Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

81

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
integration-for-billingo-gravity-forms integration-for-billingo-gravity-forms
93
Multiple Plugins from Viszt Peter - Cross-Site Request Forgery LOW *-1.0.3 1.0.4 July 1, 2026
enable-media-replace enable-media-replace
93
Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal LOW *-3.6.3 4.0.0 July 1, 2026
cryptocurrency-pricing-list cryptocurrency-pricing-list
91
Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 July 1, 2026
awesome-support awesome-support
93
Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting LOW *-6.0.7 6.0.8 July 1, 2026
wpgateway wpgateway N/A WPGateway <= 3.5 - Unauthenticated Privilege Escalation LOW *-3.5 July 1, 2026
dokan-lite dokan-lite
93
Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting LOW *-3.6.3 3.6.4 July 1, 2026
yds-support-ticket-system yds-support-ticket-system N/A YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery LOW *-1.0 July 1, 2026
read-more read-more N/A Read more By Adam <= 1.1.8 - Cross-Site Request Forgery LOW *-1.1.8 July 1, 2026
photospace photospace N/A Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update LOW *-2.3.5 July 1, 2026
dsgvo-all-in-one-for-wp dsgvo-all-in-one-for-wp
93
DSGVO All in one for WP <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.2 4.3 July 1, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
Advanced Dynamic Pricing for WooCommerce <= 4.1.3 - Cross-Site Request Forgery to Plugin Settings Update LOW *-4.1.3 4.1.4 July 1, 2026
address-email-and-phone-validation address-email-and-phone-validation
95
PCA Predict <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.3 July 1, 2026
add-actions-and-filters add-actions-and-filters
95
Add Shortcodes Actions And Filters <= 2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.10 July 1, 2026
integracao-rd-station integracao-rd-station
93
RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update LOW *-5.2.0 5.2.1 July 1, 2026
opening-hours opening-hours N/A We’re Open! <= 1.37 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.37 1.38 July 1, 2026
corner-ad corner-ad
93
Corner Ad <= 1.0.56 - Cross-Site Request Forgery LOW *-1.0.56 1.0.57 July 1, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager < 3.2.55 - Missing Authorization to Cross-Site Scripting LOW [*, 3.2.55) 3.2.55 July 1, 2026
wpforo wpforo N/A wpForo Forum <= 2.0.5 - Cross-Site Request Forgery LOW *-2.0.5 2.0.6 July 1, 2026
wpforo wpforo N/A wpForo Forum <= 2.0.5 - Cross-Site Request Forgery LOW *-2.0.5 2.0.6 July 1, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.2.5 - Authenticated (Subscriber+) SQL Injection LOW *-13.2.5 13.2.6 July 1, 2026
top-bar top-bar N/A Top Bar <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.3 3.0.4 July 1, 2026
mega-forms mega-forms
93
Contact Form By Mega Forms <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2.4 1.2.5 July 1, 2026
culture-object culture-object
93
Culture Object <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.0.1 4.1.1 July 1, 2026
3dprint 3dprint
95
3DPrint <= 3.5.6.8 - Cross-Site Request Forgery to Arbitrary File Download LOW *-3.5.6.9 July 1, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.2.5 - Information Disclosure LOW 13.2.5 13.2.6 July 1, 2026
Frontend File Manager Plugin nmedia-user-file-uploader
86
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-21.2 21.3 July 1, 2026
Frontend File Manager Plugin nmedia-user-file-uploader
86
Frontend File Manager <= 21.2 - Missing Authorization LOW *-21.2 21.3 July 1, 2026
export-post-info export-post-info
93
Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.0 1.2.0 July 1, 2026
donation-thermometer donation-thermometer
93
Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.2 2.1.3 July 1, 2026
Booking Calendar booking
71
Booking Calendar <= 9.2.1 - Cross-Site Request Forgery LOW *-9.2.1 9.2.2 July 1, 2026
wordpress-countdown-widget wordpress-countdown-widget N/A WordPress Countdown Widget <= 3.1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.9.1 3.1.9.2 July 1, 2026
wordpress-countdown-widget wordpress-countdown-widget N/A WordPress Countdown Widget <= 3.1.9.1 - Cross-Site Request Forgery to Plugin Settings Update LOW *-3.1.9.1 3.1.9.2 July 1, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security wordfence
70
Wordfence Security – Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-7.6.0 7.6.1 July 1, 2026
Frontend File Manager Plugin nmedia-user-file-uploader
86
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update LOW *-21.3 21.4 July 1, 2026
ketchup-restaurant-reservations ketchup-restaurant-reservations
89
Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated SQL Injection LOW *-1.0.0 July 1, 2026
ketchup-restaurant-reservations ketchup-restaurant-reservations
89
Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
goolytics-simple-google-analytics goolytics-simple-google-analytics
93
Goolytics – Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.1 1.1.2 July 1, 2026
backupbuddy backupbuddy
93
BackupBuddy 8.5.8.0 - 8.7.4.1 - Arbitrary File Download LOW 8.5.8.0-8.7.4.1 8.7.5 July 1, 2026
wp-shamsi wp-shamsi N/A WP Shamsi <= 4.1.1 - Missing Authorization to Plugin Settings Update LOW *-4.1.1 4.2.0 July 1, 2026
wp-popup-builder wp-popup-builder N/A WP Popup Builder <= 1.2.9 - Missing Authorization and Cross-Site Request Forgery LOW *-1.2.9 1.3.0 July 1, 2026
wp-popup-builder wp-popup-builder N/A WP Popup Builder <= 1.2.8 - Reflected Cross-Site Scripting LOW *-1.2.8 1.2.9 July 1, 2026
svg-support svg-support N/A SVG Support <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.4.2 2.5 July 1, 2026
slider-hero slider-hero N/A Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-8.4.3 8.4.4 July 1, 2026
seo-automatic-links seo-automatic-links N/A SEO Smart Links <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.1 July 1, 2026
scripts-organizer scripts-organizer N/A Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload LOW [*, 3.0) 3.0 July 1, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App post-smtp
87
Post SMTP <= 2.1.6 - Authenticated (Administrator+) Blind Server-Side Request Forgery LOW *-2.1.6 2.1.7 July 1, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection LOW *-3.6.12 3.6.13 July 1, 2026
login-block-ips login-block-ips
89
Login Block IPs <= 1.0.0 - IP Spoofing to Protection Mechanism Bypass LOW * July 1, 2026
login-block-ips login-block-ips
89
Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update LOW *-1.0.0 July 1, 2026
ldap-wp-login-integration-with-active-directory ldap-wp-login-integration-with-active-directory
93
Ldap WP Login / Active Directory Integration <= 3.0.1 - Missing Authorization LOW [*, 3.0.2) 3.0.2 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal LOW [*, 3.2.55) 3.2.55 July 1, 2026
cm-download-manager cm-download-manager
93
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload LOW *-2.8.5 2.8.6 July 1, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic all-in-one-seo-pack
88
All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery LOW *-4.2.3.1 4.2.4 July 1, 2026
wp-cerber wp-cerber N/A WP Cerber Security <= 9.0 - User Enumeration Bypass LOW *-9.0 9.1 July 1, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read LOW 2.6.0-2.7.7 2.7.8 July 1, 2026
torro-forms torro-forms N/A Torro Forms <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.16 July 1, 2026
timeline-awesome timeline-awesome N/A History Timeline <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
pop-up-pop-up pop-up-pop-up N/A Pop-up <= 1.1.5 - Privilege Escalation LOW *-1.1.5 1.1.6 July 1, 2026
mega-addons-for-visual-composer mega-addons-for-visual-composer
89
Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update LOW *-4.2.7 July 1, 2026
meet-my-team meet-my-team
91
Meet My Team <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.5 July 1, 2026
wha-wordsearch wha-wordsearch N/A Word Search Puzzles game <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.0.1 July 1, 2026
wha-wordsearch wha-wordsearch N/A Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1 July 1, 2026
wha-crossword wha-crossword N/A WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.10 July 1, 2026
wha-crossword wha-crossword N/A WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.10 July 1, 2026
rate-my-post rate-my-post N/A Rate my Post – WP Rating System <= 3.3.4 - Race Condition LOW *-3.3.4 3.3.5 July 1, 2026
mp3-jplayer mp3-jplayer
91
MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery LOW *-2.7.3 July 1, 2026
getresponse-integration getresponse-integration
91
GetResponse <= 5.5.19 - Cross-Site Request Forgery LOW *-5.5.19 5.5.21 July 1, 2026
easy-org-chart easy-org-chart
91
Easy Org Chart <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1 July 1, 2026
captcha-code-authentication captcha-code-authentication
93
Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update LOW *-2.7 2.8 July 1, 2026
callrail-phone-call-tracking callrail-phone-call-tracking
93
CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.4.9 0.4.10 July 1, 2026
blossom-recipe-maker blossom-recipe-maker
93
Blossom Recipe Maker <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 July 1, 2026
wp-shop-original wp-shop-original N/A WP Shop <= 3.9.6 - Missing Authentication to Settings Change and Order Deletion LOW *-3.9.6 July 1, 2026
wp-postratings wp-postratings N/A WP-PostRatings <= 1.89 - Race Condition LOW *-1.89 1.90 July 1, 2026
wordlift wordlift N/A Wordlift <= 3.37.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.37.1 3.37.2 July 1, 2026
simple-bitcoin-faucets simple-bitcoin-faucets N/A Bitcoin Satoshi Tools <= 1.7.0 - Missing Authorization to Stored Cross-Site Scripting LOW *-1.7.0 July 1, 2026
restricted-site-access restricted-site-access N/A Restricted Site Access <= 7.3.1 - Access Bypass via IP Spoofing LOW [*, 7.3.2) 7.3.2 July 1, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description LOW *-9.7.3 9.8.0 July 1, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link LOW *-9.7.3 9.8.0 July 1, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL LOW *-9.7.3 9.8.0 July 1, 2026
generate-pdf-using-contact-form-7 generate-pdf-using-contact-form-7
93
Generate PDF using Contact Form 7 <= 3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.5 3.6 July 1, 2026
bitcoin-faucet bitcoin-faucet
91
Bitcoin / Altcoin Faucet <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6.0 July 1, 2026
ajax-load-more ajax-load-more
97
Infinite Scroll – Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal LOW *-5.5.4 5.5.4.1 July 1, 2026
add2fav add2fav
95
add2fav <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
add-user-role add-user-role
95
Add User Role <= 0.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.0.1 July 1, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager <= 3.2.42 - Reflected Cross-Site Scripting LOW [*, 3.2.5) 3.2.5 July 1, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager <= 3.2.42 - Missing Authorization to Cross-Site Scripting LOW *-3.2.4, 3.2.41, 3.2.42 3.2.5 July 1, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager <= 3.2.42 - Unauthenticated SQL Injection LOW *-3.2.4, 3.2.41, 3.2.42 3.2.5 July 1, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
WPvivid Backup 0.9.76 - Authenticated (Administrator+) Arbitrary File Deletion LOW 0.9.76 0.9.77 July 1, 2026
wp-users-exporter wp-users-exporter N/A WP Users Exporter <= 1.4.2 - CSV Injection LOW *-1.4.2 July 1, 2026
visualcomposer visualcomposer N/A Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' LOW *-45.0 45.0.1 July 1, 2026
visualcomposer visualcomposer N/A Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' LOW *-45.0 45.0.1 July 1, 2026
ultimate-sms-notifications ultimate-sms-notifications N/A Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection LOW *-1.4.1 1.4.2 July 1, 2026
slickr-flickr slickr-flickr N/A Slickr Flickr <= 2.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.8.1 July 1, 2026
site-offline site-offline N/A Site Offline <= 1.4.9 - Maintenance Mode Bypass LOW *-1.4.9 1.5.3 July 1, 2026
gettext-override-translations gettext-override-translations
93
Gettext override translations <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.1 2.0.0 July 1, 2026
cp-easy-form-builder cp-easy-form-builder
93
Form Builder CP <= 1.2.31 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.31 1.2.32 July 1, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor LOW *-2.5.5.2 2.5.5.3 July 1, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover LOW *-2.5.5.2 2.5.5.3 July 1, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL LOW *-2.5.5.2 2.5.5.3 July 1, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption' LOW *-2.5.5.2 2.5.5.3 July 1, 2026
LOW

integration-for-billingo-gravity-forms

integration-for-billingo-gravity-forms

Score: 93/100 Multiple Plugins from Viszt Peter - Cross-Site Request Forgery Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

enable-media-replace

enable-media-replace

Score: 93/100 Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal Affected: *-3.6.3 Patched: 4.0.0 Updated: July 1, 2026
LOW

cryptocurrency-pricing-list

cryptocurrency-pricing-list

Score: 91/100 Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 1, 2026
LOW

awesome-support

awesome-support

Score: 93/100 Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting Affected: *-6.0.7 Patched: 6.0.8 Updated: July 1, 2026
LOW

wpgateway

wpgateway

Score: N/A WPGateway <= 3.5 - Unauthenticated Privilege Escalation Affected: *-3.5 Patched: Updated: July 1, 2026
LOW

dokan-lite

dokan-lite

Score: 93/100 Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting Affected: *-3.6.3 Patched: 3.6.4 Updated: July 1, 2026
LOW

yds-support-ticket-system

yds-support-ticket-system

Score: N/A YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

read-more

read-more

Score: N/A Read more By Adam <= 1.1.8 - Cross-Site Request Forgery Affected: *-1.1.8 Patched: Updated: July 1, 2026
LOW

photospace

photospace

Score: N/A Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update Affected: *-2.3.5 Patched: Updated: July 1, 2026
LOW

dsgvo-all-in-one-for-wp

dsgvo-all-in-one-for-wp

Score: 93/100 DSGVO All in one for WP <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.2 Patched: 4.3 Updated: July 1, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.3 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-4.1.3 Patched: 4.1.4 Updated: July 1, 2026
LOW

address-email-and-phone-validation

address-email-and-phone-validation

Score: 95/100 PCA Predict <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

add-actions-and-filters

add-actions-and-filters

Score: 95/100 Add Shortcodes Actions And Filters <= 2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.10 Patched: Updated: July 1, 2026
LOW

integracao-rd-station

integracao-rd-station

Score: 93/100 RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-5.2.0 Patched: 5.2.1 Updated: July 1, 2026
LOW

opening-hours

opening-hours

Score: N/A We’re Open! <= 1.37 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.37 Patched: 1.38 Updated: July 1, 2026
LOW

corner-ad

corner-ad

Score: 93/100 Corner Ad <= 1.0.56 - Cross-Site Request Forgery Affected: *-1.0.56 Patched: 1.0.57 Updated: July 1, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager < 3.2.55 - Missing Authorization to Cross-Site Scripting Affected: [*, 3.2.55) Patched: 3.2.55 Updated: July 1, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.0.5 - Cross-Site Request Forgery Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.0.5 - Cross-Site Request Forgery Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

top-bar

top-bar

Score: N/A Top Bar <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: July 1, 2026
LOW

mega-forms

mega-forms

Score: 93/100 Contact Form By Mega Forms <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: July 1, 2026
LOW

culture-object

culture-object

Score: 93/100 Culture Object <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.1 Patched: 4.1.1 Updated: July 1, 2026
LOW

3dprint

3dprint

Score: 95/100 3DPrint <= 3.5.6.8 - Cross-Site Request Forgery to Arbitrary File Download Affected: *-3.5.6.9 Patched: Updated: July 1, 2026
LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-21.2 Patched: 21.3 Updated: July 1, 2026
LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 21.2 - Missing Authorization Affected: *-21.2 Patched: 21.3 Updated: July 1, 2026
LOW

export-post-info

export-post-info

Score: 93/100 Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

donation-thermometer

donation-thermometer

Score: 93/100 Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 1, 2026
LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 9.2.1 - Cross-Site Request Forgery Affected: *-9.2.1 Patched: 9.2.2 Updated: July 1, 2026
LOW

wordpress-countdown-widget

wordpress-countdown-widget

Score: N/A WordPress Countdown Widget <= 3.1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.9.1 Patched: 3.1.9.2 Updated: July 1, 2026
LOW

wordpress-countdown-widget

wordpress-countdown-widget

Score: N/A WordPress Countdown Widget <= 3.1.9.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-3.1.9.1 Patched: 3.1.9.2 Updated: July 1, 2026
LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-21.3 Patched: 21.4 Updated: July 1, 2026
LOW

ketchup-restaurant-reservations

ketchup-restaurant-reservations

Score: 89/100 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

ketchup-restaurant-reservations

ketchup-restaurant-reservations

Score: 89/100 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

goolytics-simple-google-analytics

goolytics-simple-google-analytics

Score: 93/100 Goolytics – Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

backupbuddy

backupbuddy

Score: 93/100 BackupBuddy 8.5.8.0 - 8.7.4.1 - Arbitrary File Download Affected: 8.5.8.0-8.7.4.1 Patched: 8.7.5 Updated: July 1, 2026
LOW

wp-shamsi

wp-shamsi

Score: N/A WP Shamsi <= 4.1.1 - Missing Authorization to Plugin Settings Update Affected: *-4.1.1 Patched: 4.2.0 Updated: July 1, 2026
LOW

wp-popup-builder

wp-popup-builder

Score: N/A WP Popup Builder <= 1.2.9 - Missing Authorization and Cross-Site Request Forgery Affected: *-1.2.9 Patched: 1.3.0 Updated: July 1, 2026
LOW

wp-popup-builder

wp-popup-builder

Score: N/A WP Popup Builder <= 1.2.8 - Reflected Cross-Site Scripting Affected: *-1.2.8 Patched: 1.2.9 Updated: July 1, 2026
LOW

svg-support

svg-support

Score: N/A SVG Support <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.4.2 Patched: 2.5 Updated: July 1, 2026
LOW

slider-hero

slider-hero

Score: N/A Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-8.4.3 Patched: 8.4.4 Updated: July 1, 2026
LOW

seo-automatic-links

seo-automatic-links

Score: N/A SEO Smart Links <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: July 1, 2026
LOW

scripts-organizer

scripts-organizer

Score: N/A Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload Affected: [*, 3.0) Patched: 3.0 Updated: July 1, 2026
LOW

login-block-ips

login-block-ips

Score: 89/100 Login Block IPs <= 1.0.0 - IP Spoofing to Protection Mechanism Bypass Affected: * Patched: Updated: July 1, 2026
LOW

login-block-ips

login-block-ips

Score: 89/100 Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

ldap-wp-login-integration-with-active-directory

ldap-wp-login-integration-with-active-directory

Score: 93/100 Ldap WP Login / Active Directory Integration <= 3.0.1 - Missing Authorization Affected: [*, 3.0.2) Patched: 3.0.2 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal Affected: [*, 3.2.55) Patched: 3.2.55 Updated: July 1, 2026
LOW

cm-download-manager

cm-download-manager

Score: 93/100 CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-2.8.5 Patched: 2.8.6 Updated: July 1, 2026
LOW

wp-cerber

wp-cerber

Score: N/A WP Cerber Security <= 9.0 - User Enumeration Bypass Affected: *-9.0 Patched: 9.1 Updated: July 1, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read Affected: 2.6.0-2.7.7 Patched: 2.7.8 Updated: July 1, 2026
LOW

torro-forms

torro-forms

Score: N/A Torro Forms <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.16 Patched: Updated: July 1, 2026
LOW

timeline-awesome

timeline-awesome

Score: N/A History Timeline <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

pop-up-pop-up

pop-up-pop-up

Score: N/A Pop-up <= 1.1.5 - Privilege Escalation Affected: *-1.1.5 Patched: 1.1.6 Updated: July 1, 2026
LOW

mega-addons-for-visual-composer

mega-addons-for-visual-composer

Score: 89/100 Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update Affected: *-4.2.7 Patched: Updated: July 1, 2026
LOW

meet-my-team

meet-my-team

Score: 91/100 Meet My Team <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: Updated: July 1, 2026
LOW

wha-wordsearch

wha-wordsearch

Score: N/A Word Search Puzzles game <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 1, 2026
LOW

wha-wordsearch

wha-wordsearch

Score: N/A Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 1, 2026
LOW

wha-crossword

wha-crossword

Score: N/A WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.10 Patched: Updated: July 1, 2026
LOW

wha-crossword

wha-crossword

Score: N/A WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.10 Patched: Updated: July 1, 2026
LOW

rate-my-post

rate-my-post

Score: N/A Rate my Post – WP Rating System <= 3.3.4 - Race Condition Affected: *-3.3.4 Patched: 3.3.5 Updated: July 1, 2026
LOW

mp3-jplayer

mp3-jplayer

Score: 91/100 MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery Affected: *-2.7.3 Patched: Updated: July 1, 2026
LOW

getresponse-integration

getresponse-integration

Score: 91/100 GetResponse <= 5.5.19 - Cross-Site Request Forgery Affected: *-5.5.19 Patched: 5.5.21 Updated: July 1, 2026
LOW

easy-org-chart

easy-org-chart

Score: 91/100 Easy Org Chart <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: Updated: July 1, 2026
LOW

captcha-code-authentication

captcha-code-authentication

Score: 93/100 Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.7 Patched: 2.8 Updated: July 1, 2026
LOW

callrail-phone-call-tracking

callrail-phone-call-tracking

Score: 93/100 CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4.9 Patched: 0.4.10 Updated: July 1, 2026
LOW

blossom-recipe-maker

blossom-recipe-maker

Score: 93/100 Blossom Recipe Maker <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

wp-shop-original

wp-shop-original

Score: N/A WP Shop <= 3.9.6 - Missing Authentication to Settings Change and Order Deletion Affected: *-3.9.6 Patched: Updated: July 1, 2026
LOW

wp-postratings

wp-postratings

Score: N/A WP-PostRatings <= 1.89 - Race Condition Affected: *-1.89 Patched: 1.90 Updated: July 1, 2026
LOW

wordlift

wordlift

Score: N/A Wordlift <= 3.37.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.37.1 Patched: 3.37.2 Updated: July 1, 2026
LOW

simple-bitcoin-faucets

simple-bitcoin-faucets

Score: N/A Bitcoin Satoshi Tools <= 1.7.0 - Missing Authorization to Stored Cross-Site Scripting Affected: *-1.7.0 Patched: Updated: July 1, 2026
LOW

restricted-site-access

restricted-site-access

Score: N/A Restricted Site Access <= 7.3.1 - Access Bypass via IP Spoofing Affected: [*, 7.3.2) Patched: 7.3.2 Updated: July 1, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description Affected: *-9.7.3 Patched: 9.8.0 Updated: July 1, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link Affected: *-9.7.3 Patched: 9.8.0 Updated: July 1, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL Affected: *-9.7.3 Patched: 9.8.0 Updated: July 1, 2026
LOW

generate-pdf-using-contact-form-7

generate-pdf-using-contact-form-7

Score: 93/100 Generate PDF using Contact Form 7 <= 3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5 Patched: 3.6 Updated: July 1, 2026
LOW

bitcoin-faucet

bitcoin-faucet

Score: 91/100 Bitcoin / Altcoin Faucet <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.0 Patched: Updated: July 1, 2026
LOW

ajax-load-more

ajax-load-more

Score: 97/100 Infinite Scroll – Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal Affected: *-5.5.4 Patched: 5.5.4.1 Updated: July 1, 2026
LOW

add2fav

add2fav

Score: 95/100 add2fav <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

add-user-role

add-user-role

Score: 95/100 Add User Role <= 0.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 1, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.2.42 - Reflected Cross-Site Scripting Affected: [*, 3.2.5) Patched: 3.2.5 Updated: July 1, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.2.42 - Missing Authorization to Cross-Site Scripting Affected: *-3.2.4, 3.2.41, 3.2.42 Patched: 3.2.5 Updated: July 1, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.2.42 - Unauthenticated SQL Injection Affected: *-3.2.4, 3.2.41, 3.2.42 Patched: 3.2.5 Updated: July 1, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 WPvivid Backup 0.9.76 - Authenticated (Administrator+) Arbitrary File Deletion Affected: 0.9.76 Patched: 0.9.77 Updated: July 1, 2026
LOW

wp-users-exporter

wp-users-exporter

Score: N/A WP Users Exporter <= 1.4.2 - CSV Injection Affected: *-1.4.2 Patched: Updated: July 1, 2026
LOW

visualcomposer

visualcomposer

Score: N/A Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' Affected: *-45.0 Patched: 45.0.1 Updated: July 1, 2026
LOW

visualcomposer

visualcomposer

Score: N/A Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' Affected: *-45.0 Patched: 45.0.1 Updated: July 1, 2026
LOW

ultimate-sms-notifications

ultimate-sms-notifications

Score: N/A Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection Affected: *-1.4.1 Patched: 1.4.2 Updated: July 1, 2026
LOW

slickr-flickr

slickr-flickr

Score: N/A Slickr Flickr <= 2.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.8.1 Patched: Updated: July 1, 2026
LOW

site-offline

site-offline

Score: N/A Site Offline <= 1.4.9 - Maintenance Mode Bypass Affected: *-1.4.9 Patched: 1.5.3 Updated: July 1, 2026
LOW

gettext-override-translations

gettext-override-translations

Score: 93/100 Gettext override translations <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 2.0.0 Updated: July 1, 2026
LOW

cp-easy-form-builder

cp-easy-form-builder

Score: 93/100 Form Builder CP <= 1.2.31 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.31 Patched: 1.2.32 Updated: July 1, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor Affected: *-2.5.5.2 Patched: 2.5.5.3 Updated: July 1, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover Affected: *-2.5.5.2 Patched: 2.5.5.3 Updated: July 1, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL Affected: *-2.5.5.2 Patched: 2.5.5.3 Updated: July 1, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption' Affected: *-2.5.5.2 Patched: 2.5.5.3 Updated: July 1, 2026

Showing 28201 to 28300 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 15:27 UTC.