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
93
Casso – Tự động xác nhận thanh toán chuyển khoản ngân hàng <= 2.8.6 - Authenticated (Admin+) Cross-Site Scripting LOW *-2.8.6 2.8.7 July 1, 2026
buddyforms-review buddyforms-review
93
BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting LOW *-1.4.16 1.4.17 July 1, 2026
blog2social blog2social
93
Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-6.9.9 6.9.10 July 1, 2026
blog2social blog2social
93
Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection LOW *-6.9.9 6.9.10 July 1, 2026
beebee-mini beebee-mini
93
Beebee Mini <= 1.2.0 - Unauthorized File Upload via ACF LOW *-1.2.0 1.3.0 July 1, 2026
shortcodes-ultimate shortcodes-ultimate N/A Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery LOW *-5.12.0 5.12.1 July 1, 2026
woocommerce-amazon-affiliates-light-version woocommerce-amazon-affiliates-light-version N/A WZone - Lite <= 3.1 - Cross-Site Request Forgery LOW *-3.1 July 1, 2026
osm osm N/A OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery LOW *-6.0 6.0.1 July 1, 2026
media-library-plus media-library-plus
93
Media Library Folders <= 7.1.1 - Cross-Site Request Forgery LOW *-7.1.1 7.1.2 July 1, 2026
lbstopattack lbstopattack
93
Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery LOW *-1.1.2 1.1.3 July 1, 2026
Kadence WooCommerce Email Designer kadence-woocommerce-email-designer
90
Kadence WooCommerce Email Designer <= 1.5.6 - PHP Object Injection LOW *-1.5.6 1.5.7 July 1, 2026
crm-perks-forms crm-perks-forms
93
CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 1.1.1 July 1, 2026
contact-bank contact-bank
91
Contact Bank <= 3.0.30 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.30 July 1, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
All In One WP Security & Firewall 5.0.0 - 5.0.7 - Protection Bypass via IP Spoofing LOW 5.0.0-5.0.7 5.0.8 July 1, 2026
Redirection for Contact Form 7 wpcf7-redirect N/A Redirection for Contact Form 7 <= 2.4.0 - Missing Authorization LOW *-2.4.0 2.7.0 July 1, 2026
wp-analytify wp-analytify N/A Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Cross-Site Request Forgery LOW *-4.2.2 4.2.3 July 1, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 7.3.4 - Insecure Direct Object Reference LOW *-7.3.4 7.3.5 July 1, 2026
profile-builder profile-builder N/A Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery LOW *-3.6.4 3.6.5 July 1, 2026
media-library-assistant media-library-assistant
93
Media Library Assistant <= 3.00 - Information Disclosure LOW *-3.00 3.01 July 1, 2026
hreflang-tags-by-dcgws hreflang-tags-by-dcgws
91
HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset LOW *-2.0.0 July 1, 2026
form-maker form-maker
93
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection LOW *-1.15.5 1.15.6 July 1, 2026
booking-ultra-pro booking-ultra-pro
91
Booking Ultra Pro <= 1.1.5 - Missing Authorization LOW *-1.1.5 1.1.6 July 1, 2026
LOW

mihdan-public-post-preview

mihdan-public-post-preview

Score: 93/100 Mihdan: Public Post Preview <= 1.9.9 - Missing Authorization Affected: *-1.9.9 Patched: 1.9.10 Updated: July 1, 2026
LOW

import-users-from-csv-with-meta

import-users-from-csv-with-meta

Score: 93/100 Import and export users and customers <= 1.20.4 - Authenticated (Subscriber+) CSV Injection Affected: *-1.20.4 Patched: 1.20.5 Updated: July 1, 2026
LOW

imagemagick-engine

imagemagick-engine

Score: 93/100 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution Affected: *-1.7.5 Patched: 1.7.6 Updated: July 1, 2026
LOW

hbook

hbook

Score: 91/100 Booking Calendar – Event Calendar <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: July 1, 2026
LOW

ecommerce-product-catalog

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting Affected: *-3.0.71 Patched: 3.0.72 Updated: July 1, 2026
LOW

ecommerce-product-catalog

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting Affected: *-3.0.71 Patched: 3.0.72 Updated: July 1, 2026
LOW

complianz-gdpr-premium

complianz-gdpr-premium

Score: 93/100 Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations Affected: *-6.3.5 Patched: 6.3.6 Updated: July 1, 2026
LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations Affected: *-6.3.3 Patched: 6.3.4 Updated: July 1, 2026
LOW

addify-product-stock-manager

addify-product-stock-manager

Score: 97/100 Product Stock Manager < 1.0.5 - Missing Authorization and Cross-Site Request Forgery Affected: [*, 1.0.5) Patched: 1.0.5 Updated: July 1, 2026
LOW

wpb-show-core

wpb-show-core

Score: N/A WPB Show Core <= 2.2 - Reflected Cross-Site Scripting Affected: * Patched: Updated: July 1, 2026
LOW

shortcodes-ultimate

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-5.12.0 Patched: 5.12.1 Updated: July 1, 2026
LOW

shortcodes-ultimate

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery Affected: *-5.12.0 Patched: 5.12.1 Updated: July 1, 2026
LOW

page-views-count

page-views-count

Score: N/A Page View Count <= 2.5.5 - Cross-Site Request Forgery Affected: *-2.5.5 Patched: 2.5.6 Updated: July 1, 2026
LOW

highlight-focus

highlight-focus

Score: 91/100 Highlight Focus <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

account-manager-woocommerce

account-manager-woocommerce

Score: 95/100 Account Manager for WooCommerce <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: Updated: July 1, 2026
LOW

woocommerce-alidropship

woocommerce-alidropship

Score: N/A ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium <= 1.1.0 - Sensitive Information Disclosure Affected: *-1.1.0 Patched: 1.1.1 Updated: July 1, 2026
LOW

optinly

optinly

Score: N/A Optinly <= 1.0.18 - Missing Authorization to Plugin Settings Change Affected: *-1.0.18 Patched: 1.0.19 Updated: July 1, 2026
LOW

optinly

optinly

Score: N/A Optinly <= 1.0.15 - Cross-Site Request Forgery Affected: *-1.0.15 Patched: 1.0.16 Updated: July 1, 2026
LOW

maps-block-apple

maps-block-apple

Score: 93/100 loader-utils (JS package) < 2.0.3 - Prototype Pollution Affected: *-1.0.3 Patched: 1.1.0 Updated: July 1, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 loader-utils (JS package) < 2.0.3 - Prototype Pollution Affected: *-1.0.5 Patched: 1.0.6 Updated: July 1, 2026
LOW

elasticpress

elasticpress

Score: 93/100 loader-utils (JS package) < 2.0.3 - Prototype Pollution Affected: *-4.3.1 Patched: 4.4.0 Updated: July 1, 2026
LOW

accessibility

accessibility

Score: 97/100 Accessibility <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

ab-press-optimizer-lite

ab-press-optimizer-lite

Score: 95/100 AB Press Optimizer <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

5-anker-connect

5-anker-connect

Score: 97/100 5 Anker Connect <= 1.2.6 - Reflected Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026
LOW

3com-asesor-de-cookies

3com-asesor-de-cookies

Score: 95/100 3com – Asesor de Cookies <= 3.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.4.3 Patched: Updated: July 1, 2026
LOW

wp-smart-import

wp-smart-import

Score: N/A WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: July 1, 2026
LOW

simple-page-ordering

simple-page-ordering

Score: N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-2.4.3 Patched: 2.4.4 Updated: July 1, 2026
LOW

simple-page-ordering

simple-page-ordering

Score: N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-2.4.3 Patched: 2.4.4 Updated: July 1, 2026
LOW

restricted-site-access

restricted-site-access

Score: N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

restricted-site-access

restricted-site-access

Score: N/A loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-1.0.5 Patched: 1.0.6 Updated: July 1, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-1.0.5 Patched: 1.0.6 Updated: July 1, 2026
LOW

elasticpress

elasticpress

Score: 93/100 loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-4.3.1 Patched: 4.4.0 Updated: July 1, 2026
LOW

elasticpress

elasticpress

Score: 93/100 loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service Affected: *-4.3.1 Patched: 4.4.0 Updated: July 1, 2026
LOW

ecommerce-product-catalog

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog Plugin for WordPress <= 3.0.69 - Reflected Cross-Site Scripting Affected: *-3.0.69 Patched: 3.0.70 Updated: July 1, 2026
LOW

wp-total-hacks

wp-total-hacks

Score: N/A WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting Affected: *-4.7.2 Patched: Updated: July 1, 2026
LOW

Smart Slider 3

smart-slider-3

Score: 90/100 Smart Slider 3 <= 3.5.1.9 - PHP Object Injection Affected: *-3.5.1.9 Patched: 3.5.1.11 Updated: July 1, 2026
LOW

seosamba-webmasters

seosamba-webmasters

Score: N/A SeoSamba for WordPress Webmasters <= 1.0.5 - Cross-Site Request Forgery Affected: *-1.0.5 Patched: 1.0.6 Updated: July 1, 2026
LOW

s2framework

s2framework

Score: N/A s2Framework <= 4.1.5 - Reflected Cross-Site Scripting Affected: *-4.1.5 Patched: 4.1.6 Updated: July 1, 2026
LOW

rock-convert

rock-convert

Score: N/A Rock Convert <= 2.10.2 - Reflected Cross-Site Scripting Affected: *-2.10.2 Patched: 2.11.0 Updated: July 1, 2026
LOW

rock-convert

rock-convert

Score: N/A Rock Convert <= 2.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.10.2 Patched: 2.11.0 Updated: July 1, 2026
LOW

ocean-extra

ocean-extra

Score: N/A Ocean Extra <= 2.0.4 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

ecommerce-product-catalog

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog Plugin for WordPress <= 3.0.70 - Reflected Cross-Site Scripting Affected: *-3.0.70 Patched: 3.0.71 Updated: July 1, 2026
LOW

easy-wp-smtp

easy-wp-smtp

Score: 93/100 Easy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection Affected: *-1.4.9 Patched: 1.5.0 Updated: July 1, 2026
LOW

customizer-export-import

customizer-export-import

Score: 93/100 Customizer Export/Import <= 0.9.4 - Authenticated (Administrator+) PHP Object Injection Affected: *-0.9.4 Patched: 0.9.5 Updated: July 1, 2026
LOW

capability-manager-enhanced

capability-manager-enhanced

Score: 93/100 PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.5.1 Patched: 2.5.2 Updated: July 1, 2026
LOW

capabilities-pro

capabilities-pro

Score: 93/100 PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.5.1 Patched: 2.5.2 Updated: July 1, 2026
LOW

automatic-user-roles-switcher

automatic-user-roles-switcher

Score: 93/100 Automatic User Roles Switcher <= 1.1.1 - Missing Authorization to Privilege Escalation Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

another-wordpress-classifieds-plugin

another-wordpress-classifieds-plugin

Score: 97/100 AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection Affected: *-4.2.1 Patched: 4.3 Updated: July 1, 2026
LOW

subpages-extended

subpages-extended

Score: N/A Subpages Extended <= 1.6.6 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.6.6 Patched: Updated: July 1, 2026
LOW

image-banner-widget

image-banner-widget

Score: 91/100 Image/Banner Widget <= 1.4.5 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 1, 2026
LOW

billingo

billingo

Score: 91/100 Official Integration for Billingo <= 3.3.9 - Reflected Cross-Site Scripting Affected: *-3.3.9 Patched: 3.4.0 Updated: July 1, 2026
LOW

wp-word-count

wp-word-count

Score: N/A WP Word Count <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.3 Patched: 3.2.4 Updated: July 1, 2026
LOW

adl-post-slider

adl-post-slider

Score: 95/100 Post Slider <= 1.6.7 - Missing Authorization Affected: *-1.6.7 Patched: Updated: July 1, 2026
LOW

wp-polls

wp-polls

Score: N/A WP-Polls <= 2.76.0 - Race Condition Affected: *-2.76.0 Patched: 2.77.0 Updated: July 1, 2026
LOW

log-http-requests

log-http-requests

Score: 93/100 Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

create-block-theme

create-block-theme

Score: 93/100 Create Block Theme <= 1.2.1 - Unauthenticated Arbitrary File Upload Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

wp-humanstxt

wp-humanstxt

Score: N/A WP Humans.txt <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 1, 2026
LOW

woocommerce-product-vendors

woocommerce-product-vendors

Score: N/A WooCommerce Products Vendor <= 2.1.65 - Insecure Direct Object Reference to Note Creation Affected: *-2.1.65 Patched: 2.1.66 Updated: July 1, 2026
LOW

woocommerce-product-vendors

woocommerce-product-vendors

Score: N/A WooCommerce Products Vendor <= 2.1.68 - Insecure Direct Object Reference to Vendor Commission Percentage Update Affected: *-2.1.68 Patched: 2.1.69 Updated: July 1, 2026
LOW

woocommerce-product-vendors

woocommerce-product-vendors

Score: N/A WooCommerce Products Vendor <= 2.1.65 - Unauthenticated SQL Injection Affected: *-2.1.65 Patched: 2.1.66 Updated: July 1, 2026
LOW

table-generator

table-generator

Score: N/A Table Generator <= 1.3.0 - Missing Authorization to Table Modification Affected: *-1.3.0 Patched: Updated: July 1, 2026
LOW

rock-convert

rock-convert

Score: N/A Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.11.0 Patched: 3.0.0 Updated: July 1, 2026
LOW

ip-blacklist-cloud

ip-blacklist-cloud

Score: 87/100 IP Blacklist Cloud <= 5.00 - Reflected Cross-Site Scripting Affected: *-5.00 Patched: Updated: July 1, 2026
LOW

fontmeister

fontmeister

Score: 91/100 FontMeister <= 1.08 - Reflected Cross-Site Scripting Affected: *-1.08 Patched: Updated: July 1, 2026
LOW

WP Super Cache

wp-super-cache

Score: 82/100 WP Super Cache <= 1.8 - Unauthenticated Cache Poisoning Affected: *-1.8 Patched: 1.9 Updated: July 1, 2026
LOW

wp-all-export-pro

wp-all-export-pro

Score: N/A WP ALL Export Pro <= 1.7.8 - Authenticated Remote Code Execution Affected: *-1.7.8 Patched: 1.7.9 Updated: July 1, 2026
LOW

wp-all-export-pro

wp-all-export-pro

Score: N/A WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection Affected: *-1.7.8 Patched: 1.7.9 Updated: July 1, 2026
LOW

retain

retain

Score: N/A Retain Live Chat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

related-posts-for-wp

related-posts-for-wp

Score: N/A Related Posts for WordPress <= 2.1.1 - Reflected Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 1, 2026
LOW

quick-restaurant-menu

quick-restaurant-menu

Score: N/A Quick Restaurant Menu <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: July 1, 2026
LOW

post-to-csv

post-to-csv

Score: N/A Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection Affected: *-1.3.8 Patched: 1.3.9 Updated: July 1, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.1.7.1 - Unauthenticated PHP Object Injection Affected: *-4.1.7.1 Patched: 4.1.7.2 Updated: July 1, 2026
LOW

casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang

casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang

Score: 93/100 Casso – Tự động xác nhận thanh toán chuyển khoản ngân hàng <= 2.8.6 - Authenticated (Admin+) Cross-Site Scripting Affected: *-2.8.6 Patched: 2.8.7 Updated: July 1, 2026
LOW

buddyforms-review

buddyforms-review

Score: 93/100 BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting Affected: *-1.4.16 Patched: 1.4.17 Updated: July 1, 2026
LOW

blog2social

blog2social

Score: 93/100 Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-6.9.9 Patched: 6.9.10 Updated: July 1, 2026
LOW

blog2social

blog2social

Score: 93/100 Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection Affected: *-6.9.9 Patched: 6.9.10 Updated: July 1, 2026
LOW

beebee-mini

beebee-mini

Score: 93/100 Beebee Mini <= 1.2.0 - Unauthorized File Upload via ACF Affected: *-1.2.0 Patched: 1.3.0 Updated: July 1, 2026
LOW

shortcodes-ultimate

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery Affected: *-5.12.0 Patched: 5.12.1 Updated: July 1, 2026
LOW

osm

osm

Score: N/A OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery Affected: *-6.0 Patched: 6.0.1 Updated: July 1, 2026
LOW

media-library-plus

media-library-plus

Score: 93/100 Media Library Folders <= 7.1.1 - Cross-Site Request Forgery Affected: *-7.1.1 Patched: 7.1.2 Updated: July 1, 2026
LOW

lbstopattack

lbstopattack

Score: 93/100 Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery Affected: *-1.1.2 Patched: 1.1.3 Updated: July 1, 2026
LOW

Kadence WooCommerce Email Designer

kadence-woocommerce-email-designer

Score: 90/100 Kadence WooCommerce Email Designer <= 1.5.6 - PHP Object Injection Affected: *-1.5.6 Patched: 1.5.7 Updated: July 1, 2026
LOW

crm-perks-forms

crm-perks-forms

Score: 93/100 CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: July 1, 2026
LOW

contact-bank

contact-bank

Score: 91/100 Contact Bank <= 3.0.30 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.30 Patched: Updated: July 1, 2026
LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 2.4.0 - Missing Authorization Affected: *-2.4.0 Patched: 2.7.0 Updated: July 1, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Cross-Site Request Forgery Affected: *-4.2.2 Patched: 4.2.3 Updated: July 1, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 7.3.4 - Insecure Direct Object Reference Affected: *-7.3.4 Patched: 7.3.5 Updated: July 1, 2026
LOW

profile-builder

profile-builder

Score: N/A Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery Affected: *-3.6.4 Patched: 3.6.5 Updated: July 1, 2026
LOW

media-library-assistant

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.00 - Information Disclosure Affected: *-3.00 Patched: 3.01 Updated: July 1, 2026
LOW

hreflang-tags-by-dcgws

hreflang-tags-by-dcgws

Score: 91/100 HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection Affected: *-1.15.5 Patched: 1.15.6 Updated: July 1, 2026
LOW

booking-ultra-pro

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: 1.1.6 Updated: July 1, 2026

Showing 28001 to 28100 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 12:55 UTC.