Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36320Across tracked plugins
Affected Plugins
78With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| booking-ultra-pro | booking-ultra-pro |
91
|
Booking Ultra Pro <= 1.1.5 - Missing Authorization | LOW | *-1.1.5 | 1.1.6 | July 1, 2026 | |
| booking-ultra-pro | booking-ultra-pro |
91
|
Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery | LOW | *-1.1.6 | 1.1.7 | July 1, 2026 | |
| booking-ultra-pro | booking-ultra-pro |
91
|
Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery | LOW | *-1.1.6 | 1.1.7 | July 1, 2026 | |
| booking-ultra-pro | booking-ultra-pro |
91
|
Booking Ultra Pro <= 1.1.8 - Stored Cross-Site Scripting | LOW | *-1.1.8 | 1.1.9 | July 1, 2026 | |
| analytics-cat | analytics-cat |
97
|
Analytics Cat – Google Analytics Made Easy <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.0.9 | 1.1.0 | July 1, 2026 | |
| adminpad | adminpad |
97
|
AdminPad <= 2.1 - Cross-Site Request Forgery | LOW | *-2.1 | 2.2 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting in post_oxi_settings function | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| accordions-or-faqs | accordions-or-faqs |
95
|
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter | LOW | *-2.0.3 | 2.1.0 | July 1, 2026 | |
| wp-monalisa | wp-monalisa | N/A | wp-Monalisa <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-6.1 | 6.2 | July 1, 2026 | |
| wp-asset-clean-up | wp-asset-clean-up | N/A | Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting | LOW | *-1.3.8.4 | 1.3.8.5 | July 1, 2026 | |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
78
|
Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection | LOW | *-3.1.0.1.1 | 3.1.0.2 | July 1, 2026 | |
| dokan-lite | dokan-lite |
93
|
Dokan <= 3.6.5 - Cross-Site Request Forgery | LOW | *-3.6.5 | 3.6.6 | July 1, 2026 | |
| agile-store-locator | agile-store-locator |
97
|
Store Locator WordPress <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting | LOW | *-1.4.5 | 1.4.6 | July 1, 2026 | |
| Advanced Ads – Ad Manager & AdSense | advanced-ads |
80
|
Advanced Ads – Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.31.1 | 1.32.0 | July 1, 2026 | |
| th-advance-product-search | th-advance-product-search | N/A | TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset | LOW | *-1.1.4 | 1.1.5 | July 1, 2026 | |
| th-advance-product-search | th-advance-product-search | N/A | TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change | LOW | *-1.1.4 | 1.1.5 | July 1, 2026 | |
| sticky-header-oceanwp | sticky-header-oceanwp | N/A | Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update | LOW | *-1.0.8 | July 1, 2026 | ||
| social-media-buttons-toolbar | social-media-buttons-toolbar | N/A | Social Media Follow Buttons Bar <= 4.73 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-4.73 | 5.0 | July 1, 2026 | |
| sabaisdiscuss | sabaisdiscuss | N/A | Sabai Discuss <= 1.4.13 - Reflected Cross-Site Scripting | LOW | *-1.4.13 | 1.4.14 | July 1, 2026 | |
| pop-up | pop-up | N/A | Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.1.7 | July 1, 2026 | ||
| manage-notification-emails | manage-notification-emails |
93
|
Manage Notification E-mails <= 1.8.2 - Cross-Site Request Forgery to Plugin Options Update | LOW | *-1.8.2 | 1.8.3 | July 1, 2026 | |
| forym | forym |
91
|
Forym <= 1.5.8 - Reflected Cross-Site Scripting | LOW | *-1.5.8 | July 1, 2026 | ||
| blog2social | blog2social |
93
|
Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update | LOW | *-6.9.11 | 6.9.12 | July 1, 2026 | |
| wpforo | wpforo | N/A | wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change | LOW | *-2.0.5 | 2.0.6 | July 1, 2026 | |
| wp-page-widget | wp-page-widget | N/A | WP Page Widget <= 3.9 - Cross-Site Request Forgery | LOW | *-3.9 | 4.0 | July 1, 2026 | |
| tutor | tutor | N/A | Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.0.9 | 2.0.10 | July 1, 2026 | |
| sitepress-multilingual-cms | sitepress-multilingual-cms | N/A | WPML <= 4.5.10 - Unprotected AJAX Actions | LOW | *-4.5.10 | 4.5.11 | July 1, 2026 | |
| Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | popup-maker | N/A | Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting | LOW | *-1.16.8 | 1.16.9 | July 1, 2026 | |
| Frontend File Manager Plugin | nmedia-user-file-uploader |
86
|
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload | LOW | *-21.2 | 21.3 | July 1, 2026 | |
| meks-easy-social-share | meks-easy-social-share |
93
|
Meks Easy Social Share <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.2.7 | 1.2.8 | July 1, 2026 | |
| iq-block-country | iq-block-country |
93
|
iQ Block Country <= 1.2.18 - Country Blocking Bypass | LOW | *-1.2.18 | 1.2.19 | July 1, 2026 | |
| integromat-connector | integromat-connector |
93
|
Make, formerly Integromat Connector <= 1.5.2 - Authenticated (Subscriber+) Information Disclosure | LOW | *-1.5.2 | 1.5.3 | July 1, 2026 | |
| helpful | helpful |
93
|
Helpful <= 4.5.25 - Sensitive Information Disclosure | LOW | *-4.5.25 | 4.5.26 | July 1, 2026 | |
| Drag and Drop Multiple File Upload for Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
93
|
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.4 - File Upload Size Limit Bypass | LOW | *-1.3.6.4 | 1.3.6.5 | July 1, 2026 | |
| comment-guestbook | comment-guestbook |
91
|
Comment Guestbook <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-0.8.0 | July 1, 2026 | ||
| aryo-activity-log | aryo-activity-log |
97
|
Activity Log <= 2.8.3 - CSV Injection | LOW | *-2.8.3 | 2.8.4 | July 1, 2026 | |
| seriously-simple-podcasting | seriously-simple-podcasting | N/A | Seriously Simple Podcasting <= 2.16.0 - Cross-Site Request Forgery | LOW | *-2.16.0 | 2.16.1 | July 1, 2026 | |
| Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | popup-maker | N/A | Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.16.8 | 1.16.9 | July 1, 2026 | |
| miniorange-login-openid | miniorange-login-openid |
91
|
WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update | LOW | 7.5.12 | 7.5.13 | July 1, 2026 | |
| mailoptin | mailoptin |
93
|
MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion | LOW | *-1.2.49.0 | 1.2.50.0 | July 1, 2026 | |
| kraken-image-optimizer | kraken-image-optimizer |
93
|
Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery | LOW | *-2.6.5 | 2.6.6 | July 1, 2026 | |
| backup-scheduler | backup-scheduler |
89
|
Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery | LOW | *-1.5.13 | July 1, 2026 | ||
| backup-scheduler | backup-scheduler |
89
|
Backup Scheduler <= 1.5.13 - Missing Authorization to Sensitive Information Disclosure | LOW | *-1.5.13 | July 1, 2026 | ||
| vc-tabs | vc-tabs | N/A | Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.7.1 | 3.7.2 | July 1, 2026 | |
| miniorange-discord-integration | miniorange-discord-integration |
91
|
miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update | LOW | *-2.1.5 | 2.1.6 | July 1, 2026 | |
| export-post-info | export-post-info |
93
|
Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection | LOW | *-1.2.0 | 1.2.1 | July 1, 2026 | |
| customer-reviews-woocommerce | customer-reviews-woocommerce |
93
|
Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure | LOW | *-5.3.5 | 5.3.6 | July 1, 2026 | |
| customer-reviews-woocommerce | customer-reviews-woocommerce |
93
|
Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery | LOW | *-5.3.5 | 5.3.6 | July 1, 2026 | |
| customer-reviews-woocommerce | customer-reviews-woocommerce |
93
|
Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions | LOW | *-5.3.5 | 5.3.6 | July 1, 2026 | |
| cardoza-3d-tag-cloud | cardoza-3d-tag-cloud |
91
|
3D Tag Cloud <= 3.8 - Cross-Site Request Forgery | LOW | *-3.8 | 3.9 | July 1, 2026 | |
| wp-custom-cursors | wp-custom-cursors | N/A | WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation | LOW | *-3.0 | 3.0.1 | July 1, 2026 | |
| wp-custom-cursors | wp-custom-cursors | N/A | WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.0 | 3.0.1 | July 1, 2026 | |
| wp-custom-cursors | wp-custom-cursors | N/A | WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection | LOW | *-3.0.2 | 3.0.3 | July 1, 2026 | |
| no-page-comment | no-page-comment | N/A | No Page Comment <= 1.1 - Reflected Cross-Site Scripting | LOW | *-1.1 | 1.2 | July 1, 2026 | |
| image-zoom | image-zoom |
89
|
Image Zoom <= 1.8.8 - Missing Authorization | LOW | *-1.8.8 | July 1, 2026 | ||
| favicon-switcher | favicon-switcher |
91
|
FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery | LOW | *-1.2.11 | July 1, 2026 | ||
| demon-image-annotation | demon-image-annotation |
93
|
demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting | LOW | 1.0-4.7 | 4.8 | July 1, 2026 | |
| content-protector | content-protector |
93
|
Passster <= 3.5.5.5.1 - Insecure Password Storage to Sensitive Data Exposure | LOW | *-3.5.5.5.1 | 3.5.5.5.2 | July 1, 2026 | |
| wp-ultimate-csv-importer | wp-ultimate-csv-importer | N/A | WP Ultimate CSV Importer <= 6.5.7 - Authenticated (Administrator+) SQL Injection | LOW | *-6.5.7 | 6.5.8 | July 1, 2026 | |
| wp-ultimate-csv-importer | wp-ultimate-csv-importer | N/A | WP Ultimate CSV Importer <= 6.5.7 - Missing Authorization | LOW | *-6.5.7 | 6.5.8 | July 1, 2026 | |
| tidio-live-chat | tidio-live-chat | N/A | Tidio – Live Chat, Chatbots & Email Integration <= 5.2.0 - Sensitive Information Disclosure | LOW | *-5.2.0 | 5.3.0 | July 1, 2026 | |
| search-logger | search-logger | N/A | Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection | LOW | *-0.9 | July 1, 2026 | ||
| opening-hours | opening-hours | N/A | We’re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.41 | 1.42 | July 1, 2026 | |
| no-page-comment | no-page-comment | N/A | No Page Comment <= 1.1 - Cross-Site-Request Forgery to Settings Change | LOW | *-1.1 | 1.2 | July 1, 2026 | |
| image-zoom | image-zoom |
89
|
Image Zoom <= 1.8.8 - Cross-Site Request Forgery | LOW | *-1.8.8 | July 1, 2026 | ||
| WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | wpforms-lite |
70
|
Contact Form by WPForms <= 1.7.5.3 - Authenticated (Administrator+) Arbitrary File Access via Path Traversal | LOW | *-1.7.5.3 | 1.7.5.5 | July 1, 2026 | |
| wordpress-countdown-widget | wordpress-countdown-widget | N/A | WordPress Countdown Widget <= 3.1.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.1.9.2 | 3.1.9.3 | July 1, 2026 | |
| Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | woocommerce-jetpack |
65
|
Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification | LOW | *-5.6.2 | 5.6.3 | July 1, 2026 | |
| social-rocket | social-rocket | N/A | Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.3.2 | 1.3.3 | July 1, 2026 | |
| Simple File List | simple-file-list |
90
|
Simple File List <= 4.4.11 - Reflected Cross-Site Scripting | LOW | *-4.4.11 | 4.4.12 | July 1, 2026 | |
| Simple File List | simple-file-list |
90
|
Simple File List <= 4.4.12 - Cross-Site Request Forgery to Page Creation | LOW | *-4.4.12 | 4.4.13 | July 1, 2026 | |
| reSmush.it : The original free image compressor and optimizer plugin | resmushit-image-optimizer | N/A | reSmush.it Image Optimizer <= 0.4.5 - Authenticated (Administrator+) Cross-Site Scripting | LOW | *-0.4.5 | 0.4.6 | July 1, 2026 | |
| memberpress-downloads | memberpress-downloads |
93
|
MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload | LOW | *-1.2.5 | 1.2.6 | July 1, 2026 | |
| download-monitor | download-monitor |
93
|
Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download | LOW | *-4.5.97 | 4.5.98 | July 1, 2026 | |
| Breeze Cache | breeze |
79
|
Breeze <= 2.0.8 - Cross-Site Request Forgery via import_json_settings | LOW | *-2.0.8 | 2.0.9 | July 1, 2026 | |
| booster-plus-for-woocommerce | booster-plus-for-woocommerce |
93
|
Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification | LOW | *-5.6.0 | 5.6.1 | July 1, 2026 | |
| getyourguide-ticketing | getyourguide-ticketing |
93
|
GetYourGuide Ticketing <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.0.2 | 1.0.3 | July 1, 2026 | |
| miniorange-2-factor-authentication | miniorange-2-factor-authentication |
93
|
miniOrange's Google Authenticator <= 5.5.82 - Missing Authorization | LOW | *-5.5.82 | 5.6.0 | July 1, 2026 | |
| database-browser | database-browser |
91
|
Database Browser <= 1.4.4 - Authenticated (Administrator+) Cross-Site Scripting | LOW | *-1.4.4 | July 1, 2026 | ||
| taskbuilder | taskbuilder | N/A | Taskbuilder <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-1.0.7 | 1.0.8 | July 1, 2026 | |
| searchwp-live-ajax-search | searchwp-live-ajax-search | N/A | SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion | LOW | 1.0-1.6.2 | 1.6.3 | July 1, 2026 | |
| gs-testimonial | gs-testimonial |
93
|
GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9.6 | 1.9.7 | July 1, 2026 | |
| cpo-shortcodes | cpo-shortcodes |
89
|
CPO Shortcodes <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.5.0 | July 1, 2026 | ||
| comment-form | comment-form |
93
|
Advanced Comment Form <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.2.0 | 1.2.1 | July 1, 2026 | |
| awesome-filterable-portfolio | awesome-filterable-portfolio |
89
|
Awesome Filterable Portfolio <= 1.9.7 - Missing Authorization to Plugin Settings Change | LOW | *-1.9.7 | July 1, 2026 | ||
| awesome-filterable-portfolio | awesome-filterable-portfolio |
89
|
Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.9.7 | July 1, 2026 | ||
| wp-users-disable | wp-users-disable | N/A | Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update | LOW | *-1.0.1 | July 1, 2026 | ||
| wp-2fa | wp-2fa | N/A | WP 2FA <= 2.2.1 - Time-Based TOTP attack to Sensitive Information Exposure | LOW | *-2.2.1 | 2.3.0 | July 1, 2026 | |
| woo-billingo-plus | woo-billingo-plus | N/A | Multiple Plugins from Viszt Peter - Cross-Site Request Forgery | LOW | *-4.4.5.3 | 4.4.5.4 | July 1, 2026 | |
| Sucuri Security – Auditing, Malware Scanner and Security Hardening | sucuri-scanner |
91
|
Sucuri Security <= 1.8.33 - Cross-Site Request Forgery | LOW | *-1.8.33 | 1.8.34 | July 1, 2026 | |
| rate-my-post | rate-my-post | N/A | Rate my Post – WP Rating System <= 3.3.4 - Cross-Site Request Forgery | LOW | *-3.3.4 | 3.3.5 | July 1, 2026 | |
| notice-board | notice-board | N/A | NOTICE BOARD <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1 | July 1, 2026 | ||
| Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | ml-slider |
88
|
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | 3.27.8 | 3.27.9 | July 1, 2026 | |
| integration-for-szamlazz-hu-gravity-forms | integration-for-szamlazz-hu-gravity-forms |
93
|
Multiple Plugins from Viszt Peter - Cross-Site Request Forgery | LOW | *-1.2.6 | 1.2.7 | July 1, 2026 |
booking-ultra-pro
booking-ultra-pro
booking-ultra-pro
booking-ultra-pro
booking-ultra-pro
booking-ultra-pro
booking-ultra-pro
booking-ultra-pro
analytics-cat
analytics-cat
adminpad
adminpad
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
accordions-or-faqs
wp-monalisa
wp-monalisa
wp-asset-clean-up
wp-asset-clean-up
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
easy-digital-downloads
dokan-lite
dokan-lite
agile-store-locator
agile-store-locator
Advanced Ads – Ad Manager & AdSense
advanced-ads
th-advance-product-search
th-advance-product-search
th-advance-product-search
th-advance-product-search
sticky-header-oceanwp
sticky-header-oceanwp
social-media-buttons-toolbar
social-media-buttons-toolbar
sabaisdiscuss
sabaisdiscuss
pop-up
pop-up
manage-notification-emails
manage-notification-emails
forym
forym
blog2social
blog2social
wpforo
wpforo
wp-page-widget
wp-page-widget
tutor
tutor
sitepress-multilingual-cms
sitepress-multilingual-cms
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder
popup-maker
Frontend File Manager Plugin
nmedia-user-file-uploader
meks-easy-social-share
meks-easy-social-share
iq-block-country
iq-block-country
integromat-connector
integromat-connector
helpful
helpful
Drag and Drop Multiple File Upload for Contact Form 7
drag-and-drop-multiple-file-upload-contact-form-7
comment-guestbook
comment-guestbook
aryo-activity-log
aryo-activity-log
seriously-simple-podcasting
seriously-simple-podcasting
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder
popup-maker
miniorange-login-openid
miniorange-login-openid
mailoptin
mailoptin
kraken-image-optimizer
kraken-image-optimizer
backup-scheduler
backup-scheduler
backup-scheduler
backup-scheduler
vc-tabs
vc-tabs
miniorange-discord-integration
miniorange-discord-integration
export-post-info
export-post-info
customer-reviews-woocommerce
customer-reviews-woocommerce
customer-reviews-woocommerce
customer-reviews-woocommerce
customer-reviews-woocommerce
customer-reviews-woocommerce
cardoza-3d-tag-cloud
cardoza-3d-tag-cloud
wp-custom-cursors
wp-custom-cursors
wp-custom-cursors
wp-custom-cursors
wp-custom-cursors
wp-custom-cursors
no-page-comment
no-page-comment
image-zoom
image-zoom
favicon-switcher
favicon-switcher
demon-image-annotation
demon-image-annotation
content-protector
content-protector
wp-ultimate-csv-importer
wp-ultimate-csv-importer
wp-ultimate-csv-importer
wp-ultimate-csv-importer
tidio-live-chat
tidio-live-chat
search-logger
search-logger
opening-hours
opening-hours
no-page-comment
no-page-comment
image-zoom
image-zoom
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
wpforms-lite
wordpress-countdown-widget
wordpress-countdown-widget
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
woocommerce-jetpack
social-rocket
social-rocket
Simple File List
simple-file-list
Simple File List
simple-file-list
reSmush.it : The original free image compressor and optimizer plugin
resmushit-image-optimizer
memberpress-downloads
memberpress-downloads
download-monitor
download-monitor
Breeze Cache
breeze
booster-plus-for-woocommerce
booster-plus-for-woocommerce
getyourguide-ticketing
getyourguide-ticketing
miniorange-2-factor-authentication
miniorange-2-factor-authentication
database-browser
database-browser
taskbuilder
taskbuilder
searchwp-live-ajax-search
searchwp-live-ajax-search
gs-testimonial
gs-testimonial
cpo-shortcodes
cpo-shortcodes
comment-form
comment-form
awesome-filterable-portfolio
awesome-filterable-portfolio
awesome-filterable-portfolio
awesome-filterable-portfolio
wp-users-disable
wp-users-disable
wp-2fa
wp-2fa
woo-billingo-plus
woo-billingo-plus
Sucuri Security – Auditing, Malware Scanner and Security Hardening
sucuri-scanner
rate-my-post
rate-my-post
notice-board
notice-board
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
ml-slider
integration-for-szamlazz-hu-gravity-forms
integration-for-szamlazz-hu-gravity-forms
Showing 28101 to 28200 of 36320 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 1, 2026 at 14:01 UTC.