Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36328

Across tracked plugins

Affected Plugins

80

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
auto-more-tag auto-more-tag
91
Auto More Tag <= 4.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.0.0 July 1, 2026
yaysmtp yaysmtp N/A YaySMTP – Simple WP SMTP Mail <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.2.1 2.2.2 July 1, 2026
wp-marketing-automations wp-marketing-automations N/A Abandoned Cart Recovery for WooCommerce by Autonami <= 2.1.1 - Missing Authorization LOW *-2.1.1 2.1.2 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member <= 2.4.0 - Subscriber+ Stored Cross-Site Scripting LOW 2.4.0 2.4.1 July 1, 2026
retro-winamp-block retro-winamp-block N/A Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service LOW *-1.1.0 1.2.0 July 1, 2026
publisher-media-kit publisher-media-kit N/A Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service LOW *-1.2.1 1.3.0 July 1, 2026
name-directory name-directory
93
Name Directory <= 1.25.4 - Unauthorized Settings Update LOW *-1.25.4 1.25.5 July 1, 2026
maps-block-apple maps-block-apple
93
Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service LOW *-1.0.3 1.1.0 July 1, 2026
autoshare-for-twitter autoshare-for-twitter
93
Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service LOW *-1.1.2 1.2.0 July 1, 2026
advanced-post-manager advanced-post-manager
97
Advanced Post Manager <= 4.5.1 - PHP Object Injection LOW *-4.5.1 4.5.2 July 1, 2026
wp-comment-fields wp-comment-fields N/A WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.0 4.1 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member <= 2.4.1 - Username Enumeration LOW *-2.4.1 2.4.2 July 1, 2026
sophi sophi N/A terser (JS Package) < 5.14.2 - Denial of Service LOW *-1.2.0 1.2.1 July 1, 2026
simple-podcasting simple-podcasting N/A terser (JS Package) < 5.14.2 - Denial of Service LOW [*, 1.2.4) 1.2.4 July 1, 2026
simple-local-avatars simple-local-avatars N/A terser (JS Package) < 5.14.2 - Denial of Service LOW *-2.5.0 2.6.0 July 1, 2026
retro-winamp-block retro-winamp-block N/A terser (JS Package) < 5.14.2 - Denial of Service LOW *-1.1.0 1.2.0 July 1, 2026
elasticpress elasticpress
93
terser (JS Package) < 5.14.2 - Denial of Service LOW *-4.2.2 4.3.0 July 1, 2026
advanced-custom-fields advanced-custom-fields
97
Advanced Custom Fields <= 5.12.2 - File Upload LOW *-5.12.2 5.12.3 July 1, 2026
youzify youzify N/A Youzify <= 1.1.9 - SQL Injection LOW *-1.1.9 1.2.0 July 1, 2026
Melapress File Monitor website-file-changes-monitor
97
Website File Changes Monitor <= 1.8.2 - Authenticated (Admin+) SQL Injection LOW *-1.8.2 1.8.3 July 1, 2026
give give
93
GiveWP <= 2.20.2 - Authenticated Arbitrary File Read LOW *-2.20.2 2.21.0 July 1, 2026
give give
93
GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation LOW *-2.20.2 2.21.0 July 1, 2026
wsm-downloader wsm-downloader N/A WSM Downloader <= 1.4.0 - Arbitrary File Download LOW *-1.4.0 July 1, 2026
wsm-downloader wsm-downloader N/A WSM Downloader <- 1.4.0 - Domain Bypass LOW *-1.4.0 July 1, 2026
weforms weforms N/A weForms <= 1.6.13 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.6.13 1.6.14 July 1, 2026
username-updater username-updater N/A Easy Username Updater <= 1.0.3 - Cross-Site Request Forgery to Username Change LOW *-1.0.3 1.0.4 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization LOW *-2.9.8.5 2.9.8.6 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Cross-Site Request Forgery to Plugin Settings Update LOW *-2.9.8.5 2.9.8.6 July 1, 2026
feed-them-social feed-them-social
93
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting LOW *-2.9.9 3.0.1 July 1, 2026
dynamic-font-replacement-4wp dynamic-font-replacement-4wp
89
Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion LOW * - 1.3 EN July 1, 2026
Simple SEO cds-simple-seo
92
Simple SEO <= 1.7.91 - Reflected Cross-Site Scripting LOW *-1.7.91 1.7.92 July 1, 2026
auxin-elements auxin-elements
89
Shortcodes and extra features for Phlox theme <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.8 2.9.14 July 1, 2026
yop-poll yop-poll N/A YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header LOW *-6.4.2 6.4.3 July 1, 2026
yaysmtp yaysmtp N/A YaySMTP – Simple WP SMTP Mail <= 2.2 - Missing Authorization to Sensitive Information Exposure LOW *-2.2 2.2.1 July 1, 2026
yaysmtp yaysmtp N/A YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure LOW 2.2 2.2.1 July 1, 2026
File Sharing & Download Manager – User Private Files user-private-files
96
Frontend File Manager & Sharing – User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload LOW *-1.1.2 1.1.3 July 1, 2026
rich-event-timeline rich-event-timeline N/A Event Timeline <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.6 July 1, 2026
project-source-code-download project-source-code-download N/A Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download LOW *-1.0.0 July 1, 2026
give give
93
GiveWP <= 2.21.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.21.2 2.21.3 July 1, 2026
ecwid-shopping-cart ecwid-shopping-cart
93
Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update LOW *-6.10.23 6.10.24 July 1, 2026
ecwid-shopping-cart ecwid-shopping-cart
93
Ecwid Ecommerce Shopping Cart <= 6.10.22 - Insufficient Access Control on Multiple AJAX Actions LOW *-6.10.22 6.10.23 July 1, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 2.21.2 - Cross-Site Request Forgery LOW *-2.21.2 2.21.3 July 1, 2026
counter-box counter-box
93
Counter Box <= 1.2 - Cross-Site Request Forgery LOW *-1.2 1.2.1 July 1, 2026
counter-box counter-box
93
Counter Box – WordPress plugin for countdown, timer, counter <= 1.2 - SQL Injection LOW *-1.2 1.2.1 July 1, 2026
shortcode-for-current-date shortcode-for-current-date N/A Shortcode For Current Date <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 1, 2026
progressive-license progressive-license N/A Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.0 July 1, 2026
microsoft-advertising-universal-event-tracking-uet microsoft-advertising-universal-event-tracking-uet
93
Microsoft Advertising Universal Event Tracking (UET) <= 1.0.3 - Authenticated Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 1, 2026
keep-backup-daily keep-backup-daily
93
Keep Backup Daily <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 2.0.4 July 1, 2026
digiproveblog digiproveblog
91
Copyright Proof <= 4.16 - Reflected Cross-Site Scripting LOW *-4.16 July 1, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection LOW *-5.7 5.8 July 1, 2026
wp-paypal wp-paypal N/A WP PayPal <= 1.2.3.8 - Cross-Site Scripting LOW *-1.2.3.7 1.2.3.8 July 1, 2026
vc-addons-by-bit14 vc-addons-by-bit14 N/A Web and WooCommerce Addons for WPBakery Builder <= 1.4.4.1 - Missing Authorization Checks LOW *-1.4.4.1 1.4.4.2 July 1, 2026
social-share-buttons-by-supsystic social-share-buttons-by-supsystic N/A Social Share Buttons by Supsystic <= 2.2.6 - SQL Injection LOW *-2.2.6 2.2.7 July 1, 2026
slide-anything slide-anything N/A Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.46 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.46 2.3.47 July 1, 2026
simple-membership simple-membership N/A Simple Membership <= 4.1.2 - Membership Privilege Escalation LOW *-4.1.2 4.1.3 July 1, 2026
simple-membership simple-membership N/A Simple Membership <= 4.1.2 - Membership Privilege Escalation LOW *-4.1.2 4.1.3 July 1, 2026
rt-custom-css-page-and-post rt-custom-css-page-and-post N/A Royal Custom CSS for Page and Post <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW 1.2 July 1, 2026
makestories-helper makestories-helper
91
MakeStories (for Web Stories) <= 2.6.4 - Cross-Ste Scripting LOW *-2.6.4 2.6.5 July 1, 2026
flexi-quote-rotator flexi-quote-rotator
89
Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting LOW *-0.9.4 July 1, 2026
flexi-quote-rotator flexi-quote-rotator
89
Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.9.4 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.2.48 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.48 3.2.49 July 1, 2026
visualizer visualizer N/A Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization LOW *-3.7.9 3.7.10 July 1, 2026
visualizer visualizer N/A Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization LOW *-3.7.9 3.7.10 July 1, 2026
popups popups N/A Popups <= 1.9.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.3.8 July 1, 2026
login-with-phone-number login-with-phone-number
93
Login with phone number <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.7 1.3.8 July 1, 2026
learnpress learnpress
93
LearnPress – WordPress LMS Plugin <= 4.1.6.7 - Reflected Cross-Site Scripting LOW *-4.1.6.7 4.1.6.8 July 1, 2026
invitation-based-registrations invitation-based-registrations
93
Invitation Based Registrations <= 2.2.84 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.2.84 2.3.1 July 1, 2026
freemind-wp-browser freemind-wp-browser
91
FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.2 July 1, 2026
featured-image-from-url featured-image-from-url
93
Featured Image from URL (FIFU) <= 4.0.0 - Stored Cross-Site Scripting LOW *-4.0.0 4.0.1 July 1, 2026
anymind-widget anymind-widget
95
AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.1 July 1, 2026
advanced-wp-reset advanced-wp-reset
97
Advanced WordPress Reset <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 1.6 July 1, 2026
wp-video-lightbox wp-video-lightbox N/A Video Lightbox <= 1.9.5 - Authenticated Stored Cross-Site Scripting LOW *-1.9.5 1.9.6 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.5.9 - Reflected Cross-Site Scripting LOW *-5.5.9 5.6.0 July 1, 2026
social-networks-auto-poster-facebook-twitter-g social-networks-auto-poster-facebook-twitter-g N/A NextScripts: Social Networks Auto-Poster <= 4.3.25 - Reflected Cross-Site Scripting LOW *-4.3.25 4.3.26 July 1, 2026
shareaholic shareaholic N/A Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic <= 9.7.5 - Information Disclosure LOW *-9.7.5 9.7.6 July 1, 2026
popup-anything-on-click popup-anything-on-click N/A Popup Anything – A Marketing Popup and Lead Generation Conversions <= 2.1.6 - Reflected Cross-Site Scripting LOW *-2.1.6 2.1.7 July 1, 2026
asf-allow-svg-files asf-allow-svg-files
95
Allow SVG Files <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.1 July 1, 2026
add-search-to-menu add-search-to-menu
97
Ivory Search <= 5.4.6 - Reflected Cross-Site Scripting LOW *-5.4.6 5.4.7 July 1, 2026
yellow-yard yellow-yard N/A Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting LOW *-2.7.27 2.8.12 July 1, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
WP All Import <= 3.6.7 - Admin+ Arbitrary File Upload LOW *-3.6.7 3.6.8 July 1, 2026
photo-gallery photo-gallery N/A Photo Gallery by 10Web <= 1.6.8 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.6.8 1.6.9 July 1, 2026
ND Shortcodes nd-shortcodes
91
ND Shortcodes <= 6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.5 6.6 July 1, 2026
wp-video-lightbox wp-video-lightbox N/A WP Video Lightbox <= 1.9.4 - Reflected Cross-Site Scripting LOW *-1.9.4 1.9.5 July 1, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload LOW *-3.6.7 3.6.8 July 1, 2026
shortcode-addons shortcode-addons N/A Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update LOW *-3.0.2 3.0.3 July 1, 2026
popup-builder popup-builder N/A Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update LOW *-4.1.11 4.1.12 July 1, 2026
music-player-for-woocommerce music-player-for-woocommerce
93
Music Player for WooCommerce <= 1.0.172 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.172 1.0.173 July 1, 2026
form-forms form-forms
93
Form – Contact Form <= 1.2.0 - Administrator+ Cross-Site Scripting LOW *-1.2.0 1.2.1 July 1, 2026
featured-image-from-url featured-image-from-url
93
Featured Image from URL (FIFU) <= 3.9.9 - Cross-Site Request Forgery LOW *-3.9.9 4.0.0 July 1, 2026
accordions-or-faqs accordions-or-faqs
95
Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update LOW *-2.0.2 2.0.3 July 1, 2026
wp-memory wp-memory N/A Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin <= 2.43 - Cross-Site Scripting LOW *-2.43 2.44 July 1, 2026
WP Popular Posts wordpress-popular-posts N/A WordPress Popular Posts <= 5.5.1 - Reflected Cross-Site Scripting LOW *-5.5.1 6.0.0 July 1, 2026
unyson unyson N/A Unyson <= 2.7.26 - Cross-Site Scripting LOW *-2.7.26 2.7.27 July 1, 2026
advanced-nocaptcha-recaptcha advanced-nocaptcha-recaptcha
97
CAPTCHA 4WP <= 7.0.6.1 - Cross-Site Request Forgery to Local File Inclusion LOW *-7.0.6.1 7.1.0 July 1, 2026
wp-maintenance wp-maintenance N/A WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting LOW *-6.0.7 6.0.8 July 1, 2026
yikes-inc-easy-custom-woocommerce-product-tabs yikes-inc-easy-custom-woocommerce-product-tabs N/A Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update LOW *-1.7.7 1.7.8 July 1, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
WP All Import <= 3.6.7 - Authenticated (Administrator+) Arbitrary Code Execution LOW *-3.6.7 3.6.8 July 1, 2026
sp-client-document-manager sp-client-document-manager
87
SP Project & Document Manager <= 4.57 - Sensitive File Disclosure LOW *-4.57 4.58 July 1, 2026
request-a-quote request-a-quote N/A Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.7 2.3.8 July 1, 2026
request-a-quote request-a-quote N/A Request a Quote <= 2.3.8 - CSV Injection LOW *-2.3.8 2.3.9 July 1, 2026
LOW

auto-more-tag

auto-more-tag

Score: 91/100 Auto More Tag <= 4.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.0.0 Patched: Updated: July 1, 2026
LOW

yaysmtp

yaysmtp

Score: N/A YaySMTP – Simple WP SMTP Mail <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: July 1, 2026
LOW

wp-marketing-automations

wp-marketing-automations

Score: N/A Abandoned Cart Recovery for WooCommerce by Autonami <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: 2.1.2 Updated: July 1, 2026
LOW

retro-winamp-block

retro-winamp-block

Score: N/A Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

publisher-media-kit

publisher-media-kit

Score: N/A Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service Affected: *-1.2.1 Patched: 1.3.0 Updated: July 1, 2026
LOW

name-directory

name-directory

Score: 93/100 Name Directory <= 1.25.4 - Unauthorized Settings Update Affected: *-1.25.4 Patched: 1.25.5 Updated: July 1, 2026
LOW

maps-block-apple

maps-block-apple

Score: 93/100 Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service Affected: *-1.0.3 Patched: 1.1.0 Updated: July 1, 2026
LOW

autoshare-for-twitter

autoshare-for-twitter

Score: 93/100 Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service Affected: *-1.1.2 Patched: 1.2.0 Updated: July 1, 2026
LOW

advanced-post-manager

advanced-post-manager

Score: 97/100 Advanced Post Manager <= 4.5.1 - PHP Object Injection Affected: *-4.5.1 Patched: 4.5.2 Updated: July 1, 2026
LOW

wp-comment-fields

wp-comment-fields

Score: N/A WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: July 1, 2026
LOW

sophi

sophi

Score: N/A terser (JS Package) < 5.14.2 - Denial of Service Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

simple-podcasting

simple-podcasting

Score: N/A terser (JS Package) < 5.14.2 - Denial of Service Affected: [*, 1.2.4) Patched: 1.2.4 Updated: July 1, 2026
LOW

simple-local-avatars

simple-local-avatars

Score: N/A terser (JS Package) < 5.14.2 - Denial of Service Affected: *-2.5.0 Patched: 2.6.0 Updated: July 1, 2026
LOW

retro-winamp-block

retro-winamp-block

Score: N/A terser (JS Package) < 5.14.2 - Denial of Service Affected: *-1.1.0 Patched: 1.2.0 Updated: July 1, 2026
LOW

elasticpress

elasticpress

Score: 93/100 terser (JS Package) < 5.14.2 - Denial of Service Affected: *-4.2.2 Patched: 4.3.0 Updated: July 1, 2026
LOW

advanced-custom-fields

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 5.12.2 - File Upload Affected: *-5.12.2 Patched: 5.12.3 Updated: July 1, 2026
LOW

youzify

youzify

Score: N/A Youzify <= 1.1.9 - SQL Injection Affected: *-1.1.9 Patched: 1.2.0 Updated: July 1, 2026
LOW

Melapress File Monitor

website-file-changes-monitor

Score: 97/100 Website File Changes Monitor <= 1.8.2 - Authenticated (Admin+) SQL Injection Affected: *-1.8.2 Patched: 1.8.3 Updated: July 1, 2026
LOW

give

give

Score: 93/100 GiveWP <= 2.20.2 - Authenticated Arbitrary File Read Affected: *-2.20.2 Patched: 2.21.0 Updated: July 1, 2026
LOW

give

give

Score: 93/100 GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation Affected: *-2.20.2 Patched: 2.21.0 Updated: July 1, 2026
LOW

wsm-downloader

wsm-downloader

Score: N/A WSM Downloader <= 1.4.0 - Arbitrary File Download Affected: *-1.4.0 Patched: Updated: July 1, 2026
LOW

wsm-downloader

wsm-downloader

Score: N/A WSM Downloader <- 1.4.0 - Domain Bypass Affected: *-1.4.0 Patched: Updated: July 1, 2026
LOW

weforms

weforms

Score: N/A weForms <= 1.6.13 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.6.13 Patched: 1.6.14 Updated: July 1, 2026
LOW

username-updater

username-updater

Score: N/A Easy Username Updater <= 1.0.3 - Cross-Site Request Forgery to Username Change Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization Affected: *-2.9.8.5 Patched: 2.9.8.6 Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.9.8.5 Patched: 2.9.8.6 Updated: July 1, 2026
LOW

feed-them-social

feed-them-social

Score: 93/100 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting Affected: *-2.9.9 Patched: 3.0.1 Updated: July 1, 2026
LOW

dynamic-font-replacement-4wp

dynamic-font-replacement-4wp

Score: 89/100 Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion Affected: * - 1.3 EN Patched: Updated: July 1, 2026
LOW

Simple SEO

cds-simple-seo

Score: 92/100 Simple SEO <= 1.7.91 - Reflected Cross-Site Scripting Affected: *-1.7.91 Patched: 1.7.92 Updated: July 1, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.8 Patched: 2.9.14 Updated: July 1, 2026
LOW

yop-poll

yop-poll

Score: N/A YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header Affected: *-6.4.2 Patched: 6.4.3 Updated: July 1, 2026
LOW

yaysmtp

yaysmtp

Score: N/A YaySMTP – Simple WP SMTP Mail <= 2.2 - Missing Authorization to Sensitive Information Exposure Affected: *-2.2 Patched: 2.2.1 Updated: July 1, 2026
LOW

yaysmtp

yaysmtp

Score: N/A YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure Affected: 2.2 Patched: 2.2.1 Updated: July 1, 2026
LOW

rich-event-timeline

rich-event-timeline

Score: N/A Event Timeline <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 1, 2026
LOW

project-source-code-download

project-source-code-download

Score: N/A Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

give

give

Score: 93/100 GiveWP <= 2.21.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.21.2 Patched: 2.21.3 Updated: July 1, 2026
LOW

ecwid-shopping-cart

ecwid-shopping-cart

Score: 93/100 Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update Affected: *-6.10.23 Patched: 6.10.24 Updated: July 1, 2026
LOW

ecwid-shopping-cart

ecwid-shopping-cart

Score: 93/100 Ecwid Ecommerce Shopping Cart <= 6.10.22 - Insufficient Access Control on Multiple AJAX Actions Affected: *-6.10.22 Patched: 6.10.23 Updated: July 1, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 2.21.2 - Cross-Site Request Forgery Affected: *-2.21.2 Patched: 2.21.3 Updated: July 1, 2026
LOW

counter-box

counter-box

Score: 93/100 Counter Box <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: 1.2.1 Updated: July 1, 2026
LOW

counter-box

counter-box

Score: 93/100 Counter Box – WordPress plugin for countdown, timer, counter <= 1.2 - SQL Injection Affected: *-1.2 Patched: 1.2.1 Updated: July 1, 2026
LOW

shortcode-for-current-date

shortcode-for-current-date

Score: N/A Shortcode For Current Date <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 1, 2026
LOW

progressive-license

progressive-license

Score: N/A Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

microsoft-advertising-universal-event-tracking-uet

microsoft-advertising-universal-event-tracking-uet

Score: 93/100 Microsoft Advertising Universal Event Tracking (UET) <= 1.0.3 - Authenticated Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

keep-backup-daily

keep-backup-daily

Score: 93/100 Keep Backup Daily <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 1, 2026
LOW

digiproveblog

digiproveblog

Score: 91/100 Copyright Proof <= 4.16 - Reflected Cross-Site Scripting Affected: *-4.16 Patched: Updated: July 1, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection Affected: *-5.7 Patched: 5.8 Updated: July 1, 2026
LOW

wp-paypal

wp-paypal

Score: N/A WP PayPal <= 1.2.3.8 - Cross-Site Scripting Affected: *-1.2.3.7 Patched: 1.2.3.8 Updated: July 1, 2026
LOW

vc-addons-by-bit14

vc-addons-by-bit14

Score: N/A Web and WooCommerce Addons for WPBakery Builder <= 1.4.4.1 - Missing Authorization Checks Affected: *-1.4.4.1 Patched: 1.4.4.2 Updated: July 1, 2026
LOW

social-share-buttons-by-supsystic

social-share-buttons-by-supsystic

Score: N/A Social Share Buttons by Supsystic <= 2.2.6 - SQL Injection Affected: *-2.2.6 Patched: 2.2.7 Updated: July 1, 2026
LOW

slide-anything

slide-anything

Score: N/A Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.46 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.46 Patched: 2.3.47 Updated: July 1, 2026
LOW

simple-membership

simple-membership

Score: N/A Simple Membership <= 4.1.2 - Membership Privilege Escalation Affected: *-4.1.2 Patched: 4.1.3 Updated: July 1, 2026
LOW

simple-membership

simple-membership

Score: N/A Simple Membership <= 4.1.2 - Membership Privilege Escalation Affected: *-4.1.2 Patched: 4.1.3 Updated: July 1, 2026
LOW

rt-custom-css-page-and-post

rt-custom-css-page-and-post

Score: N/A Royal Custom CSS for Page and Post <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: 1.2 Patched: Updated: July 1, 2026
LOW

makestories-helper

makestories-helper

Score: 91/100 MakeStories (for Web Stories) <= 2.6.4 - Cross-Ste Scripting Affected: *-2.6.4 Patched: 2.6.5 Updated: July 1, 2026
LOW

flexi-quote-rotator

flexi-quote-rotator

Score: 89/100 Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting Affected: *-0.9.4 Patched: Updated: July 1, 2026
LOW

flexi-quote-rotator

flexi-quote-rotator

Score: 89/100 Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.9.4 Patched: Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.48 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.48 Patched: 3.2.49 Updated: July 1, 2026
LOW

visualizer

visualizer

Score: N/A Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization Affected: *-3.7.9 Patched: 3.7.10 Updated: July 1, 2026
LOW

visualizer

visualizer

Score: N/A Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization Affected: *-3.7.9 Patched: 3.7.10 Updated: July 1, 2026
LOW

popups

popups

Score: N/A Popups <= 1.9.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.3.8 Patched: Updated: July 1, 2026
LOW

login-with-phone-number

login-with-phone-number

Score: 93/100 Login with phone number <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.7 Patched: 1.3.8 Updated: July 1, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.1.6.7 - Reflected Cross-Site Scripting Affected: *-4.1.6.7 Patched: 4.1.6.8 Updated: July 1, 2026
LOW

invitation-based-registrations

invitation-based-registrations

Score: 93/100 Invitation Based Registrations <= 2.2.84 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.2.84 Patched: 2.3.1 Updated: July 1, 2026
LOW

freemind-wp-browser

freemind-wp-browser

Score: 91/100 FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

featured-image-from-url

featured-image-from-url

Score: 93/100 Featured Image from URL (FIFU) <= 4.0.0 - Stored Cross-Site Scripting Affected: *-4.0.0 Patched: 4.0.1 Updated: July 1, 2026
LOW

anymind-widget

anymind-widget

Score: 95/100 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

advanced-wp-reset

advanced-wp-reset

Score: 97/100 Advanced WordPress Reset <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 1, 2026
LOW

wp-video-lightbox

wp-video-lightbox

Score: N/A Video Lightbox <= 1.9.5 - Authenticated Stored Cross-Site Scripting Affected: *-1.9.5 Patched: 1.9.6 Updated: July 1, 2026
LOW

social-networks-auto-poster-facebook-twitter-g

social-networks-auto-poster-facebook-twitter-g

Score: N/A NextScripts: Social Networks Auto-Poster <= 4.3.25 - Reflected Cross-Site Scripting Affected: *-4.3.25 Patched: 4.3.26 Updated: July 1, 2026
LOW

shareaholic

shareaholic

Score: N/A Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic <= 9.7.5 - Information Disclosure Affected: *-9.7.5 Patched: 9.7.6 Updated: July 1, 2026
LOW

popup-anything-on-click

popup-anything-on-click

Score: N/A Popup Anything – A Marketing Popup and Lead Generation Conversions <= 2.1.6 - Reflected Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 1, 2026
LOW

asf-allow-svg-files

asf-allow-svg-files

Score: 95/100 Allow SVG Files <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

add-search-to-menu

add-search-to-menu

Score: 97/100 Ivory Search <= 5.4.6 - Reflected Cross-Site Scripting Affected: *-5.4.6 Patched: 5.4.7 Updated: July 1, 2026
LOW

yellow-yard

yellow-yard

Score: N/A Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting Affected: *-2.7.27 Patched: 2.8.12 Updated: July 1, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery by 10Web <= 1.6.8 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.6.8 Patched: 1.6.9 Updated: July 1, 2026
LOW

ND Shortcodes

nd-shortcodes

Score: 91/100 ND Shortcodes <= 6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.5 Patched: 6.6 Updated: July 1, 2026
LOW

wp-video-lightbox

wp-video-lightbox

Score: N/A WP Video Lightbox <= 1.9.4 - Reflected Cross-Site Scripting Affected: *-1.9.4 Patched: 1.9.5 Updated: July 1, 2026
LOW

shortcode-addons

shortcode-addons

Score: N/A Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update Affected: *-3.0.2 Patched: 3.0.3 Updated: July 1, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update Affected: *-4.1.11 Patched: 4.1.12 Updated: July 1, 2026
LOW

music-player-for-woocommerce

music-player-for-woocommerce

Score: 93/100 Music Player for WooCommerce <= 1.0.172 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.172 Patched: 1.0.173 Updated: July 1, 2026
LOW

form-forms

form-forms

Score: 93/100 Form – Contact Form <= 1.2.0 - Administrator+ Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

featured-image-from-url

featured-image-from-url

Score: 93/100 Featured Image from URL (FIFU) <= 3.9.9 - Cross-Site Request Forgery Affected: *-3.9.9 Patched: 4.0.0 Updated: July 1, 2026
LOW

accordions-or-faqs

accordions-or-faqs

Score: 95/100 Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update Affected: *-2.0.2 Patched: 2.0.3 Updated: July 1, 2026
LOW

wp-memory

wp-memory

Score: N/A Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin <= 2.43 - Cross-Site Scripting Affected: *-2.43 Patched: 2.44 Updated: July 1, 2026
LOW

WP Popular Posts

wordpress-popular-posts

Score: N/A WordPress Popular Posts <= 5.5.1 - Reflected Cross-Site Scripting Affected: *-5.5.1 Patched: 6.0.0 Updated: July 1, 2026
LOW

unyson

unyson

Score: N/A Unyson <= 2.7.26 - Cross-Site Scripting Affected: *-2.7.26 Patched: 2.7.27 Updated: July 1, 2026
LOW

advanced-nocaptcha-recaptcha

advanced-nocaptcha-recaptcha

Score: 97/100 CAPTCHA 4WP <= 7.0.6.1 - Cross-Site Request Forgery to Local File Inclusion Affected: *-7.0.6.1 Patched: 7.1.0 Updated: July 1, 2026
LOW

wp-maintenance

wp-maintenance

Score: N/A WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting Affected: *-6.0.7 Patched: 6.0.8 Updated: July 1, 2026
LOW

yikes-inc-easy-custom-woocommerce-product-tabs

yikes-inc-easy-custom-woocommerce-product-tabs

Score: N/A Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update Affected: *-1.7.7 Patched: 1.7.8 Updated: July 1, 2026
LOW

sp-client-document-manager

sp-client-document-manager

Score: 87/100 SP Project & Document Manager <= 4.57 - Sensitive File Disclosure Affected: *-4.57 Patched: 4.58 Updated: July 1, 2026
LOW

request-a-quote

request-a-quote

Score: N/A Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.7 Patched: 2.3.8 Updated: July 1, 2026
LOW

request-a-quote

request-a-quote

Score: N/A Request a Quote <= 2.3.8 - CSV Injection Affected: *-2.3.8 Patched: 2.3.9 Updated: July 1, 2026

Showing 28601 to 28700 of 36328 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 19:34 UTC.