Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-email wp-email N/A WP-EMail <= 2.68.2 - Spam Protection Bypass LOW [*, 2.69.0) 2.69.0 July 4, 2026
wp-email wp-email N/A WP-EMail <= 2.68.2 - Cross-Site Request Forgery to Log Deletion LOW [*, 2.69.0) 2.69.0 July 4, 2026
traderunner traderunner N/A Trade Runner <= 3.9 - Cross-Site Scripting LOW *-3.9 3.10 July 4, 2026
real-time-auto-find-and-replace real-time-auto-find-and-replace N/A Better Find and Replace <= 1.3.5 - Admin+ SQL Injection LOW [*, 1.3.6) 1.3.6 July 4, 2026
printfriendly printfriendly N/A Print, PDF, Email by PrintFriendly <= 5.2.2 - Authenticated (Admin+) Cross-Site Scripting LOW [*, 5.2.3) 5.2.3 July 4, 2026
pdf24-posts-to-pdf pdf24-posts-to-pdf
91
PDF24 Articles To PDF <= 4.2.2 - Cross-Site Request Forgery LOW *-4.2.2 July 4, 2026
pdf24-post-to-pdf pdf24-post-to-pdf
91
PDF24 Article To PDF <= 4.2.2 - Cross-Site Request Forgery LOW *-4.2.2 July 4, 2026
newsletter newsletter
93
Newsletter <= 7.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 7.4.6) 7.4.6 July 4, 2026
new-user-approve new-user-approve
93
New User Approve <= 2.4 - Reflected Cross-Site Scripting LOW *-2.4 2.4.1 July 4, 2026
multi-page-toolkit multi-page-toolkit
91
Multi-page Toolkit <= 2.6 - Cross-Site Request Forgery LOW *-2.6 July 4, 2026
icegram icegram
93
Icegram Engage <= 2.1.7 - Cross-Site Scripting LOW [*, 2.1.8) 2.1.8 July 4, 2026
XML Sitemap Generator for Google google-sitemap-generator
86
XML Sitemaps <= 4.1.1 - Authenticated (Admin+) Cross-Site Scripting LOW *-4.1.1 4.1.2 July 4, 2026
google-maps-advanced google-maps-advanced
91
Inline Google Maps <= 5.11 - Cross-Site Request Forgery LOW *-5.11 July 4, 2026
cross-linker cross-linker
91
Cross-Linker <= 3.0.1.9 - Cross-Site Request Forgery LOW *-3.0.1.9 July 4, 2026
capa capa
91
CaPa Protect <= 0.5.8.2 - Cross-Site Request Forgery to Settings Update LOW *-0.5.8.2 July 4, 2026
amazon-einzeltitellinks amazon-einzeltitellinks
95
Amazon Einzeltitellinks <= 1.3.3 - Cross-Site Request Forgery to Arbitrary Settings Update LOW *-1.3.3 July 4, 2026
jonradio-private-site jonradio-private-site
93
My Private Site <= 3.0.7 - Cross-Site Request Forgery LOW *-3.0.7 3.0.8 July 4, 2026
social-share-buttons-by-supsystic social-share-buttons-by-supsystic N/A Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery LOW *-2.2.3 2.2.4 July 4, 2026
easy-pricing-tables easy-pricing-tables
93
Easy Pricing Tables <= 3.1.2 - Author+ Stored Cross-Site Scripting LOW *-3.1.2 3.1.3 July 4, 2026
export-all-urls export-all-urls
93
Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-4.1 4.2 July 4, 2026
admin-management-xtended admin-management-xtended
97
Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery LOW *-2.4.4 2.4.5 July 4, 2026
wp-post-real-time-statistics wp-post-real-time-statistics N/A WP Post Statistics (Visitors & Visits Counter) <= 2.5 - Cross-Site Scripting LOW *-2.5 2.6 July 4, 2026
pressforward pressforward N/A PressForward <= 5.2.8 - Cross-Site Scripting LOW *-5.2.8 5.2.9 July 4, 2026
Plausible Analytics plausible-analytics N/A Plausible Analytics <= 1.2.3 - Missing Authorization LOW *-1.2.3 1.2.4 July 4, 2026
mihdan-no-external-links mihdan-no-external-links
93
Mihdan: No External Links <= 4.7.4 - Cross-Site Scripting LOW *-4.7.4 4.8.0 July 4, 2026
export-all-urls export-all-urls
93
Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-4.1 4.2 July 4, 2026
events-made-easy events-made-easy
91
Events Made Easy <= 2.2.80 - SQL Injection LOW *-2.2.80 2.2.81 July 4, 2026
colorlib-coming-soon-maintenance colorlib-coming-soon-maintenance
93
Coming Soon & Maintenance Mode by Colorlib <= 1.0.98 - Administrator+ Cross-Site Scripting LOW *-1.0.98 1.0.99 July 4, 2026
nd-booking nd-booking
91
Hotel Booking < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW [*, 3.3) 3.3 July 4, 2026
private-messages-for-wordpress private-messages-for-wordpress N/A Private Messages For WordPress <= 2.1.10 - Stored Cross-Site Scripting LOW *-2.1.10 July 4, 2026
private-messages-for-wordpress private-messages-for-wordpress N/A Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery LOW *-2.1.10 July 4, 2026
baslider baslider
87
Image Slider by NextCode <= 1.1.2 - Cross-Site Request Forgery to Slide Deletion LOW *-1.1.2 July 4, 2026
baslider baslider
87
Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery LOW *-1.1.2 July 4, 2026
underconstruction underconstruction N/A underConstruction <= 1.20 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.21) 1.21 July 4, 2026
underconstruction underconstruction N/A underConstruction <= 1.19 - Cross-Site Request Forgery to Construction Mode Disabled LOW [*, 1.20) 1.20 July 4, 2026
seamless-donations seamless-donations N/A Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.7 - Cross-Site Request Forgery to Settings Chage LOW *-5.1.7 5.1.8 July 4, 2026
post-grid-carousel-ultimate post-grid-carousel-ultimate N/A Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting LOW [*, 1.5.0) 1.5.0 July 4, 2026
nd-stats-for-envato-sales-by-item nd-stats-for-envato-sales-by-item
91
Envato Sales By Item <= 1.1 - Unauthenticated SQL Injection via AJAX call LOW *-1.1 July 4, 2026
mobile-login-woocommerce mobile-login-woocommerce
93
OTP Login Woocommerce & Gravity Forms <= 2.0 - Cross-Site Scripting LOW *-2.0 2.1 July 4, 2026
mail-subscribe-list mail-subscribe-list
91
Mail Subscribe List <= 2.1.6 - Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 4, 2026
mail-subscribe-list mail-subscribe-list
91
Mail Subscribe List <= 2.1.3 - Cross-Site Request Forgery LOW [*, 2.1.4) 2.1.4 July 4, 2026
buddyforms-hook-fields buddyforms-hook-fields
93
BuddyForms Hook Fields <= 1.3.8 - Cross-Site Scripting LOW *-1.3.8 1.3.9 July 4, 2026
baslider baslider
87
Image Slider by NextCode <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.1.2 July 4, 2026
very-simple-contact-form very-simple-contact-form N/A VS Contact Form <= 11.5 - Reflected Cross-Site Scripting LOW *-11.5 11.6 July 4, 2026
subscriptions-memberships-for-paypal subscriptions-memberships-for-paypal N/A Subscriptions & Memberships for PayPal <= 1.1.5 - Reflected Cross-Site Scripting LOW *-1.1.5 1.1.6 July 4, 2026
review-buddypress-groups review-buddypress-groups N/A Wbcom Designs – BuddyPress Group Reviews <= 2.8.1 - Cross-Site Scripting LOW *-2.8.1 2.8.2 July 4, 2026
nd-elements nd-elements
93
Elements For Elementor <= 1.9 - Stored Cross-Site Scripting LOW *-1.9 2.0 July 4, 2026
easy-paypal-shopping-cart easy-paypal-shopping-cart
93
Easy PayPal Shopping Cart <= 1.1.9 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.1.9 1.1.10 July 4, 2026
easy-paypal-events-tickets easy-paypal-events-tickets
93
Easy PayPal Events <= 1.1.6 - Reflected Cross-Site Scripting via Page LOW *-1.1.1 1.1.7 July 4, 2026
easy-paypal-donation easy-paypal-donation
93
Accept Donations with PayPal <= 1.3 - Reflected Cross-Site Scripting via Page LOW *-1.3 1.3.1 July 4, 2026
dropdown-and-scrollable-text dropdown-and-scrollable-text
93
Dropdown and scrollable Text <= 2.0 - Cross-Site Scripting LOW *-2.0 2.1 July 4, 2026
direct-checkout-for-woocommerce direct-checkout-for-woocommerce
93
Direct Checkout for WooCommerce – Skip Cart with Buy Buttons <= 1.2 - Cross-Site Request Forgery to Settings Update LOW *-1.2 1.3 July 4, 2026
countdown-builder countdown-builder
91
Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.9.5 - Authenticated Cross-Site Scripting LOW *-2.3.9.5 2.3.9.6 July 4, 2026
codup-wp-freshsales codup-wp-freshsales
93
WordPress to Freshsales Integration <= 1.3.2.2 - Cross-Site Scripting LOW *-1.3.2.2 1.3.2.3 July 4, 2026
codup-read-only-admin codup-read-only-admin
93
Codup Read Only Admin <= 1.1.1.7 - Cross Site Scripting LOW *-1.1.1.7 1.1.1.8 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.7 - Cross-Site Scripting LOW [*, 13.2.0) 13.2.0 July 4, 2026
woocommerce-dynamic-gallery woocommerce-dynamic-gallery N/A a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes LOW *-2.9.0 3.0.0 July 4, 2026
woocommerce-compare-products woocommerce-compare-products N/A a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes LOW *-2.8.0 2.8.1 July 4, 2026
tainacan tainacan N/A Tainacan <= 0.18.9 - Cross-Site Scripting LOW *-0.18.9 0.18.10 July 4, 2026
shapely-companion shapely-companion N/A Shapely Companion <= 1.2.6 - Unprotected AJAX Action to Content Import LOW *-1.2.6 1.2.7 July 4, 2026
seamless-donations seamless-donations N/A Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.12 - Cross-Site Scripting LOW *-5.1.12 5.1.13 July 4, 2026
rating-bws rating-bws N/A Rating by BestWebSoft <= 1.5 - Rating Denial of Service LOW *-1.5 1.6 July 4, 2026
ocean-extra ocean-extra
93
Ocean Extra <= 1.9.4 - Reflected Cross-Site Scripting LOW [*, 1.9.5) 1.9.5 July 4, 2026
image-slider-widget image-slider-widget
93
Image Slider <= 1.1.119 - Subscriber+ SQL Injection LOW *-1.1.119 1.1.121 July 4, 2026
image-slider-widget image-slider-widget
93
Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication LOW *-1.1.121 1.1.123 July 4, 2026
feed-instagram-lite feed-instagram-lite
93
Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication LOW *-1.0.0.27 1.0.0.29 July 4, 2026
feed-instagram-lite feed-instagram-lite
93
Gallery for Social Photo <= 1.0.0.25 - Subscriber+ SQL Injection LOW *-1.0.0.25 1.0.0.27 July 4, 2026
core-control core-control
93
Core Control <= 1.2.1 - Cross-Site Request Forgery LOW *-1.2.1 1.2.2 July 4, 2026
contact-us-page-contact-people contact-us-page-contact-people
89
a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes LOW *-3.6.0 3.6.1 July 4, 2026
a3-responsive-slider a3-responsive-slider
97
a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes LOW *-2.0.12 2.1.0 July 4, 2026
a3-portfolio a3-portfolio
97
a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes LOW *-2.10 3.0.0 July 4, 2026
a3 Lazy Load a3-lazy-load
95
a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes LOW *-2.4.9 2.5.0 July 4, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting LOW *-3.2.4, 3.2.40 3.2.41 July 4, 2026
wp-chgfontsize wp-chgfontsize N/A WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting LOW *-1.8 July 4, 2026
wp-admin-style wp-admin-style N/A WP Admin Style <= 0.1.2 - Authenticated Stored Cross-Site Scripting LOW *-0.1.2 July 4, 2026
sticky-popup sticky-popup N/A Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2 July 4, 2026
simple-membership simple-membership N/A Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting LOW *-4.1.0 4.1.1 July 4, 2026
sideblog sideblog N/A Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting LOW *-6.0 July 4, 2026
rb-internal-links rb-internal-links N/A RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting LOW *-2.0.16 July 4, 2026
private-files private-files N/A Private Files <= 0.40 - Cross-Site Request Forgery to Disable Protection LOW *-0.40 July 4, 2026
posttabs posttabs N/A postTabs <= 2.10.6 - Cross-Site Request Forgery LOW *-2.10.6 July 4, 2026
peters-collaboration-e-mails peters-collaboration-e-mails
91
Peter’s Collaboration E-mails <= 2.2.0 - Cross-Site Request Forgery LOW *-2.2.0 July 4, 2026
one-click-plugin-updater one-click-plugin-updater
91
One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update LOW *-2.4.14 July 4, 2026
newsletter newsletter
93
Newsletter – Send awesome emails from WordPress <= 7.4.4 - Reflected Cross-Site Scripting LOW *-7.4.4 7.4.5 July 4, 2026
new-user-email-set-up new-user-email-set-up
91
New User Email Set Up <= 0.5.2 - Cross-Site Request Forgery to Settings Update LOW *-0.5.2 July 4, 2026
likebtn-like-button likebtn-like-button
93
Like Button Rating ♥ LikeBtn <= 2.6.44 - Arbitrary e-mail Sending LOW *-2.6.44 2.6.45 July 4, 2026
latex latex
91
LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting LOW *-3.4.10 July 4, 2026
kivicare-clinic-management-system kivicare-clinic-management-system
93
KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection LOW *-2.3.8 2.3.9 July 4, 2026
keep-backup-daily keep-backup-daily
93
Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 2.0.3 July 4, 2026
jp-staticpagex jp-staticpagex
91
Static Page eXtended <= 2.1 - Cross-Site Request Forgery LOW *-2.1 July 4, 2026
genki-pre-publish-reminder genki-pre-publish-reminder
91
Genki Pre-Publish Reminder <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.4.1 July 4, 2026
filr-protection filr-protection
93
Filr – Secure document library <= 1.2.2 - Missing Authorization LOW [*, 1.2.2.1) 1.2.2.1 July 4, 2026
change-uploaded-file-permissions change-uploaded-file-permissions
91
Change Uploaded File Permissions <= 4.0.0 - Cross-Site Request Forgery to Options Update LOW *-4.0.0 July 4, 2026
auto-delete-posts auto-delete-posts
91
Auto Delete Posts <= 1.3.0 - Cross-Site Request Forgery to Arbitrary Settings Update LOW *-1.3.0 July 4, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting LOW *-1.3.55 1.3.56 July 4, 2026
very-simple-contact-form very-simple-contact-form N/A Very Simple Contact Form <= 11.5 - Captcha Bypass LOW *-11.5 11.6 July 4, 2026
promotion-slider promotion-slider N/A Promotion Slider <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.4 July 4, 2026
product-blocks product-blocks N/A ProductX – Gutenberg WooCommerce Blocks – WooCommerce Builder, Wishlist for WooCommerce, Products Comparison, Quick View, Online Store – All in One Solution <= 2.2.5 - Multiple Cross-Site Scripting LOW *-2.2.5 2.2.6 July 4, 2026
passwords-manager passwords-manager
93
Passwords Manager <= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter LOW *-1.4.4 1.4.5 July 4, 2026
wp-all-export wp-all-export N/A Export any WordPress data to XML/CSV <= 1.3.4 - Authenticated SQL Injection LOW *-1.3.4 1.3.5 July 4, 2026
LOW

wp-email

wp-email

Score: N/A WP-EMail <= 2.68.2 - Spam Protection Bypass Affected: [*, 2.69.0) Patched: 2.69.0 Updated: July 4, 2026
LOW

wp-email

wp-email

Score: N/A WP-EMail <= 2.68.2 - Cross-Site Request Forgery to Log Deletion Affected: [*, 2.69.0) Patched: 2.69.0 Updated: July 4, 2026
LOW

traderunner

traderunner

Score: N/A Trade Runner <= 3.9 - Cross-Site Scripting Affected: *-3.9 Patched: 3.10 Updated: July 4, 2026
LOW

real-time-auto-find-and-replace

real-time-auto-find-and-replace

Score: N/A Better Find and Replace <= 1.3.5 - Admin+ SQL Injection Affected: [*, 1.3.6) Patched: 1.3.6 Updated: July 4, 2026
LOW

printfriendly

printfriendly

Score: N/A Print, PDF, Email by PrintFriendly <= 5.2.2 - Authenticated (Admin+) Cross-Site Scripting Affected: [*, 5.2.3) Patched: 5.2.3 Updated: July 4, 2026
LOW

pdf24-posts-to-pdf

pdf24-posts-to-pdf

Score: 91/100 PDF24 Articles To PDF <= 4.2.2 - Cross-Site Request Forgery Affected: *-4.2.2 Patched: Updated: July 4, 2026
LOW

pdf24-post-to-pdf

pdf24-post-to-pdf

Score: 91/100 PDF24 Article To PDF <= 4.2.2 - Cross-Site Request Forgery Affected: *-4.2.2 Patched: Updated: July 4, 2026
LOW

newsletter

newsletter

Score: 93/100 Newsletter <= 7.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 7.4.6) Patched: 7.4.6 Updated: July 4, 2026
LOW

new-user-approve

new-user-approve

Score: 93/100 New User Approve <= 2.4 - Reflected Cross-Site Scripting Affected: *-2.4 Patched: 2.4.1 Updated: July 4, 2026
LOW

multi-page-toolkit

multi-page-toolkit

Score: 91/100 Multi-page Toolkit <= 2.6 - Cross-Site Request Forgery Affected: *-2.6 Patched: Updated: July 4, 2026
LOW

icegram

icegram

Score: 93/100 Icegram Engage <= 2.1.7 - Cross-Site Scripting Affected: [*, 2.1.8) Patched: 2.1.8 Updated: July 4, 2026
LOW

XML Sitemap Generator for Google

google-sitemap-generator

Score: 86/100 XML Sitemaps <= 4.1.1 - Authenticated (Admin+) Cross-Site Scripting Affected: *-4.1.1 Patched: 4.1.2 Updated: July 4, 2026
LOW

google-maps-advanced

google-maps-advanced

Score: 91/100 Inline Google Maps <= 5.11 - Cross-Site Request Forgery Affected: *-5.11 Patched: Updated: July 4, 2026
LOW

cross-linker

cross-linker

Score: 91/100 Cross-Linker <= 3.0.1.9 - Cross-Site Request Forgery Affected: *-3.0.1.9 Patched: Updated: July 4, 2026
LOW

capa

capa

Score: 91/100 CaPa Protect <= 0.5.8.2 - Cross-Site Request Forgery to Settings Update Affected: *-0.5.8.2 Patched: Updated: July 4, 2026
LOW

amazon-einzeltitellinks

amazon-einzeltitellinks

Score: 95/100 Amazon Einzeltitellinks <= 1.3.3 - Cross-Site Request Forgery to Arbitrary Settings Update Affected: *-1.3.3 Patched: Updated: July 4, 2026
LOW

jonradio-private-site

jonradio-private-site

Score: 93/100 My Private Site <= 3.0.7 - Cross-Site Request Forgery Affected: *-3.0.7 Patched: 3.0.8 Updated: July 4, 2026
LOW

social-share-buttons-by-supsystic

social-share-buttons-by-supsystic

Score: N/A Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery Affected: *-2.2.3 Patched: 2.2.4 Updated: July 4, 2026
LOW

easy-pricing-tables

easy-pricing-tables

Score: 93/100 Easy Pricing Tables <= 3.1.2 - Author+ Stored Cross-Site Scripting Affected: *-3.1.2 Patched: 3.1.3 Updated: July 4, 2026
LOW

export-all-urls

export-all-urls

Score: 93/100 Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: July 4, 2026
LOW

admin-management-xtended

admin-management-xtended

Score: 97/100 Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery Affected: *-2.4.4 Patched: 2.4.5 Updated: July 4, 2026
LOW

wp-post-real-time-statistics

wp-post-real-time-statistics

Score: N/A WP Post Statistics (Visitors & Visits Counter) <= 2.5 - Cross-Site Scripting Affected: *-2.5 Patched: 2.6 Updated: July 4, 2026
LOW

pressforward

pressforward

Score: N/A PressForward <= 5.2.8 - Cross-Site Scripting Affected: *-5.2.8 Patched: 5.2.9 Updated: July 4, 2026
LOW

Plausible Analytics

plausible-analytics

Score: N/A Plausible Analytics <= 1.2.3 - Missing Authorization Affected: *-1.2.3 Patched: 1.2.4 Updated: July 4, 2026
LOW

mihdan-no-external-links

mihdan-no-external-links

Score: 93/100 Mihdan: No External Links <= 4.7.4 - Cross-Site Scripting Affected: *-4.7.4 Patched: 4.8.0 Updated: July 4, 2026
LOW

export-all-urls

export-all-urls

Score: 93/100 Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: July 4, 2026
LOW

events-made-easy

events-made-easy

Score: 91/100 Events Made Easy <= 2.2.80 - SQL Injection Affected: *-2.2.80 Patched: 2.2.81 Updated: July 4, 2026
LOW

colorlib-coming-soon-maintenance

colorlib-coming-soon-maintenance

Score: 93/100 Coming Soon & Maintenance Mode by Colorlib <= 1.0.98 - Administrator+ Cross-Site Scripting Affected: *-1.0.98 Patched: 1.0.99 Updated: July 4, 2026
LOW

nd-booking

nd-booking

Score: 91/100 Hotel Booking < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.3) Patched: 3.3 Updated: July 4, 2026
LOW

private-messages-for-wordpress

private-messages-for-wordpress

Score: N/A Private Messages For WordPress <= 2.1.10 - Stored Cross-Site Scripting Affected: *-2.1.10 Patched: Updated: July 4, 2026
LOW

private-messages-for-wordpress

private-messages-for-wordpress

Score: N/A Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery Affected: *-2.1.10 Patched: Updated: July 4, 2026
LOW

baslider

baslider

Score: 87/100 Image Slider by NextCode <= 1.1.2 - Cross-Site Request Forgery to Slide Deletion Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

baslider

baslider

Score: 87/100 Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

underconstruction

underconstruction

Score: N/A underConstruction <= 1.20 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.21) Patched: 1.21 Updated: July 4, 2026
LOW

underconstruction

underconstruction

Score: N/A underConstruction <= 1.19 - Cross-Site Request Forgery to Construction Mode Disabled Affected: [*, 1.20) Patched: 1.20 Updated: July 4, 2026
LOW

seamless-donations

seamless-donations

Score: N/A Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.7 - Cross-Site Request Forgery to Settings Chage Affected: *-5.1.7 Patched: 5.1.8 Updated: July 4, 2026
LOW

post-grid-carousel-ultimate

post-grid-carousel-ultimate

Score: N/A Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting Affected: [*, 1.5.0) Patched: 1.5.0 Updated: July 4, 2026
LOW

nd-stats-for-envato-sales-by-item

nd-stats-for-envato-sales-by-item

Score: 91/100 Envato Sales By Item <= 1.1 - Unauthenticated SQL Injection via AJAX call Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

mobile-login-woocommerce

mobile-login-woocommerce

Score: 93/100 OTP Login Woocommerce & Gravity Forms <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 4, 2026
LOW

mail-subscribe-list

mail-subscribe-list

Score: 91/100 Mail Subscribe List <= 2.1.6 - Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 4, 2026
LOW

mail-subscribe-list

mail-subscribe-list

Score: 91/100 Mail Subscribe List <= 2.1.3 - Cross-Site Request Forgery Affected: [*, 2.1.4) Patched: 2.1.4 Updated: July 4, 2026
LOW

buddyforms-hook-fields

buddyforms-hook-fields

Score: 93/100 BuddyForms Hook Fields <= 1.3.8 - Cross-Site Scripting Affected: *-1.3.8 Patched: 1.3.9 Updated: July 4, 2026
LOW

baslider

baslider

Score: 87/100 Image Slider by NextCode <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

very-simple-contact-form

very-simple-contact-form

Score: N/A VS Contact Form <= 11.5 - Reflected Cross-Site Scripting Affected: *-11.5 Patched: 11.6 Updated: July 4, 2026
LOW

subscriptions-memberships-for-paypal

subscriptions-memberships-for-paypal

Score: N/A Subscriptions & Memberships for PayPal <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: July 4, 2026
LOW

review-buddypress-groups

review-buddypress-groups

Score: N/A Wbcom Designs – BuddyPress Group Reviews <= 2.8.1 - Cross-Site Scripting Affected: *-2.8.1 Patched: 2.8.2 Updated: July 4, 2026
LOW

nd-elements

nd-elements

Score: 93/100 Elements For Elementor <= 1.9 - Stored Cross-Site Scripting Affected: *-1.9 Patched: 2.0 Updated: July 4, 2026
LOW

easy-paypal-shopping-cart

easy-paypal-shopping-cart

Score: 93/100 Easy PayPal Shopping Cart <= 1.1.9 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1.9 Patched: 1.1.10 Updated: July 4, 2026
LOW

easy-paypal-events-tickets

easy-paypal-events-tickets

Score: 93/100 Easy PayPal Events <= 1.1.6 - Reflected Cross-Site Scripting via Page Affected: *-1.1.1 Patched: 1.1.7 Updated: July 4, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Accept Donations with PayPal <= 1.3 - Reflected Cross-Site Scripting via Page Affected: *-1.3 Patched: 1.3.1 Updated: July 4, 2026
LOW

dropdown-and-scrollable-text

dropdown-and-scrollable-text

Score: 93/100 Dropdown and scrollable Text <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 4, 2026
LOW

direct-checkout-for-woocommerce

direct-checkout-for-woocommerce

Score: 93/100 Direct Checkout for WooCommerce – Skip Cart with Buy Buttons <= 1.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.2 Patched: 1.3 Updated: July 4, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.9.5 - Authenticated Cross-Site Scripting Affected: *-2.3.9.5 Patched: 2.3.9.6 Updated: July 4, 2026
LOW

codup-wp-freshsales

codup-wp-freshsales

Score: 93/100 WordPress to Freshsales Integration <= 1.3.2.2 - Cross-Site Scripting Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: July 4, 2026
LOW

codup-read-only-admin

codup-read-only-admin

Score: 93/100 Codup Read Only Admin <= 1.1.1.7 - Cross Site Scripting Affected: *-1.1.1.7 Patched: 1.1.1.8 Updated: July 4, 2026
LOW

woocommerce-dynamic-gallery

woocommerce-dynamic-gallery

Score: N/A a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes Affected: *-2.9.0 Patched: 3.0.0 Updated: July 4, 2026
LOW

woocommerce-compare-products

woocommerce-compare-products

Score: N/A a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes Affected: *-2.8.0 Patched: 2.8.1 Updated: July 4, 2026
LOW

tainacan

tainacan

Score: N/A Tainacan <= 0.18.9 - Cross-Site Scripting Affected: *-0.18.9 Patched: 0.18.10 Updated: July 4, 2026
LOW

shapely-companion

shapely-companion

Score: N/A Shapely Companion <= 1.2.6 - Unprotected AJAX Action to Content Import Affected: *-1.2.6 Patched: 1.2.7 Updated: July 4, 2026
LOW

seamless-donations

seamless-donations

Score: N/A Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.12 - Cross-Site Scripting Affected: *-5.1.12 Patched: 5.1.13 Updated: July 4, 2026
LOW

rating-bws

rating-bws

Score: N/A Rating by BestWebSoft <= 1.5 - Rating Denial of Service Affected: *-1.5 Patched: 1.6 Updated: July 4, 2026
LOW

ocean-extra

ocean-extra

Score: 93/100 Ocean Extra <= 1.9.4 - Reflected Cross-Site Scripting Affected: [*, 1.9.5) Patched: 1.9.5 Updated: July 4, 2026
LOW

image-slider-widget

image-slider-widget

Score: 93/100 Image Slider <= 1.1.119 - Subscriber+ SQL Injection Affected: *-1.1.119 Patched: 1.1.121 Updated: July 4, 2026
LOW

image-slider-widget

image-slider-widget

Score: 93/100 Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication Affected: *-1.1.121 Patched: 1.1.123 Updated: July 4, 2026
LOW

feed-instagram-lite

feed-instagram-lite

Score: 93/100 Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication Affected: *-1.0.0.27 Patched: 1.0.0.29 Updated: July 4, 2026
LOW

feed-instagram-lite

feed-instagram-lite

Score: 93/100 Gallery for Social Photo <= 1.0.0.25 - Subscriber+ SQL Injection Affected: *-1.0.0.25 Patched: 1.0.0.27 Updated: July 4, 2026
LOW

core-control

core-control

Score: 93/100 Core Control <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: July 4, 2026
LOW

contact-us-page-contact-people

contact-us-page-contact-people

Score: 89/100 a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes Affected: *-3.6.0 Patched: 3.6.1 Updated: July 4, 2026
LOW

a3-responsive-slider

a3-responsive-slider

Score: 97/100 a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes Affected: *-2.0.12 Patched: 2.1.0 Updated: July 4, 2026
LOW

a3-portfolio

a3-portfolio

Score: 97/100 a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes Affected: *-2.10 Patched: 3.0.0 Updated: July 4, 2026
LOW

a3 Lazy Load

a3-lazy-load

Score: 95/100 a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes Affected: *-2.4.9 Patched: 2.5.0 Updated: July 4, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting Affected: *-3.2.4, 3.2.40 Patched: 3.2.41 Updated: July 4, 2026
LOW

wp-chgfontsize

wp-chgfontsize

Score: N/A WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: July 4, 2026
LOW

wp-admin-style

wp-admin-style

Score: N/A WP Admin Style <= 0.1.2 - Authenticated Stored Cross-Site Scripting Affected: *-0.1.2 Patched: Updated: July 4, 2026
LOW

sticky-popup

sticky-popup

Score: N/A Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

simple-membership

simple-membership

Score: N/A Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting Affected: *-4.1.0 Patched: 4.1.1 Updated: July 4, 2026
LOW

sideblog

sideblog

Score: N/A Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting Affected: *-6.0 Patched: Updated: July 4, 2026
LOW

rb-internal-links

rb-internal-links

Score: N/A RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting Affected: *-2.0.16 Patched: Updated: July 4, 2026
LOW

private-files

private-files

Score: N/A Private Files <= 0.40 - Cross-Site Request Forgery to Disable Protection Affected: *-0.40 Patched: Updated: July 4, 2026
LOW

posttabs

posttabs

Score: N/A postTabs <= 2.10.6 - Cross-Site Request Forgery Affected: *-2.10.6 Patched: Updated: July 4, 2026
LOW

peters-collaboration-e-mails

peters-collaboration-e-mails

Score: 91/100 Peter’s Collaboration E-mails <= 2.2.0 - Cross-Site Request Forgery Affected: *-2.2.0 Patched: Updated: July 4, 2026
LOW

one-click-plugin-updater

one-click-plugin-updater

Score: 91/100 One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update Affected: *-2.4.14 Patched: Updated: July 4, 2026
LOW

newsletter

newsletter

Score: 93/100 Newsletter – Send awesome emails from WordPress <= 7.4.4 - Reflected Cross-Site Scripting Affected: *-7.4.4 Patched: 7.4.5 Updated: July 4, 2026
LOW

new-user-email-set-up

new-user-email-set-up

Score: 91/100 New User Email Set Up <= 0.5.2 - Cross-Site Request Forgery to Settings Update Affected: *-0.5.2 Patched: Updated: July 4, 2026
LOW

likebtn-like-button

likebtn-like-button

Score: 93/100 Like Button Rating ♥ LikeBtn <= 2.6.44 - Arbitrary e-mail Sending Affected: *-2.6.44 Patched: 2.6.45 Updated: July 4, 2026
LOW

latex

latex

Score: 91/100 LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting Affected: *-3.4.10 Patched: Updated: July 4, 2026
LOW

kivicare-clinic-management-system

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection Affected: *-2.3.8 Patched: 2.3.9 Updated: July 4, 2026
LOW

keep-backup-daily

keep-backup-daily

Score: 93/100 Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: July 4, 2026
LOW

jp-staticpagex

jp-staticpagex

Score: 91/100 Static Page eXtended <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: July 4, 2026
LOW

genki-pre-publish-reminder

genki-pre-publish-reminder

Score: 91/100 Genki Pre-Publish Reminder <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 4, 2026
LOW

filr-protection

filr-protection

Score: 93/100 Filr – Secure document library <= 1.2.2 - Missing Authorization Affected: [*, 1.2.2.1) Patched: 1.2.2.1 Updated: July 4, 2026
LOW

change-uploaded-file-permissions

change-uploaded-file-permissions

Score: 91/100 Change Uploaded File Permissions <= 4.0.0 - Cross-Site Request Forgery to Options Update Affected: *-4.0.0 Patched: Updated: July 4, 2026
LOW

auto-delete-posts

auto-delete-posts

Score: 91/100 Auto Delete Posts <= 1.3.0 - Cross-Site Request Forgery to Arbitrary Settings Update Affected: *-1.3.0 Patched: Updated: July 4, 2026
LOW

Appointment Hour Booking – Booking Calendar

appointment-hour-booking

Score: 97/100 Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting Affected: *-1.3.55 Patched: 1.3.56 Updated: July 4, 2026
LOW

very-simple-contact-form

very-simple-contact-form

Score: N/A Very Simple Contact Form <= 11.5 - Captcha Bypass Affected: *-11.5 Patched: 11.6 Updated: July 4, 2026
LOW

promotion-slider

promotion-slider

Score: N/A Promotion Slider <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.4 Patched: Updated: July 4, 2026
LOW

product-blocks

product-blocks

Score: N/A ProductX – Gutenberg WooCommerce Blocks – WooCommerce Builder, Wishlist for WooCommerce, Products Comparison, Quick View, Online Store – All in One Solution <= 2.2.5 - Multiple Cross-Site Scripting Affected: *-2.2.5 Patched: 2.2.6 Updated: July 4, 2026
LOW

passwords-manager

passwords-manager

Score: 93/100 Passwords Manager <= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter Affected: *-1.4.4 Patched: 1.4.5 Updated: July 4, 2026
LOW

wp-all-export

wp-all-export

Score: N/A Export any WordPress data to XML/CSV <= 1.3.4 - Authenticated SQL Injection Affected: *-1.3.4 Patched: 1.3.5 Updated: July 4, 2026

Showing 29001 to 29100 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 03:15 UTC.