Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

85

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
name-directory name-directory
93
Name Directory <= 1.25.2 - Cross-Site Scripting LOW *-1.25.2 1.25.3 July 4, 2026
flower-delivery-by-florist-one flower-delivery-by-florist-one
93
Flower Delivery by Florist One <= 3.5.8 - (Admin+) Stored Cross-Site Scripting LOW *-3.5.8 3.5.9 July 4, 2026
wpdatatables wpdatatables N/A wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting LOW *-2.1.27 2.1.28 July 4, 2026
remove-cpt-base remove-cpt-base N/A Remove CPT base <= 5.8 - Cross-Site Request Forgery to CPT base deletion LOW *-5.8 5.9 July 4, 2026
png-to-jpg png-to-jpg N/A PNG to JPG <= 5.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting LOW *-4.0 4.1 July 4, 2026
wp-stateless wp-stateless N/A WP-Stateless – Google Cloud Storage <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.1.1 3.2.0 July 4, 2026
wp-2fa wp-2fa N/A WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Reflected Cross-Site Scripting LOW *-2.2.0 2.2.1 July 4, 2026
code-snippets-extended code-snippets-extended
87
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Remote Code Execution LOW *-1.4.7 July 4, 2026
simple-slider-ssp simple-slider-ssp N/A WP Slider Plugin <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.4.5 July 4, 2026
disable-right-click-for-wp disable-right-click-for-wp
91
Disable Right Click For WP <= 1.1.6 - Cross-Site Request Forgery LOW *-1.1.6 July 4, 2026
google-news-sitemap google-news-sitemap
91
Andrea Pernici News Sitemap for Google <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.16 July 4, 2026
2j-slideshow 2j-slideshow
93
Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting LOW *-1.3.54 July 4, 2026
Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce
98
Checkout Files Upload for WooCommerce <= 2.1.2 - Cross-Site Scripting LOW *-2.1.2 2.1.3 July 4, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.7.1 - Reflected Cross-Site Scripting LOW *-9.7.1 9.7.2 July 4, 2026
poll-maker poll-maker N/A Poll Maker <= 4.0.1 - Admin+ Stored Cross-Site Scripting LOW *-4.0.1 4.0.2 July 4, 2026
wp-smushit wp-smushit N/A Smush – Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting LOW *-3.9.8 3.9.9 July 4, 2026
wp-js wp-js N/A WP JS <= 2.0.6 - Reflected Cross-Site Scripting LOW *-2.0.6 July 4, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking <= 1.5.8 - Reflected Cross-Site Scripting LOW [*, 1.5.9) 1.5.9 July 4, 2026
oauth-client-for-user-authentication oauth-client-for-user-authentication
93
OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.1 - Cross-Site Scripting LOW *-3.0.1 3.0.2 July 4, 2026
enable-svg enable-svg
93
Enable SVG <= 1.3.1 - Cross-Site Scripting via SVG LOW *-1.3.1 1.4.0 July 4, 2026
content-mask content-mask
93
Content Mask <= 1.8.4 - Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.8.4 1.8.4.1 July 4, 2026
wp-subscribe wp-subscribe N/A WP Subscribe <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.12 1.2.13 July 4, 2026
Breeze Cache breeze
79
Breeze – WordPress Cache Plugin <= 2.0.2 - Unprotected AJAX Actions LOW *-2.0.2 2.0.3 July 4, 2026
www-xml-sitemap-generator-org www-xml-sitemap-generator-org N/A XML Sitemap Generator for Google <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 2.0.4 July 4, 2026
wp-meta-seo wp-meta-seo N/A WP Meta SEO <= 4.4.6 - Admin+ Stored Cross-Site Scripting via breadcrumbs LOW *-4.4.6 4.4.7 July 4, 2026
wp-contacts-manager wp-contacts-manager N/A WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection LOW *-2.2.4 July 4, 2026
Tabs Responsive – With WooCommerce Product Tabs Extension tabs-responsive
86
Tabs Responsive <= 2.2.7 - Editor+ Stored Cross-Site Scripting LOW *-2.2.7 2.2.8 July 4, 2026
stafflist stafflist N/A StaffList <= 3.1.2 - Authenticated SQL Injection LOW *-3.1.2 3.1.5 July 4, 2026
nirweb-support nirweb-support
91
Nirweb support <= 2.7.9 - SQL Injection LOW *-2.7.9 2.8.2 July 4, 2026
Check & Log Email – Easy Email Testing & Mail logging check-email
84
Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 1.0.6 July 4, 2026
subscribe-to-comments-reloaded subscribe-to-comments-reloaded N/A Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery LOW *-211130 220502 July 4, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member <= 2.3.1 - Arbitrary Redirect LOW *-2.3.1 2.3.2 July 4, 2026
hermit hermit
86
Hermit 音乐播放器 <= 3.1.6 - Multiple Cross-Site Request Forgery LOW *-3.1.6 July 4, 2026
countdown-builder countdown-builder
91
Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass LOW *-2.3.2 2.3.3 July 4, 2026
hermit hermit
86
Hermit 音乐播放器 <= 3.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.1.6 July 4, 2026
hermit hermit
86
Hermit 音乐播放器 <= 3.1.6 - Unauthenticated SQL Injection LOW *-3.1.6 July 4, 2026
hermit hermit
86
Hermit 音乐播放器 <= 3.1.6 - Authenticated (Subscriber+) SQL Injection LOW *-3.1.6 July 4, 2026
countdown-builder countdown-builder
91
Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.2 - Cross-Site Scripting LOW *-2.3.2 2.3.3 July 4, 2026
countdown-builder countdown-builder
91
Countdown & Clock <= 2.3.2 - Reflected Cross-Site Scripting LOW *-2.3.2 2.3.3 July 4, 2026
ravpage ravpage N/A Ravpage <= 2.16 - Reflected Cross-Site Scripting LOW *-2.16 2.18 July 4, 2026
countdown-builder countdown-builder
91
Countdown & Clock <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.2 2.3.3 July 4, 2026
footer-text footer-text
91
Footer Text <= 2.0.3 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-2.0.3 July 4, 2026
3CX Free Live Chat, Calls & Messaging wp-live-chat-support N/A 3CX Live Chat <= 9.4.2 - Local File Inclusion LOW *-9.4.2 9.4.3 July 4, 2026
All-in-One WP Migration and Backup all-in-one-wp-migration
94
All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts LOW *-7.58 7.59 July 4, 2026
wp-invoice wp-invoice N/A WP-Invoice – Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.3.1 4.3.2 July 4, 2026
rsvpmaker rsvpmaker N/A RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection LOW *-9.2.6 9.2.7 July 4, 2026
curtain curtain
91
Curtain <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.2 July 4, 2026
coru-lfmember coru-lfmember
89
Coru LFMember <= 1.0.2 - Cross-Site Request Forgery LOW *-1.0.2 July 4, 2026
coru-lfmember coru-lfmember
89
Coru LFMember <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2 July 4, 2026
codup-woocommerce-dynamic-pricing-table-view codup-woocommerce-dynamic-pricing-table-view
93
Codup WooCommerce Dynamic Pricing Table View <= 1.2.1.4 - Stored Cross-Site Scripting LOW *-1.2.1.4 1.2.1.5 July 4, 2026
Better Click To Share – Shareable Quote Boxes for X (Twitter) better-click-to-tweet
95
Better Click To Tweet <= 5.10.1 - Reflected Cross-Site Scripting LOW *-5.10.1 5.10.2 July 4, 2026
wp-testing wp-testing N/A Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Cross-Site Scripting LOW *-0.21.19 July 4, 2026
wp-testing wp-testing N/A Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.21.19 July 4, 2026
tripetto tripetto N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 5.1.4 - Unauthenticated Stored Cross-Site Scripting LOW *-5.1.4 5.2.0 July 4, 2026
vertical-scroll-recent-post vertical-scroll-recent-post N/A Vertical scroll recent post <= 13.8 - Reflected Cross-Site Scripting LOW [*, 14.0) 14.0 July 4, 2026
turn-off-comments-for-all-posts turn-off-comments-for-all-posts N/A Turn off all comments <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
slider-wd slider-wd N/A Slider by 10Web <= 1.2.51 - Admin+ Stored Cross-Site Scripting LOW *-1.2.51 1.2.52 July 4, 2026
rsvpmaker rsvpmaker N/A RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection LOW *-9.2.5 9.2.6 July 4, 2026
myaliceai myaliceai
93
MyAlice – Live Chat, WhatsApp, Facebook Messenger, Instagram, & Chatbot for WooCommerce <= 1.2.7 - Stored Cross-Site Scripting LOW *-1.2.7 1.2.8 July 4, 2026
melhor-envio-cotacao melhor-envio-cotacao
93
Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change LOW *-2.11.19 2.11.20 July 4, 2026
gwyns-imagemap-selector gwyns-imagemap-selector
91
Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting LOW *-0.3.3 July 4, 2026
donate-extra donate-extra
91
Donate Extra <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.02 July 4, 2026
shortpixel-adaptive-images shortpixel-adaptive-images N/A ShortPixel Adaptive Images <= 3.3.1 - Subscriber+ Arbitrary Settings Update LOW *-3.3.1 3.4.0 July 4, 2026
wpcargo wpcargo N/A WPCargo Track & Trace <= 6.9.4 - Admin+ Stored Cross Site Scripting LOW *-6.9.4 6.9.5 July 4, 2026
wpcargo wpcargo N/A WPCargo Track & Trace <= 6.9.4 - Reflected Cross-Site Scripting LOW *-6.9.4 6.9.5 July 4, 2026
wp-youtube-live wp-youtube-live N/A WP YouTube Live <= 1.8.2 - Admin+ Stored Cross-Site Scripting LOW *-1.8.2 1.8.3 July 4, 2026
wp-subtitle wp-subtitle N/A WP Subtitle <= 3.4 - Cross-Site Scripting LOW *-3.4 3.4.1 July 4, 2026
woo-smart-wishlist woo-smart-wishlist N/A WPC Smart Wishlist for WooCommerce <= 2.9.8 - Reflected Cross-Site Scripting LOW [*, 2.9.9) 2.9.9 July 4, 2026
tracked-tweets tracked-tweets N/A Tracked Tweets <= 0.2.9 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-0.2.9 July 4, 2026
scrollrevealjs-effects scrollrevealjs-effects N/A ScrollReveal.js Effects <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2 July 4, 2026
night-mode night-mode
93
Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.0 1.4.0 July 4, 2026
grand-media grand-media
91
Gmedia Photo Gallery < 1.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.20.0) 1.20.0 July 4, 2026
call-now-button call-now-button
93
Call Now Button <= 1.1.1 - Reflected Cross-Site Scripting LOW [*, 1.1.2) 1.1.2 July 4, 2026
arprice-responsive-pricing-table arprice-responsive-pricing-table
97
Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection LOW *-3.6 3.6.1 July 4, 2026
3xsocializer 3xsocializer
95
3xSocializer <= 0.98.22 - Authenticated SQL Injection LOW *-0.98.22 July 4, 2026
metform metform
93
Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure LOW *-2.1.3 2.1.4 July 4, 2026
scrolling-anchors scrolling-anchors N/A Easy Smooth Scroll Links <= 2.23.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.23.1 July 4, 2026
advanced-cf7-db advanced-cf7-db
95
Advanced Contact form 7 DB <= 1.8.7 - Stored Cross-Site Scripting LOW *-1.8.7 1.8.8 July 4, 2026
rara-one-click-demo-import rara-one-click-demo-import N/A Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery to Arbitrary File Upload LOW *-1.2.9 1.3.0 July 4, 2026
wpqa wpqa N/A WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields LOW [*, 5.2) 5.2 July 4, 2026
wpqa wpqa N/A WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure LOW [*, 5.2) 5.2 July 4, 2026
wpqa wpqa N/A WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Profile Picture Deletion LOW [*, 5.2) 5.2 July 4, 2026
wp-less-to-css wp-less-to-css N/A WP LESS to CSS <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW [*, 1.5.8) 1.5.8 July 4, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.5.8 - Arbitrary File Upload LOW [*, 1.5.8) 1.5.9 July 4, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Admin+ Stored Cross-Site Scripting LOW [*, 1.5.8) 1.5.8 July 4, 2026
twl-easy-call twl-easy-call N/A Easy Call With Twilio <= 1.0.4 - Stored Cross-Site Scripting LOW [*, 1.1.0) 1.1.0 July 4, 2026
social-stickers social-stickers N/A Social Stickers <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2.9 July 4, 2026
paid-membership paid-membership
93
MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership <= 1.9.5 - Cross-Site Request Forgery LOW *-1.9.5 1.9.6 July 4, 2026
donorbox-donation-form donorbox-donation-form
93
Donorbox – Free Recurring Donation Form <= 7.1.6 - Cross-Site Scripting LOW *-7.1.6 7.1.7 July 4, 2026
cab-fare-calculator cab-fare-calculator
93
Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion LOW *-1.0.3 1.0.4 July 4, 2026
admin-word-count-column admin-word-count-column
95
Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read LOW *-2.2 July 4, 2026
wp-visual-slidebox-builder wp-visual-slidebox-builder N/A Visual Slide Box Builder <= 3.2.9 - Authenticated (Subscriber+) SQL Injection LOW *-3.2.9 July 4, 2026
video-synchro-pdf video-synchro-pdf N/A Videos sync PDF <= 1.7.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.7.4 July 4, 2026
th23-social th23-social N/A th23 Social <= 1.2.0 - Stored Cross-Site Scripting LOW *-1.2.0 July 4, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker N/A Popup Maker <= 1.16.4 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.16.4 1.16.5 July 4, 2026
fusion-builder fusion-builder
93
Fusion Builder <= 3.6.1 & Avada <= 7.6.1 - Unauthenticated Server-Side Request Forgery LOW [*, 3.6.2) 3.6.2 July 4, 2026
external-media-without-import external-media-without-import
91
External Media without Import <= 1.1.2 - Authenticated (Subscriber+) Blind Server-Side Request Forgery LOW *-1.1.2 July 4, 2026
custom-tinymce-shortcode-button custom-tinymce-shortcode-button
91
Custom TinyMCE Shortcode Button <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.1 July 4, 2026
BulletProof Security bulletproof-security
68
BulletProof Security <= 6.0 - Stored Cross-Site Scripting LOW [*, 6.1) 6.1 July 4, 2026
LOW

name-directory

name-directory

Score: 93/100 Name Directory <= 1.25.2 - Cross-Site Scripting Affected: *-1.25.2 Patched: 1.25.3 Updated: July 4, 2026
LOW

flower-delivery-by-florist-one

flower-delivery-by-florist-one

Score: 93/100 Flower Delivery by Florist One <= 3.5.8 - (Admin+) Stored Cross-Site Scripting Affected: *-3.5.8 Patched: 3.5.9 Updated: July 4, 2026
LOW

wpdatatables

wpdatatables

Score: N/A wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting Affected: *-2.1.27 Patched: 2.1.28 Updated: July 4, 2026
LOW

remove-cpt-base

remove-cpt-base

Score: N/A Remove CPT base <= 5.8 - Cross-Site Request Forgery to CPT base deletion Affected: *-5.8 Patched: 5.9 Updated: July 4, 2026
LOW

png-to-jpg

png-to-jpg

Score: N/A PNG to JPG <= 5.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: July 4, 2026
LOW

wp-stateless

wp-stateless

Score: N/A WP-Stateless – Google Cloud Storage <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.1 Patched: 3.2.0 Updated: July 4, 2026
LOW

wp-2fa

wp-2fa

Score: N/A WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Reflected Cross-Site Scripting Affected: *-2.2.0 Patched: 2.2.1 Updated: July 4, 2026
LOW

code-snippets-extended

code-snippets-extended

Score: 87/100 Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Remote Code Execution Affected: *-1.4.7 Patched: Updated: July 4, 2026
LOW

simple-slider-ssp

simple-slider-ssp

Score: N/A WP Slider Plugin <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 4, 2026
LOW

disable-right-click-for-wp

disable-right-click-for-wp

Score: 91/100 Disable Right Click For WP <= 1.1.6 - Cross-Site Request Forgery Affected: *-1.1.6 Patched: Updated: July 4, 2026
LOW

google-news-sitemap

google-news-sitemap

Score: 91/100 Andrea Pernici News Sitemap for Google <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.16 Patched: Updated: July 4, 2026
LOW

2j-slideshow

2j-slideshow

Score: 93/100 Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting Affected: *-1.3.54 Patched: Updated: July 4, 2026
LOW

Checkout Files Upload for WooCommerce

checkout-files-upload-woocommerce

Score: 98/100 Checkout Files Upload for WooCommerce <= 2.1.2 - Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 4, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.7.1 - Reflected Cross-Site Scripting Affected: *-9.7.1 Patched: 9.7.2 Updated: July 4, 2026
LOW

poll-maker

poll-maker

Score: N/A Poll Maker <= 4.0.1 - Admin+ Stored Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: July 4, 2026
LOW

wp-smushit

wp-smushit

Score: N/A Smush – Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting Affected: *-3.9.8 Patched: 3.9.9 Updated: July 4, 2026
LOW

wp-js

wp-js

Score: N/A WP JS <= 2.0.6 - Reflected Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: July 4, 2026
LOW

oauth-client-for-user-authentication

oauth-client-for-user-authentication

Score: 93/100 OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.1 - Cross-Site Scripting Affected: *-3.0.1 Patched: 3.0.2 Updated: July 4, 2026
LOW

enable-svg

enable-svg

Score: 93/100 Enable SVG <= 1.3.1 - Cross-Site Scripting via SVG Affected: *-1.3.1 Patched: 1.4.0 Updated: July 4, 2026
LOW

content-mask

content-mask

Score: 93/100 Content Mask <= 1.8.4 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.8.4 Patched: 1.8.4.1 Updated: July 4, 2026
LOW

wp-subscribe

wp-subscribe

Score: N/A WP Subscribe <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.12 Patched: 1.2.13 Updated: July 4, 2026
LOW

Breeze Cache

breeze

Score: 79/100 Breeze – WordPress Cache Plugin <= 2.0.2 - Unprotected AJAX Actions Affected: *-2.0.2 Patched: 2.0.3 Updated: July 4, 2026
LOW

www-xml-sitemap-generator-org

www-xml-sitemap-generator-org

Score: N/A XML Sitemap Generator for Google <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 4, 2026
LOW

wp-meta-seo

wp-meta-seo

Score: N/A WP Meta SEO <= 4.4.6 - Admin+ Stored Cross-Site Scripting via breadcrumbs Affected: *-4.4.6 Patched: 4.4.7 Updated: July 4, 2026
LOW

wp-contacts-manager

wp-contacts-manager

Score: N/A WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection Affected: *-2.2.4 Patched: Updated: July 4, 2026
LOW

stafflist

stafflist

Score: N/A StaffList <= 3.1.2 - Authenticated SQL Injection Affected: *-3.1.2 Patched: 3.1.5 Updated: July 4, 2026
LOW

nirweb-support

nirweb-support

Score: 91/100 Nirweb support <= 2.7.9 - SQL Injection Affected: *-2.7.9 Patched: 2.8.2 Updated: July 4, 2026
LOW

subscribe-to-comments-reloaded

subscribe-to-comments-reloaded

Score: N/A Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery Affected: *-211130 Patched: 220502 Updated: July 4, 2026
LOW

hermit

hermit

Score: 86/100 Hermit 音乐播放器 <= 3.1.6 - Multiple Cross-Site Request Forgery Affected: *-3.1.6 Patched: Updated: July 4, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

hermit

hermit

Score: 86/100 Hermit 音乐播放器 <= 3.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.1.6 Patched: Updated: July 4, 2026
LOW

hermit

hermit

Score: 86/100 Hermit 音乐播放器 <= 3.1.6 - Unauthenticated SQL Injection Affected: *-3.1.6 Patched: Updated: July 4, 2026
LOW

hermit

hermit

Score: 86/100 Hermit 音乐播放器 <= 3.1.6 - Authenticated (Subscriber+) SQL Injection Affected: *-3.1.6 Patched: Updated: July 4, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.2 - Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown & Clock <= 2.3.2 - Reflected Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

ravpage

ravpage

Score: N/A Ravpage <= 2.16 - Reflected Cross-Site Scripting Affected: *-2.16 Patched: 2.18 Updated: July 4, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown & Clock <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

footer-text

footer-text

Score: 91/100 Footer Text <= 2.0.3 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: July 4, 2026
LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts Affected: *-7.58 Patched: 7.59 Updated: July 4, 2026
LOW

wp-invoice

wp-invoice

Score: N/A WP-Invoice – Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.3.1 Patched: 4.3.2 Updated: July 4, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection Affected: *-9.2.6 Patched: 9.2.7 Updated: July 4, 2026
LOW

curtain

curtain

Score: 91/100 Curtain <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 4, 2026
LOW

coru-lfmember

coru-lfmember

Score: 89/100 Coru LFMember <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: July 4, 2026
LOW

coru-lfmember

coru-lfmember

Score: 89/100 Coru LFMember <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 4, 2026
LOW

codup-woocommerce-dynamic-pricing-table-view

codup-woocommerce-dynamic-pricing-table-view

Score: 93/100 Codup WooCommerce Dynamic Pricing Table View <= 1.2.1.4 - Stored Cross-Site Scripting Affected: *-1.2.1.4 Patched: 1.2.1.5 Updated: July 4, 2026
LOW

wp-testing

wp-testing

Score: N/A Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Cross-Site Scripting Affected: *-0.21.19 Patched: Updated: July 4, 2026
LOW

wp-testing

wp-testing

Score: N/A Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.21.19 Patched: Updated: July 4, 2026
LOW

tripetto

tripetto

Score: N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 5.1.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.1.4 Patched: 5.2.0 Updated: July 4, 2026
LOW

vertical-scroll-recent-post

vertical-scroll-recent-post

Score: N/A Vertical scroll recent post <= 13.8 - Reflected Cross-Site Scripting Affected: [*, 14.0) Patched: 14.0 Updated: July 4, 2026
LOW

turn-off-comments-for-all-posts

turn-off-comments-for-all-posts

Score: N/A Turn off all comments <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

slider-wd

slider-wd

Score: N/A Slider by 10Web <= 1.2.51 - Admin+ Stored Cross-Site Scripting Affected: *-1.2.51 Patched: 1.2.52 Updated: July 4, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection Affected: *-9.2.5 Patched: 9.2.6 Updated: July 4, 2026
LOW

myaliceai

myaliceai

Score: 93/100 MyAlice – Live Chat, WhatsApp, Facebook Messenger, Instagram, & Chatbot for WooCommerce <= 1.2.7 - Stored Cross-Site Scripting Affected: *-1.2.7 Patched: 1.2.8 Updated: July 4, 2026
LOW

melhor-envio-cotacao

melhor-envio-cotacao

Score: 93/100 Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change Affected: *-2.11.19 Patched: 2.11.20 Updated: July 4, 2026
LOW

gwyns-imagemap-selector

gwyns-imagemap-selector

Score: 91/100 Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting Affected: *-0.3.3 Patched: Updated: July 4, 2026
LOW

donate-extra

donate-extra

Score: 91/100 Donate Extra <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.02 Patched: Updated: July 4, 2026
LOW

shortpixel-adaptive-images

shortpixel-adaptive-images

Score: N/A ShortPixel Adaptive Images <= 3.3.1 - Subscriber+ Arbitrary Settings Update Affected: *-3.3.1 Patched: 3.4.0 Updated: July 4, 2026
LOW

wpcargo

wpcargo

Score: N/A WPCargo Track & Trace <= 6.9.4 - Admin+ Stored Cross Site Scripting Affected: *-6.9.4 Patched: 6.9.5 Updated: July 4, 2026
LOW

wpcargo

wpcargo

Score: N/A WPCargo Track & Trace <= 6.9.4 - Reflected Cross-Site Scripting Affected: *-6.9.4 Patched: 6.9.5 Updated: July 4, 2026
LOW

wp-youtube-live

wp-youtube-live

Score: N/A WP YouTube Live <= 1.8.2 - Admin+ Stored Cross-Site Scripting Affected: *-1.8.2 Patched: 1.8.3 Updated: July 4, 2026
LOW

wp-subtitle

wp-subtitle

Score: N/A WP Subtitle <= 3.4 - Cross-Site Scripting Affected: *-3.4 Patched: 3.4.1 Updated: July 4, 2026
LOW

woo-smart-wishlist

woo-smart-wishlist

Score: N/A WPC Smart Wishlist for WooCommerce <= 2.9.8 - Reflected Cross-Site Scripting Affected: [*, 2.9.9) Patched: 2.9.9 Updated: July 4, 2026
LOW

tracked-tweets

tracked-tweets

Score: N/A Tracked Tweets <= 0.2.9 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-0.2.9 Patched: Updated: July 4, 2026
LOW

scrollrevealjs-effects

scrollrevealjs-effects

Score: N/A ScrollReveal.js Effects <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

night-mode

night-mode

Score: 93/100 Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.4.0 Updated: July 4, 2026
LOW

grand-media

grand-media

Score: 91/100 Gmedia Photo Gallery < 1.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.20.0) Patched: 1.20.0 Updated: July 4, 2026
LOW

call-now-button

call-now-button

Score: 93/100 Call Now Button <= 1.1.1 - Reflected Cross-Site Scripting Affected: [*, 1.1.2) Patched: 1.1.2 Updated: July 4, 2026
LOW

arprice-responsive-pricing-table

arprice-responsive-pricing-table

Score: 97/100 Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection Affected: *-3.6 Patched: 3.6.1 Updated: July 4, 2026
LOW

3xsocializer

3xsocializer

Score: 95/100 3xSocializer <= 0.98.22 - Authenticated SQL Injection Affected: *-0.98.22 Patched: Updated: July 4, 2026
LOW

metform

metform

Score: 93/100 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure Affected: *-2.1.3 Patched: 2.1.4 Updated: July 4, 2026
LOW

scrolling-anchors

scrolling-anchors

Score: N/A Easy Smooth Scroll Links <= 2.23.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.23.1 Patched: Updated: July 4, 2026
LOW

advanced-cf7-db

advanced-cf7-db

Score: 95/100 Advanced Contact form 7 DB <= 1.8.7 - Stored Cross-Site Scripting Affected: *-1.8.7 Patched: 1.8.8 Updated: July 4, 2026
LOW

rara-one-click-demo-import

rara-one-click-demo-import

Score: N/A Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-1.2.9 Patched: 1.3.0 Updated: July 4, 2026
LOW

wpqa

wpqa

Score: N/A WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields Affected: [*, 5.2) Patched: 5.2 Updated: July 4, 2026
LOW

wpqa

wpqa

Score: N/A WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure Affected: [*, 5.2) Patched: 5.2 Updated: July 4, 2026
LOW

wpqa

wpqa

Score: N/A WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Profile Picture Deletion Affected: [*, 5.2) Patched: 5.2 Updated: July 4, 2026
LOW

wp-less-to-css

wp-less-to-css

Score: N/A WP LESS to CSS <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: [*, 1.5.8) Patched: 1.5.8 Updated: July 4, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.8 - Arbitrary File Upload Affected: [*, 1.5.8) Patched: 1.5.9 Updated: July 4, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Admin+ Stored Cross-Site Scripting Affected: [*, 1.5.8) Patched: 1.5.8 Updated: July 4, 2026
LOW

twl-easy-call

twl-easy-call

Score: N/A Easy Call With Twilio <= 1.0.4 - Stored Cross-Site Scripting Affected: [*, 1.1.0) Patched: 1.1.0 Updated: July 4, 2026
LOW

social-stickers

social-stickers

Score: N/A Social Stickers <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2.9 Patched: Updated: July 4, 2026
LOW

paid-membership

paid-membership

Score: 93/100 MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership <= 1.9.5 - Cross-Site Request Forgery Affected: *-1.9.5 Patched: 1.9.6 Updated: July 4, 2026
LOW

donorbox-donation-form

donorbox-donation-form

Score: 93/100 Donorbox – Free Recurring Donation Form <= 7.1.6 - Cross-Site Scripting Affected: *-7.1.6 Patched: 7.1.7 Updated: July 4, 2026
LOW

cab-fare-calculator

cab-fare-calculator

Score: 93/100 Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion Affected: *-1.0.3 Patched: 1.0.4 Updated: July 4, 2026
LOW

admin-word-count-column

admin-word-count-column

Score: 95/100 Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read Affected: *-2.2 Patched: Updated: July 4, 2026
LOW

wp-visual-slidebox-builder

wp-visual-slidebox-builder

Score: N/A Visual Slide Box Builder <= 3.2.9 - Authenticated (Subscriber+) SQL Injection Affected: *-3.2.9 Patched: Updated: July 4, 2026
LOW

video-synchro-pdf

video-synchro-pdf

Score: N/A Videos sync PDF <= 1.7.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.7.4 Patched: Updated: July 4, 2026
LOW

th23-social

th23-social

Score: N/A th23 Social <= 1.2.0 - Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 4, 2026
LOW

fusion-builder

fusion-builder

Score: 93/100 Fusion Builder <= 3.6.1 & Avada <= 7.6.1 - Unauthenticated Server-Side Request Forgery Affected: [*, 3.6.2) Patched: 3.6.2 Updated: July 4, 2026
LOW

external-media-without-import

external-media-without-import

Score: 91/100 External Media without Import <= 1.1.2 - Authenticated (Subscriber+) Blind Server-Side Request Forgery Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

custom-tinymce-shortcode-button

custom-tinymce-shortcode-button

Score: 91/100 Custom TinyMCE Shortcode Button <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security <= 6.0 - Stored Cross-Site Scripting Affected: [*, 6.1) Patched: 6.1 Updated: July 4, 2026

Showing 29201 to 29300 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 05:15 UTC.