Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

78

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
better-delete-revision better-delete-revision
91
Better Delete Revision <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.1 July 1, 2026
Simple File List simple-file-list
90
Simple File List <= 4.4.11 - Reflected Cross-Site Scripting LOW *-4.4.11 4.4.12 July 1, 2026
better-font-awesome better-font-awesome
93
Better Font Awesome <= 2.0.1 - Missing Authorization to Plugin Options Update LOW 2.0.1 2.0.2 July 1, 2026
wptouch wptouch N/A WPtouch <= 4.3.42 - Reflected Cross-Site Scripting LOW *-4.3.42 4.3.44 July 1, 2026
wp-forecast wp-forecast N/A wp-forecast <= 7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-7.5 8.0 July 1, 2026
polls-widget polls-widget N/A Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Authenticated (Administrator+) Cross-Site Scripting LOW *-1.7.4 1.7.5 July 1, 2026
launcher launcher
93
Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.11 1.0.12 July 1, 2026
calendar-event calendar-event
93
Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting LOW *-1.4.6 1.4.7 July 1, 2026
calendar-event calendar-event
93
Event Calendar <= 1.4.6 - Missing Authorization to Event Modification LOW *-1.4.6 1.4.7 July 1, 2026
better-font-awesome better-font-awesome
93
Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update LOW *-2.0.1 2.0.2 July 1, 2026
alphabetic-pagination alphabetic-pagination
97
Alphabetic Pagination <= 3.0.7 - Missing Authorization to Unauthenticated Arbitrary Options Update LOW *-3.0.7 3.0.8 July 1, 2026
accommodation-system accommodation-system
95
Accommodation System <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 1, 2026
access-code-feeder access-code-feeder
95
Access Code Feeder <= 1.0.3 - Missing Authorization LOW *-1.0.3 July 1, 2026
about-rentals about-rentals
95
About Rentals <= 1.5 - Missing Authorization LOW *-1.5 July 1, 2026
about-me about-me
95
About Me <= 1.0.12 - Missing Authorization LOW *-1.0.12 July 1, 2026
ab-rankings-testing-tool ab-rankings-testing-tool
95
SEO Scout <= 0.9.83 - Cross-Site Request Forgery to Settings Update LOW *-0.9.83 July 1, 2026
3dady-real-time-web-stats 3dady-real-time-web-stats
95
3dady real-time web stats <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting LOW *-1.0 July 1, 2026
wp-socializer wp-socializer N/A WP Socializer – Simple & Easy Social Media Share Icons <= 7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-7.2 7.3 July 1, 2026
wordpress-ping-optimizer wordpress-ping-optimizer N/A WordPress Ping Optimizer <= 2.35.1.2.3 - Cross-Site Request Forgery LOW *-2.35.1.2.3 2.35.1.3.0 July 1, 2026
oauth-client-for-user-authentication oauth-client-for-user-authentication N/A OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.3 - Missing Authorization LOW *-3.0.3 3.0.4 July 1, 2026
float-to-top-button float-to-top-button
89
Float to Top Button <= 2.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.6 July 1, 2026
badgeos badgeos
83
BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection LOW *-3.7.1.2 3.7.1.3 July 1, 2026
All-in-One WP Migration and Backup all-in-one-wp-migration
94
All-in-One WP Migration <= 7.62 - Unauthenticated Reflected Cross-Site Scripting LOW *-7.62 7.63 July 1, 2026
yotuwp-easy-youtube-embed yotuwp-easy-youtube-embed N/A Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization LOW *-1.3.8 1.3.9 July 1, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal LOW *-0.9.75 0.9.76 July 1, 2026
wp-useronline wp-useronline N/A WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.88.0 2.88.1 July 1, 2026
WP Hotel Booking wp-hotel-booking N/A WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update LOW *-2.0.0 2.0.1 July 1, 2026
wp-cerber wp-cerber N/A WP Cerber Security <= 9.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-9.0 9.1 July 1, 2026
wp-analytify wp-analytify N/A Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Authorization Bypass LOW *-4.2.2 4.2.3 July 1, 2026
woo-currency woo-currency N/A WBW Currency Switcher <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.5 1.6.6 July 1, 2026
tutor tutor N/A Tutor LMS – eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting LOW 2.0.0-2.0.8 2.0.9 July 1, 2026
search-exclude search-exclude N/A Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.2.6 1.2.7 July 1, 2026
classified-listing-store classified-listing-store
93
Classima < 2.1.11 - Reflected Cross-Site Scripting LOW [*, 1.4.20) 1.4.20 July 1, 2026
classified-listing-pro classified-listing-pro
93
Classima < 2.1.11 - Reflected Cross-Site Scripting LOW [*, 2.0.20) 2.0.20 July 1, 2026
classified-listing-pro classified-listing-pro
93
Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting LOW [*, 2.0.20) 2.0.20 July 1, 2026
classified-listing classified-listing
93
Classima < 2.1.11 - Reflected Cross-Site Scripting LOW [*, 2.2.14) 2.2.14 July 1, 2026
classified-core classified-core
93
Classima < 2.1.11 - Reflected Cross-Site Scripting LOW [*, 1.10) 1.10 July 1, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages <= 1.9.10.57 - Resource Exhaustion LOW *-1.9.10.57 1.9.10.58 July 1, 2026
ajax-load-more ajax-load-more
97
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization LOW *-5.5.3 5.5.4 July 1, 2026
ajax-load-more ajax-load-more
97
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read LOW *-5.5.3 5.5.4 July 1, 2026
ajax-load-more ajax-load-more
97
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal LOW *-5.5.3 5.5.4 July 1, 2026
mashsharer mashsharer
91
Social Media Share Buttons <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.8.3 3.8.4 July 1, 2026
craw-data craw-data
91
Craw Data <= 1.0.0 - Server Side Request Forgery LOW *-1.0.0 July 1, 2026
wp-server-stats wp-server-stats N/A WP Server Health Stats <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.10 1.7.0 July 1, 2026
woocommerce-buddypress-integration-xprofile-checkout-manager woocommerce-buddypress-integration-xprofile-checkout-manager N/A BuddyPress xProfile Checkout Manager for WooCommerce <= 1.3.5 - Stored Cross-Site Scripting LOW *-1.3.5 1.3.6 July 1, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App post-smtp
87
Post SMTP Mailer/Email Log <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.1.3 2.1.4 July 1, 2026
onetone-companion onetone-companion N/A OneTone Companion <= 1.1.1 - Open Mailer LOW *-1.1.1 July 1, 2026
WP STAGING – WordPress Backup, Restore & Migration wp-staging
77
WP STAGING – Backup Duplicator & Migration <= 2.9.17 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.9.17 2.9.18 July 1, 2026
scroll-top scroll-top N/A Scroll To Top <= 1.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.0 1.4.1 July 1, 2026
photoblocks-grid-gallery photoblocks-grid-gallery N/A Gallery PhotoBlocks <= 1.2.8 - Missing Authorization Checks LOW *-1.2.8 1.2.9 July 1, 2026
mobile-events-manager mobile-events-manager
93
Mobile Events Manager <= 1.4.7 - Authenticated (Administrator+) CSV Injection LOW *-1.4.7 1.4.8 July 1, 2026
integromat-connector integromat-connector
93
Make, formerly Integromat Connector <= 1.5.1 - Missing Authorization to Arbitrary Options Update LOW *-1.5.1 1.5.2 July 1, 2026
float-to-top-button float-to-top-button
89
Float to Top Button <= 2.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.6 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization LOW *-3.2.49 3.2.50 July 1, 2026
anti-spam anti-spam
97
Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass LOW *-7.3.0 7.3.1 July 1, 2026
All-in-One Video Gallery all-in-one-video-gallery
70
All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery LOW 2.5.8-2.6.0 2.6.1 July 1, 2026
accordions accordions
97
Accordion <= 2.2.43 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.2.40 2.2.43 July 1, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Admin+) Directory Traversal LOW *-0.9.75 0.9.76 July 1, 2026
wp-database-backup wp-database-backup N/A WP Database Backup <= 5.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.8.3 5.9 July 1, 2026
pexlechris-adminer pexlechris-adminer N/A Database Management tool – Adminer <= 1.1.5 - Information Exposure LOW *-1.1.5 1.1.6 July 1, 2026
login-recaptcha login-recaptcha
93
Login No Captcha reCAPTCHA <= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing LOW *-1.6.11 1.7 July 1, 2026
helpful helpful
93
Helpful <= 4.5.14 - Authorization Bypass to Repeat Voting LOW *-4.5.14 4.5.15 July 1, 2026
debug-bar-elasticpress debug-bar-elasticpress
93
Debug Bar ElasticPress <= 2.1.0 - Cross-Site Scripting LOW *-2.1.0 2.1.1 July 1, 2026
cp-multi-view-calendar cp-multi-view-calendar
91
Calendar Event Multi View <= 1.4.06 - Missing Authorization to Stored Cross-Site Scripting LOW *-1.4.06 1.4.07 July 1, 2026
corner-ad corner-ad
93
Corner Ad <= 1.0.53 - Reflected Cross-Site Scripting LOW *-1.0.53 1.0.54 July 1, 2026
affiliates-manager affiliates-manager
97
Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.9.13 2.9.14 July 1, 2026
affiliates-manager affiliates-manager
97
Affiliates Manager <= 2.9.13 - CSV Injection LOW *-2.9.13 2.9.14 July 1, 2026
affiliates-manager affiliates-manager
97
Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery LOW *-2.9.13 2.9.14 July 1, 2026
affiliates-manager affiliates-manager
97
Affiliates Manager <= 2.9.13 - Reflected Cross-Site Scripting LOW *-2.9.13 2.9.14 July 1, 2026
visual-portfolio visual-portfolio N/A Visual Portfolio, Photo Gallery & Post Grid <= 2.18.0 - Contributor+ CSS Injection LOW *-2.18.0 2.19.0 July 1, 2026
visual-portfolio visual-portfolio N/A Visual Portfolio, Photo Gallery & Post Grid <= 2.17.1 - Unauthenticated CSS Injection LOW *-2.17.1 2.18.0 July 1, 2026
fast-flow-dashboard fast-flow-dashboard
93
Fast Flow <= 1.2.11 - Reflected Cross-Site Scripting LOW *-1.2.11 1.2.12 July 1, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting LOW *-3.8.11.8 3.8.12 July 1, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion LOW *-3.8.11.8 3.8.12 July 1, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions LOW *-3.8.11.8 3.8.12 July 1, 2026
All-in-One WP Migration and Backup all-in-one-wp-migration
94
All-in-One WP Migration <= 7.62 - Authenticated (Admin+) Cross-Site Scripting LOW *-7.62 7.63 July 1, 2026
protect-uploads protect-uploads N/A Protect uploads <= 0.3 - Authorization Bypass LOW *-0.3 0.4 July 1, 2026
uploading-svgwebp-and-ico-files uploading-svgwebp-and-ico-files N/A Uploading SVG, WEBP and ICO files <= 1.0.1 - Arbitrary File Upload LOW *-1.0.1 1.2.0 July 1, 2026
uploading-svgwebp-and-ico-files uploading-svgwebp-and-ico-files N/A Uploading SVG, WEBP and ICO files <= 1.0.1 - Authenticated Stored Cross-Site Scripting LOW *-1.0.1 1.2.0 July 1, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings seo-by-rank-math
85
Rank Math SEO <= 1.0.95 - Server-Side Request Forgery LOW *-1.0.95 1.0.95.1 July 1, 2026
alpine-photo-tile-for-pinterest alpine-photo-tile-for-pinterest
95
Alpine PhotoTile for Pinterest <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.1 July 1, 2026
8-degree-notification-bar 8-degree-notification-bar
95
Notification Bar for WordPress <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting LOW *-1.1.8 July 1, 2026
59sec-lite-contact-form-7-push-notifications-on-ios-and-android 59sec-lite-contact-form-7-push-notifications-on-ios-and-android
95
THE Leads Management System: 59sec LITE <= 3.4.1 - Authorization Bypass LOW *-3.4.1 July 1, 2026
reSmush.it : The original free image compressor and optimizer plugin resmushit-image-optimizer N/A reSmush.it <= 0.4.3 - Missing Authorization LOW *-0.4.3 0.4.4 July 1, 2026
sp-client-document-manager sp-client-document-manager
87
SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting LOW *-4.59 4.62 July 1, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization LOW *-0.9.74 0.9.75 July 1, 2026
wp-payment-form wp-payment-form N/A Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting LOW *-4.2.0 4.2.1 July 1, 2026
wp-payment-form wp-payment-form N/A Simple Payment Donations <= 4.2.0 - Reflected Cross-Site Scripting LOW *-4.2.0 4.2.1 July 1, 2026
sp-client-document-manager sp-client-document-manager
87
SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting LOW *-4.59 4.62 July 1, 2026
photoblocks-grid-gallery photoblocks-grid-gallery N/A Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery LOW *-1.2.8 1.2.9 July 1, 2026
photoblocks-grid-gallery photoblocks-grid-gallery N/A Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.6 1.2.7 July 1, 2026
photo-gallery photo-gallery N/A Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting LOW *-1.7.0 1.7.1 July 1, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 3.0.1 - PHP Object Injection LOW *-3.0.1 3.0.2 July 1, 2026
directorist directorist
93
Directorist <= 7.3.0 - Sensitive Information Disclosure LOW *-7.3.0 7.3.1 July 1, 2026
as-create-pinterest-pinboard-pages as-create-pinterest-pinboard-pages
95
AS – Create Pinterest Pinboard Pages <= 1.0 - Authenticated Options Change to Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
WPIDE – File Manager & Code Editor wpide
92
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read LOW *-2.6 3.0 July 1, 2026
WPIDE – File Manager & Code Editor wpide
92
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload LOW *-2.6 3.0 July 1, 2026
wp-database-backup wp-database-backup N/A WP Database Backup <= 5.9 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.8 5.9 July 1, 2026
WooPayments: Integrated WooCommerce Payments woocommerce-payments
84
WooCommerce Payments <= 4.5.0 - Payment Bypass LOW [3.9.0, 3.9.4), [4.0.0, 4.0.3), [4.1.0, 4.1.1), [4.2.0, 4.2.2), [4.3.0, 4.3.1), [4.4.0, 4.4.1) 3.9.4 July 1, 2026
woo-order-export-lite woo-order-export-lite N/A Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting LOW *-3.3.1 3.3.2 July 1, 2026
LOW

better-delete-revision

better-delete-revision

Score: 91/100 Better Delete Revision <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: July 1, 2026
LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 4.4.11 - Reflected Cross-Site Scripting Affected: *-4.4.11 Patched: 4.4.12 Updated: July 1, 2026
LOW

better-font-awesome

better-font-awesome

Score: 93/100 Better Font Awesome <= 2.0.1 - Missing Authorization to Plugin Options Update Affected: 2.0.1 Patched: 2.0.2 Updated: July 1, 2026
LOW

wptouch

wptouch

Score: N/A WPtouch <= 4.3.42 - Reflected Cross-Site Scripting Affected: *-4.3.42 Patched: 4.3.44 Updated: July 1, 2026
LOW

wp-forecast

wp-forecast

Score: N/A wp-forecast <= 7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.5 Patched: 8.0 Updated: July 1, 2026
LOW

polls-widget

polls-widget

Score: N/A Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 1, 2026
LOW

launcher

launcher

Score: 93/100 Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.11 Patched: 1.0.12 Updated: July 1, 2026
LOW

calendar-event

calendar-event

Score: 93/100 Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: July 1, 2026
LOW

calendar-event

calendar-event

Score: 93/100 Event Calendar <= 1.4.6 - Missing Authorization to Event Modification Affected: *-1.4.6 Patched: 1.4.7 Updated: July 1, 2026
LOW

better-font-awesome

better-font-awesome

Score: 93/100 Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.0.1 Patched: 2.0.2 Updated: July 1, 2026
LOW

alphabetic-pagination

alphabetic-pagination

Score: 97/100 Alphabetic Pagination <= 3.0.7 - Missing Authorization to Unauthenticated Arbitrary Options Update Affected: *-3.0.7 Patched: 3.0.8 Updated: July 1, 2026
LOW

accommodation-system

accommodation-system

Score: 95/100 Accommodation System <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

access-code-feeder

access-code-feeder

Score: 95/100 Access Code Feeder <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

about-rentals

about-rentals

Score: 95/100 About Rentals <= 1.5 - Missing Authorization Affected: *-1.5 Patched: Updated: July 1, 2026
LOW

about-me

about-me

Score: 95/100 About Me <= 1.0.12 - Missing Authorization Affected: *-1.0.12 Patched: Updated: July 1, 2026
LOW

ab-rankings-testing-tool

ab-rankings-testing-tool

Score: 95/100 SEO Scout <= 0.9.83 - Cross-Site Request Forgery to Settings Update Affected: *-0.9.83 Patched: Updated: July 1, 2026
LOW

3dady-real-time-web-stats

3dady-real-time-web-stats

Score: 95/100 3dady real-time web stats <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

wp-socializer

wp-socializer

Score: N/A WP Socializer – Simple & Easy Social Media Share Icons <= 7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.2 Patched: 7.3 Updated: July 1, 2026
LOW

wordpress-ping-optimizer

wordpress-ping-optimizer

Score: N/A WordPress Ping Optimizer <= 2.35.1.2.3 - Cross-Site Request Forgery Affected: *-2.35.1.2.3 Patched: 2.35.1.3.0 Updated: July 1, 2026
LOW

oauth-client-for-user-authentication

oauth-client-for-user-authentication

Score: N/A OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.3 - Missing Authorization Affected: *-3.0.3 Patched: 3.0.4 Updated: July 1, 2026
LOW

float-to-top-button

float-to-top-button

Score: 89/100 Float to Top Button <= 2.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.6 Patched: Updated: July 1, 2026
LOW

badgeos

badgeos

Score: 83/100 BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.7.1.2 Patched: 3.7.1.3 Updated: July 1, 2026
LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration <= 7.62 - Unauthenticated Reflected Cross-Site Scripting Affected: *-7.62 Patched: 7.63 Updated: July 1, 2026
LOW

yotuwp-easy-youtube-embed

yotuwp-easy-youtube-embed

Score: N/A Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization Affected: *-1.3.8 Patched: 1.3.9 Updated: July 1, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal Affected: *-0.9.75 Patched: 0.9.76 Updated: July 1, 2026
LOW

wp-useronline

wp-useronline

Score: N/A WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.88.0 Patched: 2.88.1 Updated: July 1, 2026
LOW

WP Hotel Booking

wp-hotel-booking

Score: N/A WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update Affected: *-2.0.0 Patched: 2.0.1 Updated: July 1, 2026
LOW

wp-cerber

wp-cerber

Score: N/A WP Cerber Security <= 9.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-9.0 Patched: 9.1 Updated: July 1, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Authorization Bypass Affected: *-4.2.2 Patched: 4.2.3 Updated: July 1, 2026
LOW

woo-currency

woo-currency

Score: N/A WBW Currency Switcher <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.5 Patched: 1.6.6 Updated: July 1, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS – eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting Affected: 2.0.0-2.0.8 Patched: 2.0.9 Updated: July 1, 2026
LOW

search-exclude

search-exclude

Score: N/A Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026
LOW

classified-listing-store

classified-listing-store

Score: 93/100 Classima < 2.1.11 - Reflected Cross-Site Scripting Affected: [*, 1.4.20) Patched: 1.4.20 Updated: July 1, 2026
LOW

classified-listing-pro

classified-listing-pro

Score: 93/100 Classima < 2.1.11 - Reflected Cross-Site Scripting Affected: [*, 2.0.20) Patched: 2.0.20 Updated: July 1, 2026
LOW

classified-listing-pro

classified-listing-pro

Score: 93/100 Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting Affected: [*, 2.0.20) Patched: 2.0.20 Updated: July 1, 2026
LOW

classified-listing

classified-listing

Score: 93/100 Classima < 2.1.11 - Reflected Cross-Site Scripting Affected: [*, 2.2.14) Patched: 2.2.14 Updated: July 1, 2026
LOW

classified-core

classified-core

Score: 93/100 Classima < 2.1.11 - Reflected Cross-Site Scripting Affected: [*, 1.10) Patched: 1.10 Updated: July 1, 2026
LOW

ajax-load-more

ajax-load-more

Score: 97/100 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization Affected: *-5.5.3 Patched: 5.5.4 Updated: July 1, 2026
LOW

ajax-load-more

ajax-load-more

Score: 97/100 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read Affected: *-5.5.3 Patched: 5.5.4 Updated: July 1, 2026
LOW

ajax-load-more

ajax-load-more

Score: 97/100 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal Affected: *-5.5.3 Patched: 5.5.4 Updated: July 1, 2026
LOW

mashsharer

mashsharer

Score: 91/100 Social Media Share Buttons <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.8.3 Patched: 3.8.4 Updated: July 1, 2026
LOW

craw-data

craw-data

Score: 91/100 Craw Data <= 1.0.0 - Server Side Request Forgery Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wp-server-stats

wp-server-stats

Score: N/A WP Server Health Stats <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.10 Patched: 1.7.0 Updated: July 1, 2026
LOW

onetone-companion

onetone-companion

Score: N/A OneTone Companion <= 1.1.1 - Open Mailer Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

scroll-top

scroll-top

Score: N/A Scroll To Top <= 1.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.0 Patched: 1.4.1 Updated: July 1, 2026
LOW

photoblocks-grid-gallery

photoblocks-grid-gallery

Score: N/A Gallery PhotoBlocks <= 1.2.8 - Missing Authorization Checks Affected: *-1.2.8 Patched: 1.2.9 Updated: July 1, 2026
LOW

mobile-events-manager

mobile-events-manager

Score: 93/100 Mobile Events Manager <= 1.4.7 - Authenticated (Administrator+) CSV Injection Affected: *-1.4.7 Patched: 1.4.8 Updated: July 1, 2026
LOW

integromat-connector

integromat-connector

Score: 93/100 Make, formerly Integromat Connector <= 1.5.1 - Missing Authorization to Arbitrary Options Update Affected: *-1.5.1 Patched: 1.5.2 Updated: July 1, 2026
LOW

float-to-top-button

float-to-top-button

Score: 89/100 Float to Top Button <= 2.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.6 Patched: Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization Affected: *-3.2.49 Patched: 3.2.50 Updated: July 1, 2026
LOW

anti-spam

anti-spam

Score: 97/100 Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass Affected: *-7.3.0 Patched: 7.3.1 Updated: July 1, 2026
LOW

All-in-One Video Gallery

all-in-one-video-gallery

Score: 70/100 All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery Affected: 2.5.8-2.6.0 Patched: 2.6.1 Updated: July 1, 2026
LOW

accordions

accordions

Score: 97/100 Accordion <= 2.2.43 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.2.40 Patched: 2.2.43 Updated: July 1, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Admin+) Directory Traversal Affected: *-0.9.75 Patched: 0.9.76 Updated: July 1, 2026
LOW

wp-database-backup

wp-database-backup

Score: N/A WP Database Backup <= 5.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.8.3 Patched: 5.9 Updated: July 1, 2026
LOW

pexlechris-adminer

pexlechris-adminer

Score: N/A Database Management tool – Adminer <= 1.1.5 - Information Exposure Affected: *-1.1.5 Patched: 1.1.6 Updated: July 1, 2026
LOW

login-recaptcha

login-recaptcha

Score: 93/100 Login No Captcha reCAPTCHA <= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing Affected: *-1.6.11 Patched: 1.7 Updated: July 1, 2026
LOW

helpful

helpful

Score: 93/100 Helpful <= 4.5.14 - Authorization Bypass to Repeat Voting Affected: *-4.5.14 Patched: 4.5.15 Updated: July 1, 2026
LOW

debug-bar-elasticpress

debug-bar-elasticpress

Score: 93/100 Debug Bar ElasticPress <= 2.1.0 - Cross-Site Scripting Affected: *-2.1.0 Patched: 2.1.1 Updated: July 1, 2026
LOW

cp-multi-view-calendar

cp-multi-view-calendar

Score: 91/100 Calendar Event Multi View <= 1.4.06 - Missing Authorization to Stored Cross-Site Scripting Affected: *-1.4.06 Patched: 1.4.07 Updated: July 1, 2026
LOW

corner-ad

corner-ad

Score: 93/100 Corner Ad <= 1.0.53 - Reflected Cross-Site Scripting Affected: *-1.0.53 Patched: 1.0.54 Updated: July 1, 2026
LOW

affiliates-manager

affiliates-manager

Score: 97/100 Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.9.13 Patched: 2.9.14 Updated: July 1, 2026
LOW

affiliates-manager

affiliates-manager

Score: 97/100 Affiliates Manager <= 2.9.13 - CSV Injection Affected: *-2.9.13 Patched: 2.9.14 Updated: July 1, 2026
LOW

affiliates-manager

affiliates-manager

Score: 97/100 Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery Affected: *-2.9.13 Patched: 2.9.14 Updated: July 1, 2026
LOW

affiliates-manager

affiliates-manager

Score: 97/100 Affiliates Manager <= 2.9.13 - Reflected Cross-Site Scripting Affected: *-2.9.13 Patched: 2.9.14 Updated: July 1, 2026
LOW

visual-portfolio

visual-portfolio

Score: N/A Visual Portfolio, Photo Gallery & Post Grid <= 2.18.0 - Contributor+ CSS Injection Affected: *-2.18.0 Patched: 2.19.0 Updated: July 1, 2026
LOW

visual-portfolio

visual-portfolio

Score: N/A Visual Portfolio, Photo Gallery & Post Grid <= 2.17.1 - Unauthenticated CSS Injection Affected: *-2.17.1 Patched: 2.18.0 Updated: July 1, 2026
LOW

fast-flow-dashboard

fast-flow-dashboard

Score: 93/100 Fast Flow <= 1.2.11 - Reflected Cross-Site Scripting Affected: *-1.2.11 Patched: 1.2.12 Updated: July 1, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting Affected: *-3.8.11.8 Patched: 3.8.12 Updated: July 1, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion Affected: *-3.8.11.8 Patched: 3.8.12 Updated: July 1, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions Affected: *-3.8.11.8 Patched: 3.8.12 Updated: July 1, 2026
LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration <= 7.62 - Authenticated (Admin+) Cross-Site Scripting Affected: *-7.62 Patched: 7.63 Updated: July 1, 2026
LOW

protect-uploads

protect-uploads

Score: N/A Protect uploads <= 0.3 - Authorization Bypass Affected: *-0.3 Patched: 0.4 Updated: July 1, 2026
LOW

uploading-svgwebp-and-ico-files

uploading-svgwebp-and-ico-files

Score: N/A Uploading SVG, WEBP and ICO files <= 1.0.1 - Arbitrary File Upload Affected: *-1.0.1 Patched: 1.2.0 Updated: July 1, 2026
LOW

uploading-svgwebp-and-ico-files

uploading-svgwebp-and-ico-files

Score: N/A Uploading SVG, WEBP and ICO files <= 1.0.1 - Authenticated Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.2.0 Updated: July 1, 2026
LOW

alpine-photo-tile-for-pinterest

alpine-photo-tile-for-pinterest

Score: 95/100 Alpine PhotoTile for Pinterest <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: July 1, 2026
LOW

8-degree-notification-bar

8-degree-notification-bar

Score: 95/100 Notification Bar for WordPress <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: July 1, 2026
LOW

sp-client-document-manager

sp-client-document-manager

Score: 87/100 SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting Affected: *-4.59 Patched: 4.62 Updated: July 1, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization Affected: *-0.9.74 Patched: 0.9.75 Updated: July 1, 2026
LOW

wp-payment-form

wp-payment-form

Score: N/A Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.2.0 Patched: 4.2.1 Updated: July 1, 2026
LOW

wp-payment-form

wp-payment-form

Score: N/A Simple Payment Donations <= 4.2.0 - Reflected Cross-Site Scripting Affected: *-4.2.0 Patched: 4.2.1 Updated: July 1, 2026
LOW

sp-client-document-manager

sp-client-document-manager

Score: 87/100 SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting Affected: *-4.59 Patched: 4.62 Updated: July 1, 2026
LOW

photoblocks-grid-gallery

photoblocks-grid-gallery

Score: N/A Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery Affected: *-1.2.8 Patched: 1.2.9 Updated: July 1, 2026
LOW

photoblocks-grid-gallery

photoblocks-grid-gallery

Score: N/A Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting Affected: *-1.7.0 Patched: 1.7.1 Updated: July 1, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 7.3.0 - Sensitive Information Disclosure Affected: *-7.3.0 Patched: 7.3.1 Updated: July 1, 2026
LOW

as-create-pinterest-pinboard-pages

as-create-pinterest-pinboard-pages

Score: 95/100 AS – Create Pinterest Pinboard Pages <= 1.0 - Authenticated Options Change to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

WPIDE – File Manager & Code Editor

wpide

Score: 92/100 WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-2.6 Patched: 3.0 Updated: July 1, 2026
LOW

wp-database-backup

wp-database-backup

Score: N/A WP Database Backup <= 5.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.8 Patched: 5.9 Updated: July 1, 2026
LOW

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Score: 84/100 WooCommerce Payments <= 4.5.0 - Payment Bypass Affected: [3.9.0, 3.9.4), [4.0.0, 4.0.3), [4.1.0, 4.1.1), [4.2.0, 4.2.2), [4.3.0, 4.3.1), [4.4.0, 4.4.1) Patched: 3.9.4 Updated: July 1, 2026
LOW

woo-order-export-lite

woo-order-export-lite

Score: N/A Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting Affected: *-3.3.1 Patched: 3.3.2 Updated: July 1, 2026

Showing 28301 to 28400 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 16:38 UTC.