Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36328

Across tracked plugins

Affected Plugins

80

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
debug-functions-time debug-functions-time
93
Find Slow Functions & Actions & Filters & Hooks <= 1.40 - Reflected Cross-Site Scripting LOW *-1.40 1.41 July 1, 2026
breadcrumbs-shortcode breadcrumbs-shortcode
93
Breadcrumbs Shortcode <= 1.44 - Reflected Cross-Site Scripting LOW *-1.44 1.45 July 1, 2026
better-search-replace better-search-replace
93
Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection LOW *-1.4 1.4.1 July 1, 2026
automatic-pages-for-privacy-policy-terms-about-and-contact automatic-pages-for-privacy-policy-terms-about-and-contact
93
Automatic pages for Privacy Policy, Terms, About, Contact us <= 1.41 - Reflected Cross-Site Scripting LOW *-1.41 1.42 July 1, 2026
auto-hyperlink-urls auto-hyperlink-urls
91
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing LOW *-5.4.1 July 1, 2026
audio-video-download-buttons-for-youtube audio-video-download-buttons-for-youtube
93
Download buttons for Youtube videos <= 1.03 - Reflected Cross-Site Scripting LOW *-1.03 1.04 July 1, 2026
api-info-themes-plugins-wp-org api-info-themes-plugins-wp-org
97
API info for Plugins & Themes from WP.ORG <= 1.04 - Reflected Cross-Site Scripting LOW *-1.04 1.05 July 1, 2026
all-custom-fields-groups all-custom-fields-groups
97
All custom fields & groups <= 1.04 - Reflected Cross-Site Scripting LOW *-1.04 1.05 July 1, 2026
affiliate-for-woocommerce affiliate-for-woocommerce
97
Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference LOW *-4.7.0 4.8.0 July 1, 2026
affiliate-for-woocommerce affiliate-for-woocommerce
97
Affiliate For WooCommerce <= 4.7.0 - Missing Authorization LOW *-4.7.0 4.8.0 July 1, 2026
add-hierarchy-parent-to-post add-hierarchy-parent-to-post
97
Add Hierarchy (parent) to post <= 3.12 - Reflected Cross-Site Scripting LOW *-3.12 3.13 July 1, 2026
fast-flow-dashboard fast-flow-dashboard
93
Fast Flow <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.12 1.2.13 July 1, 2026
floating-div floating-div
91
Floating Div <= 3.0 - Authenticated Stored Cross-Site Scripting LOW *-3.0 July 1, 2026
yookassa yookassa N/A ЮKassa для WooCommerce <= 2.3.0 - Cross-Site Request Forgery to Settings Update LOW *-2.3.0 2.3.1 July 1, 2026
yookassa yookassa N/A ЮKassa для WooCommerce <= 2.3.0 - Missing Authorization LOW *-2.3.0 2.3.1 July 1, 2026
tlp-team tlp-team N/A Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion LOW *-4.1.1 4.1.2 July 1, 2026
maxbuttons maxbuttons
93
WordPress Button Plugin MaxButtons <= 9.2 - Shortcode-Based Cross-Site Scripting LOW *-9.2 9.3 July 1, 2026
Simple SEO cds-simple-seo
92
Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.91 1.7.92 July 1, 2026
vr-calendar-sync vr-calendar-sync N/A VR Calendar <= 2.4.4 - Authenticated (Administrator+) Local File Inclusion LOW *-2.4.4 2.4.5 July 1, 2026
bxslider-wp bxslider-wp
91
BxSlider WP <= 2.0.0 - Authenticated (Contributor+) Cross-Site Scripting LOW *-2.0.0 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.6.1 - Cross-Site Request Forgery LOW *-5.6.1 5.6.2 July 1, 2026
gs-testimonial gs-testimonial
93
GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.9.6 1.9.7 July 1, 2026
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More duplicator
91
Duplicator – WordPress Migration Plugin <= 1.4.7 - Sensitive Information Disclosure LOW *-1.4.7 1.4.7.1 July 1, 2026
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More duplicator
91
Duplicator – WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download LOW *-1.4.7 1.4.7.1 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion LOW *-3.2.50 3.2.51 July 1, 2026
wp-graphql-woocommerce wp-graphql-woocommerce N/A WPGraphQL WooCommerce <= 0.12.3 - Information Disclosure LOW *-0.12.3 0.12.4 July 1, 2026
wp-coder wp-coder N/A WP Coder <= 2.5.2 - Cross-Site Request Forgery LOW *-2.5.2 2.5.3 July 1, 2026
Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider woo-product-slider N/A Product Slider for WooCommerce <= 2.5.6 - Missing Authorization LOW *-2.5.6 2.5.7 July 1, 2026
wa-sticky-button wa-sticky-button N/A WP Sticky Button <= 1.3 - Unauthenticated Stored Cross-Site Scripting LOW *-1.3 1.4.0 July 1, 2026
vr-calendar-sync vr-calendar-sync N/A VR Calendar <= 2.3.1 - Reflected Cross-Site Scripting LOW *-2.3.1 2.3.2 July 1, 2026
vc-tabs vc-tabs N/A Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update LOW *-3.6.0 3.7.0 July 1, 2026
ucontext-for-amazon ucontext-for-amazon N/A uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-3.9.1 July 1, 2026
ucontext ucontext N/A uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-3.9.1 July 1, 2026
trust-payments-gateway-3ds2 trust-payments-gateway-3ds2 N/A Trust Payments Gateway (3DS2) <= 1.2.0 - Cross-Site Request Forgery LOW *-1.2.0 1.2.1 July 1, 2026
trust-payments-gateway-3ds2 trust-payments-gateway-3ds2 N/A Trust Payments Gateway (3DS2) <= 1.2.2 - Cross-Site Request Forgery LOW *-1.2.2 1.2.3 July 1, 2026
smartideo smartideo N/A SmartIdeo <= 2.7.0 - Stored Cross-Site Scripting LOW *-2.7.0 2.7.1 July 1, 2026
simple-banner simple-banner N/A Simple Banner <= 2.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.11.0 2.12.0 July 1, 2026
rezgo rezgo N/A Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting LOW 4.1.7 4.1.8 July 1, 2026
multiple-roles multiple-roles
93
Multiple Roles < 1.3.7 - Privilege Escalation LOW [*, 1.3.7) 1.3.7 July 1, 2026
link-optimizer-lite link-optimizer-lite
91
Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.4.5 July 1, 2026
jobboardwp jobboardwp
93
JobBoardWP – Job Board Listings and Submissions <= 1.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.0 1.2.0 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting LOW *-2.9.9 3.0.1 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.9.9 3.0.1 July 1, 2026
erp erp
93
WP ERP <=1.10.5 - Sensitive Data Exposure LOW *-1.10.5 1.10.6 July 1, 2026
directorist directorist
93
Directorist – WordPress Business Directory Plugin with Classified Ads Listings <= 7.2.3 - Missing Authorization LOW *-7.2.3 7.3.0 July 1, 2026
coming-soons coming-soons
91
Coming Soon – Under Construction <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.0 July 1, 2026
wp-dbmanager wp-dbmanager N/A WP-DBManager <= 2.80.7 - Authenticated (Admin+) Remote Code Execution on Multi-Site LOW *-2.80.7 2.80.8 July 1, 2026
shortcode-addons shortcode-addons N/A Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update LOW *-3.1.2 3.2.0 July 1, 2026
searchwp-live-ajax-search searchwp-live-ajax-search N/A SearchWP Live Ajax Search <= 1.6.1 - Sensitive Information Disclosure LOW *-1.6.1 1.6.2 July 1, 2026
image-hover-effects-ultimate-visual-composer image-hover-effects-ultimate-visual-composer
93
Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update LOW *-2.6.0 2.6.1 July 1, 2026
TranslatePress – Translate Multilingual sites with AI Translation translatepress-multilingual
68
TranslatePress <= 2.3.2 - Authenticated (Administrator+) SQL Injection LOW *-2.3.2 2.3.3 July 1, 2026
libreform libreform
93
WP Libre Form 2 <= 2.0.8 - Sensitive Information Disclosure LOW *-2.0.8 2.0.9 July 1, 2026
wp-user-avatar wp-user-avatar N/A WordPress Membership, User Registration, Login Form, User Profile & Restrict Content Plugin – ProfilePress <= 3.2.15 - Reflected Cross-Site Scripting LOW *-3.2.15 3.2.16 July 1, 2026
vr-calendar-sync vr-calendar-sync N/A VR Calendar <= 2.3.1 - Unauthenticated Remote Code Execution LOW *-2.3.1 2.3.2 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.1 - Missing Authorization Checks LOW *-1.0.9.1 1.0.9.2 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' LOW *-1.0.7 1.0.8 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.1 - Cross-Site Request Forgery LOW *-1.0.9.1 1.0.9.2 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.1 - Remote Code Execution LOW *-1.0.9.1 1.0.9.2 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp LOW *-1.0.7 1.0.8 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.1 - Authenticated (Admin+) SQL Injection via 'tp_editor' LOW *-1.0.9.1 1.0.9.2 July 1, 2026
stockists-manager stockists-manager N/A Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2.1 July 1, 2026
simple-banner simple-banner N/A Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting LOW *-2.11.0 2.12.0 July 1, 2026
greyd_suite greyd_suite
93
GREYD.SUITE <= 1.2.6 - Unauthenticated Arbitrary File Upload LOW *-1.2.6 1.2.7 July 1, 2026
digital-publications-by-supsystic digital-publications-by-supsystic
93
Digital Publications by Supsystic <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.7.3 1.7.4 July 1, 2026
digital-publications-by-supsystic digital-publications-by-supsystic
93
Digital Publications by Supsystic <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7.3 1.7.4 July 1, 2026
all-in-one-invite-codes all-in-one-invite-codes
97
All in One Invite Codes <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.15 1.1.0 July 1, 2026
ninja-job-board ninja-job-board N/A Ninja Job Board – Ultimate WordPress Job Board Plugin <= 1.3.2 - Cross-Site Scripting LOW *-1.3.2 1.3.3 July 1, 2026
duplicate-wp-page-post duplicate-wp-page-post
89
Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.7 2.8 July 1, 2026
duplicate-wp-page-post duplicate-wp-page-post
89
Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.7 2.8 July 1, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder <= 2.5.4.3 - Missing Authorization LOW *-2.5.4.3 2.5.4.4 July 1, 2026
adl-team adl-team
95
Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting LOW *-1.2.6 July 1, 2026
adl-team adl-team
95
Team <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.6 July 1, 2026
wp-useronline wp-useronline N/A WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.87.6 2.88.0 July 1, 2026
web-en-mantenimiento web-en-mantenimiento N/A Web en Mantenimiento <= 1.0.6 - Cross-Site Request Forgery to Settings Update LOW *-1.0.6 July 1, 2026
testimonials testimonials N/A Testimonials <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.1 July 1, 2026
sb-elementor-contact-form-db sb-elementor-contact-form-db N/A Contact Form DB - Elementor <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 1.8.0 July 1, 2026
insert-special-characters insert-special-characters
93
guzzlehttp/psr7 <= 1.84 and 2.0.0-2.1.0 - Improper Input Validation LOW *-1.0.4 1.0.5 July 1, 2026
homepage-product-organizer-for-woocommerce homepage-product-organizer-for-woocommerce
91
Homepage Product Organizer for WooCommerce <= 1.1 - Authenticated (Subscriber+) SQL Injection LOW *-1.1 July 1, 2026
easy-student-results easy-student-results
89
Easy Student Results <= 2.2.8 - Missing Authorization to Sensitive Information Disclosure LOW *-2.2.8 July 1, 2026
easy-student-results easy-student-results
89
Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting LOW *-2.2.8 July 1, 2026
e-unlocked-student-result e-unlocked-student-result
91
E Unlocked - Student Result <= 1.0.4 - Cross-Site Request Forgery to Arbitrary File Upload LOW *-1.0.4 July 1, 2026
dw-promobar dw-promobar
91
DW Promobar <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.4 July 1, 2026
Autoptimize autoptimize
87
Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings LOW *-3.1.0 3.1.1 July 1, 2026
yaysmtp yaysmtp N/A YaySMTP – Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting LOW [*, 2.2.1) 2.2.1 July 1, 2026
Social Chat – Click To Chat App Button wp-whatsapp-chat
93
WP Social Chat – Click To Chat App <= 6.0.4 - Administrator+ Stored Cross-Site Scripting LOW *-6.0.4 6.0.5 July 1, 2026
wp-ds-blog-map wp-ds-blog-map N/A WP DS Blog Map <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.1.3 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change LOW *-1.0.9.6 July 1, 2026
transposh-translation-filter-for-wordpress transposh-translation-filter-for-wordpress N/A Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure LOW *-1.0.9.6 July 1, 2026
thinkific-uploader thinkific-uploader N/A Thinkific Uploader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
rough-chart rough-chart N/A Rough Chart <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
polldaddy polldaddy N/A Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.7 - Reflected Cross-Site Scripting LOW *-3.0.7 3.0.8 July 1, 2026
oauth2-server oauth2-server N/A WP OAuth2 Server <= 1.0.1 - Authentication Bypass LOW *-1.0.1 July 1, 2026
nktagcloud nktagcloud N/A Better Tag Cloud <= 0.99.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.99.5 July 1, 2026
my-calendar my-calendar
93
My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting LOW *-3.3.16 3.3.17 July 1, 2026
multisafepay multisafepay
93
MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read LOW *-4.15.0 4.16.0 July 1, 2026
mtouch-quiz mtouch-quiz
93
mTouch Quiz <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.1.3 3.1.4 July 1, 2026
google-maps-anywhere google-maps-anywhere
91
Google Maps Anywhere <= 1.2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.6.3 July 1, 2026
dsp_dating dsp_dating
93
WPDating <= 7.4.0 - SQL Injection LOW *-7.4.0 7.4.1 July 1, 2026
directorist directorist
93
Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload LOW *-7.2.2 7.2.3 July 1, 2026
Broken Link Checker broken-link-checker
68
Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization LOW *-1.11.16 1.11.17 July 1, 2026
LOW

debug-functions-time

debug-functions-time

Score: 93/100 Find Slow Functions & Actions & Filters & Hooks <= 1.40 - Reflected Cross-Site Scripting Affected: *-1.40 Patched: 1.41 Updated: July 1, 2026
LOW

breadcrumbs-shortcode

breadcrumbs-shortcode

Score: 93/100 Breadcrumbs Shortcode <= 1.44 - Reflected Cross-Site Scripting Affected: *-1.44 Patched: 1.45 Updated: July 1, 2026
LOW

better-search-replace

better-search-replace

Score: 93/100 Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection Affected: *-1.4 Patched: 1.4.1 Updated: July 1, 2026
LOW

automatic-pages-for-privacy-policy-terms-about-and-contact

automatic-pages-for-privacy-policy-terms-about-and-contact

Score: 93/100 Automatic pages for Privacy Policy, Terms, About, Contact us <= 1.41 - Reflected Cross-Site Scripting Affected: *-1.41 Patched: 1.42 Updated: July 1, 2026
LOW

auto-hyperlink-urls

auto-hyperlink-urls

Score: 91/100 Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing Affected: *-5.4.1 Patched: Updated: July 1, 2026
LOW

audio-video-download-buttons-for-youtube

audio-video-download-buttons-for-youtube

Score: 93/100 Download buttons for Youtube videos <= 1.03 - Reflected Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: July 1, 2026
LOW

api-info-themes-plugins-wp-org

api-info-themes-plugins-wp-org

Score: 97/100 API info for Plugins & Themes from WP.ORG <= 1.04 - Reflected Cross-Site Scripting Affected: *-1.04 Patched: 1.05 Updated: July 1, 2026
LOW

all-custom-fields-groups

all-custom-fields-groups

Score: 97/100 All custom fields & groups <= 1.04 - Reflected Cross-Site Scripting Affected: *-1.04 Patched: 1.05 Updated: July 1, 2026
LOW

affiliate-for-woocommerce

affiliate-for-woocommerce

Score: 97/100 Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference Affected: *-4.7.0 Patched: 4.8.0 Updated: July 1, 2026
LOW

affiliate-for-woocommerce

affiliate-for-woocommerce

Score: 97/100 Affiliate For WooCommerce <= 4.7.0 - Missing Authorization Affected: *-4.7.0 Patched: 4.8.0 Updated: July 1, 2026
LOW

add-hierarchy-parent-to-post

add-hierarchy-parent-to-post

Score: 97/100 Add Hierarchy (parent) to post <= 3.12 - Reflected Cross-Site Scripting Affected: *-3.12 Patched: 3.13 Updated: July 1, 2026
LOW

fast-flow-dashboard

fast-flow-dashboard

Score: 93/100 Fast Flow <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.12 Patched: 1.2.13 Updated: July 1, 2026
LOW

floating-div

floating-div

Score: 91/100 Floating Div <= 3.0 - Authenticated Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 1, 2026
LOW

yookassa

yookassa

Score: N/A ЮKassa для WooCommerce <= 2.3.0 - Cross-Site Request Forgery to Settings Update Affected: *-2.3.0 Patched: 2.3.1 Updated: July 1, 2026
LOW

yookassa

yookassa

Score: N/A ЮKassa для WooCommerce <= 2.3.0 - Missing Authorization Affected: *-2.3.0 Patched: 2.3.1 Updated: July 1, 2026
LOW

tlp-team

tlp-team

Score: N/A Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion Affected: *-4.1.1 Patched: 4.1.2 Updated: July 1, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 WordPress Button Plugin MaxButtons <= 9.2 - Shortcode-Based Cross-Site Scripting Affected: *-9.2 Patched: 9.3 Updated: July 1, 2026
LOW

Simple SEO

cds-simple-seo

Score: 92/100 Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.91 Patched: 1.7.92 Updated: July 1, 2026
LOW

vr-calendar-sync

vr-calendar-sync

Score: N/A VR Calendar <= 2.4.4 - Authenticated (Administrator+) Local File Inclusion Affected: *-2.4.4 Patched: 2.4.5 Updated: July 1, 2026
LOW

bxslider-wp

bxslider-wp

Score: 91/100 BxSlider WP <= 2.0.0 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

gs-testimonial

gs-testimonial

Score: 93/100 GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.9.6 Patched: 1.9.7 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion Affected: *-3.2.50 Patched: 3.2.51 Updated: July 1, 2026
LOW

wp-graphql-woocommerce

wp-graphql-woocommerce

Score: N/A WPGraphQL WooCommerce <= 0.12.3 - Information Disclosure Affected: *-0.12.3 Patched: 0.12.4 Updated: July 1, 2026
LOW

wp-coder

wp-coder

Score: N/A WP Coder <= 2.5.2 - Cross-Site Request Forgery Affected: *-2.5.2 Patched: 2.5.3 Updated: July 1, 2026
LOW

wa-sticky-button

wa-sticky-button

Score: N/A WP Sticky Button <= 1.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3 Patched: 1.4.0 Updated: July 1, 2026
LOW

vr-calendar-sync

vr-calendar-sync

Score: N/A VR Calendar <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: 2.3.2 Updated: July 1, 2026
LOW

vc-tabs

vc-tabs

Score: N/A Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update Affected: *-3.6.0 Patched: 3.7.0 Updated: July 1, 2026
LOW

ucontext-for-amazon

ucontext-for-amazon

Score: N/A uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-3.9.1 Patched: Updated: July 1, 2026
LOW

ucontext

ucontext

Score: N/A uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-3.9.1 Patched: Updated: July 1, 2026
LOW

trust-payments-gateway-3ds2

trust-payments-gateway-3ds2

Score: N/A Trust Payments Gateway (3DS2) <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

trust-payments-gateway-3ds2

trust-payments-gateway-3ds2

Score: N/A Trust Payments Gateway (3DS2) <= 1.2.2 - Cross-Site Request Forgery Affected: *-1.2.2 Patched: 1.2.3 Updated: July 1, 2026
LOW

smartideo

smartideo

Score: N/A SmartIdeo <= 2.7.0 - Stored Cross-Site Scripting Affected: *-2.7.0 Patched: 2.7.1 Updated: July 1, 2026
LOW

simple-banner

simple-banner

Score: N/A Simple Banner <= 2.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.11.0 Patched: 2.12.0 Updated: July 1, 2026
LOW

rezgo

rezgo

Score: N/A Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting Affected: 4.1.7 Patched: 4.1.8 Updated: July 1, 2026
LOW

multiple-roles

multiple-roles

Score: 93/100 Multiple Roles < 1.3.7 - Privilege Escalation Affected: [*, 1.3.7) Patched: 1.3.7 Updated: July 1, 2026
LOW

link-optimizer-lite

link-optimizer-lite

Score: 91/100 Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 1, 2026
LOW

jobboardwp

jobboardwp

Score: 93/100 JobBoardWP – Job Board Listings and Submissions <= 1.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting Affected: *-2.9.9 Patched: 3.0.1 Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.9.9 Patched: 3.0.1 Updated: July 1, 2026
LOW

erp

erp

Score: 93/100 WP ERP <=1.10.5 - Sensitive Data Exposure Affected: *-1.10.5 Patched: 1.10.6 Updated: July 1, 2026
LOW

directorist

directorist

Score: 93/100 Directorist – WordPress Business Directory Plugin with Classified Ads Listings <= 7.2.3 - Missing Authorization Affected: *-7.2.3 Patched: 7.3.0 Updated: July 1, 2026
LOW

coming-soons

coming-soons

Score: 91/100 Coming Soon – Under Construction <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 1, 2026
LOW

wp-dbmanager

wp-dbmanager

Score: N/A WP-DBManager <= 2.80.7 - Authenticated (Admin+) Remote Code Execution on Multi-Site Affected: *-2.80.7 Patched: 2.80.8 Updated: July 1, 2026
LOW

shortcode-addons

shortcode-addons

Score: N/A Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update Affected: *-3.1.2 Patched: 3.2.0 Updated: July 1, 2026
LOW

searchwp-live-ajax-search

searchwp-live-ajax-search

Score: N/A SearchWP Live Ajax Search <= 1.6.1 - Sensitive Information Disclosure Affected: *-1.6.1 Patched: 1.6.2 Updated: July 1, 2026
LOW

image-hover-effects-ultimate-visual-composer

image-hover-effects-ultimate-visual-composer

Score: 93/100 Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update Affected: *-2.6.0 Patched: 2.6.1 Updated: July 1, 2026
LOW

libreform

libreform

Score: 93/100 WP Libre Form 2 <= 2.0.8 - Sensitive Information Disclosure Affected: *-2.0.8 Patched: 2.0.9 Updated: July 1, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A WordPress Membership, User Registration, Login Form, User Profile & Restrict Content Plugin – ProfilePress <= 3.2.15 - Reflected Cross-Site Scripting Affected: *-3.2.15 Patched: 3.2.16 Updated: July 1, 2026
LOW

vr-calendar-sync

vr-calendar-sync

Score: N/A VR Calendar <= 2.3.1 - Unauthenticated Remote Code Execution Affected: *-2.3.1 Patched: 2.3.2 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.1 - Missing Authorization Checks Affected: *-1.0.9.1 Patched: 1.0.9.2 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.1 - Cross-Site Request Forgery Affected: *-1.0.9.1 Patched: 1.0.9.2 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.1 - Remote Code Execution Affected: *-1.0.9.1 Patched: 1.0.9.2 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.1 - Authenticated (Admin+) SQL Injection via 'tp_editor' Affected: *-1.0.9.1 Patched: 1.0.9.2 Updated: July 1, 2026
LOW

stockists-manager

stockists-manager

Score: N/A Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2.1 Patched: Updated: July 1, 2026
LOW

simple-banner

simple-banner

Score: N/A Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting Affected: *-2.11.0 Patched: 2.12.0 Updated: July 1, 2026
LOW

greyd_suite

greyd_suite

Score: 93/100 GREYD.SUITE <= 1.2.6 - Unauthenticated Arbitrary File Upload Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026
LOW

digital-publications-by-supsystic

digital-publications-by-supsystic

Score: 93/100 Digital Publications by Supsystic <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: July 1, 2026
LOW

digital-publications-by-supsystic

digital-publications-by-supsystic

Score: 93/100 Digital Publications by Supsystic <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: July 1, 2026
LOW

all-in-one-invite-codes

all-in-one-invite-codes

Score: 97/100 All in One Invite Codes <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.15 Patched: 1.1.0 Updated: July 1, 2026
LOW

ninja-job-board

ninja-job-board

Score: N/A Ninja Job Board – Ultimate WordPress Job Board Plugin <= 1.3.2 - Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: July 1, 2026
LOW

duplicate-wp-page-post

duplicate-wp-page-post

Score: 89/100 Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.7 Patched: 2.8 Updated: July 1, 2026
LOW

duplicate-wp-page-post

duplicate-wp-page-post

Score: 89/100 Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.7 Patched: 2.8 Updated: July 1, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder <= 2.5.4.3 - Missing Authorization Affected: *-2.5.4.3 Patched: 2.5.4.4 Updated: July 1, 2026
LOW

adl-team

adl-team

Score: 95/100 Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: Updated: July 1, 2026
LOW

adl-team

adl-team

Score: 95/100 Team <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: Updated: July 1, 2026
LOW

wp-useronline

wp-useronline

Score: N/A WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.87.6 Patched: 2.88.0 Updated: July 1, 2026
LOW

web-en-mantenimiento

web-en-mantenimiento

Score: N/A Web en Mantenimiento <= 1.0.6 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.6 Patched: Updated: July 1, 2026
LOW

testimonials

testimonials

Score: N/A Testimonials <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: July 1, 2026
LOW

sb-elementor-contact-form-db

sb-elementor-contact-form-db

Score: N/A Contact Form DB - Elementor <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: 1.8.0 Updated: July 1, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 guzzlehttp/psr7 <= 1.84 and 2.0.0-2.1.0 - Improper Input Validation Affected: *-1.0.4 Patched: 1.0.5 Updated: July 1, 2026
LOW

homepage-product-organizer-for-woocommerce

homepage-product-organizer-for-woocommerce

Score: 91/100 Homepage Product Organizer for WooCommerce <= 1.1 - Authenticated (Subscriber+) SQL Injection Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

easy-student-results

easy-student-results

Score: 89/100 Easy Student Results <= 2.2.8 - Missing Authorization to Sensitive Information Disclosure Affected: *-2.2.8 Patched: Updated: July 1, 2026
LOW

easy-student-results

easy-student-results

Score: 89/100 Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting Affected: *-2.2.8 Patched: Updated: July 1, 2026
LOW

e-unlocked-student-result

e-unlocked-student-result

Score: 91/100 E Unlocked - Student Result <= 1.0.4 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

dw-promobar

dw-promobar

Score: 91/100 DW Promobar <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

Autoptimize

autoptimize

Score: 87/100 Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings Affected: *-3.1.0 Patched: 3.1.1 Updated: July 1, 2026
LOW

yaysmtp

yaysmtp

Score: N/A YaySMTP – Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting Affected: [*, 2.2.1) Patched: 2.2.1 Updated: July 1, 2026
LOW

Social Chat – Click To Chat App Button

wp-whatsapp-chat

Score: 93/100 WP Social Chat – Click To Chat App <= 6.0.4 - Administrator+ Stored Cross-Site Scripting Affected: *-6.0.4 Patched: 6.0.5 Updated: July 1, 2026
LOW

wp-ds-blog-map

wp-ds-blog-map

Score: N/A WP DS Blog Map <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.3 Patched: Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change Affected: *-1.0.9.6 Patched: Updated: July 1, 2026
LOW

transposh-translation-filter-for-wordpress

transposh-translation-filter-for-wordpress

Score: N/A Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure Affected: *-1.0.9.6 Patched: Updated: July 1, 2026
LOW

thinkific-uploader

thinkific-uploader

Score: N/A Thinkific Uploader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

rough-chart

rough-chart

Score: N/A Rough Chart <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

polldaddy

polldaddy

Score: N/A Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.7 - Reflected Cross-Site Scripting Affected: *-3.0.7 Patched: 3.0.8 Updated: July 1, 2026
LOW

oauth2-server

oauth2-server

Score: N/A WP OAuth2 Server <= 1.0.1 - Authentication Bypass Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

nktagcloud

nktagcloud

Score: N/A Better Tag Cloud <= 0.99.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.99.5 Patched: Updated: July 1, 2026
LOW

my-calendar

my-calendar

Score: 93/100 My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting Affected: *-3.3.16 Patched: 3.3.17 Updated: July 1, 2026
LOW

multisafepay

multisafepay

Score: 93/100 MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read Affected: *-4.15.0 Patched: 4.16.0 Updated: July 1, 2026
LOW

mtouch-quiz

mtouch-quiz

Score: 93/100 mTouch Quiz <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: July 1, 2026
LOW

google-maps-anywhere

google-maps-anywhere

Score: 91/100 Google Maps Anywhere <= 1.2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.6.3 Patched: Updated: July 1, 2026
LOW

dsp_dating

dsp_dating

Score: 93/100 WPDating <= 7.4.0 - SQL Injection Affected: *-7.4.0 Patched: 7.4.1 Updated: July 1, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload Affected: *-7.2.2 Patched: 7.2.3 Updated: July 1, 2026
LOW

Broken Link Checker

broken-link-checker

Score: 68/100 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization Affected: *-1.11.16 Patched: 1.11.17 Updated: July 1, 2026

Showing 28501 to 28600 of 36328 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 18:35 UTC.