Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

87

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress duracelltomi-google-tag-manager
94
Google Tag Manager for WordPress <= 1.15 - Reflected Cross-Site Scripting via Site Search LOW *-1.15 1.15.1 July 4, 2026
computer-repair-shop computer-repair-shop
93
CRM WordPress Plugin – RepairBuddy <= 3.72 - SQL Injection LOW *-3.72 3.73 July 4, 2026
code-snippets code-snippets
93
Code Snippets <= 2.14.3 - Reflected Cross-Site Scripting LOW *-2.14.3 2.14.4 July 4, 2026
wp-easy-events wp-easy-events N/A Event Management, Events Calendar, RSVP Event Tickets Plugin <= 3.8.4 - Cross-Site Scripting LOW *-3.8.4 3.8.5 July 4, 2026
wp-crm wp-crm N/A WP-CRM – Customer Relations Management for WordPress <= 1.2.1 - CSV injection LOW *-1.2.1 July 4, 2026
webriti-smtp-mail webriti-smtp-mail N/A Webriti SMTP Mail <= 1.0 - Cross-Site Request Forgery to options update LOW *-1.0 July 4, 2026
themify-wc-product-filter themify-wc-product-filter N/A Themify - WooCommerce Product Filter <= 1.3.7 - Reflected Cross-Site Scripting LOW *-1.3.7 1.3.8 July 4, 2026
svg-vector-icon-plugin svg-vector-icon-plugin N/A WP SVG Icons <= 3.2.3 - Authenticated (Admin+) Arbitrary File Upload LOW *-3.2.3 July 4, 2026
social-locker social-locker N/A OnePress Social Locker <= 5.6.2 - Cross-Site Request Forgery to Settings Update LOW *-5.6.2 July 4, 2026
slideshow-ck slideshow-ck N/A Slideshow CK <= 1.4.9 - Authenticated Stored Cross-Site Scripting LOW *-1.4.9 1.4.10 July 4, 2026
second-street-promotion second-street-promotion N/A Second Street <= 3.1.6 - Stored Cross-Site Scripting via organization_id LOW *-3.1.6 3.1.7 July 4, 2026
quick-subscribe quick-subscribe N/A Quick Subscribe <= 1.7.1 - Cross-Site Request Forgery to Arbitrary Settings Update and Stored Cross-Site Scripting LOW *-1.7.1 July 4, 2026
official-mailerlite-sign-up-forms official-mailerlite-sign-up-forms
93
MailerLite - Signup forms <= 1.5.3 - Reflected Cross-Site Scripting LOW *-1.5.3 1.5.4 July 4, 2026
member-hero member-hero
91
Member Hero <= 1.0.9 - Remote Code Execution LOW *-1.0.9 July 4, 2026
logwpmail logwpmail
91
Log WP_Mail <= 0.1 - Sensitive Information Disclosure LOW *-0.1 July 4, 2026
latest-tweets-widget latest-tweets-widget
91
Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via Cross-Site Request Forgery LOW *-1.1.4 July 4, 2026
jupiterx-core jupiterx-core
93
JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification LOW *-2.0.6 2.0.7 July 4, 2026
jupiterx-core jupiterx-core
93
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation LOW *-2.0.7 2.0.8 July 4, 2026
jupiterx-core jupiterx-core
93
JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service LOW *-2.0.6 2.0.7 July 4, 2026
hc-custom-wp-admin-url hc-custom-wp-admin-url
87
HC Custom WP-Admin URL <= 1.4 - Information Exposure LOW *-1.4 July 4, 2026
hc-custom-wp-admin-url hc-custom-wp-admin-url
87
HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery LOW *-1.4 July 4, 2026
email-users email-users
91
Email Users <= 4.8.8 - Arbitrary Settings Update via Cross-Site Request Forgery LOW *-4.8.8 July 4, 2026
custom-share-buttons-with-floating-sidebar custom-share-buttons-with-floating-sidebar
93
Custom Share Buttons with Floating Sidebar <= 4.1 - Stored Cross-Site Scripting LOW *-4.1 4.2 July 4, 2026
carousel-ck carousel-ck
91
Carousel CK <= 1.1.0 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.1.0 July 4, 2026
code-snippets-extended code-snippets-extended
87
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery LOW *-1.4.7 July 4, 2026
code-snippets-extended code-snippets-extended
87
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.7 July 4, 2026
opal-hotel-room-booking opal-hotel-room-booking
91
Opal Hotel Room Booking plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.7 July 4, 2026
popup-box popup-box N/A Popup Box <= 2.1.2 - Authenticated Local File Inclusion LOW *-2.1.2 2.2 July 4, 2026
wp-athletics wp-athletics N/A WP Athletics <= 1.1.7 - Stored Cross-Site Scripting LOW *-1.1.7 July 4, 2026
wp-athletics wp-athletics N/A WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting LOW *-1.1.7 July 4, 2026
useful-banner-manager useful-banner-manager N/A Useful Banner Manager <= 1.6.1 - Cross-Site Request Forgery LOW *-1.6.1 July 4, 2026
serp-rank serp-rank N/A Keyword Rank Tracker <= 1.0.7 - Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 July 4, 2026
rsvpmaker rsvpmaker N/A RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection LOW *-9.3.2 9.3.3 July 4, 2026
iq-block-country iq-block-country
93
iQ Block Country <= 1.2.13 - Protection Bypass due to IP Spoofing LOW *-1.2.13 1.2.17 July 4, 2026
hot-linked-image-cacher hot-linked-image-cacher
89
Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery LOW *-1.16 July 4, 2026
google-places-reviews google-places-reviews
93
Google Places Reviews < 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.0.0) 2.0.0 July 4, 2026
enqueue-anything enqueue-anything
91
Enqueue Anything <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 4, 2026
bestbooks bestbooks
91
Bestbooks <= 2.6.3 - Unauthenticated SQL Injection LOW *-2.6.3 July 4, 2026
all-in-one-invite-codes all-in-one-invite-codes
97
All in One Invite Codes <= 1.0.14 - Cross-Site Scripting LOW *-1.0.14 1.0.15 July 4, 2026
advanced-admin-search advanced-admin-search
97
Advanced Admin Search <= 1.1.2 - Cross-Site Scripting LOW *-1.1.2 1.1.6 July 4, 2026
counter-box counter-box
93
Counter Box <= 1.1.1 - Authenticated Local File Inclusion LOW *-1.1.1 1.2 July 4, 2026
hover-effects hover-effects
93
Hover Effects – easily create any hover effect <= 2.1 - Authenticated Local File Inclusion LOW *-2.1 2.1.1 July 4, 2026
mwp-herd-effect mwp-herd-effect
93
Herd Effects <= 5.2 - Local File Inclusion LOW *-5.2 5.2.1 July 4, 2026
wpify-woo wpify-woo N/A WPify Woo Czech <= 3.5.6 - Reflected Cross-Site Scripting LOW *-3.5.6 3.5.7 July 4, 2026
wp-born-babies wp-born-babies N/A //// WP BORN BABIES PLUGIN /// <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting LOW *-1.0 July 4, 2026
user-meta user-meta N/A User Meta – User Profile Builder and User management plugin <= 2.4.3 - Path Traversal LOW [*, 2.4.4) 2.4.4 July 4, 2026
Throws SPAM Away throws-spam-away N/A Throws SPAM Away <= 3.3 - Cross-Site Request Forgery to Comment Modification LOW [*, 3.3.1) 3.3.1 July 4, 2026
slider-video slider-video N/A Video Slider WordPress <= 1.4.6 - Authenticated (Admin+) Cross-Site Scripting LOW [*, 1.4.8) 1.4.8 July 4, 2026
photo-gallery photo-gallery
93
Photo Gallery by 10Web <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.6.4) 1.6.4 July 4, 2026
livesync livesync
91
LiveSync for WordPress <= 1.0 - Cross-Site Request Forgery to Arbitrary Settings Update LOW *-1.0 July 4, 2026
formcraft-form-builder formcraft-form-builder
93
FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.2.6) 1.2.6 July 4, 2026
ajax-search-for-woocommerce ajax-search-for-woocommerce
97
FiboSearch <= 1.17.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.17.0) 1.17.0 July 4, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.16.3 - Cross-Site Scripting LOW *-4.16.3 4.16.4 July 4, 2026
files-download-delay files-download-delay
91
Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset LOW [*, 1.0.7) 1.0.7 July 4, 2026
nd-donations nd-donations
89
Donations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8 July 4, 2026
insert-special-characters insert-special-characters
93
semver-regex <= 3.1.3 and 4.0.0-4.0.3 - Regular Expression Denial of Service (ReDoS) LOW *-1.0.4 1.0.5 July 4, 2026
wordpress-plugin-for-simple-google-adsense-insertion wordpress-plugin-for-simple-google-adsense-insertion N/A WP Simple Adsense Insertion <= 2.0 - Cross-Site Request Forgery LOW *-2.0 2.1 July 4, 2026
quick-restaurant-reservations quick-restaurant-reservations N/A Quick Restaurant Reservations <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 1.4.2 July 4, 2026
pie-forms-for-wp pie-forms-for-wp N/A WordPress Forms by Pie Forms <= 1.4.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.4.9.4) 1.4.9.4 July 4, 2026
loginizer loginizer
93
Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name' LOW *-1.7.5 1.7.6 July 4, 2026
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress duracelltomi-google-tag-manager
94
Google Tag Manager for WordPress <= 1.15 - Cross-Site Scripting via Cloudflare Country Code LOW *-1.15 1.15.1 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.2.1 - Reflected Cross-Site Scripting LOW [*, 13.2.2) 13.2.2 July 4, 2026
wp-fundraising-donation wp-fundraising-donation N/A WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection LOW *-1.4.2 1.5.0 July 4, 2026
wp-db-backup wp-db-backup N/A Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update LOW [*, 2.5.2) 2.5.2 July 4, 2026
greenwallet-gateway greenwallet-gateway
93
WooCommerce Green Wallet Gateway <= 1.0.1 - Reflected Cross-Site Scripting LOW [*, 1.0.2) 1.0.2 July 4, 2026
wpqa wpqa N/A WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure LOW *-5.4 5.5 July 4, 2026
wpqa wpqa N/A WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting LOW [*, 5.4) 5.4 July 4, 2026
use-any-font use-any-font N/A Use Any Font | Custom Font Uploader <= 6.2.7 - Cross-Site Scripting LOW *-6.2.7 6.2.8 July 4, 2026
quotes-llama quotes-llama N/A Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting LOW *-0.7 1.0.0 July 4, 2026
easy-faq-with-expanding-text easy-faq-with-expanding-text
91
Easy FAQ with Expanding Text <= 3.2.8.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.8.3.1 July 4, 2026
bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
91
Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.0 - Cross-Site Scripting LOW *-2.0.0 2.0.1 July 4, 2026
user-meta user-meta N/A User Meta <= 2.4.2 - Authenticated (Admin+) Cross-Site Scripting LOW *-2.4.2 2.4.3 July 4, 2026
team-members team-members N/A Team Members <= 5.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.1.0 5.1.1 July 4, 2026
stafflist stafflist N/A StaffList <= 3.1.6 - Reflected Cross-Site Scripting LOW *-3.1.6 3.1.7 July 4, 2026
slideshow-jquery-image-gallery slideshow-jquery-image-gallery N/A Slideshow <= 2.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.1 July 4, 2026
simple-real-estate-pack-4 simple-real-estate-pack-4 N/A Simple Real Estate Pack <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.8 July 4, 2026
realty-workstation realty-workstation N/A Realty Workstation <= 1.0.9 - Authenticated SQL Injection LOW *-1.0.9 1.0.10 July 4, 2026
open-external-links-in-a-new-window open-external-links-in-a-new-window
93
External Links in New Window / New Tab <= 1.42 - Unauthenticated Stored Cross-Site Scripting LOW *-1.42 1.43 July 4, 2026
open-external-links-in-a-new-window open-external-links-in-a-new-window
93
External Links in New Window / New Tab <= 1.42 - Tabnabbing LOW *-1.42 1.43 July 4, 2026
note-press note-press
87
Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via id Parameter LOW *-0.1.10 July 4, 2026
note-press note-press
87
Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via ids Parameter LOW *-0.1.10 July 4, 2026
note-press note-press
87
Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via Update LOW *-0.1.10 July 4, 2026
no-future-posts no-future-posts
91
No Future Posts <= 1.4 - Stored Cross-Site Scripting LOW *-1.4 July 4, 2026
logo-slider logo-slider
91
Logo Slider <= 1.4.8 - Authenticated (Admin+) SQL Injection LOW *-1.4.8 July 4, 2026
jivochat jivochat
93
JivoChat Live Chat – WP live chat plugin for WordPress <= 1.3.5.3 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.3.5.3 1.3.5.4 July 4, 2026
imdb-info-box imdb-info-box
91
IMDB Info Box <= 2.0 - Stored Cross-Site Scripting LOW *-2.0 July 4, 2026
hpbtool hpbtool
91
hpb Dashboard <= 1.3.1 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.3.1 July 4, 2026
form-maker form-maker
93
Form Maker <= 1.14.11 - Stored Cross-Site Scripting LOW *-1.14.11 1.14.12 July 4, 2026
five-minute-webshop five-minute-webshop
93
Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via id LOW *-1.3.2 1.3.3 July 4, 2026
five-minute-webshop five-minute-webshop
93
Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via orderby LOW *-1.3.2 1.3.3 July 4, 2026
cube-slider cube-slider
91
CUBE SLIDER <= 1.2 - Authenticated (Admin+) SQL Injection LOW *-1.2 July 4, 2026
cp-image-store cp-image-store
93
CP Image Store with Slideshow <= 1.0.67 - Unauthenticated SQL Injection LOW [*, 1.0.68) 1.0.68 July 4, 2026
change-wp-admin-login change-wp-admin-login
93
Change WP Admin Login <= 1.0.9 - Missing Authorization Checks LOW *-1.0.9 1.1.0 July 4, 2026
callbook-mobile-bar callbook-mobile-bar
91
Call&Book Mobile Bar <= 1.2.2 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.2.2 July 4, 2026
bulk-page-creator bulk-page-creator
93
Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation LOW *-1.1.3 1.1.4 July 4, 2026
birthdays-widget birthdays-widget
91
Birthdays Widget <= 1.7.18 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.7.18 July 4, 2026
bannerman bannerman
89
BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting LOW *-0.2.4 July 4, 2026
bannerman bannerman
89
BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting LOW *-0.2.4 July 4, 2026
amtythumb amtythumb
95
amtyThumb <= 4.2.0 - Authenticated SQL Injection LOW *-4.2.0 July 4, 2026
amazon-link amazon-link
95
Amazon Link <= 3.2.10 - Authenticated (Admin+) Cross-Site Scripting LOW *-3.2.10 July 4, 2026
LOW

computer-repair-shop

computer-repair-shop

Score: 93/100 CRM WordPress Plugin – RepairBuddy <= 3.72 - SQL Injection Affected: *-3.72 Patched: 3.73 Updated: July 4, 2026
LOW

code-snippets

code-snippets

Score: 93/100 Code Snippets <= 2.14.3 - Reflected Cross-Site Scripting Affected: *-2.14.3 Patched: 2.14.4 Updated: July 4, 2026
LOW

wp-easy-events

wp-easy-events

Score: N/A Event Management, Events Calendar, RSVP Event Tickets Plugin <= 3.8.4 - Cross-Site Scripting Affected: *-3.8.4 Patched: 3.8.5 Updated: July 4, 2026
LOW

wp-crm

wp-crm

Score: N/A WP-CRM – Customer Relations Management for WordPress <= 1.2.1 - CSV injection Affected: *-1.2.1 Patched: Updated: July 4, 2026
LOW

webriti-smtp-mail

webriti-smtp-mail

Score: N/A Webriti SMTP Mail <= 1.0 - Cross-Site Request Forgery to options update Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

themify-wc-product-filter

themify-wc-product-filter

Score: N/A Themify - WooCommerce Product Filter <= 1.3.7 - Reflected Cross-Site Scripting Affected: *-1.3.7 Patched: 1.3.8 Updated: July 4, 2026
LOW

svg-vector-icon-plugin

svg-vector-icon-plugin

Score: N/A WP SVG Icons <= 3.2.3 - Authenticated (Admin+) Arbitrary File Upload Affected: *-3.2.3 Patched: Updated: July 4, 2026
LOW

social-locker

social-locker

Score: N/A OnePress Social Locker <= 5.6.2 - Cross-Site Request Forgery to Settings Update Affected: *-5.6.2 Patched: Updated: July 4, 2026
LOW

slideshow-ck

slideshow-ck

Score: N/A Slideshow CK <= 1.4.9 - Authenticated Stored Cross-Site Scripting Affected: *-1.4.9 Patched: 1.4.10 Updated: July 4, 2026
LOW

second-street-promotion

second-street-promotion

Score: N/A Second Street <= 3.1.6 - Stored Cross-Site Scripting via organization_id Affected: *-3.1.6 Patched: 3.1.7 Updated: July 4, 2026
LOW

quick-subscribe

quick-subscribe

Score: N/A Quick Subscribe <= 1.7.1 - Cross-Site Request Forgery to Arbitrary Settings Update and Stored Cross-Site Scripting Affected: *-1.7.1 Patched: Updated: July 4, 2026
LOW

official-mailerlite-sign-up-forms

official-mailerlite-sign-up-forms

Score: 93/100 MailerLite - Signup forms <= 1.5.3 - Reflected Cross-Site Scripting Affected: *-1.5.3 Patched: 1.5.4 Updated: July 4, 2026
LOW

member-hero

member-hero

Score: 91/100 Member Hero <= 1.0.9 - Remote Code Execution Affected: *-1.0.9 Patched: Updated: July 4, 2026
LOW

logwpmail

logwpmail

Score: 91/100 Log WP_Mail <= 0.1 - Sensitive Information Disclosure Affected: *-0.1 Patched: Updated: July 4, 2026
LOW

latest-tweets-widget

latest-tweets-widget

Score: 91/100 Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via Cross-Site Request Forgery Affected: *-1.1.4 Patched: Updated: July 4, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification Affected: *-2.0.6 Patched: 2.0.7 Updated: July 4, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation Affected: *-2.0.7 Patched: 2.0.8 Updated: July 4, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service Affected: *-2.0.6 Patched: 2.0.7 Updated: July 4, 2026
LOW

hc-custom-wp-admin-url

hc-custom-wp-admin-url

Score: 87/100 HC Custom WP-Admin URL <= 1.4 - Information Exposure Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

hc-custom-wp-admin-url

hc-custom-wp-admin-url

Score: 87/100 HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

email-users

email-users

Score: 91/100 Email Users <= 4.8.8 - Arbitrary Settings Update via Cross-Site Request Forgery Affected: *-4.8.8 Patched: Updated: July 4, 2026
LOW

custom-share-buttons-with-floating-sidebar

custom-share-buttons-with-floating-sidebar

Score: 93/100 Custom Share Buttons with Floating Sidebar <= 4.1 - Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: July 4, 2026
LOW

carousel-ck

carousel-ck

Score: 91/100 Carousel CK <= 1.1.0 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

code-snippets-extended

code-snippets-extended

Score: 87/100 Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery Affected: *-1.4.7 Patched: Updated: July 4, 2026
LOW

code-snippets-extended

code-snippets-extended

Score: 87/100 Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.7 Patched: Updated: July 4, 2026
LOW

opal-hotel-room-booking

opal-hotel-room-booking

Score: 91/100 Opal Hotel Room Booking plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 4, 2026
LOW

popup-box

popup-box

Score: N/A Popup Box <= 2.1.2 - Authenticated Local File Inclusion Affected: *-2.1.2 Patched: 2.2 Updated: July 4, 2026
LOW

wp-athletics

wp-athletics

Score: N/A WP Athletics <= 1.1.7 - Stored Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: July 4, 2026
LOW

wp-athletics

wp-athletics

Score: N/A WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: July 4, 2026
LOW

useful-banner-manager

useful-banner-manager

Score: N/A Useful Banner Manager <= 1.6.1 - Cross-Site Request Forgery Affected: *-1.6.1 Patched: Updated: July 4, 2026
LOW

serp-rank

serp-rank

Score: N/A Keyword Rank Tracker <= 1.0.7 - Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 4, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection Affected: *-9.3.2 Patched: 9.3.3 Updated: July 4, 2026
LOW

iq-block-country

iq-block-country

Score: 93/100 iQ Block Country <= 1.2.13 - Protection Bypass due to IP Spoofing Affected: *-1.2.13 Patched: 1.2.17 Updated: July 4, 2026
LOW

hot-linked-image-cacher

hot-linked-image-cacher

Score: 89/100 Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery Affected: *-1.16 Patched: Updated: July 4, 2026
LOW

google-places-reviews

google-places-reviews

Score: 93/100 Google Places Reviews < 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.0.0) Patched: 2.0.0 Updated: July 4, 2026
LOW

enqueue-anything

enqueue-anything

Score: 91/100 Enqueue Anything <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

bestbooks

bestbooks

Score: 91/100 Bestbooks <= 2.6.3 - Unauthenticated SQL Injection Affected: *-2.6.3 Patched: Updated: July 4, 2026
LOW

all-in-one-invite-codes

all-in-one-invite-codes

Score: 97/100 All in One Invite Codes <= 1.0.14 - Cross-Site Scripting Affected: *-1.0.14 Patched: 1.0.15 Updated: July 4, 2026
LOW

advanced-admin-search

advanced-admin-search

Score: 97/100 Advanced Admin Search <= 1.1.2 - Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.6 Updated: July 4, 2026
LOW

counter-box

counter-box

Score: 93/100 Counter Box <= 1.1.1 - Authenticated Local File Inclusion Affected: *-1.1.1 Patched: 1.2 Updated: July 4, 2026
LOW

hover-effects

hover-effects

Score: 93/100 Hover Effects – easily create any hover effect <= 2.1 - Authenticated Local File Inclusion Affected: *-2.1 Patched: 2.1.1 Updated: July 4, 2026
LOW

mwp-herd-effect

mwp-herd-effect

Score: 93/100 Herd Effects <= 5.2 - Local File Inclusion Affected: *-5.2 Patched: 5.2.1 Updated: July 4, 2026
LOW

wpify-woo

wpify-woo

Score: N/A WPify Woo Czech <= 3.5.6 - Reflected Cross-Site Scripting Affected: *-3.5.6 Patched: 3.5.7 Updated: July 4, 2026
LOW

wp-born-babies

wp-born-babies

Score: N/A //// WP BORN BABIES PLUGIN /// <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

user-meta

user-meta

Score: N/A User Meta – User Profile Builder and User management plugin <= 2.4.3 - Path Traversal Affected: [*, 2.4.4) Patched: 2.4.4 Updated: July 4, 2026
LOW

Throws SPAM Away

throws-spam-away

Score: N/A Throws SPAM Away <= 3.3 - Cross-Site Request Forgery to Comment Modification Affected: [*, 3.3.1) Patched: 3.3.1 Updated: July 4, 2026
LOW

slider-video

slider-video

Score: N/A Video Slider WordPress <= 1.4.6 - Authenticated (Admin+) Cross-Site Scripting Affected: [*, 1.4.8) Patched: 1.4.8 Updated: July 4, 2026
LOW

photo-gallery

photo-gallery

Score: 93/100 Photo Gallery by 10Web <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.6.4) Patched: 1.6.4 Updated: July 4, 2026
LOW

livesync

livesync

Score: 91/100 LiveSync for WordPress <= 1.0 - Cross-Site Request Forgery to Arbitrary Settings Update Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

formcraft-form-builder

formcraft-form-builder

Score: 93/100 FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.2.6) Patched: 1.2.6 Updated: July 4, 2026
LOW

ajax-search-for-woocommerce

ajax-search-for-woocommerce

Score: 97/100 FiboSearch <= 1.17.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.17.0) Patched: 1.17.0 Updated: July 4, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.16.3 - Cross-Site Scripting Affected: *-4.16.3 Patched: 4.16.4 Updated: July 4, 2026
LOW

files-download-delay

files-download-delay

Score: 91/100 Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset Affected: [*, 1.0.7) Patched: 1.0.7 Updated: July 4, 2026
LOW

nd-donations

nd-donations

Score: 89/100 Donations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: July 4, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 semver-regex <= 3.1.3 and 4.0.0-4.0.3 - Regular Expression Denial of Service (ReDoS) Affected: *-1.0.4 Patched: 1.0.5 Updated: July 4, 2026
LOW

quick-restaurant-reservations

quick-restaurant-reservations

Score: N/A Quick Restaurant Reservations <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: July 4, 2026
LOW

pie-forms-for-wp

pie-forms-for-wp

Score: N/A WordPress Forms by Pie Forms <= 1.4.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.4.9.4) Patched: 1.4.9.4 Updated: July 4, 2026
LOW

loginizer

loginizer

Score: 93/100 Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name' Affected: *-1.7.5 Patched: 1.7.6 Updated: July 4, 2026
LOW

wp-fundraising-donation

wp-fundraising-donation

Score: N/A WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection Affected: *-1.4.2 Patched: 1.5.0 Updated: July 4, 2026
LOW

wp-db-backup

wp-db-backup

Score: N/A Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update Affected: [*, 2.5.2) Patched: 2.5.2 Updated: July 4, 2026
LOW

greenwallet-gateway

greenwallet-gateway

Score: 93/100 WooCommerce Green Wallet Gateway <= 1.0.1 - Reflected Cross-Site Scripting Affected: [*, 1.0.2) Patched: 1.0.2 Updated: July 4, 2026
LOW

wpqa

wpqa

Score: N/A WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure Affected: *-5.4 Patched: 5.5 Updated: July 4, 2026
LOW

wpqa

wpqa

Score: N/A WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting Affected: [*, 5.4) Patched: 5.4 Updated: July 4, 2026
LOW

use-any-font

use-any-font

Score: N/A Use Any Font | Custom Font Uploader <= 6.2.7 - Cross-Site Scripting Affected: *-6.2.7 Patched: 6.2.8 Updated: July 4, 2026
LOW

quotes-llama

quotes-llama

Score: N/A Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting Affected: *-0.7 Patched: 1.0.0 Updated: July 4, 2026
LOW

easy-faq-with-expanding-text

easy-faq-with-expanding-text

Score: 91/100 Easy FAQ with Expanding Text <= 3.2.8.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.8.3.1 Patched: Updated: July 4, 2026
LOW

bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang

bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang

Score: 91/100 Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.0 - Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: July 4, 2026
LOW

user-meta

user-meta

Score: N/A User Meta <= 2.4.2 - Authenticated (Admin+) Cross-Site Scripting Affected: *-2.4.2 Patched: 2.4.3 Updated: July 4, 2026
LOW

team-members

team-members

Score: N/A Team Members <= 5.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.1.0 Patched: 5.1.1 Updated: July 4, 2026
LOW

stafflist

stafflist

Score: N/A StaffList <= 3.1.6 - Reflected Cross-Site Scripting Affected: *-3.1.6 Patched: 3.1.7 Updated: July 4, 2026
LOW

slideshow-jquery-image-gallery

slideshow-jquery-image-gallery

Score: N/A Slideshow <= 2.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: July 4, 2026
LOW

simple-real-estate-pack-4

simple-real-estate-pack-4

Score: N/A Simple Real Estate Pack <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.8 Patched: Updated: July 4, 2026
LOW

realty-workstation

realty-workstation

Score: N/A Realty Workstation <= 1.0.9 - Authenticated SQL Injection Affected: *-1.0.9 Patched: 1.0.10 Updated: July 4, 2026
LOW

open-external-links-in-a-new-window

open-external-links-in-a-new-window

Score: 93/100 External Links in New Window / New Tab <= 1.42 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.42 Patched: 1.43 Updated: July 4, 2026
LOW

open-external-links-in-a-new-window

open-external-links-in-a-new-window

Score: 93/100 External Links in New Window / New Tab <= 1.42 - Tabnabbing Affected: *-1.42 Patched: 1.43 Updated: July 4, 2026
LOW

note-press

note-press

Score: 87/100 Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via id Parameter Affected: *-0.1.10 Patched: Updated: July 4, 2026
LOW

note-press

note-press

Score: 87/100 Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via ids Parameter Affected: *-0.1.10 Patched: Updated: July 4, 2026
LOW

note-press

note-press

Score: 87/100 Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via Update Affected: *-0.1.10 Patched: Updated: July 4, 2026
LOW

no-future-posts

no-future-posts

Score: 91/100 No Future Posts <= 1.4 - Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

logo-slider

logo-slider

Score: 91/100 Logo Slider <= 1.4.8 - Authenticated (Admin+) SQL Injection Affected: *-1.4.8 Patched: Updated: July 4, 2026
LOW

jivochat

jivochat

Score: 93/100 JivoChat Live Chat – WP live chat plugin for WordPress <= 1.3.5.3 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.3.5.3 Patched: 1.3.5.4 Updated: July 4, 2026
LOW

imdb-info-box

imdb-info-box

Score: 91/100 IMDB Info Box <= 2.0 - Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 4, 2026
LOW

hpbtool

hpbtool

Score: 91/100 hpb Dashboard <= 1.3.1 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: July 4, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker <= 1.14.11 - Stored Cross-Site Scripting Affected: *-1.14.11 Patched: 1.14.12 Updated: July 4, 2026
LOW

five-minute-webshop

five-minute-webshop

Score: 93/100 Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via id Affected: *-1.3.2 Patched: 1.3.3 Updated: July 4, 2026
LOW

five-minute-webshop

five-minute-webshop

Score: 93/100 Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via orderby Affected: *-1.3.2 Patched: 1.3.3 Updated: July 4, 2026
LOW

cube-slider

cube-slider

Score: 91/100 CUBE SLIDER <= 1.2 - Authenticated (Admin+) SQL Injection Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

cp-image-store

cp-image-store

Score: 93/100 CP Image Store with Slideshow <= 1.0.67 - Unauthenticated SQL Injection Affected: [*, 1.0.68) Patched: 1.0.68 Updated: July 4, 2026
LOW

change-wp-admin-login

change-wp-admin-login

Score: 93/100 Change WP Admin Login <= 1.0.9 - Missing Authorization Checks Affected: *-1.0.9 Patched: 1.1.0 Updated: July 4, 2026
LOW

callbook-mobile-bar

callbook-mobile-bar

Score: 91/100 Call&Book Mobile Bar <= 1.2.2 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 4, 2026
LOW

bulk-page-creator

bulk-page-creator

Score: 93/100 Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation Affected: *-1.1.3 Patched: 1.1.4 Updated: July 4, 2026
LOW

birthdays-widget

birthdays-widget

Score: 91/100 Birthdays Widget <= 1.7.18 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.7.18 Patched: Updated: July 4, 2026
LOW

bannerman

bannerman

Score: 89/100 BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting Affected: *-0.2.4 Patched: Updated: July 4, 2026
LOW

bannerman

bannerman

Score: 89/100 BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting Affected: *-0.2.4 Patched: Updated: July 4, 2026
LOW

amtythumb

amtythumb

Score: 95/100 amtyThumb <= 4.2.0 - Authenticated SQL Injection Affected: *-4.2.0 Patched: Updated: July 4, 2026
LOW

amazon-link

amazon-link

Score: 95/100 Amazon Link <= 3.2.10 - Authenticated (Admin+) Cross-Site Scripting Affected: *-3.2.10 Patched: Updated: July 4, 2026

Showing 29101 to 29200 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 04:15 UTC.