Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
WP Contact Slider – Contact Form Slider Widget wp-contact-slider N/A WP Contact Slider <= 2.4.6 - Stored Cross-Site Scripting LOW *-2.4.6 2.4.7 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form <= 3.6.9 - Cross-Site Scripting via field label LOW *-3.6.9 3.6.10 July 4, 2026
gallery-album gallery-album
83
Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting LOW *-1.9.9 2.0.0 July 4, 2026
Elementor Website Builder – more than just a page builder elementor
79
Elementor Website Builder <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting LOW *-3.5.5 3.5.6 July 4, 2026
easync-booking easync-booking
93
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload LOW *-1.1.15 1.1.16 July 4, 2026
age-gate age-gate
97
Age Gate <= 2.17.0 - Cross-Site Scripting via Data Import LOW *-2.17.0 2.17.1 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Ninja Forms Contact Form <= 3.6.10 - Authenticated (Admin+) Stored Cross-Site Scripting via import LOW *-3.6.10 3.6.11 July 4, 2026
toolbar-to-share toolbar-to-share N/A ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-2.0 July 4, 2026
social-share-buttons-by-supsystic social-share-buttons-by-supsystic N/A Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection LOW *-2.2.6 2.2.7 July 4, 2026
social-share-buttons-by-supsystic social-share-buttons-by-supsystic N/A Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization LOW *-2.2.3 2.2.4 July 4, 2026
gallery-bank gallery-bank
89
Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Media Upload LOW *-4.0.50 July 4, 2026
gallery-bank gallery-bank
89
Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Gallery Description LOW *-4.0.50 July 4, 2026
api-key-for-google-maps api-key-for-google-maps
97
API KEY for Google Maps <= 1.2.1 - Cross-Site Request Forgery LOW *-1.2.1 1.2.2 July 4, 2026
copify copify
91
Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.3.0 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form <= 3.6.9 - Authenticated (Admin+) Cross-Site Scripting via label LOW *-3.6.9 3.6.10 July 4, 2026
wp-skitter-slideshow wp-skitter-slideshow N/A Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery LOW *-2.5.2 July 4, 2026
wp-menu-cart wp-menu-cart N/A WP Menu Cart <= 2.11.0 - Reflected Cross-Site Scripting LOW *-2.11.0 2.12.0 July 4, 2026
wp-championship wp-championship N/A wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities LOW *-9.2 9.3 July 4, 2026
wp-all-export wp-all-export N/A Export any WordPress data to XML/CSV <= 1.3.5 - Reflected Cross-Site Scripting LOW *-1.3.5 1.3.6 July 4, 2026
woocommerce-pdf-invoices-packing-slips woocommerce-pdf-invoices-packing-slips N/A WooCommerce PDF Invoices & Packing Slips <= 2.14.5 - Cross-Site Scripting LOW 2.14.5 2.15 July 4, 2026
woocommerce-menu-bar-cart woocommerce-menu-bar-cart N/A WooCommerce Menu Cart <= 2.11.0 - Reflected Cross-Site Scripting LOW *-2.11.0 2.12.0 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection LOW *-3.6.9 3.6.10 July 4, 2026
co-authors-plus co-authors-plus
93
Co-Authors Plus 3.5 - 3.5.1 - Sensitive Information Disclosure LOW 3.5-3.5.1 3.5.2 July 4, 2026
404-to-301 404-to-301
97
404 to 301 – Redirect, Log and Notify 404 Errors <= 3.1.1 - Reflected Cross-Site Scripting LOW *-3.1.1 3.1.2 July 4, 2026
xcloner-backup-and-restore xcloner-backup-and-restore N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.16 - Unauthenticated Plugin Settings Reset LOW *-4.2.16 4.3.6 July 4, 2026
wp-security-pro wp-security-pro N/A WordPress Security <= 4.2 - Admin+ Stored Cross-Site Scripting LOW *-4.2 4.2.1 July 4, 2026
wp-nested-pages wp-nested-pages N/A Nested Pages <= 3.1.20 - Stored Cross-Site Scripting LOW [*, 3.1.21) 3.1.21 July 4, 2026
site-is-offline-plugin site-is-offline-plugin N/A Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting LOW *-1.6.6 July 4, 2026
qubely qubely N/A Qubely <= 1.7.8 - Missing Authorization LOW *-1.7.8 1.7.9 July 4, 2026
nextcellent-gallery-nextgen-legacy nextcellent-gallery-nextgen-legacy
91
NextCellent Gallery <= 1.9.35 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.9.35 July 4, 2026
mycss mycss
91
MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update LOW *-1.1 July 4, 2026
modula-best-grid-gallery modula-best-grid-gallery
93
Modula Image Gallery <= 2.6.6 - Reflected Cross-Site Scripting LOW *-2.6.6 2.6.7 July 4, 2026
miniorange-wp-as-saml-idp miniorange-wp-as-saml-idp
93
Login using WordPress Users (WP as SAML IDP) <= 1.13.2 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.13.3 1.13.4 July 4, 2026
miniorange-saml-20-single-sign-on miniorange-saml-20-single-sign-on
93
SAML Single Sign On – SAML SSO Login <= 4.9.20 - Reflected Cross-Site Scripting LOW *-4.9.20 4.9.21 July 4, 2026
miniorange-malware-protection miniorange-malware-protection
93
miniOrange’s Malware Scanner <= 4.5.5 - Cross-Site Scripting LOW *-4.5.1 4.5.2 July 4, 2026
miniorange-limit-login-attempts miniorange-limit-login-attempts
93
MiniOrange Limit Login Attempts <= 4.0.72 - Administrator+ Cross-Site Scripting LOW *-4.0.71 4.0.72 July 4, 2026
miniorange-google-authenticator miniorange-google-authenticator
93
Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.4 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0.4 1.0.5 July 4, 2026
miniorange-google-authenticator miniorange-google-authenticator
93
Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.7 - Cross-Site Scripting LOW *-1.0.7 1.0.8 July 4, 2026
miniorange-2-factor-authentication miniorange-2-factor-authentication
93
miniOrange's Google Authenticator <= 5.5.5 - Authenticated (Admin+) Cross-Site Scripting LOW *-5.5.5 5.5.6 July 4, 2026
armember-membership armember-membership
95
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 3.4.7 -Authentication Bypass via Password Reset Weakness LOW *-3.4.7 3.4.8 July 4, 2026
single-sign-on-client single-sign-on-client N/A Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass LOW *-4.1.1 July 4, 2026
gallery-image-gallery-photo gallery-image-gallery-photo
93
Image Gallery – Grid Gallery <= 1.1.1 - Stored Cross-Site Scripting LOW *-1.1.2 1.1.3 July 4, 2026
easy-pricing-tables easy-pricing-tables
93
Easy Pricing Tables <= 3.2.0 - Reflected Cross-Site Scripting LOW *-3.2.0 3.2.1 July 4, 2026
advanced-currency-switcher advanced-currency-switcher
97
Currency Switcher for WordPress <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 1.0.4 July 4, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A WP Ultimate CSV Importer <= 6.5.2 - Server-Side Request Forgery LOW *-6.5.2 6.5.3 July 4, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
Import any XML or CSV File to WordPress <= 3.6.6 - Reflected Cross-Site Scripting LOW *-3.6.6 3.6.7 July 4, 2026
traderunner traderunner N/A Trade Runner <= 3.9 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.9 3.10 July 4, 2026
simple-woocommerce-csv-loader simple-woocommerce-csv-loader N/A Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 4, 2026
shortpixel-image-optimiser shortpixel-image-optimiser N/A ShortPixel Image Optimizer <= 4.22.9 - Reflected Cross-Site Scripting LOW *-4.22.9 4.22.10 July 4, 2026
my-content-management my-content-management
93
My Content Management <= 1.7.1 - Cross-Site Scripting LOW 1.7.1 1.7.2 July 4, 2026
kitestudio-core kitestudio-core
93
core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting LOW [*, 2.3.1) 2.3.1 July 4, 2026
insert-php insert-php
93
Woody code snippets <= 2.4.5 - Reflected Cross-Site Scripting LOW *-2.4.5 2.4.6 July 4, 2026
html2wp html2wp
87
HTML2WP <= 1.0.0 - Cross-Site Request Forgery LOW *-1.0.0 July 4, 2026
html2wp html2wp
87
HTML2WP <= 1.0.0 - Arbitrary File Deletion LOW *-1.0.0 July 4, 2026
html2wp html2wp
87
HTML2WP <= 1.0.0 - Arbitrary File Upload LOW *-1.0.0 July 4, 2026
Download Manager download-manager
63
Download Manager <= 3.2.42 - Reflected Cross-Site Scripting LOW *-3.2.42 3.2.43 July 4, 2026
browser-and-operating-system-finder browser-and-operating-system-finder
91
Browser and Operating System Finder <= 1.2 - Missing Authorization LOW *-1.2 July 4, 2026
wp-posturl wp-posturl N/A Add Post URL <= 2.1.0 - Cross-Site Request Forgery LOW *-2.1.0 July 4, 2026
social-share-buttons-by-supsystic social-share-buttons-by-supsystic N/A Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update LOW *-2.2.3 2.2.4 July 4, 2026
sb-elementor-contact-form-db sb-elementor-contact-form-db N/A Elementor Contact Form DB <= 1.5 - Sensitive Information Disclosure LOW *-1.5 1.6 July 4, 2026
profit-products-tables-for-woocommerce profit-products-tables-for-woocommerce N/A Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 1.0.5 July 4, 2026
new-user-approve new-user-approve
93
New User Approve <= 2.4 - Cross-Site Request Forgery LOW *-2.4 2.4.1 July 4, 2026
modern-events-calendar-lite modern-events-calendar-lite
93
Modern Events Calendar Lite <= 6.2.9 - Authenticated (Contributor+) Cross-Site Scripting LOW *-6.2.9 6.3.0 July 4, 2026
expivi expivi
93
Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion LOW *-1.0.5 1.0.6 July 4, 2026
easy-svg easy-svg
93
Easy SVG Support <= 3.2.0 - Cross-Site Scripting via SVG Upload LOW *-3.2.0 3.3.0 July 4, 2026
contest-gallery contest-gallery
93
Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection LOW *-17.0.4 17.0.5 July 4, 2026
cimy-header-image-rotator cimy-header-image-rotator
91
Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery LOW *-6.1.1 July 4, 2026
zengo-custom-thumbnail-image zengo-custom-thumbnail-image N/A Zengo Custom Thumbnail Image Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 4, 2026
wpsid-shortcode wpsid-shortcode N/A WPSID Shortcode <= 1.0.9.2 - Open Redirect LOW *-1.0.9.2 July 4, 2026
wp-sentry wp-sentry N/A WP Sentry <= 1.0 - Cross-Site Request Forgery LOW *-1.0 July 4, 2026
wp-post-styling wp-post-styling N/A WP Post Styling <= 1.3.0 - Cross-Site Request Forgery LOW *-1.3.0 1.3.2 July 4, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.5.8 - Reflected Cross-Site Scripting LOW *-5.5.8 5.5.9 July 4, 2026
woocommerce-germanized woocommerce-germanized N/A Germanized for WooCommerce <= 3.9.4 - Reflected Cross-Site Scripting LOW *-3.9.4 3.9.5 July 4, 2026
woo-multi-currency woo-multi-currency N/A CURCY <= 2.1.17 - Reflected Cross-Site Scripting LOW *-2.1.17 2.1.18 July 4, 2026
weberino-timed-quiz-creator weberino-timed-quiz-creator N/A Weberino Timed Quiz <= 0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.6.0 July 4, 2026
visualizer visualizer N/A Visualizer <= 3.7.6 - Reflected Cross-Site Scripting LOW *-3.7.6 3.7.7 July 4, 2026
video-conferencing-with-zoom-api video-conferencing-with-zoom-api N/A Video Conferencing with Zoom <= 3.9.2 - Reflected Cross-Site Scripting LOW *-3.9.2 3.9.3 July 4, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 1.25.5 - Reflected Cross-Site Scripting LOW *-1.25.5 1.25.6 July 4, 2026
tiny-contact-form tiny-contact-form N/A Tiny Contact Form <= 0.7 - Cross-Site Request Forgery LOW *-0.7 July 4, 2026
smartkit smartkit N/A Smartkit <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0 July 4, 2026
running-line running-line N/A Running Line <= 1.2 - Cross-Site Request Forgery to Settings Update LOW *-1.2 July 4, 2026
rotating-posts rotating-posts N/A Rotating Posts <= 1.11 - Cross-Site Request Forgery to Settings Update LOW *-1.11 July 4, 2026
ppc-fraud-detctor ppc-fraud-detctor N/A PPC Tracker WordPress <= 2.0 - Stored Cross-Site Scripting via IP LOW *-2.0 July 4, 2026
ping-list-pro ping-list-pro N/A Ping List Pro <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 4, 2026
openbook-book-data openbook-book-data
91
OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery LOW *-3.5.2 July 4, 2026
nd-restaurant-reservations nd-restaurant-reservations
91
Restaurant Reservations <= 1.7 - SQL Injection LOW *-1.7 1.8 July 4, 2026
more-featured-images more-featured-images
91
More Featured Images <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
mobile-browser-color-select mobile-browser-color-select
91
Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 4, 2026
mailpress mailpress
91
MailPress <= 7.2.1 - Cross-Site Request Forgery LOW *-7.2.1 July 4, 2026
find-any-think find-any-think
91
WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0.1 July 4, 2026
exports-and-reports exports-and-reports
93
Exports and Reports <= 0.9.1 - CSV Injection LOW *-0.9.1 0.9.2 July 4, 2026
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress duracelltomi-google-tag-manager
94
Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID LOW *-1.15.1 1.15.2 July 4, 2026
custom-colors-for-real-estate-manager custom-colors-for-real-estate-manager
91
Custom Colors for Real Estate Manager <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
cookie-params cookie-params
91
Cookie Params <= 0.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery LOW *-0.2 July 4, 2026
co2ok-for-woocommerce co2ok-for-woocommerce
93
CO2ok: carbon offsetting for e-commerce <= 1.0.9.21 - Cross-Site Scripting LOW *-1.0.9.21 1.0.9.22 July 4, 2026
clean-contact clean-contact
91
Clean-Contact <= 1.6 - Cross-Site Request Forgery LOW *-1.6 July 4, 2026
buddyforms-members buddyforms-members
93
BuddyForms Members <= 1.4.21 - Cross-Site Scripting LOW *-1.4.21 1.4.22 July 4, 2026
automatic-domain-changer automatic-domain-changer
93
Automatic Domain Changer <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 2.0.3 July 4, 2026
wplite wplite N/A WPlite <= 1.3.1 - Cross-Site Request Forgery LOW *-1.3.1 July 4, 2026
wp-zillow-review-slider wp-zillow-review-slider N/A WP Zillow Review Slider <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.4) 2.4 July 4, 2026
LOW

gallery-album

gallery-album

Score: 83/100 Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting Affected: *-1.9.9 Patched: 2.0.0 Updated: July 4, 2026
LOW

easync-booking

easync-booking

Score: 93/100 Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload Affected: *-1.1.15 Patched: 1.1.16 Updated: July 4, 2026
LOW

age-gate

age-gate

Score: 97/100 Age Gate <= 2.17.0 - Cross-Site Scripting via Data Import Affected: *-2.17.0 Patched: 2.17.1 Updated: July 4, 2026
LOW

toolbar-to-share

toolbar-to-share

Score: N/A ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 4, 2026
LOW

social-share-buttons-by-supsystic

social-share-buttons-by-supsystic

Score: N/A Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection Affected: *-2.2.6 Patched: 2.2.7 Updated: July 4, 2026
LOW

social-share-buttons-by-supsystic

social-share-buttons-by-supsystic

Score: N/A Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization Affected: *-2.2.3 Patched: 2.2.4 Updated: July 4, 2026
LOW

gallery-bank

gallery-bank

Score: 89/100 Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Media Upload Affected: *-4.0.50 Patched: Updated: July 4, 2026
LOW

gallery-bank

gallery-bank

Score: 89/100 Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Gallery Description Affected: *-4.0.50 Patched: Updated: July 4, 2026
LOW

api-key-for-google-maps

api-key-for-google-maps

Score: 97/100 API KEY for Google Maps <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: July 4, 2026
LOW

copify

copify

Score: 91/100 Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 4, 2026
LOW

wp-skitter-slideshow

wp-skitter-slideshow

Score: N/A Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery Affected: *-2.5.2 Patched: Updated: July 4, 2026
LOW

wp-menu-cart

wp-menu-cart

Score: N/A WP Menu Cart <= 2.11.0 - Reflected Cross-Site Scripting Affected: *-2.11.0 Patched: 2.12.0 Updated: July 4, 2026
LOW

wp-championship

wp-championship

Score: N/A wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities Affected: *-9.2 Patched: 9.3 Updated: July 4, 2026
LOW

wp-all-export

wp-all-export

Score: N/A Export any WordPress data to XML/CSV <= 1.3.5 - Reflected Cross-Site Scripting Affected: *-1.3.5 Patched: 1.3.6 Updated: July 4, 2026
LOW

woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips

Score: N/A WooCommerce PDF Invoices & Packing Slips <= 2.14.5 - Cross-Site Scripting Affected: 2.14.5 Patched: 2.15 Updated: July 4, 2026
LOW

woocommerce-menu-bar-cart

woocommerce-menu-bar-cart

Score: N/A WooCommerce Menu Cart <= 2.11.0 - Reflected Cross-Site Scripting Affected: *-2.11.0 Patched: 2.12.0 Updated: July 4, 2026
LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection Affected: *-3.6.9 Patched: 3.6.10 Updated: July 4, 2026
LOW

co-authors-plus

co-authors-plus

Score: 93/100 Co-Authors Plus 3.5 - 3.5.1 - Sensitive Information Disclosure Affected: 3.5-3.5.1 Patched: 3.5.2 Updated: July 4, 2026
LOW

404-to-301

404-to-301

Score: 97/100 404 to 301 – Redirect, Log and Notify 404 Errors <= 3.1.1 - Reflected Cross-Site Scripting Affected: *-3.1.1 Patched: 3.1.2 Updated: July 4, 2026
LOW

xcloner-backup-and-restore

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.16 - Unauthenticated Plugin Settings Reset Affected: *-4.2.16 Patched: 4.3.6 Updated: July 4, 2026
LOW

wp-security-pro

wp-security-pro

Score: N/A WordPress Security <= 4.2 - Admin+ Stored Cross-Site Scripting Affected: *-4.2 Patched: 4.2.1 Updated: July 4, 2026
LOW

wp-nested-pages

wp-nested-pages

Score: N/A Nested Pages <= 3.1.20 - Stored Cross-Site Scripting Affected: [*, 3.1.21) Patched: 3.1.21 Updated: July 4, 2026
LOW

site-is-offline-plugin

site-is-offline-plugin

Score: N/A Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting Affected: *-1.6.6 Patched: Updated: July 4, 2026
LOW

qubely

qubely

Score: N/A Qubely <= 1.7.8 - Missing Authorization Affected: *-1.7.8 Patched: 1.7.9 Updated: July 4, 2026
LOW

nextcellent-gallery-nextgen-legacy

nextcellent-gallery-nextgen-legacy

Score: 91/100 NextCellent Gallery <= 1.9.35 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.9.35 Patched: Updated: July 4, 2026
LOW

mycss

mycss

Score: 91/100 MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

modula-best-grid-gallery

modula-best-grid-gallery

Score: 93/100 Modula Image Gallery <= 2.6.6 - Reflected Cross-Site Scripting Affected: *-2.6.6 Patched: 2.6.7 Updated: July 4, 2026
LOW

miniorange-wp-as-saml-idp

miniorange-wp-as-saml-idp

Score: 93/100 Login using WordPress Users (WP as SAML IDP) <= 1.13.2 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.13.3 Patched: 1.13.4 Updated: July 4, 2026
LOW

miniorange-saml-20-single-sign-on

miniorange-saml-20-single-sign-on

Score: 93/100 SAML Single Sign On – SAML SSO Login <= 4.9.20 - Reflected Cross-Site Scripting Affected: *-4.9.20 Patched: 4.9.21 Updated: July 4, 2026
LOW

miniorange-malware-protection

miniorange-malware-protection

Score: 93/100 miniOrange’s Malware Scanner <= 4.5.5 - Cross-Site Scripting Affected: *-4.5.1 Patched: 4.5.2 Updated: July 4, 2026
LOW

miniorange-limit-login-attempts

miniorange-limit-login-attempts

Score: 93/100 MiniOrange Limit Login Attempts <= 4.0.72 - Administrator+ Cross-Site Scripting Affected: *-4.0.71 Patched: 4.0.72 Updated: July 4, 2026
LOW

miniorange-google-authenticator

miniorange-google-authenticator

Score: 93/100 Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0.4 Patched: 1.0.5 Updated: July 4, 2026
LOW

miniorange-google-authenticator

miniorange-google-authenticator

Score: 93/100 Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.7 - Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 4, 2026
LOW

miniorange-2-factor-authentication

miniorange-2-factor-authentication

Score: 93/100 miniOrange's Google Authenticator <= 5.5.5 - Authenticated (Admin+) Cross-Site Scripting Affected: *-5.5.5 Patched: 5.5.6 Updated: July 4, 2026
LOW

armember-membership

armember-membership

Score: 95/100 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 3.4.7 -Authentication Bypass via Password Reset Weakness Affected: *-3.4.7 Patched: 3.4.8 Updated: July 4, 2026
LOW

single-sign-on-client

single-sign-on-client

Score: N/A Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass Affected: *-4.1.1 Patched: Updated: July 4, 2026
LOW

gallery-image-gallery-photo

gallery-image-gallery-photo

Score: 93/100 Image Gallery – Grid Gallery <= 1.1.1 - Stored Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 4, 2026
LOW

easy-pricing-tables

easy-pricing-tables

Score: 93/100 Easy Pricing Tables <= 3.2.0 - Reflected Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: July 4, 2026
LOW

advanced-currency-switcher

advanced-currency-switcher

Score: 97/100 Currency Switcher for WordPress <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 4, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A WP Ultimate CSV Importer <= 6.5.2 - Server-Side Request Forgery Affected: *-6.5.2 Patched: 6.5.3 Updated: July 4, 2026
LOW

traderunner

traderunner

Score: N/A Trade Runner <= 3.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.9 Patched: 3.10 Updated: July 4, 2026
LOW

simple-woocommerce-csv-loader

simple-woocommerce-csv-loader

Score: N/A Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 4, 2026
LOW

shortpixel-image-optimiser

shortpixel-image-optimiser

Score: N/A ShortPixel Image Optimizer <= 4.22.9 - Reflected Cross-Site Scripting Affected: *-4.22.9 Patched: 4.22.10 Updated: July 4, 2026
LOW

my-content-management

my-content-management

Score: 93/100 My Content Management <= 1.7.1 - Cross-Site Scripting Affected: 1.7.1 Patched: 1.7.2 Updated: July 4, 2026
LOW

kitestudio-core

kitestudio-core

Score: 93/100 core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting Affected: [*, 2.3.1) Patched: 2.3.1 Updated: July 4, 2026
LOW

insert-php

insert-php

Score: 93/100 Woody code snippets <= 2.4.5 - Reflected Cross-Site Scripting Affected: *-2.4.5 Patched: 2.4.6 Updated: July 4, 2026
LOW

html2wp

html2wp

Score: 87/100 HTML2WP <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

html2wp

html2wp

Score: 87/100 HTML2WP <= 1.0.0 - Arbitrary File Deletion Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

html2wp

html2wp

Score: 87/100 HTML2WP <= 1.0.0 - Arbitrary File Upload Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.42 - Reflected Cross-Site Scripting Affected: *-3.2.42 Patched: 3.2.43 Updated: July 4, 2026
LOW

browser-and-operating-system-finder

browser-and-operating-system-finder

Score: 91/100 Browser and Operating System Finder <= 1.2 - Missing Authorization Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

wp-posturl

wp-posturl

Score: N/A Add Post URL <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: Updated: July 4, 2026
LOW

social-share-buttons-by-supsystic

social-share-buttons-by-supsystic

Score: N/A Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update Affected: *-2.2.3 Patched: 2.2.4 Updated: July 4, 2026
LOW

sb-elementor-contact-form-db

sb-elementor-contact-form-db

Score: N/A Elementor Contact Form DB <= 1.5 - Sensitive Information Disclosure Affected: *-1.5 Patched: 1.6 Updated: July 4, 2026
LOW

profit-products-tables-for-woocommerce

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: 1.0.5 Updated: July 4, 2026
LOW

new-user-approve

new-user-approve

Score: 93/100 New User Approve <= 2.4 - Cross-Site Request Forgery Affected: *-2.4 Patched: 2.4.1 Updated: July 4, 2026
LOW

modern-events-calendar-lite

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar Lite <= 6.2.9 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-6.2.9 Patched: 6.3.0 Updated: July 4, 2026
LOW

expivi

expivi

Score: 93/100 Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion Affected: *-1.0.5 Patched: 1.0.6 Updated: July 4, 2026
LOW

easy-svg

easy-svg

Score: 93/100 Easy SVG Support <= 3.2.0 - Cross-Site Scripting via SVG Upload Affected: *-3.2.0 Patched: 3.3.0 Updated: July 4, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection Affected: *-17.0.4 Patched: 17.0.5 Updated: July 4, 2026
LOW

cimy-header-image-rotator

cimy-header-image-rotator

Score: 91/100 Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery Affected: *-6.1.1 Patched: Updated: July 4, 2026
LOW

zengo-custom-thumbnail-image

zengo-custom-thumbnail-image

Score: N/A Zengo Custom Thumbnail Image Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 4, 2026
LOW

wpsid-shortcode

wpsid-shortcode

Score: N/A WPSID Shortcode <= 1.0.9.2 - Open Redirect Affected: *-1.0.9.2 Patched: Updated: July 4, 2026
LOW

wp-sentry

wp-sentry

Score: N/A WP Sentry <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-post-styling

wp-post-styling

Score: N/A WP Post Styling <= 1.3.0 - Cross-Site Request Forgery Affected: *-1.3.0 Patched: 1.3.2 Updated: July 4, 2026
LOW

woocommerce-germanized

woocommerce-germanized

Score: N/A Germanized for WooCommerce <= 3.9.4 - Reflected Cross-Site Scripting Affected: *-3.9.4 Patched: 3.9.5 Updated: July 4, 2026
LOW

woo-multi-currency

woo-multi-currency

Score: N/A CURCY <= 2.1.17 - Reflected Cross-Site Scripting Affected: *-2.1.17 Patched: 2.1.18 Updated: July 4, 2026
LOW

weberino-timed-quiz-creator

weberino-timed-quiz-creator

Score: N/A Weberino Timed Quiz <= 0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6.0 Patched: Updated: July 4, 2026
LOW

visualizer

visualizer

Score: N/A Visualizer <= 3.7.6 - Reflected Cross-Site Scripting Affected: *-3.7.6 Patched: 3.7.7 Updated: July 4, 2026
LOW

video-conferencing-with-zoom-api

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom <= 3.9.2 - Reflected Cross-Site Scripting Affected: *-3.9.2 Patched: 3.9.3 Updated: July 4, 2026
LOW

tiny-contact-form

tiny-contact-form

Score: N/A Tiny Contact Form <= 0.7 - Cross-Site Request Forgery Affected: *-0.7 Patched: Updated: July 4, 2026
LOW

smartkit

smartkit

Score: N/A Smartkit <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

running-line

running-line

Score: N/A Running Line <= 1.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

rotating-posts

rotating-posts

Score: N/A Rotating Posts <= 1.11 - Cross-Site Request Forgery to Settings Update Affected: *-1.11 Patched: Updated: July 4, 2026
LOW

ppc-fraud-detctor

ppc-fraud-detctor

Score: N/A PPC Tracker WordPress <= 2.0 - Stored Cross-Site Scripting via IP Affected: *-2.0 Patched: Updated: July 4, 2026
LOW

ping-list-pro

ping-list-pro

Score: N/A Ping List Pro <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

openbook-book-data

openbook-book-data

Score: 91/100 OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery Affected: *-3.5.2 Patched: Updated: July 4, 2026
LOW

nd-restaurant-reservations

nd-restaurant-reservations

Score: 91/100 Restaurant Reservations <= 1.7 - SQL Injection Affected: *-1.7 Patched: 1.8 Updated: July 4, 2026
LOW

more-featured-images

more-featured-images

Score: 91/100 More Featured Images <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

mobile-browser-color-select

mobile-browser-color-select

Score: 91/100 Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

mailpress

mailpress

Score: 91/100 MailPress <= 7.2.1 - Cross-Site Request Forgery Affected: *-7.2.1 Patched: Updated: July 4, 2026
LOW

find-any-think

find-any-think

Score: 91/100 WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

exports-and-reports

exports-and-reports

Score: 93/100 Exports and Reports <= 0.9.1 - CSV Injection Affected: *-0.9.1 Patched: 0.9.2 Updated: July 4, 2026
LOW

custom-colors-for-real-estate-manager

custom-colors-for-real-estate-manager

Score: 91/100 Custom Colors for Real Estate Manager <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

cookie-params

cookie-params

Score: 91/100 Cookie Params <= 0.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery Affected: *-0.2 Patched: Updated: July 4, 2026
LOW

co2ok-for-woocommerce

co2ok-for-woocommerce

Score: 93/100 CO2ok: carbon offsetting for e-commerce <= 1.0.9.21 - Cross-Site Scripting Affected: *-1.0.9.21 Patched: 1.0.9.22 Updated: July 4, 2026
LOW

clean-contact

clean-contact

Score: 91/100 Clean-Contact <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: Updated: July 4, 2026
LOW

buddyforms-members

buddyforms-members

Score: 93/100 BuddyForms Members <= 1.4.21 - Cross-Site Scripting Affected: *-1.4.21 Patched: 1.4.22 Updated: July 4, 2026
LOW

automatic-domain-changer

automatic-domain-changer

Score: 93/100 Automatic Domain Changer <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: July 4, 2026
LOW

wplite

wplite

Score: N/A WPlite <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: Updated: July 4, 2026
LOW

wp-zillow-review-slider

wp-zillow-review-slider

Score: N/A WP Zillow Review Slider <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.4) Patched: 2.4 Updated: July 4, 2026

Showing 28901 to 29000 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 02:25 UTC.