Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

78

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
booking-ultra-pro booking-ultra-pro
91
Booking Ultra Pro <= 1.1.5 - Missing Authorization LOW *-1.1.5 1.1.6 July 1, 2026
booking-ultra-pro booking-ultra-pro
91
Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery LOW *-1.1.6 1.1.7 July 1, 2026
booking-ultra-pro booking-ultra-pro
91
Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery LOW *-1.1.6 1.1.7 July 1, 2026
booking-ultra-pro booking-ultra-pro
91
Booking Ultra Pro <= 1.1.8 - Stored Cross-Site Scripting LOW *-1.1.8 1.1.9 July 1, 2026
analytics-cat analytics-cat
97
Analytics Cat – Google Analytics Made Easy <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.9 1.1.0 July 1, 2026
adminpad adminpad
97
AdminPad <= 2.1 - Cross-Site Request Forgery LOW *-2.1 2.2 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting in post_oxi_settings function LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter LOW *-2.0.3 2.1.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter LOW *-2.0.3 2.1.0 July 1, 2026
wp-monalisa wp-monalisa N/A wp-Monalisa <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-6.1 6.2 July 1, 2026
wp-asset-clean-up wp-asset-clean-up N/A Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting LOW *-1.3.8.4 1.3.8.5 July 1, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection LOW *-3.1.0.1.1 3.1.0.2 July 1, 2026
dokan-lite dokan-lite
93
Dokan <= 3.6.5 - Cross-Site Request Forgery LOW *-3.6.5 3.6.6 July 1, 2026
agile-store-locator agile-store-locator
97
Store Locator WordPress <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.4.5 1.4.6 July 1, 2026
Advanced Ads – Ad Manager & AdSense advanced-ads
80
Advanced Ads – Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.31.1 1.32.0 July 1, 2026
th-advance-product-search th-advance-product-search N/A TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset LOW *-1.1.4 1.1.5 July 1, 2026
th-advance-product-search th-advance-product-search N/A TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change LOW *-1.1.4 1.1.5 July 1, 2026
sticky-header-oceanwp sticky-header-oceanwp N/A Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update LOW *-1.0.8 July 1, 2026
social-media-buttons-toolbar social-media-buttons-toolbar N/A Social Media Follow Buttons Bar <= 4.73 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.73 5.0 July 1, 2026
sabaisdiscuss sabaisdiscuss N/A Sabai Discuss <= 1.4.13 - Reflected Cross-Site Scripting LOW *-1.4.13 1.4.14 July 1, 2026
pop-up pop-up N/A Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.7 July 1, 2026
manage-notification-emails manage-notification-emails
93
Manage Notification E-mails <= 1.8.2 - Cross-Site Request Forgery to Plugin Options Update LOW *-1.8.2 1.8.3 July 1, 2026
forym forym
91
Forym <= 1.5.8 - Reflected Cross-Site Scripting LOW *-1.5.8 July 1, 2026
blog2social blog2social
93
Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-6.9.11 6.9.12 July 1, 2026
wpforo wpforo N/A wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change LOW *-2.0.5 2.0.6 July 1, 2026
wp-page-widget wp-page-widget N/A WP Page Widget <= 3.9 - Cross-Site Request Forgery LOW *-3.9 4.0 July 1, 2026
tutor tutor N/A Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.9 2.0.10 July 1, 2026
sitepress-multilingual-cms sitepress-multilingual-cms N/A WPML <= 4.5.10 - Unprotected AJAX Actions LOW *-4.5.10 4.5.11 July 1, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker N/A Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting LOW *-1.16.8 1.16.9 July 1, 2026
Frontend File Manager Plugin nmedia-user-file-uploader
86
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload LOW *-21.2 21.3 July 1, 2026
meks-easy-social-share meks-easy-social-share
93
Meks Easy Social Share <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.7 1.2.8 July 1, 2026
iq-block-country iq-block-country
93
iQ Block Country <= 1.2.18 - Country Blocking Bypass LOW *-1.2.18 1.2.19 July 1, 2026
integromat-connector integromat-connector
93
Make, formerly Integromat Connector <= 1.5.2 - Authenticated (Subscriber+) Information Disclosure LOW *-1.5.2 1.5.3 July 1, 2026
helpful helpful
93
Helpful <= 4.5.25 - Sensitive Information Disclosure LOW *-4.5.25 4.5.26 July 1, 2026
Drag and Drop Multiple File Upload for Contact Form 7 drag-and-drop-multiple-file-upload-contact-form-7
93
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.4 - File Upload Size Limit Bypass LOW *-1.3.6.4 1.3.6.5 July 1, 2026
comment-guestbook comment-guestbook
91
Comment Guestbook <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.8.0 July 1, 2026
aryo-activity-log aryo-activity-log
97
Activity Log <= 2.8.3 - CSV Injection LOW *-2.8.3 2.8.4 July 1, 2026
seriously-simple-podcasting seriously-simple-podcasting N/A Seriously Simple Podcasting <= 2.16.0 - Cross-Site Request Forgery LOW *-2.16.0 2.16.1 July 1, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker N/A Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.16.8 1.16.9 July 1, 2026
miniorange-login-openid miniorange-login-openid
91
WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update LOW 7.5.12 7.5.13 July 1, 2026
mailoptin mailoptin
93
MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion LOW *-1.2.49.0 1.2.50.0 July 1, 2026
kraken-image-optimizer kraken-image-optimizer
93
Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery LOW *-2.6.5 2.6.6 July 1, 2026
backup-scheduler backup-scheduler
89
Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery LOW *-1.5.13 July 1, 2026
backup-scheduler backup-scheduler
89
Backup Scheduler <= 1.5.13 - Missing Authorization to Sensitive Information Disclosure LOW *-1.5.13 July 1, 2026
vc-tabs vc-tabs N/A Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.7.1 3.7.2 July 1, 2026
miniorange-discord-integration miniorange-discord-integration
91
miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update LOW *-2.1.5 2.1.6 July 1, 2026
export-post-info export-post-info
93
Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection LOW *-1.2.0 1.2.1 July 1, 2026
customer-reviews-woocommerce customer-reviews-woocommerce
93
Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure LOW *-5.3.5 5.3.6 July 1, 2026
customer-reviews-woocommerce customer-reviews-woocommerce
93
Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery LOW *-5.3.5 5.3.6 July 1, 2026
customer-reviews-woocommerce customer-reviews-woocommerce
93
Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions LOW *-5.3.5 5.3.6 July 1, 2026
cardoza-3d-tag-cloud cardoza-3d-tag-cloud
91
3D Tag Cloud <= 3.8 - Cross-Site Request Forgery LOW *-3.8 3.9 July 1, 2026
wp-custom-cursors wp-custom-cursors N/A WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation LOW *-3.0 3.0.1 July 1, 2026
wp-custom-cursors wp-custom-cursors N/A WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0 3.0.1 July 1, 2026
wp-custom-cursors wp-custom-cursors N/A WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection LOW *-3.0.2 3.0.3 July 1, 2026
no-page-comment no-page-comment N/A No Page Comment <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 1.2 July 1, 2026
image-zoom image-zoom
89
Image Zoom <= 1.8.8 - Missing Authorization LOW *-1.8.8 July 1, 2026
favicon-switcher favicon-switcher
91
FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery LOW *-1.2.11 July 1, 2026
demon-image-annotation demon-image-annotation
93
demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting LOW 1.0-4.7 4.8 July 1, 2026
content-protector content-protector
93
Passster <= 3.5.5.5.1 - Insecure Password Storage to Sensitive Data Exposure LOW *-3.5.5.5.1 3.5.5.5.2 July 1, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A WP Ultimate CSV Importer <= 6.5.7 - Authenticated (Administrator+) SQL Injection LOW *-6.5.7 6.5.8 July 1, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A WP Ultimate CSV Importer <= 6.5.7 - Missing Authorization LOW *-6.5.7 6.5.8 July 1, 2026
tidio-live-chat tidio-live-chat N/A Tidio – Live Chat, Chatbots & Email Integration <= 5.2.0 - Sensitive Information Disclosure LOW *-5.2.0 5.3.0 July 1, 2026
search-logger search-logger N/A Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection LOW *-0.9 July 1, 2026
opening-hours opening-hours N/A We’re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.41 1.42 July 1, 2026
no-page-comment no-page-comment N/A No Page Comment <= 1.1 - Cross-Site-Request Forgery to Settings Change LOW *-1.1 1.2 July 1, 2026
image-zoom image-zoom
89
Image Zoom <= 1.8.8 - Cross-Site Request Forgery LOW *-1.8.8 July 1, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
70
Contact Form by WPForms <= 1.7.5.3 - Authenticated (Administrator+) Arbitrary File Access via Path Traversal LOW *-1.7.5.3 1.7.5.5 July 1, 2026
wordpress-countdown-widget wordpress-countdown-widget N/A WordPress Countdown Widget <= 3.1.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.9.2 3.1.9.3 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification LOW *-5.6.2 5.6.3 July 1, 2026
social-rocket social-rocket N/A Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3.2 1.3.3 July 1, 2026
Simple File List simple-file-list
90
Simple File List <= 4.4.11 - Reflected Cross-Site Scripting LOW *-4.4.11 4.4.12 July 1, 2026
Simple File List simple-file-list
90
Simple File List <= 4.4.12 - Cross-Site Request Forgery to Page Creation LOW *-4.4.12 4.4.13 July 1, 2026
reSmush.it : The original free image compressor and optimizer plugin resmushit-image-optimizer N/A reSmush.it Image Optimizer <= 0.4.5 - Authenticated (Administrator+) Cross-Site Scripting LOW *-0.4.5 0.4.6 July 1, 2026
memberpress-downloads memberpress-downloads
93
MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.2.5 1.2.6 July 1, 2026
download-monitor download-monitor
93
Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download LOW *-4.5.97 4.5.98 July 1, 2026
Breeze Cache breeze
79
Breeze <= 2.0.8 - Cross-Site Request Forgery via import_json_settings LOW *-2.0.8 2.0.9 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification LOW *-5.6.0 5.6.1 July 1, 2026
getyourguide-ticketing getyourguide-ticketing
93
GetYourGuide Ticketing <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.2 1.0.3 July 1, 2026
miniorange-2-factor-authentication miniorange-2-factor-authentication
93
miniOrange's Google Authenticator <= 5.5.82 - Missing Authorization LOW *-5.5.82 5.6.0 July 1, 2026
database-browser database-browser
91
Database Browser <= 1.4.4 - Authenticated (Administrator+) Cross-Site Scripting LOW *-1.4.4 July 1, 2026
taskbuilder taskbuilder N/A Taskbuilder <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 July 1, 2026
searchwp-live-ajax-search searchwp-live-ajax-search N/A SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion LOW 1.0-1.6.2 1.6.3 July 1, 2026
gs-testimonial gs-testimonial
93
GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.6 1.9.7 July 1, 2026
cpo-shortcodes cpo-shortcodes
89
CPO Shortcodes <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.0 July 1, 2026
comment-form comment-form
93
Advanced Comment Form <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.0 1.2.1 July 1, 2026
awesome-filterable-portfolio awesome-filterable-portfolio
89
Awesome Filterable Portfolio <= 1.9.7 - Missing Authorization to Plugin Settings Change LOW *-1.9.7 July 1, 2026
awesome-filterable-portfolio awesome-filterable-portfolio
89
Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting LOW *-1.9.7 July 1, 2026
wp-users-disable wp-users-disable N/A Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update LOW *-1.0.1 July 1, 2026
wp-2fa wp-2fa N/A WP 2FA <= 2.2.1 - Time-Based TOTP attack to Sensitive Information Exposure LOW *-2.2.1 2.3.0 July 1, 2026
woo-billingo-plus woo-billingo-plus N/A Multiple Plugins from Viszt Peter - Cross-Site Request Forgery LOW *-4.4.5.3 4.4.5.4 July 1, 2026
Sucuri Security – Auditing, Malware Scanner and Security Hardening sucuri-scanner
91
Sucuri Security <= 1.8.33 - Cross-Site Request Forgery LOW *-1.8.33 1.8.34 July 1, 2026
rate-my-post rate-my-post N/A Rate my Post – WP Rating System <= 3.3.4 - Cross-Site Request Forgery LOW *-3.3.4 3.3.5 July 1, 2026
notice-board notice-board N/A NOTICE BOARD <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 1, 2026
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider ml-slider
88
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW 3.27.8 3.27.9 July 1, 2026
integration-for-szamlazz-hu-gravity-forms integration-for-szamlazz-hu-gravity-forms
93
Multiple Plugins from Viszt Peter - Cross-Site Request Forgery LOW *-1.2.6 1.2.7 July 1, 2026
LOW

booking-ultra-pro

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: 1.1.6 Updated: July 1, 2026
LOW

booking-ultra-pro

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery Affected: *-1.1.6 Patched: 1.1.7 Updated: July 1, 2026
LOW

booking-ultra-pro

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery Affected: *-1.1.6 Patched: 1.1.7 Updated: July 1, 2026
LOW

booking-ultra-pro

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.8 - Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: July 1, 2026
LOW

analytics-cat

analytics-cat

Score: 97/100 Analytics Cat – Google Analytics Made Easy <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: July 1, 2026
LOW

adminpad

adminpad

Score: 97/100 AdminPad <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: 2.2 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting in post_oxi_settings function Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter Affected: *-2.0.3 Patched: 2.1.0 Updated: July 1, 2026
LOW

wp-monalisa

wp-monalisa

Score: N/A wp-Monalisa <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.1 Patched: 6.2 Updated: July 1, 2026
LOW

wp-asset-clean-up

wp-asset-clean-up

Score: N/A Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting Affected: *-1.3.8.4 Patched: 1.3.8.5 Updated: July 1, 2026
LOW

dokan-lite

dokan-lite

Score: 93/100 Dokan <= 3.6.5 - Cross-Site Request Forgery Affected: *-3.6.5 Patched: 3.6.6 Updated: July 1, 2026
LOW

agile-store-locator

agile-store-locator

Score: 97/100 Store Locator WordPress <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.4.5 Patched: 1.4.6 Updated: July 1, 2026
LOW

Advanced Ads – Ad Manager & AdSense

advanced-ads

Score: 80/100 Advanced Ads – Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.31.1 Patched: 1.32.0 Updated: July 1, 2026
LOW

th-advance-product-search

th-advance-product-search

Score: N/A TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset Affected: *-1.1.4 Patched: 1.1.5 Updated: July 1, 2026
LOW

th-advance-product-search

th-advance-product-search

Score: N/A TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change Affected: *-1.1.4 Patched: 1.1.5 Updated: July 1, 2026
LOW

sticky-header-oceanwp

sticky-header-oceanwp

Score: N/A Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.0.8 Patched: Updated: July 1, 2026
LOW

social-media-buttons-toolbar

social-media-buttons-toolbar

Score: N/A Social Media Follow Buttons Bar <= 4.73 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.73 Patched: 5.0 Updated: July 1, 2026
LOW

sabaisdiscuss

sabaisdiscuss

Score: N/A Sabai Discuss <= 1.4.13 - Reflected Cross-Site Scripting Affected: *-1.4.13 Patched: 1.4.14 Updated: July 1, 2026
LOW

pop-up

pop-up

Score: N/A Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.7 Patched: Updated: July 1, 2026
LOW

manage-notification-emails

manage-notification-emails

Score: 93/100 Manage Notification E-mails <= 1.8.2 - Cross-Site Request Forgery to Plugin Options Update Affected: *-1.8.2 Patched: 1.8.3 Updated: July 1, 2026
LOW

forym

forym

Score: 91/100 Forym <= 1.5.8 - Reflected Cross-Site Scripting Affected: *-1.5.8 Patched: Updated: July 1, 2026
LOW

blog2social

blog2social

Score: 93/100 Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-6.9.11 Patched: 6.9.12 Updated: July 1, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

wp-page-widget

wp-page-widget

Score: N/A WP Page Widget <= 3.9 - Cross-Site Request Forgery Affected: *-3.9 Patched: 4.0 Updated: July 1, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.9 Patched: 2.0.10 Updated: July 1, 2026
LOW

sitepress-multilingual-cms

sitepress-multilingual-cms

Score: N/A WPML <= 4.5.10 - Unprotected AJAX Actions Affected: *-4.5.10 Patched: 4.5.11 Updated: July 1, 2026
LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload Affected: *-21.2 Patched: 21.3 Updated: July 1, 2026
LOW

meks-easy-social-share

meks-easy-social-share

Score: 93/100 Meks Easy Social Share <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.7 Patched: 1.2.8 Updated: July 1, 2026
LOW

iq-block-country

iq-block-country

Score: 93/100 iQ Block Country <= 1.2.18 - Country Blocking Bypass Affected: *-1.2.18 Patched: 1.2.19 Updated: July 1, 2026
LOW

integromat-connector

integromat-connector

Score: 93/100 Make, formerly Integromat Connector <= 1.5.2 - Authenticated (Subscriber+) Information Disclosure Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

helpful

helpful

Score: 93/100 Helpful <= 4.5.25 - Sensitive Information Disclosure Affected: *-4.5.25 Patched: 4.5.26 Updated: July 1, 2026
LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.4 - File Upload Size Limit Bypass Affected: *-1.3.6.4 Patched: 1.3.6.5 Updated: July 1, 2026
LOW

comment-guestbook

comment-guestbook

Score: 91/100 Comment Guestbook <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.8.0 Patched: Updated: July 1, 2026
LOW

aryo-activity-log

aryo-activity-log

Score: 97/100 Activity Log <= 2.8.3 - CSV Injection Affected: *-2.8.3 Patched: 2.8.4 Updated: July 1, 2026
LOW

seriously-simple-podcasting

seriously-simple-podcasting

Score: N/A Seriously Simple Podcasting <= 2.16.0 - Cross-Site Request Forgery Affected: *-2.16.0 Patched: 2.16.1 Updated: July 1, 2026
LOW

miniorange-login-openid

miniorange-login-openid

Score: 91/100 WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update Affected: 7.5.12 Patched: 7.5.13 Updated: July 1, 2026
LOW

mailoptin

mailoptin

Score: 93/100 MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion Affected: *-1.2.49.0 Patched: 1.2.50.0 Updated: July 1, 2026
LOW

kraken-image-optimizer

kraken-image-optimizer

Score: 93/100 Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery Affected: *-2.6.5 Patched: 2.6.6 Updated: July 1, 2026
LOW

backup-scheduler

backup-scheduler

Score: 89/100 Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery Affected: *-1.5.13 Patched: Updated: July 1, 2026
LOW

backup-scheduler

backup-scheduler

Score: 89/100 Backup Scheduler <= 1.5.13 - Missing Authorization to Sensitive Information Disclosure Affected: *-1.5.13 Patched: Updated: July 1, 2026
LOW

vc-tabs

vc-tabs

Score: N/A Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.7.1 Patched: 3.7.2 Updated: July 1, 2026
LOW

miniorange-discord-integration

miniorange-discord-integration

Score: 91/100 miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update Affected: *-2.1.5 Patched: 2.1.6 Updated: July 1, 2026
LOW

export-post-info

export-post-info

Score: 93/100 Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

customer-reviews-woocommerce

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure Affected: *-5.3.5 Patched: 5.3.6 Updated: July 1, 2026
LOW

customer-reviews-woocommerce

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery Affected: *-5.3.5 Patched: 5.3.6 Updated: July 1, 2026
LOW

customer-reviews-woocommerce

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions Affected: *-5.3.5 Patched: 5.3.6 Updated: July 1, 2026
LOW

cardoza-3d-tag-cloud

cardoza-3d-tag-cloud

Score: 91/100 3D Tag Cloud <= 3.8 - Cross-Site Request Forgery Affected: *-3.8 Patched: 3.9 Updated: July 1, 2026
LOW

wp-custom-cursors

wp-custom-cursors

Score: N/A WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation Affected: *-3.0 Patched: 3.0.1 Updated: July 1, 2026
LOW

wp-custom-cursors

wp-custom-cursors

Score: N/A WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0 Patched: 3.0.1 Updated: July 1, 2026
LOW

wp-custom-cursors

wp-custom-cursors

Score: N/A WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection Affected: *-3.0.2 Patched: 3.0.3 Updated: July 1, 2026
LOW

no-page-comment

no-page-comment

Score: N/A No Page Comment <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: July 1, 2026
LOW

image-zoom

image-zoom

Score: 89/100 Image Zoom <= 1.8.8 - Missing Authorization Affected: *-1.8.8 Patched: Updated: July 1, 2026
LOW

favicon-switcher

favicon-switcher

Score: 91/100 FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery Affected: *-1.2.11 Patched: Updated: July 1, 2026
LOW

demon-image-annotation

demon-image-annotation

Score: 93/100 demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting Affected: 1.0-4.7 Patched: 4.8 Updated: July 1, 2026
LOW

content-protector

content-protector

Score: 93/100 Passster <= 3.5.5.5.1 - Insecure Password Storage to Sensitive Data Exposure Affected: *-3.5.5.5.1 Patched: 3.5.5.5.2 Updated: July 1, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A WP Ultimate CSV Importer <= 6.5.7 - Authenticated (Administrator+) SQL Injection Affected: *-6.5.7 Patched: 6.5.8 Updated: July 1, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A WP Ultimate CSV Importer <= 6.5.7 - Missing Authorization Affected: *-6.5.7 Patched: 6.5.8 Updated: July 1, 2026
LOW

tidio-live-chat

tidio-live-chat

Score: N/A Tidio – Live Chat, Chatbots & Email Integration <= 5.2.0 - Sensitive Information Disclosure Affected: *-5.2.0 Patched: 5.3.0 Updated: July 1, 2026
LOW

search-logger

search-logger

Score: N/A Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection Affected: *-0.9 Patched: Updated: July 1, 2026
LOW

opening-hours

opening-hours

Score: N/A We’re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.41 Patched: 1.42 Updated: July 1, 2026
LOW

no-page-comment

no-page-comment

Score: N/A No Page Comment <= 1.1 - Cross-Site-Request Forgery to Settings Change Affected: *-1.1 Patched: 1.2 Updated: July 1, 2026
LOW

image-zoom

image-zoom

Score: 89/100 Image Zoom <= 1.8.8 - Cross-Site Request Forgery Affected: *-1.8.8 Patched: Updated: July 1, 2026
LOW

wordpress-countdown-widget

wordpress-countdown-widget

Score: N/A WordPress Countdown Widget <= 3.1.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.9.2 Patched: 3.1.9.3 Updated: July 1, 2026
LOW

social-rocket

social-rocket

Score: N/A Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: July 1, 2026
LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 4.4.11 - Reflected Cross-Site Scripting Affected: *-4.4.11 Patched: 4.4.12 Updated: July 1, 2026
LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 4.4.12 - Cross-Site Request Forgery to Page Creation Affected: *-4.4.12 Patched: 4.4.13 Updated: July 1, 2026
LOW

memberpress-downloads

memberpress-downloads

Score: 93/100 MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.2.5 Patched: 1.2.6 Updated: July 1, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download Affected: *-4.5.97 Patched: 4.5.98 Updated: July 1, 2026
LOW

Breeze Cache

breeze

Score: 79/100 Breeze <= 2.0.8 - Cross-Site Request Forgery via import_json_settings Affected: *-2.0.8 Patched: 2.0.9 Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification Affected: *-5.6.0 Patched: 5.6.1 Updated: July 1, 2026
LOW

getyourguide-ticketing

getyourguide-ticketing

Score: 93/100 GetYourGuide Ticketing <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: July 1, 2026
LOW

miniorange-2-factor-authentication

miniorange-2-factor-authentication

Score: 93/100 miniOrange's Google Authenticator <= 5.5.82 - Missing Authorization Affected: *-5.5.82 Patched: 5.6.0 Updated: July 1, 2026
LOW

database-browser

database-browser

Score: 91/100 Database Browser <= 1.4.4 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: July 1, 2026
LOW

taskbuilder

taskbuilder

Score: N/A Taskbuilder <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

searchwp-live-ajax-search

searchwp-live-ajax-search

Score: N/A SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion Affected: 1.0-1.6.2 Patched: 1.6.3 Updated: July 1, 2026
LOW

gs-testimonial

gs-testimonial

Score: 93/100 GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.6 Patched: 1.9.7 Updated: July 1, 2026
LOW

cpo-shortcodes

cpo-shortcodes

Score: 89/100 CPO Shortcodes <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: Updated: July 1, 2026
LOW

comment-form

comment-form

Score: 93/100 Advanced Comment Form <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

awesome-filterable-portfolio

awesome-filterable-portfolio

Score: 89/100 Awesome Filterable Portfolio <= 1.9.7 - Missing Authorization to Plugin Settings Change Affected: *-1.9.7 Patched: Updated: July 1, 2026
LOW

awesome-filterable-portfolio

awesome-filterable-portfolio

Score: 89/100 Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.9.7 Patched: Updated: July 1, 2026
LOW

wp-users-disable

wp-users-disable

Score: N/A Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

wp-2fa

wp-2fa

Score: N/A WP 2FA <= 2.2.1 - Time-Based TOTP attack to Sensitive Information Exposure Affected: *-2.2.1 Patched: 2.3.0 Updated: July 1, 2026
LOW

woo-billingo-plus

woo-billingo-plus

Score: N/A Multiple Plugins from Viszt Peter - Cross-Site Request Forgery Affected: *-4.4.5.3 Patched: 4.4.5.4 Updated: July 1, 2026
LOW

rate-my-post

rate-my-post

Score: N/A Rate my Post – WP Rating System <= 3.3.4 - Cross-Site Request Forgery Affected: *-3.3.4 Patched: 3.3.5 Updated: July 1, 2026
LOW

notice-board

notice-board

Score: N/A NOTICE BOARD <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

integration-for-szamlazz-hu-gravity-forms

integration-for-szamlazz-hu-gravity-forms

Score: 93/100 Multiple Plugins from Viszt Peter - Cross-Site Request Forgery Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026

Showing 28101 to 28200 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 14:01 UTC.