Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

82

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.6 2.0.7 July 1, 2026
floating-action-button floating-action-button
93
Floating Action Button <= 1.2 - Missing Authorization LOW *-1.2 1.2.1 July 1, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection LOW *-17.0.4 17.0.5 July 1, 2026
amcharts-charts-and-maps amcharts-charts-and-maps
97
amCharts: Charts and Maps <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4 1.5 July 1, 2026
wp-taxonomy-import wp-taxonomy-import N/A WP Taxonomy Import <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 July 1, 2026
wp-hide-security-enhancer wp-hide-security-enhancer N/A WP Hide & Security Enhancer <= 1.7.9.2 - Reflected Cross-Site Scripting LOW *-1.7.9.2 1.8 July 1, 2026
string-locator string-locator N/A String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization LOW *-2.5.0 2.6.0 July 1, 2026
stop-spam-comments stop-spam-comments N/A Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass LOW *-0.2.1.2 July 1, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin simply-schedule-appointments N/A Simply Schedule Appointments <= 1.5.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.7.5 1.5.7.7 July 1, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin simply-schedule-appointments N/A Simply Schedule Appointments <= 1.5.7.5 - Unauthenticated Sensitive Information Exposure LOW *-1.5.7.5 1.5.7.7 July 1, 2026
resize-image-after-upload resize-image-after-upload N/A Resize Image After Upload <= 1.8.5 - Cross-Site Request Forgery LOW *-1.8.5 1.8.6 July 1, 2026
pop-up-pop-up pop-up-pop-up N/A Pop-up <= 1.1.1 - Missing authorization to Settings Change LOW *-1.1.1 1.1.2 July 1, 2026
netroics-blog-posts-grid netroics-blog-posts-grid N/A Netroics Blog Posts Grid <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
leaflet-maps-marker leaflet-maps-marker
93
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.4 - Authenticated (Admin+) SQL Injection LOW *-3.12.4 3.12.5 July 1, 2026
jupiterx-core jupiterx-core
93
Jupiter X Core <= 2.0.9 - Missing Authorization Checks LOW *-2.0.9 2.1.0 July 1, 2026
joomsport-sports-league-results-management joomsport-sports-league-results-management
93
JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby LOW *-5.2.5 5.2.6 July 1, 2026
joomsport-sports-league-results-management joomsport-sports-league-results-management
93
JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby LOW *-5.2.5 5.2.6 July 1, 2026
export-all-urls export-all-urls
93
Export All URLs <= 4.3 - Arbitrary File Deletion LOW *-4.3 4.4 July 1, 2026
bulletin-announcements bulletin-announcements
93
Announcement & Notification Banner – Bulletin <= 3.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-3.5.2 3.5.3 July 1, 2026
buddyforms-acf buddyforms-acf
93
BuddyForms ACF <= 1.3.8 - Authenticated (Contributor+) Cross-Site Scripting LOW *-1.3.8 1.3.9 July 1, 2026
Custom Product Tabs Lite for WooCommerce woocommerce-custom-product-tabs-lite
97
Custom Product Tabs Lite for WooCommerce <= 1.7.6 - Authenticated (Store Manager+) Stored Cross-Site Scripting LOW *-1.7.6 1.7.7 July 1, 2026
mobile-assistant-connector mobile-assistant-connector
93
Mobile Assistant Connector <= 2.2.2 - SQL Injection LOW 2.2.2 2.2.3 July 1, 2026
wp-cafe wp-cafe N/A WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting LOW *-2.1.4 2.2.0 July 1, 2026
wordpress-https wordpress-https N/A WordPress HTTPS (SSL) <= 3.4.0 - Missing Authorization to Settings Change LOW *-3.4.0 July 1, 2026
File Sharing & Download Manager – User Private Files user-private-files
96
Frontend File Manager & Sharing – User Private Files <= 1.1.1 - Missing Authorization LOW *-1.1.1 1.1.2 July 1, 2026
File Sharing & Download Manager – User Private Files user-private-files
96
Frontend File Manager & Sharing – User Private Files <= 1.1.0 - Sensitive Information Disclosure LOW *-1.1.0 1.1.1 July 1, 2026
wp-to-hootsuite wp-to-hootsuite N/A WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.4.5 1.4.6 July 1, 2026
wp-to-buffer wp-to-buffer N/A WordPress to Buffer <= 3.8.1 - Authenticated (Admin+) Cross-Site Scripting LOW *-3.8.1 3.8.2 July 1, 2026
wp-mui-mass-user-input wp-mui-mass-user-input N/A WP-MUI – Mass User Input – Add and Export WP Users Quickly <= 1.8 - Missing Authorization LOW *-1.8 July 1, 2026
woo-product-carousel-slider-and-grid-ultimate woo-product-carousel-slider-and-grid-ultimate N/A WooCommerce Product Carousel, Slider & Grid Ultimate <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.6 1.8.7 July 1, 2026
twitter-bootstrap-slider twitter-bootstrap-slider N/A Twitter Bootstrap Slider <= 1.1.3 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.1.3 July 1, 2026
testimonial-slider-and-showcase testimonial-slider-and-showcase N/A Testimonial Slider <= 2.2.6 - Stored Cross-Site Scripting LOW *-2.2.6 2.2.7 July 1, 2026
simple-telegram-for-wp simple-telegram-for-wp N/A Simple Telegram <= 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.9.3 July 1, 2026
protect-wp-admin protect-wp-admin N/A Protect WP Admin <= 3.7 - Cross-Site Scripting LOW *-3.7 3.8 July 1, 2026
postmagthemes-demo-import postmagthemes-demo-import N/A PostmagThemes Demo Import <= 1.0.6 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.0.6 1.0.7 July 1, 2026
minimal-coming-soon-maintenance-mode minimal-coming-soon-maintenance-mode
93
Minimal Coming Soon – Coming Soon Page <= 2.33 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.34 2.35 July 1, 2026
cyclone-slider cyclone-slider
91
Cyclone Slider <= 3.2.0 - Authenticated (Admin+) Arbitrary File Upload LOW *-3.2.0 July 1, 2026
contempo-real-estate-custom-posts contempo-real-estate-custom-posts
93
Contempo Real Estate Custom Posts <= 3.2.6 - Unauthorized File Upload LOW *-3.2.6 3.2.7 July 1, 2026
sensei-lms sensei-lms N/A Sensei LMS <= 4.4.3 - Information Disclosure LOW *-4.4.3 4.5.0 July 1, 2026
sensei-lms sensei-lms N/A Sensei LMS <= 4.5.1 - Missing Authorization LOW *-4.5.1 4.5.2 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.53 - Reflected Cross-Site Scripting LOW *-3.2.53 3.2.54 July 1, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery LOW *-3.8.11.8 3.8.12 July 1, 2026
WPIDE – File Manager & Code Editor wpide
92
WPIDE – File Manager & Code Editor <= 2.6 - Authenticated (Admininstrator+) Local File Inclusion LOW *-2.6 3.0 July 1, 2026
woocommerce-pdf-invoices-packing-slips woocommerce-pdf-invoices-packing-slips N/A WooCommerce PDF Invoices & Packing Slips 2.14.0 - 3.0.0 - Reflected Cross-Site Scripting LOW 2.14.0-3.0.0 3.0.1 July 1, 2026
mailchimp-for-woocommerce mailchimp-for-woocommerce
93
Mailchimp for WooCommerce <= 2.7.1 - Authenticated (Admin+) Server-Side Request Forgery LOW *-2.7.1 2.7.2 July 1, 2026
mailchimp-for-woocommerce mailchimp-for-woocommerce
93
Mailchimp for WooCommerce <= 2.7 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-2.7 2.7.1 July 1, 2026
WP Hotel Booking wp-hotel-booking N/A WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery LOW *-1.10.5 1.10.6 July 1, 2026
rich-reviews rich-reviews N/A Rich Reviews by Starfish <= 1.9.14 - Cross-Site Request Forgery LOW *-1.9.14 1.9.15 July 1, 2026
my-calendar my-calendar
93
My Calendar <= 3.3.16 - Open Redirect LOW *-3.3.16 3.3.17 July 1, 2026
miniorange-oauth-20-server miniorange-oauth-20-server
93
WP OAuth Server <= 3.0.4 - Authentication Bypass LOW *-3.0.4 4.0.1 July 1, 2026
maxbuttons maxbuttons
93
WordPress Button Plugin MaxButtons <= 9.2 - Cross-Site Request Forgery LOW *-9.2 9.3 July 1, 2026
maxbuttons maxbuttons
93
MaxButtons <= 9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-9.2 9.3 July 1, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.5 2.0.6 July 1, 2026
Fluent Support – Helpdesk & Customer Support Ticket System fluent-support
79
Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection LOW *-1.5.7 1.5.8 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.48 - Cross-Site Request Forgery to Plugin Settings Update LOW *-3.2.48 3.2.49 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.48 - Cross-Site Request Forgery LOW *-3.2.48 3.2.49 July 1, 2026
banner-cycler banner-cycler
91
Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.4 July 1, 2026
activedemand activedemand
97
ActiveDEMAND <= 0.2.27 - Missing Authorization Checks LOW *-0.2.27 0.2.28 July 1, 2026
yotpo-reviews-for-woocommerce yotpo-reviews-for-woocommerce N/A Yotpo Reviews for WooCommerce (Unofficial) <= 2.0.4 - Cross-Site Request Forgery to Plugin Settings Update LOW 2.0.4 July 1, 2026
wpqa wpqa N/A WPQA - Builder forms Addon For WordPress < 5.7 - Information Disclosure LOW [*, 5.7) 5.7 July 1, 2026
wp-phpmyadmin-extension wp-phpmyadmin-extension N/A WP phpMyAdmin <= 5.2.0.3 - Reflected Cross-Site Scripting LOW *-5.2.0.3 5.2.0.4 July 1, 2026
wp-phpmyadmin-extension wp-phpmyadmin-extension N/A WP phpMyAdmin <= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.2.0.3 5.2.0.4 July 1, 2026
wp-edit-menu wp-edit-menu N/A WP Edit Menu < 1.5.0 - Missing Authorization to Post Deletion LOW [*, 1.5.0) 1.5.0 July 1, 2026
wp-edit-menu wp-edit-menu N/A WP Edit Menu <= 1.5.0 - Cross-Site Request Forgery LOW *-1.5.0 July 1, 2026
widget-extend-builtin-query widget-extend-builtin-query N/A Built-in Widgets Query extend <= 1.05 - Reflected Cross-Site Scripting LOW *-1.05 1.06 July 1, 2026
wc-remove-tabs-and-fields wc-remove-tabs-and-fields N/A Remove tabs and fields from WooCommerce <= 1.68 - Reflected Cross-Site Scripting LOW *-1.68 1.69 July 1, 2026
wa-sticky-button wa-sticky-button N/A WP Sticky Button <= 1.4 - Missing Authorization to Arbitrary Settings Update LOW *-1.4 1.4.1 July 1, 2026
simple-student-result simple-student-result N/A Student Result or Employee Database <= 1.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.4 1.7.5 July 1, 2026
simple-student-result simple-student-result N/A Student Result or Employee Database <= 1.7.9 - Missing Authorization LOW *-1.7.9 1.8.0 July 1, 2026
simple-job-board simple-job-board N/A Simple Job Board <= 2.9.6 - Information Disclosure LOW *-2.9.6 2.9.10 July 1, 2026
seo-redirection seo-redirection N/A SEO Redirection Plugin – 301 Redirect Manager <= 8.9 - Cross-Site Request Forgery LOW *-8.9 9.1 July 1, 2026
require-taxonomy-image-category-tag require-taxonomy-image-category-tag N/A Require & Limit Categories, Tags, Featured Image and taxonomies <= 1.26 - Reflected Cross-Site Scripting LOW *-1.26 1.27 July 1, 2026
redirect-by-cookie redirect-by-cookie N/A Redirect By Cookie <= 1.06 - Reflected Cross-Site Scripting LOW *-1.06 1.07 July 1, 2026
post-type-modifier-simple post-type-modifier-simple N/A Add Custom Post Type into Post Query <= 1.03 - Reflected Cross-Site Scripting LOW *-1.03 1.04 July 1, 2026
official-mailerlite-sign-up-forms official-mailerlite-sign-up-forms N/A MailerLite – Signup forms (official) <= 1.5.7 - Cross-Site Request Forgery LOW *-1.5.7 1.5.8 July 1, 2026
ninja-job-board ninja-job-board N/A Ninja Job Board <= 1.3.2 - Information Disclosure LOW *-1.3.2 1.3.3 July 1, 2026
nex-forms-express-wp-form-builder nex-forms-express-wp-form-builder N/A NEX-Forms <= 7.9.6 - Authenticated (Administrator+) SQL Injection LOW *-7.9.6 7.9.7 July 1, 2026
modify-profile-fields-dashboard-menu-buttons modify-profile-fields-dashboard-menu-buttons
93
Profile & Dashboard fields <= 1.03 - Reflected Cross-Site Scripting LOW *-1.03 1.04 July 1, 2026
modify-comment-fields modify-comment-fields
93
Comment Fields <= 1.03 - Reflected Cross-Site Scripting LOW *-1.03 1.04 July 1, 2026
linkworth-wp-plugin linkworth-wp-plugin
93
LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update LOW *-3.3.3 3.3.4 July 1, 2026
Lana Downloads Manager lana-downloads-manager
91
Lana Downloads Manager <= 1.7.1 - Authenticated (Contributor+) Arbitrary File Download LOW *-1.7.1 1.8.0 July 1, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 2.0.5 July 1, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.0.4 - Missing Authorization to Cross-Site Scripting LOW *-2.0.4 2.0.5 July 1, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting LOW *-2.0.4 2.0.5 July 1, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.0.4 - Missing Authorization LOW *-2.0.4 2.0.5 July 1, 2026
images-asynchronous-load images-asynchronous-load
93
Images Asynchronous Load <= 1.05 - Reflected Cross-Site Scripting LOW *-1.05 1.06 July 1, 2026
highlight-search-terms-results highlight-search-terms-results
93
Highlight Searched Terms in Results <= 1.03 - Reflected Cross-Site Scripting LOW *-1.03 1.04 July 1, 2026
external-url-as-post-featured-image-thumbnail external-url-as-post-featured-image-thumbnail
93
External url as post Featured Image <= 2.02 - Reflected Cross-Site Scripting LOW *-2.02 2.03 July 1, 2026
enable-wp-debug-from-admin-dashboard enable-wp-debug-from-admin-dashboard
93
Debug Bar <= 1.85 - Reflected Cross-Site Scripting LOW *-1.85 1.86 July 1, 2026
enable-svg-webp-ico-upload enable-svg-webp-ico-upload
93
Enable SVG, WebP & ICO Upload <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0.2 1.0.3 July 1, 2026
enable-svg-webp-ico-upload enable-svg-webp-ico-upload
93
Enable SVG, WebP & ICO Upload <= 1.1.0 - Arbitrary File Upload LOW *-1.1.0 1.1.1 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.49 - IP Blocking Bypass LOW *-3.2.49 3.2.50 July 1, 2026
debug-functions-time debug-functions-time
93
Find Slow Functions & Actions & Filters & Hooks <= 1.40 - Reflected Cross-Site Scripting LOW *-1.40 1.41 July 1, 2026
breadcrumbs-shortcode breadcrumbs-shortcode
93
Breadcrumbs Shortcode <= 1.44 - Reflected Cross-Site Scripting LOW *-1.44 1.45 July 1, 2026
better-search-replace better-search-replace
93
Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection LOW *-1.4 1.4.1 July 1, 2026
automatic-pages-for-privacy-policy-terms-about-and-contact automatic-pages-for-privacy-policy-terms-about-and-contact
93
Automatic pages for Privacy Policy, Terms, About, Contact us <= 1.41 - Reflected Cross-Site Scripting LOW *-1.41 1.42 July 1, 2026
auto-hyperlink-urls auto-hyperlink-urls
91
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing LOW *-5.4.1 July 1, 2026
audio-video-download-buttons-for-youtube audio-video-download-buttons-for-youtube
93
Download buttons for Youtube videos <= 1.03 - Reflected Cross-Site Scripting LOW *-1.03 1.04 July 1, 2026
api-info-themes-plugins-wp-org api-info-themes-plugins-wp-org
97
API info for Plugins & Themes from WP.ORG <= 1.04 - Reflected Cross-Site Scripting LOW *-1.04 1.05 July 1, 2026
all-custom-fields-groups all-custom-fields-groups
97
All custom fields & groups <= 1.04 - Reflected Cross-Site Scripting LOW *-1.04 1.05 July 1, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: July 1, 2026
LOW

floating-action-button

floating-action-button

Score: 93/100 Floating Action Button <= 1.2 - Missing Authorization Affected: *-1.2 Patched: 1.2.1 Updated: July 1, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection Affected: *-17.0.4 Patched: 17.0.5 Updated: July 1, 2026
LOW

amcharts-charts-and-maps

amcharts-charts-and-maps

Score: 97/100 amCharts: Charts and Maps <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 1, 2026
LOW

wp-taxonomy-import

wp-taxonomy-import

Score: N/A WP Taxonomy Import <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

wp-hide-security-enhancer

wp-hide-security-enhancer

Score: N/A WP Hide & Security Enhancer <= 1.7.9.2 - Reflected Cross-Site Scripting Affected: *-1.7.9.2 Patched: 1.8 Updated: July 1, 2026
LOW

string-locator

string-locator

Score: N/A String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization Affected: *-2.5.0 Patched: 2.6.0 Updated: July 1, 2026
LOW

stop-spam-comments

stop-spam-comments

Score: N/A Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass Affected: *-0.2.1.2 Patched: Updated: July 1, 2026
LOW

resize-image-after-upload

resize-image-after-upload

Score: N/A Resize Image After Upload <= 1.8.5 - Cross-Site Request Forgery Affected: *-1.8.5 Patched: 1.8.6 Updated: July 1, 2026
LOW

pop-up-pop-up

pop-up-pop-up

Score: N/A Pop-up <= 1.1.1 - Missing authorization to Settings Change Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

netroics-blog-posts-grid

netroics-blog-posts-grid

Score: N/A Netroics Blog Posts Grid <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

leaflet-maps-marker

leaflet-maps-marker

Score: 93/100 Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.4 - Authenticated (Admin+) SQL Injection Affected: *-3.12.4 Patched: 3.12.5 Updated: July 1, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiter X Core <= 2.0.9 - Missing Authorization Checks Affected: *-2.0.9 Patched: 2.1.0 Updated: July 1, 2026
LOW

joomsport-sports-league-results-management

joomsport-sports-league-results-management

Score: 93/100 JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby Affected: *-5.2.5 Patched: 5.2.6 Updated: July 1, 2026
LOW

joomsport-sports-league-results-management

joomsport-sports-league-results-management

Score: 93/100 JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby Affected: *-5.2.5 Patched: 5.2.6 Updated: July 1, 2026
LOW

export-all-urls

export-all-urls

Score: 93/100 Export All URLs <= 4.3 - Arbitrary File Deletion Affected: *-4.3 Patched: 4.4 Updated: July 1, 2026
LOW

bulletin-announcements

bulletin-announcements

Score: 93/100 Announcement & Notification Banner – Bulletin <= 3.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.5.2 Patched: 3.5.3 Updated: July 1, 2026
LOW

buddyforms-acf

buddyforms-acf

Score: 93/100 BuddyForms ACF <= 1.3.8 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-1.3.8 Patched: 1.3.9 Updated: July 1, 2026
LOW

Custom Product Tabs Lite for WooCommerce

woocommerce-custom-product-tabs-lite

Score: 97/100 Custom Product Tabs Lite for WooCommerce <= 1.7.6 - Authenticated (Store Manager+) Stored Cross-Site Scripting Affected: *-1.7.6 Patched: 1.7.7 Updated: July 1, 2026
LOW

mobile-assistant-connector

mobile-assistant-connector

Score: 93/100 Mobile Assistant Connector <= 2.2.2 - SQL Injection Affected: 2.2.2 Patched: 2.2.3 Updated: July 1, 2026
LOW

wp-cafe

wp-cafe

Score: N/A WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting Affected: *-2.1.4 Patched: 2.2.0 Updated: July 1, 2026
LOW

wordpress-https

wordpress-https

Score: N/A WordPress HTTPS (SSL) <= 3.4.0 - Missing Authorization to Settings Change Affected: *-3.4.0 Patched: Updated: July 1, 2026
LOW

wp-to-hootsuite

wp-to-hootsuite

Score: N/A WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.4.5 Patched: 1.4.6 Updated: July 1, 2026
LOW

wp-to-buffer

wp-to-buffer

Score: N/A WordPress to Buffer <= 3.8.1 - Authenticated (Admin+) Cross-Site Scripting Affected: *-3.8.1 Patched: 3.8.2 Updated: July 1, 2026
LOW

wp-mui-mass-user-input

wp-mui-mass-user-input

Score: N/A WP-MUI – Mass User Input – Add and Export WP Users Quickly <= 1.8 - Missing Authorization Affected: *-1.8 Patched: Updated: July 1, 2026
LOW

woo-product-carousel-slider-and-grid-ultimate

woo-product-carousel-slider-and-grid-ultimate

Score: N/A WooCommerce Product Carousel, Slider & Grid Ultimate <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.6 Patched: 1.8.7 Updated: July 1, 2026
LOW

twitter-bootstrap-slider

twitter-bootstrap-slider

Score: N/A Twitter Bootstrap Slider <= 1.1.3 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 1, 2026
LOW

testimonial-slider-and-showcase

testimonial-slider-and-showcase

Score: N/A Testimonial Slider <= 2.2.6 - Stored Cross-Site Scripting Affected: *-2.2.6 Patched: 2.2.7 Updated: July 1, 2026
LOW

simple-telegram-for-wp

simple-telegram-for-wp

Score: N/A Simple Telegram <= 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.9.3 Patched: Updated: July 1, 2026
LOW

protect-wp-admin

protect-wp-admin

Score: N/A Protect WP Admin <= 3.7 - Cross-Site Scripting Affected: *-3.7 Patched: 3.8 Updated: July 1, 2026
LOW

postmagthemes-demo-import

postmagthemes-demo-import

Score: N/A PostmagThemes Demo Import <= 1.0.6 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.0.6 Patched: 1.0.7 Updated: July 1, 2026
LOW

minimal-coming-soon-maintenance-mode

minimal-coming-soon-maintenance-mode

Score: 93/100 Minimal Coming Soon – Coming Soon Page <= 2.33 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.34 Patched: 2.35 Updated: July 1, 2026
LOW

cyclone-slider

cyclone-slider

Score: 91/100 Cyclone Slider <= 3.2.0 - Authenticated (Admin+) Arbitrary File Upload Affected: *-3.2.0 Patched: Updated: July 1, 2026
LOW

contempo-real-estate-custom-posts

contempo-real-estate-custom-posts

Score: 93/100 Contempo Real Estate Custom Posts <= 3.2.6 - Unauthorized File Upload Affected: *-3.2.6 Patched: 3.2.7 Updated: July 1, 2026
LOW

sensei-lms

sensei-lms

Score: N/A Sensei LMS <= 4.4.3 - Information Disclosure Affected: *-4.4.3 Patched: 4.5.0 Updated: July 1, 2026
LOW

sensei-lms

sensei-lms

Score: N/A Sensei LMS <= 4.5.1 - Missing Authorization Affected: *-4.5.1 Patched: 4.5.2 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.53 - Reflected Cross-Site Scripting Affected: *-3.2.53 Patched: 3.2.54 Updated: July 1, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery Affected: *-3.8.11.8 Patched: 3.8.12 Updated: July 1, 2026
LOW

WPIDE – File Manager & Code Editor

wpide

Score: 92/100 WPIDE – File Manager & Code Editor <= 2.6 - Authenticated (Admininstrator+) Local File Inclusion Affected: *-2.6 Patched: 3.0 Updated: July 1, 2026
LOW

woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips

Score: N/A WooCommerce PDF Invoices & Packing Slips 2.14.0 - 3.0.0 - Reflected Cross-Site Scripting Affected: 2.14.0-3.0.0 Patched: 3.0.1 Updated: July 1, 2026
LOW

mailchimp-for-woocommerce

mailchimp-for-woocommerce

Score: 93/100 Mailchimp for WooCommerce <= 2.7.1 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-2.7.1 Patched: 2.7.2 Updated: July 1, 2026
LOW

mailchimp-for-woocommerce

mailchimp-for-woocommerce

Score: 93/100 Mailchimp for WooCommerce <= 2.7 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-2.7 Patched: 2.7.1 Updated: July 1, 2026
LOW

WP Hotel Booking

wp-hotel-booking

Score: N/A WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery Affected: *-1.10.5 Patched: 1.10.6 Updated: July 1, 2026
LOW

rich-reviews

rich-reviews

Score: N/A Rich Reviews by Starfish <= 1.9.14 - Cross-Site Request Forgery Affected: *-1.9.14 Patched: 1.9.15 Updated: July 1, 2026
LOW

my-calendar

my-calendar

Score: 93/100 My Calendar <= 3.3.16 - Open Redirect Affected: *-3.3.16 Patched: 3.3.17 Updated: July 1, 2026
LOW

miniorange-oauth-20-server

miniorange-oauth-20-server

Score: 93/100 WP OAuth Server <= 3.0.4 - Authentication Bypass Affected: *-3.0.4 Patched: 4.0.1 Updated: July 1, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 WordPress Button Plugin MaxButtons <= 9.2 - Cross-Site Request Forgery Affected: *-9.2 Patched: 9.3 Updated: July 1, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 MaxButtons <= 9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-9.2 Patched: 9.3 Updated: July 1, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.48 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-3.2.48 Patched: 3.2.49 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.48 - Cross-Site Request Forgery Affected: *-3.2.48 Patched: 3.2.49 Updated: July 1, 2026
LOW

banner-cycler

banner-cycler

Score: 91/100 Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

activedemand

activedemand

Score: 97/100 ActiveDEMAND <= 0.2.27 - Missing Authorization Checks Affected: *-0.2.27 Patched: 0.2.28 Updated: July 1, 2026
LOW

yotpo-reviews-for-woocommerce

yotpo-reviews-for-woocommerce

Score: N/A Yotpo Reviews for WooCommerce (Unofficial) <= 2.0.4 - Cross-Site Request Forgery to Plugin Settings Update Affected: 2.0.4 Patched: Updated: July 1, 2026
LOW

wpqa

wpqa

Score: N/A WPQA - Builder forms Addon For WordPress < 5.7 - Information Disclosure Affected: [*, 5.7) Patched: 5.7 Updated: July 1, 2026
LOW

wp-phpmyadmin-extension

wp-phpmyadmin-extension

Score: N/A WP phpMyAdmin <= 5.2.0.3 - Reflected Cross-Site Scripting Affected: *-5.2.0.3 Patched: 5.2.0.4 Updated: July 1, 2026
LOW

wp-phpmyadmin-extension

wp-phpmyadmin-extension

Score: N/A WP phpMyAdmin <= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.2.0.3 Patched: 5.2.0.4 Updated: July 1, 2026
LOW

wp-edit-menu

wp-edit-menu

Score: N/A WP Edit Menu < 1.5.0 - Missing Authorization to Post Deletion Affected: [*, 1.5.0) Patched: 1.5.0 Updated: July 1, 2026
LOW

wp-edit-menu

wp-edit-menu

Score: N/A WP Edit Menu <= 1.5.0 - Cross-Site Request Forgery Affected: *-1.5.0 Patched: Updated: July 1, 2026
LOW

widget-extend-builtin-query

widget-extend-builtin-query

Score: N/A Built-in Widgets Query extend <= 1.05 - Reflected Cross-Site Scripting Affected: *-1.05 Patched: 1.06 Updated: July 1, 2026
LOW

wc-remove-tabs-and-fields

wc-remove-tabs-and-fields

Score: N/A Remove tabs and fields from WooCommerce <= 1.68 - Reflected Cross-Site Scripting Affected: *-1.68 Patched: 1.69 Updated: July 1, 2026
LOW

wa-sticky-button

wa-sticky-button

Score: N/A WP Sticky Button <= 1.4 - Missing Authorization to Arbitrary Settings Update Affected: *-1.4 Patched: 1.4.1 Updated: July 1, 2026
LOW

simple-student-result

simple-student-result

Score: N/A Student Result or Employee Database <= 1.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 1, 2026
LOW

simple-student-result

simple-student-result

Score: N/A Student Result or Employee Database <= 1.7.9 - Missing Authorization Affected: *-1.7.9 Patched: 1.8.0 Updated: July 1, 2026
LOW

simple-job-board

simple-job-board

Score: N/A Simple Job Board <= 2.9.6 - Information Disclosure Affected: *-2.9.6 Patched: 2.9.10 Updated: July 1, 2026
LOW

seo-redirection

seo-redirection

Score: N/A SEO Redirection Plugin – 301 Redirect Manager <= 8.9 - Cross-Site Request Forgery Affected: *-8.9 Patched: 9.1 Updated: July 1, 2026
LOW

require-taxonomy-image-category-tag

require-taxonomy-image-category-tag

Score: N/A Require & Limit Categories, Tags, Featured Image and taxonomies <= 1.26 - Reflected Cross-Site Scripting Affected: *-1.26 Patched: 1.27 Updated: July 1, 2026
LOW

redirect-by-cookie

redirect-by-cookie

Score: N/A Redirect By Cookie <= 1.06 - Reflected Cross-Site Scripting Affected: *-1.06 Patched: 1.07 Updated: July 1, 2026
LOW

post-type-modifier-simple

post-type-modifier-simple

Score: N/A Add Custom Post Type into Post Query <= 1.03 - Reflected Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: July 1, 2026
LOW

official-mailerlite-sign-up-forms

official-mailerlite-sign-up-forms

Score: N/A MailerLite – Signup forms (official) <= 1.5.7 - Cross-Site Request Forgery Affected: *-1.5.7 Patched: 1.5.8 Updated: July 1, 2026
LOW

ninja-job-board

ninja-job-board

Score: N/A Ninja Job Board <= 1.3.2 - Information Disclosure Affected: *-1.3.2 Patched: 1.3.3 Updated: July 1, 2026
LOW

nex-forms-express-wp-form-builder

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms <= 7.9.6 - Authenticated (Administrator+) SQL Injection Affected: *-7.9.6 Patched: 7.9.7 Updated: July 1, 2026
LOW

modify-profile-fields-dashboard-menu-buttons

modify-profile-fields-dashboard-menu-buttons

Score: 93/100 Profile & Dashboard fields <= 1.03 - Reflected Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: July 1, 2026
LOW

modify-comment-fields

modify-comment-fields

Score: 93/100 Comment Fields <= 1.03 - Reflected Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: July 1, 2026
LOW

linkworth-wp-plugin

linkworth-wp-plugin

Score: 93/100 LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update Affected: *-3.3.3 Patched: 3.3.4 Updated: July 1, 2026
LOW

Lana Downloads Manager

lana-downloads-manager

Score: 91/100 Lana Downloads Manager <= 1.7.1 - Authenticated (Contributor+) Arbitrary File Download Affected: *-1.7.1 Patched: 1.8.0 Updated: July 1, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.0.4 - Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.0.4 - Missing Authorization to Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

images-asynchronous-load

images-asynchronous-load

Score: 93/100 Images Asynchronous Load <= 1.05 - Reflected Cross-Site Scripting Affected: *-1.05 Patched: 1.06 Updated: July 1, 2026
LOW

highlight-search-terms-results

highlight-search-terms-results

Score: 93/100 Highlight Searched Terms in Results <= 1.03 - Reflected Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: July 1, 2026
LOW

external-url-as-post-featured-image-thumbnail

external-url-as-post-featured-image-thumbnail

Score: 93/100 External url as post Featured Image <= 2.02 - Reflected Cross-Site Scripting Affected: *-2.02 Patched: 2.03 Updated: July 1, 2026
LOW

enable-wp-debug-from-admin-dashboard

enable-wp-debug-from-admin-dashboard

Score: 93/100 Debug Bar <= 1.85 - Reflected Cross-Site Scripting Affected: *-1.85 Patched: 1.86 Updated: July 1, 2026
LOW

enable-svg-webp-ico-upload

enable-svg-webp-ico-upload

Score: 93/100 Enable SVG, WebP & ICO Upload <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: July 1, 2026
LOW

enable-svg-webp-ico-upload

enable-svg-webp-ico-upload

Score: 93/100 Enable SVG, WebP & ICO Upload <= 1.1.0 - Arbitrary File Upload Affected: *-1.1.0 Patched: 1.1.1 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.49 - IP Blocking Bypass Affected: *-3.2.49 Patched: 3.2.50 Updated: July 1, 2026
LOW

debug-functions-time

debug-functions-time

Score: 93/100 Find Slow Functions & Actions & Filters & Hooks <= 1.40 - Reflected Cross-Site Scripting Affected: *-1.40 Patched: 1.41 Updated: July 1, 2026
LOW

breadcrumbs-shortcode

breadcrumbs-shortcode

Score: 93/100 Breadcrumbs Shortcode <= 1.44 - Reflected Cross-Site Scripting Affected: *-1.44 Patched: 1.45 Updated: July 1, 2026
LOW

better-search-replace

better-search-replace

Score: 93/100 Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection Affected: *-1.4 Patched: 1.4.1 Updated: July 1, 2026
LOW

automatic-pages-for-privacy-policy-terms-about-and-contact

automatic-pages-for-privacy-policy-terms-about-and-contact

Score: 93/100 Automatic pages for Privacy Policy, Terms, About, Contact us <= 1.41 - Reflected Cross-Site Scripting Affected: *-1.41 Patched: 1.42 Updated: July 1, 2026
LOW

auto-hyperlink-urls

auto-hyperlink-urls

Score: 91/100 Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing Affected: *-5.4.1 Patched: Updated: July 1, 2026
LOW

audio-video-download-buttons-for-youtube

audio-video-download-buttons-for-youtube

Score: 93/100 Download buttons for Youtube videos <= 1.03 - Reflected Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: July 1, 2026
LOW

api-info-themes-plugins-wp-org

api-info-themes-plugins-wp-org

Score: 97/100 API info for Plugins & Themes from WP.ORG <= 1.04 - Reflected Cross-Site Scripting Affected: *-1.04 Patched: 1.05 Updated: July 1, 2026
LOW

all-custom-fields-groups

all-custom-fields-groups

Score: 97/100 All custom fields & groups <= 1.04 - Reflected Cross-Site Scripting Affected: *-1.04 Patched: 1.05 Updated: July 1, 2026

Showing 28401 to 28500 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 17:34 UTC.