Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
oauth-client oauth-client
93
OAuth 2.0 client for SSO <= 1.11.3 - Authentication Bypass LOW *-1.11.3 1.11.4 July 4, 2026
miniorange-openid-connect-client miniorange-openid-connect-client
93
WordPress OpenID Connect Client <= 2.1.7 - Authentication Bypass LOW *-2.1.7 2.1.8 July 4, 2026
miniorange-login-with-whmcs miniorange-login-with-whmcs
93
Login with WHMCS <= 1.11.3 - Authentication Bypass LOW *-1.11.3 1.11.4 July 4, 2026
loading-page loading-page
93
Loading Page with Loading Screen <= 1.0.82 - Cross-Site Scripting LOW *-1.0.82 1.0.83 July 4, 2026
Download Manager download-manager
63
Download Manager <= 3.2.43 - Reflected Cross-Site Scripting LOW *-3.2.43 3.2.44 July 4, 2026
wp-meta-seo wp-meta-seo N/A WP Meta SEO <= 4.4.8 - Cross-Site Request Forgery to Settings Update LOW *-4.4.8 4.4.9 July 4, 2026
wooshark-woocommerce-dropshipping wooshark-woocommerce-dropshipping N/A Dropshipping and affiliates for Amazon and woocommerce <= 1.4.3 - Missing Authorization LOW *-1.4.3 July 4, 2026
woo-reviews-manager woo-reviews-manager N/A eBay Dropshipping and Affiliate by Wooshark <= 1.5.6 - Unprotected AJAX Actions LOW *-1.5.6 July 4, 2026
simple-post-notes simple-post-notes N/A Simple Post Notes <= 1.7.5 - Subscriber+ Stored Cross-Site Scripting LOW *-1.7.5 1.7.6 July 4, 2026
reamaze reamaze N/A Re:amaze Helpdesk & Live Chat <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.5 2.0 July 4, 2026
our-services-showcase our-services-showcase
91
Our Services Showcase <= 2.0 - Missing Authorization LOW *-2.0 July 4, 2026
miniorange-login-with-eve-online-google-facebook miniorange-login-with-eve-online-google-facebook
93
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting LOW *-6.22.5 6.23.0 July 4, 2026
login-with-cognito login-with-cognito
93
Login with Cognito <= 1.4.6 - Authentication Bypass LOW *-1.4.6 1.4.7 July 4, 2026
livesupporti livesupporti
93
Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0.11 1.0.12 July 4, 2026
gtm-server-side gtm-server-side
93
GTM Server Side <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.1 1.1.2 July 4, 2026
freshdesk-support freshdesk-support
93
Freshdesk (official) <= 2.3.6 - Cross-Site Request Forgery LOW *-2.3.6 2.4.0 July 4, 2026
football-live-scores football-live-scores
91
Football Live Scores <= 1.5 - Missing Authorization LOW *-1.5 July 4, 2026
dx-share-selection dx-share-selection
93
DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.4 1.5 July 4, 2026
Data Tables Generator by Supsystic data-tables-generator-by-supsystic
89
Data Tables Generator By Supsystic <= 1.10.19 - Cross-Site Scripting LOW *-1.10.19 1.10.20 July 4, 2026
bbpress-post-topics bbpress-post-topics
93
Post Comments as bbPress Topics <= 2.2.3 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.2.3 2.2.4 July 4, 2026
404s 404s
97
404s <= 3.4.9 - Administrator+ Cross-Site Scripting LOW *-3.4.9 3.5.1 July 4, 2026
wp-easy-contact wp-easy-contact N/A Best Contact Management Software <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.7.3 3.8 July 4, 2026
very-simple-breadcrumb very-simple-breadcrumb N/A Very Simple Breadcrumb <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
MainWP Dashboard: Self-hosted WordPress Management for Agencies mainwp
69
MainWP Dashboard <= 4.2.4.1 - Cross-Site Request Forgery LOW *-4.2.4.1 4.2.5 July 4, 2026
import-csv-files import-csv-files
91
Import CSV Files <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
embed-power-bi embed-power-bi
91
Power BI Embedded for WordPress <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW 1.1.3 1.1.4 July 4, 2026
Download Manager download-manager
63
Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting LOW *-3.2.46 3.2.47 July 4, 2026
company-updates-for-linkedin company-updates-for-linkedin
91
LinkedIn Company Updates <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.3 July 4, 2026
collect-and-deliver-interface-for-woocommerce collect-and-deliver-interface-for-woocommerce
93
CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting LOW *-5.1.9 5.1.10 July 4, 2026
brizy brizy
93
Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL LOW [*, 2.4.2) 2.4.2 July 4, 2026
brizy brizy
93
Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content LOW [*, 2.4.2) 2.4.2 July 4, 2026
wp-opt-in wp-opt-in N/A WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update LOW *-1.4.1 July 4, 2026
wp-maintenance-mode wp-maintenance-mode N/A WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery LOW *-2.4.4 2.4.5 July 4, 2026
wp-event-manager wp-event-manager N/A WP Event Manager – Easily Build your Calendar of Events! <= 3.1.27 - Stored Cross Site Scripting LOW [*, 3.1.28) 3.1.28 July 4, 2026
wp-duplicate-page wp-duplicate-page N/A WP Duplicate Page <= 1.2 - Authenticated (Admin+) Stored Cross Site Scripting LOW [*, 1.3) 1.3 July 4, 2026
wp-analytify wp-analytify N/A Analytify <= 4.2.0 - Reflected Cross-Site Scripting LOW *-4.2.0 4.2.1 July 4, 2026
wp-accessibility-helper wp-accessibility-helper N/A WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi LOW [*, 0.6.0.7) 0.6.0.7 July 4, 2026
WooCommerce woocommerce
80
WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection LOW [*, 6.6.0) 6.6.0 July 4, 2026
W3 Total Cache w3-total-cache
69
Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure LOW *-2.2.2 2.2.3 July 4, 2026
print-my-blog print-my-blog N/A Print My Blog – Print, PDF, & eBook Converter <= 3.15.8 - Unprotected AJAX Actions LOW *-3.15.8 3.15.9 July 4, 2026
popup-builder popup-builder N/A Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting LOW *-4.1.10 4.1.11 July 4, 2026
cache-images cache-images
93
Cache Images <= 3.2 - Missing Authorization LOW *-3.1 3.2.1 July 4, 2026
cache-images cache-images
93
Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload LOW *-3.1 3.2.1 July 4, 2026
bold-page-builder bold-page-builder
86
Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 4.3.3) 4.3.3 July 4, 2026
auxin-elements auxin-elements
89
Shortcodes and extra features for Phlox theme <= 2.9.7 - Reflected Cross-Site-Scripting LOW [*, 2.9.8) 2.9.8 July 4, 2026
admin-management-xtended admin-management-xtended
97
Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update LOW [*, 2.4.5) 2.4.5 July 4, 2026
simple-podcasting simple-podcasting N/A got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect LOW *-1.2.4 1.3.0 July 4, 2026
simple-page-ordering simple-page-ordering N/A got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect LOW *-2.4.2 2.4.3 July 4, 2026
send-pdf-for-contact-form-7 send-pdf-for-contact-form-7 N/A Send PDF for Contact Form 7 <= 0.9.1 - Multiple Cross-Site Scripting LOW *-0.9.1 0.9.2 July 4, 2026
safe-redirect-manager safe-redirect-manager N/A got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect LOW *-1.11.1 2.0.0 July 4, 2026
wp-special-textboxes wp-special-textboxes N/A Special Text Boxes <= 5.9.110 - Cross-Site Scripting LOW *-5.9.110 6.0.0 July 4, 2026
wp-oer wp-oer N/A WP OER <= 0.9.0 - Cross-Site Scripting LOW *-0.9.0 0.9.1 July 4, 2026
wp-multisite-content-copier wp-multisite-content-copier N/A WordPress Multisite Content Copier/Updater <= 1.4.0 - Cross-Site Scripting LOW *-1.4.0 1.5.0 July 4, 2026
thumbnail-for-excerpts thumbnail-for-excerpts N/A Thumbnail For Excerpts <= 2.1 - Cross-Site Request Forgery LOW *-2.1 July 4, 2026
sp-client-document-manager sp-client-document-manager
87
SP Project & Document Manager <= 4.56 - Cross-Site Request Forgery and Cross-Site Scripting LOW *-4.56 4.57 July 4, 2026
popup-builder popup-builder N/A Popup Builder <= 4.1.0 - Cross-Site Request Forgery LOW *-4.1.0 4.1.11 July 4, 2026
page-link-manager page-link-manager
91
Page Link Manager <= 1.0b - Cross-Site Request Forgery to Settings Update LOW * - 1.0b July 4, 2026
iubenda-cookie-law-solution iubenda-cookie-law-solution
93
iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more <= 3.0.8 - Server-Side Request Forgery LOW *-3.0.7 3.0.8 July 4, 2026
interactive-medical-drawing-of-human-body interactive-medical-drawing-of-human-body
91
Interactive Medical Drawing of Human Body <= 2.4 - Cross-Site Scripting LOW *-2.4 2.6 July 4, 2026
hot-linked-image-cacher hot-linked-image-cacher
89
Hot Linked Image Cacher <= 1.16 - Reflected Cross-Site Scripting LOW *-1.16 July 4, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure LOW *-2.20.2 2.21.0 July 4, 2026
flv-embed flv-embed
91
FLV Embed <= 1.2.1 - Cross-Site Request Forgery to Options Update LOW *-1.2.1 July 4, 2026
dyslexiefont dyslexiefont
91
Dyslexiefont Free <= 0.0.2 - Cross-Site Scripting LOW *-0.0.2 1.0.0 July 4, 2026
mashsharer mashsharer
91
Social Media Share Buttons <= 3.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.8.1 3.8.2 July 4, 2026
wp-paginate wp-paginate N/A WP-Paginate <= 2.1.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.1.9) 2.1.9 July 4, 2026
woocommerce-product-importer woocommerce-product-importer N/A WooCommerce – Product Importer <= 1.5.2 - Reflected Cross-Site Scripting LOW *-1.5.2 1.5.3 July 4, 2026
woocommerce-pdf-invoices-packing-slips woocommerce-pdf-invoices-packing-slips N/A WooCommerce PDF Invoices & Packing Slips <= 2.15.0 - Reflected Cross-Site Scripting LOW *-2.15.0 2.16.0 July 4, 2026
smartsoftbutton-widget-de-botones-de-chat smartsoftbutton-widget-de-botones-de-chat N/A Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0.1 July 4, 2026
shortcut-macros shortcut-macros N/A Shortcut Macros <= 1.3 - Missing Authorization to Settings Update LOW *-1.3 July 4, 2026
review-buddypress-groups review-buddypress-groups N/A Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass LOW *-2.8.3 2.8.4 July 4, 2026
rename-wp-login rename-wp-login N/A Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change LOW *-2.6.0 July 4, 2026
pricing-deals-for-woocommerce pricing-deals-for-woocommerce N/A Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQL Injection LOW *-2.0.2.02 2.0.3 July 4, 2026
photo-gallery photo-gallery
93
Photo Gallery by 10Web <= 1.6.6 - Reflected Cross-Site Scripting LOW *-1.6.6 1.6.7 July 4, 2026
mycred mycred
93
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.6.1 - Cross-Site Scripting LOW *-2.4.6.1 2.4.7 July 4, 2026
hc-custom-wp-admin-url hc-custom-wp-admin-url
87
HC Custom WP-Admin URL <= 1.4 - Missing Authorization to Login URL Change LOW *-1.4 July 4, 2026
foxyshop foxyshop
93
FoxyShop <= 4.8.1 - Reflected Cross-Site Scripting LOW *-4.8.1 4.8.2 July 4, 2026
comment-license comment-license
93
Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update LOW [*, 1.4.0) 1.4.0 July 4, 2026
awin-data-feed awin-data-feed
93
Awin Data Feed <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 1.8 July 4, 2026
awin-data-feed awin-data-feed
93
Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting LOW *-1.7 1.8 July 4, 2026
gallery-by-supsystic gallery-by-supsystic
93
Photo Gallery by Supsystic <= 1.15.5 - Cross-Site Request Forgery to Plugin Settings Change LOW *-1.15.5 1.15.6 July 4, 2026
sharebar sharebar N/A Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting LOW *-1.4.1 July 4, 2026
pmpro-courses pmpro-courses N/A Premium Courses & eLearning <= 1.0.5 - SQL Injection LOW *-1.0.5 1.1 July 4, 2026
pagebar pagebar
93
pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting LOW *-2.65 2.66 July 4, 2026
opt-in-panda opt-in-panda
91
OnePress Opt-In Panda <= 2.6.2 - Missing Authorization on AJAX Actions LOW *-2.6.2 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection LOW *-3.0.34.1, 3.1-3.1.9, 3.2-3.2.27, 3.3-3.3.21.3, 3.4-3.4.34.1, 3.5-3.5.8.3 3.0.34.2 July 4, 2026
lana-email-tester lana-email-tester
93
Lana Email Tester <= 1.0.0 - Missing Authorization to Mail Relay & Cross-Site Request Forgery LOW *-1.0.0 1.1.0 July 4, 2026
export-to-text export-to-text
91
Export to Text <= 2.4 - Unauthenticated Post Export LOW *-2.4 July 4, 2026
m-wp-popup m-wp-popup
91
Popup | Custom Popup Builder <= 1.3.1 - Missing Capabilities Check LOW *-1.3.1 July 4, 2026
xo-liteslider xo-liteslider N/A XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.2 3.3.3 July 4, 2026
wp-team-manager wp-team-manager N/A WordPress Team Manager <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 2.0.1 July 4, 2026
nd-travel nd-travel
91
Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 4, 2026
Checkout Field Manager (Checkout Manager) for WooCommerce woocommerce-checkout-manager
92
Checkout Fields Manager for WooCommerce <= 5.5.6 - Reflected Cross-Site Scripting LOW *-5.5.6 5.5.7 July 4, 2026
real-cookie-banner real-cookie-banner N/A Real Cookie Banner <= 2.18.1 - Reflected Cross-Site Scripting LOW *-2.18.1 2.18.2 July 4, 2026
qubely qubely N/A Qubely <= 1.7.9 - Incorrect Authorization LOW 1.8.0 1.8.1 July 4, 2026
learnpress learnpress
93
LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting LOW *-4.1.6.5 4.1.6.6 July 4, 2026
gravity-forms-pdf-extended gravity-forms-pdf-extended
93
Gravity PDF <= 6.3.0 - Reflected Cross-Site Scripting LOW *-6.3.0 6.3.1 July 4, 2026
flexible-shipping flexible-shipping
93
Table Rate Shipping Method for WooCommerce by Flexible Shipping <= 4.11.8 - Reflected Cross-Site Scripting LOW *-4.11.8 4.11.9 July 4, 2026
easy-testimonials easy-testimonials
89
Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting LOW *-3.8 3.9 July 4, 2026
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer clearfy
93
Clearfy Cache <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 2.0.5 July 4, 2026
yampi-checkout yampi-checkout N/A Yampi Checkout < = 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 1.0.4 July 4, 2026
LOW

oauth-client

oauth-client

Score: 93/100 OAuth 2.0 client for SSO <= 1.11.3 - Authentication Bypass Affected: *-1.11.3 Patched: 1.11.4 Updated: July 4, 2026
LOW

miniorange-openid-connect-client

miniorange-openid-connect-client

Score: 93/100 WordPress OpenID Connect Client <= 2.1.7 - Authentication Bypass Affected: *-2.1.7 Patched: 2.1.8 Updated: July 4, 2026
LOW

miniorange-login-with-whmcs

miniorange-login-with-whmcs

Score: 93/100 Login with WHMCS <= 1.11.3 - Authentication Bypass Affected: *-1.11.3 Patched: 1.11.4 Updated: July 4, 2026
LOW

loading-page

loading-page

Score: 93/100 Loading Page with Loading Screen <= 1.0.82 - Cross-Site Scripting Affected: *-1.0.82 Patched: 1.0.83 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.43 - Reflected Cross-Site Scripting Affected: *-3.2.43 Patched: 3.2.44 Updated: July 4, 2026
LOW

wp-meta-seo

wp-meta-seo

Score: N/A WP Meta SEO <= 4.4.8 - Cross-Site Request Forgery to Settings Update Affected: *-4.4.8 Patched: 4.4.9 Updated: July 4, 2026
LOW

wooshark-woocommerce-dropshipping

wooshark-woocommerce-dropshipping

Score: N/A Dropshipping and affiliates for Amazon and woocommerce <= 1.4.3 - Missing Authorization Affected: *-1.4.3 Patched: Updated: July 4, 2026
LOW

woo-reviews-manager

woo-reviews-manager

Score: N/A eBay Dropshipping and Affiliate by Wooshark <= 1.5.6 - Unprotected AJAX Actions Affected: *-1.5.6 Patched: Updated: July 4, 2026
LOW

simple-post-notes

simple-post-notes

Score: N/A Simple Post Notes <= 1.7.5 - Subscriber+ Stored Cross-Site Scripting Affected: *-1.7.5 Patched: 1.7.6 Updated: July 4, 2026
LOW

reamaze

reamaze

Score: N/A Re:amaze Helpdesk & Live Chat <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 2.0 Updated: July 4, 2026
LOW

our-services-showcase

our-services-showcase

Score: 91/100 Our Services Showcase <= 2.0 - Missing Authorization Affected: *-2.0 Patched: Updated: July 4, 2026
LOW

miniorange-login-with-eve-online-google-facebook

miniorange-login-with-eve-online-google-facebook

Score: 93/100 OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting Affected: *-6.22.5 Patched: 6.23.0 Updated: July 4, 2026
LOW

login-with-cognito

login-with-cognito

Score: 93/100 Login with Cognito <= 1.4.6 - Authentication Bypass Affected: *-1.4.6 Patched: 1.4.7 Updated: July 4, 2026
LOW

livesupporti

livesupporti

Score: 93/100 Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0.11 Patched: 1.0.12 Updated: July 4, 2026
LOW

gtm-server-side

gtm-server-side

Score: 93/100 GTM Server Side <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 4, 2026
LOW

freshdesk-support

freshdesk-support

Score: 93/100 Freshdesk (official) <= 2.3.6 - Cross-Site Request Forgery Affected: *-2.3.6 Patched: 2.4.0 Updated: July 4, 2026
LOW

football-live-scores

football-live-scores

Score: 91/100 Football Live Scores <= 1.5 - Missing Authorization Affected: *-1.5 Patched: Updated: July 4, 2026
LOW

dx-share-selection

dx-share-selection

Score: 93/100 DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 4, 2026
LOW

Data Tables Generator by Supsystic

data-tables-generator-by-supsystic

Score: 89/100 Data Tables Generator By Supsystic <= 1.10.19 - Cross-Site Scripting Affected: *-1.10.19 Patched: 1.10.20 Updated: July 4, 2026
LOW

bbpress-post-topics

bbpress-post-topics

Score: 93/100 Post Comments as bbPress Topics <= 2.2.3 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: July 4, 2026
LOW

404s

404s

Score: 97/100 404s <= 3.4.9 - Administrator+ Cross-Site Scripting Affected: *-3.4.9 Patched: 3.5.1 Updated: July 4, 2026
LOW

wp-easy-contact

wp-easy-contact

Score: N/A Best Contact Management Software <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.7.3 Patched: 3.8 Updated: July 4, 2026
LOW

very-simple-breadcrumb

very-simple-breadcrumb

Score: N/A Very Simple Breadcrumb <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

import-csv-files

import-csv-files

Score: 91/100 Import CSV Files <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

embed-power-bi

embed-power-bi

Score: 91/100 Power BI Embedded for WordPress <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: 1.1.3 Patched: 1.1.4 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting Affected: *-3.2.46 Patched: 3.2.47 Updated: July 4, 2026
LOW

company-updates-for-linkedin

company-updates-for-linkedin

Score: 91/100 LinkedIn Company Updates <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 4, 2026
LOW

collect-and-deliver-interface-for-woocommerce

collect-and-deliver-interface-for-woocommerce

Score: 93/100 CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting Affected: *-5.1.9 Patched: 5.1.10 Updated: July 4, 2026
LOW

brizy

brizy

Score: 93/100 Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL Affected: [*, 2.4.2) Patched: 2.4.2 Updated: July 4, 2026
LOW

brizy

brizy

Score: 93/100 Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content Affected: [*, 2.4.2) Patched: 2.4.2 Updated: July 4, 2026
LOW

wp-opt-in

wp-opt-in

Score: N/A WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update Affected: *-1.4.1 Patched: Updated: July 4, 2026
LOW

wp-maintenance-mode

wp-maintenance-mode

Score: N/A WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery Affected: *-2.4.4 Patched: 2.4.5 Updated: July 4, 2026
LOW

wp-event-manager

wp-event-manager

Score: N/A WP Event Manager – Easily Build your Calendar of Events! <= 3.1.27 - Stored Cross Site Scripting Affected: [*, 3.1.28) Patched: 3.1.28 Updated: July 4, 2026
LOW

wp-duplicate-page

wp-duplicate-page

Score: N/A WP Duplicate Page <= 1.2 - Authenticated (Admin+) Stored Cross Site Scripting Affected: [*, 1.3) Patched: 1.3 Updated: July 4, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify <= 4.2.0 - Reflected Cross-Site Scripting Affected: *-4.2.0 Patched: 4.2.1 Updated: July 4, 2026
LOW

wp-accessibility-helper

wp-accessibility-helper

Score: N/A WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi Affected: [*, 0.6.0.7) Patched: 0.6.0.7 Updated: July 4, 2026
LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection Affected: [*, 6.6.0) Patched: 6.6.0 Updated: July 4, 2026
LOW

W3 Total Cache

w3-total-cache

Score: 69/100 Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure Affected: *-2.2.2 Patched: 2.2.3 Updated: July 4, 2026
LOW

print-my-blog

print-my-blog

Score: N/A Print My Blog – Print, PDF, & eBook Converter <= 3.15.8 - Unprotected AJAX Actions Affected: *-3.15.8 Patched: 3.15.9 Updated: July 4, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting Affected: *-4.1.10 Patched: 4.1.11 Updated: July 4, 2026
LOW

cache-images

cache-images

Score: 93/100 Cache Images <= 3.2 - Missing Authorization Affected: *-3.1 Patched: 3.2.1 Updated: July 4, 2026
LOW

cache-images

cache-images

Score: 93/100 Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload Affected: *-3.1 Patched: 3.2.1 Updated: July 4, 2026
LOW

bold-page-builder

bold-page-builder

Score: 86/100 Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 4.3.3) Patched: 4.3.3 Updated: July 4, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.9.7 - Reflected Cross-Site-Scripting Affected: [*, 2.9.8) Patched: 2.9.8 Updated: July 4, 2026
LOW

admin-management-xtended

admin-management-xtended

Score: 97/100 Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update Affected: [*, 2.4.5) Patched: 2.4.5 Updated: July 4, 2026
LOW

simple-podcasting

simple-podcasting

Score: N/A got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect Affected: *-1.2.4 Patched: 1.3.0 Updated: July 4, 2026
LOW

simple-page-ordering

simple-page-ordering

Score: N/A got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect Affected: *-2.4.2 Patched: 2.4.3 Updated: July 4, 2026
LOW

send-pdf-for-contact-form-7

send-pdf-for-contact-form-7

Score: N/A Send PDF for Contact Form 7 <= 0.9.1 - Multiple Cross-Site Scripting Affected: *-0.9.1 Patched: 0.9.2 Updated: July 4, 2026
LOW

safe-redirect-manager

safe-redirect-manager

Score: N/A got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect Affected: *-1.11.1 Patched: 2.0.0 Updated: July 4, 2026
LOW

wp-special-textboxes

wp-special-textboxes

Score: N/A Special Text Boxes <= 5.9.110 - Cross-Site Scripting Affected: *-5.9.110 Patched: 6.0.0 Updated: July 4, 2026
LOW

wp-oer

wp-oer

Score: N/A WP OER <= 0.9.0 - Cross-Site Scripting Affected: *-0.9.0 Patched: 0.9.1 Updated: July 4, 2026
LOW

wp-multisite-content-copier

wp-multisite-content-copier

Score: N/A WordPress Multisite Content Copier/Updater <= 1.4.0 - Cross-Site Scripting Affected: *-1.4.0 Patched: 1.5.0 Updated: July 4, 2026
LOW

thumbnail-for-excerpts

thumbnail-for-excerpts

Score: N/A Thumbnail For Excerpts <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: July 4, 2026
LOW

sp-client-document-manager

sp-client-document-manager

Score: 87/100 SP Project & Document Manager <= 4.56 - Cross-Site Request Forgery and Cross-Site Scripting Affected: *-4.56 Patched: 4.57 Updated: July 4, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder <= 4.1.0 - Cross-Site Request Forgery Affected: *-4.1.0 Patched: 4.1.11 Updated: July 4, 2026
LOW

page-link-manager

page-link-manager

Score: 91/100 Page Link Manager <= 1.0b - Cross-Site Request Forgery to Settings Update Affected: * - 1.0b Patched: Updated: July 4, 2026
LOW

iubenda-cookie-law-solution

iubenda-cookie-law-solution

Score: 93/100 iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more <= 3.0.8 - Server-Side Request Forgery Affected: *-3.0.7 Patched: 3.0.8 Updated: July 4, 2026
LOW

interactive-medical-drawing-of-human-body

interactive-medical-drawing-of-human-body

Score: 91/100 Interactive Medical Drawing of Human Body <= 2.4 - Cross-Site Scripting Affected: *-2.4 Patched: 2.6 Updated: July 4, 2026
LOW

hot-linked-image-cacher

hot-linked-image-cacher

Score: 89/100 Hot Linked Image Cacher <= 1.16 - Reflected Cross-Site Scripting Affected: *-1.16 Patched: Updated: July 4, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure Affected: *-2.20.2 Patched: 2.21.0 Updated: July 4, 2026
LOW

flv-embed

flv-embed

Score: 91/100 FLV Embed <= 1.2.1 - Cross-Site Request Forgery to Options Update Affected: *-1.2.1 Patched: Updated: July 4, 2026
LOW

dyslexiefont

dyslexiefont

Score: 91/100 Dyslexiefont Free <= 0.0.2 - Cross-Site Scripting Affected: *-0.0.2 Patched: 1.0.0 Updated: July 4, 2026
LOW

mashsharer

mashsharer

Score: 91/100 Social Media Share Buttons <= 3.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.8.1 Patched: 3.8.2 Updated: July 4, 2026
LOW

wp-paginate

wp-paginate

Score: N/A WP-Paginate <= 2.1.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.1.9) Patched: 2.1.9 Updated: July 4, 2026
LOW

woocommerce-product-importer

woocommerce-product-importer

Score: N/A WooCommerce – Product Importer <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: July 4, 2026
LOW

woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips

Score: N/A WooCommerce PDF Invoices & Packing Slips <= 2.15.0 - Reflected Cross-Site Scripting Affected: *-2.15.0 Patched: 2.16.0 Updated: July 4, 2026
LOW

smartsoftbutton-widget-de-botones-de-chat

smartsoftbutton-widget-de-botones-de-chat

Score: N/A Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

shortcut-macros

shortcut-macros

Score: N/A Shortcut Macros <= 1.3 - Missing Authorization to Settings Update Affected: *-1.3 Patched: Updated: July 4, 2026
LOW

review-buddypress-groups

review-buddypress-groups

Score: N/A Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass Affected: *-2.8.3 Patched: 2.8.4 Updated: July 4, 2026
LOW

rename-wp-login

rename-wp-login

Score: N/A Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change Affected: *-2.6.0 Patched: Updated: July 4, 2026
LOW

pricing-deals-for-woocommerce

pricing-deals-for-woocommerce

Score: N/A Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQL Injection Affected: *-2.0.2.02 Patched: 2.0.3 Updated: July 4, 2026
LOW

photo-gallery

photo-gallery

Score: 93/100 Photo Gallery by 10Web <= 1.6.6 - Reflected Cross-Site Scripting Affected: *-1.6.6 Patched: 1.6.7 Updated: July 4, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.6.1 - Cross-Site Scripting Affected: *-2.4.6.1 Patched: 2.4.7 Updated: July 4, 2026
LOW

hc-custom-wp-admin-url

hc-custom-wp-admin-url

Score: 87/100 HC Custom WP-Admin URL <= 1.4 - Missing Authorization to Login URL Change Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

foxyshop

foxyshop

Score: 93/100 FoxyShop <= 4.8.1 - Reflected Cross-Site Scripting Affected: *-4.8.1 Patched: 4.8.2 Updated: July 4, 2026
LOW

comment-license

comment-license

Score: 93/100 Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update Affected: [*, 1.4.0) Patched: 1.4.0 Updated: July 4, 2026
LOW

awin-data-feed

awin-data-feed

Score: 93/100 Awin Data Feed <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 4, 2026
LOW

awin-data-feed

awin-data-feed

Score: 93/100 Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 4, 2026
LOW

gallery-by-supsystic

gallery-by-supsystic

Score: 93/100 Photo Gallery by Supsystic <= 1.15.5 - Cross-Site Request Forgery to Plugin Settings Change Affected: *-1.15.5 Patched: 1.15.6 Updated: July 4, 2026
LOW

sharebar

sharebar

Score: N/A Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 4, 2026
LOW

pmpro-courses

pmpro-courses

Score: N/A Premium Courses & eLearning <= 1.0.5 - SQL Injection Affected: *-1.0.5 Patched: 1.1 Updated: July 4, 2026
LOW

pagebar

pagebar

Score: 93/100 pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting Affected: *-2.65 Patched: 2.66 Updated: July 4, 2026
LOW

opt-in-panda

opt-in-panda

Score: 91/100 OnePress Opt-In Panda <= 2.6.2 - Missing Authorization on AJAX Actions Affected: *-2.6.2 Patched: Updated: July 4, 2026
LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection Affected: *-3.0.34.1, 3.1-3.1.9, 3.2-3.2.27, 3.3-3.3.21.3, 3.4-3.4.34.1, 3.5-3.5.8.3 Patched: 3.0.34.2 Updated: July 4, 2026
LOW

lana-email-tester

lana-email-tester

Score: 93/100 Lana Email Tester <= 1.0.0 - Missing Authorization to Mail Relay & Cross-Site Request Forgery Affected: *-1.0.0 Patched: 1.1.0 Updated: July 4, 2026
LOW

export-to-text

export-to-text

Score: 91/100 Export to Text <= 2.4 - Unauthenticated Post Export Affected: *-2.4 Patched: Updated: July 4, 2026
LOW

m-wp-popup

m-wp-popup

Score: 91/100 Popup | Custom Popup Builder <= 1.3.1 - Missing Capabilities Check Affected: *-1.3.1 Patched: Updated: July 4, 2026
LOW

xo-liteslider

xo-liteslider

Score: N/A XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.2 Patched: 3.3.3 Updated: July 4, 2026
LOW

wp-team-manager

wp-team-manager

Score: N/A WordPress Team Manager <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: July 4, 2026
LOW

nd-travel

nd-travel

Score: 91/100 Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 4, 2026
LOW

real-cookie-banner

real-cookie-banner

Score: N/A Real Cookie Banner <= 2.18.1 - Reflected Cross-Site Scripting Affected: *-2.18.1 Patched: 2.18.2 Updated: July 4, 2026
LOW

qubely

qubely

Score: N/A Qubely <= 1.7.9 - Incorrect Authorization Affected: 1.8.0 Patched: 1.8.1 Updated: July 4, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting Affected: *-4.1.6.5 Patched: 4.1.6.6 Updated: July 4, 2026
LOW

gravity-forms-pdf-extended

gravity-forms-pdf-extended

Score: 93/100 Gravity PDF <= 6.3.0 - Reflected Cross-Site Scripting Affected: *-6.3.0 Patched: 6.3.1 Updated: July 4, 2026
LOW

flexible-shipping

flexible-shipping

Score: 93/100 Table Rate Shipping Method for WooCommerce by Flexible Shipping <= 4.11.8 - Reflected Cross-Site Scripting Affected: *-4.11.8 Patched: 4.11.9 Updated: July 4, 2026
LOW

easy-testimonials

easy-testimonials

Score: 89/100 Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting Affected: *-3.8 Patched: 3.9 Updated: July 4, 2026
LOW

yampi-checkout

yampi-checkout

Score: N/A Yampi Checkout < = 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 4, 2026

Showing 28801 to 28900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 01:31 UTC.