Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
bulk-edit-user-profiles-in-spreadsheet bulk-edit-user-profiles-in-spreadsheet
93
Bulk Edit and Create User Profiles – WP Sheet Editor <= 1.5.13 - Cross-Site Scripting LOW [*, 1.5.14) 1.5.14 July 4, 2026
bmi-bmr-calculator bmi-bmr-calculator
91
BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 4, 2026
automatic-grid-image-listing automatic-grid-image-listing
91
AGIL(Automatic Grid Image Listing) <= 1.0 - Arbitrary File Upload LOW *-1.0 July 4, 2026
advanced-uploader advanced-uploader
95
Advanced uploader <= 4.2 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-4.2 July 4, 2026
advanced-image-sitemap advanced-image-sitemap
95
Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 4, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Arbitrary File Upload LOW *-1.5.3 1.5.4 July 4, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Sensitive Information Exposure LOW *-1.5.3 1.5.4 July 4, 2026
ubigeo-peru ubigeo-peru N/A Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection LOW [*, 3.6.4) 3.6.4 July 4, 2026
slide-anything slide-anything N/A Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.43 - Editor+ Cross-Site Scripting LOW [*, 2.3.44) 2.3.44 July 4, 2026
popup-by-supsystic popup-by-supsystic N/A Popup by Supsystic <= 1.10.8 - Sensitive Information Disclosure LOW [*, 1.10.9) 1.10.9 July 4, 2026
personal-dictionary personal-dictionary
93
Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection LOW [*, 1.3.4) 1.3.4 July 4, 2026
mapsvg mapsvg
91
MapSVG <= 6.2.19 - SQL Injection LOW [*, 6.2.20) 6.2.20 July 4, 2026
event-list event-list
93
Event List < 0.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.8.7 0.8.8 July 4, 2026
Booking Calendar booking
71
Booking Calendar <= 9.1 - PHP Object Injection via Shortcode LOW *-9.1 9.1.1 July 4, 2026
woc-open-close woc-open-close N/A Woocommerce Open Close – Best Business Schedules Manager <= 4.3.0 - Reflected Cross-Site Scripting LOW *-4.3.0 4.3.1 July 4, 2026
sitesupercharger sitesupercharger N/A SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection LOW *-5.1.10 5.2.0 July 4, 2026
kb-support kb-support
91
KB Support – WordPress Help Desk <= 1.5.5 - Multiple Unauthenticated Stored Cross-Site Scripting LOW *-1.5.5 1.5.6 July 4, 2026
wp-maintenance wp-maintenance N/A WP Maintenance <= 6.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-6.0.5 6.0.6 July 4, 2026
simple-ajax-chat simple-ajax-chat N/A Simple Ajax Chat <= 20220115 - Cross-Site Request Forgery LOW *-20220115 20220216 July 4, 2026
simple-ajax-chat simple-ajax-chat N/A Simple Ajax Chat Plugin <= 20220115 - Sensitive Information Disclosure LOW *-20220115 20220216 July 4, 2026
wp-easycart wp-easycart N/A Shopping Cart & eCommerce Store <= 5.2.6 - Cross-Site Request Forgery LOW *-5.2.6 5.3.0 July 4, 2026
Advanced Booking & Appointment System – Webba Booking Calendar webba-booking-lite
70
Webba Booking <= 4.2.21 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.2.21 4.2.22 July 4, 2026
product-filter-for-woocommerce-product product-filter-for-woocommerce-product N/A Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection LOW *-1.3.0 July 4, 2026
modern-events-calendar-lite modern-events-calendar-lite
93
Modern Events Calendar Lite <= 6.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-6.5.1 6.5.2 July 4, 2026
fancy-product-designer fancy-product-designer
93
Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload LOW *-4.7.5 4.7.6 July 4, 2026
exmage-wp-image-links exmage-wp-image-links
93
EXMAGE – WordPress Image Links <= 1.0.6 - Admin+ Blind SSRF LOW *-1.0.6 1.0.7 July 4, 2026
wp-video-gallery-free wp-video-gallery-free N/A WP Video Gallery <= 1.7.1 - SQL Injection LOW *-1.7.1 July 4, 2026
wp-system-log wp-system-log N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW * July 4, 2026
wp-social-buttons wp-social-buttons N/A WP Social Buttons <= 2.1 - Admin+ Cross-Site Scripting LOW *-2.1 2.2 July 4, 2026
wp-2fa wp-2fa N/A WP 2FA – Two-factor authentication for WordPress <= 2.1.0 - Insecure Direct Object Reference LOW *-2.1.0 2.2.0 July 4, 2026
woo-document-preview woo-document-preview N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.4.0) 1.4.0 July 4, 2026
woo-audio-preview woo-audio-preview N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.4.0) 1.4.0 July 4, 2026
wbcom-designs-buddypress-search wbcom-designs-buddypress-search N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW * July 4, 2026
wbcom-designs-buddypress-ads wbcom-designs-buddypress-ads N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.3.1) 1.3.1 July 4, 2026
users-ultra users-ultra N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection LOW *-3.1.0 July 4, 2026
udraw udraw N/A Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access LOW *-3.3.3 3.4.0 July 4, 2026
tipsacarrier tipsacarrier N/A Tipsacarrier < 1.5.0.5 - Missing Authorization to Order Disclosure LOW [*, 1.5.0.5) 1.5.0.5 July 4, 2026
sitemap-by-click5 sitemap-by-click5 N/A Sitemap by click5 <= 1.0.35 - Unauthenticated Arbitrary Options Update LOW *-1.0.35 1.0.36 July 4, 2026
sema-api sema-api N/A SEMA API <= 3.64 - SQL Injection LOW *-3.64 4.02 July 4, 2026
rsfirewall rsfirewall N/A RSFirewall! <= 1.1.24 - IP Address Spoofing LOW *-1.1.24 1.1.25 July 4, 2026
review-buddypress-groups review-buddypress-groups N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 2.8.1) 2.8.1 July 4, 2026
multiple-shipping-address-woocommerce multiple-shipping-address-woocommerce
93
Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection LOW [*, 2.0) 2.0 July 4, 2026
lock-my-bp lock-my-bp
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.7.0) 1.7.0 July 4, 2026
lifterlms-gateway-paypal lifterlms-gateway-paypal
93
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting LOW [*, 1.4.0) 1.4.0 July 4, 2026
igniteup igniteup
93
IgniteUp – Coming Soon and Maintenance Mode <= 3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.4.1 3.4.2 July 4, 2026
fast-flow-dashboard fast-flow-dashboard
93
Fast Flow <= 1.2.10 - Cross-Site Scripting LOW *-1.2.10 1.2.11 July 4, 2026
Elementor Website Builder – more than just a page builder elementor
79
Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution LOW 3.6.0-3.6.2 3.6.3 July 4, 2026
easily-generate-rest-api-url easily-generate-rest-api-url
91
Easily Generate Rest API Url <= 1.0.0 - Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
documentor-lite documentor-lite
93
Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection LOW *-1.5.3 1.5.4 July 4, 2026
daily-prayer-time-for-mosques daily-prayer-time-for-mosques
93
Daily Prayer Time < 2022.03.01 - Unauthenticated SQL Injection LOW [*, 2022.03.01) 2022.03.01 July 4, 2026
custom-font-uploader custom-font-uploader
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 2.2.0) 2.2.0 July 4, 2026
custom-email-options custom-email-options
91
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW * July 4, 2026
contest-gallery contest-gallery
93
Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection LOW *-13.1.0.5 13.1.0.6 July 4, 2026
cart-link-for-woocommerce cart-link-for-woocommerce
93
Cart Link for WooCommerce <= 2.0.2 - Cross-Site Request Forgery LOW *-1.0.2 1.1.0 July 4, 2026
buddypress-sticky-post buddypress-sticky-post
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.9.9) 1.9.9 July 4, 2026
buddypress-hashtag buddypress-hashtag
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 2.7.0) 2.7.0 July 4, 2026
buddypress-check-ins-pro buddypress-check-ins-pro
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.4.0) 1.4.0 July 4, 2026
bp-user-to-do-list bp-user-to-do-list
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 3.0.0) 3.0.0 July 4, 2026
bp-user-profile-reviews bp-user-profile-reviews
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 2.7.0) 2.7.0 July 4, 2026
bp-job-manager-integration bp-job-manager-integration
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 2.6.1) 2.6.1 July 4, 2026
bp-create-group-type bp-create-group-type
91
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW * July 4, 2026
bp-check-in bp-check-in
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 1.9.4) 1.9.4 July 4, 2026
bp-activity-social-share bp-activity-social-share
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 3.3.0) 3.3.0 July 4, 2026
bp-activity-filter bp-activity-filter
93
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation LOW [*, 2.8.0) 2.8.0 July 4, 2026
books-papers books-papers
93
Books & Papers <= 0.20210223 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.20210223 0.20220219 July 4, 2026
badgeos badgeos
83
BadgeOS <= 3.7.0 - Unauthenticated SQL Injection LOW *-3.7.0 3.7.1 July 4, 2026
autolinks autolinks
91
Autolinks <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0.1 July 4, 2026
admin-menu-restriction admin-menu-restriction
95
Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 July 4, 2026
ad-invalid-click-protector ad-invalid-click-protector
97
Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Cross-Site Request Forgery to Arbitrary Ban Deletion LOW *-1.2.5.2 1.2.7 July 4, 2026
5-stars-rating-funnel 5-stars-rating-funnel
95
5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection LOW *-1.2.53 1.2.54 July 4, 2026
calderawp-license-manager calderawp-license-manager
91
CalderaWP License Manager <= 1.2.11 - Cross-Site Request Forgery LOW *-1.2.11 July 4, 2026
woc-order-alert woc-order-alert N/A Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection LOW [*, 3.2.2) 3.2.2 July 4, 2026
themify-ptb-search themify-ptb-search N/A Themify PTB Search Addon <= 1.3.9 - Reflected Cross-Site Scripting LOW *-1.3.9 1.4.0 July 4, 2026
eroom-zoom-meetings-webinar eroom-zoom-meetings-webinar
93
eRoom – Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery LOW *-1.3.8 1.3.9 July 4, 2026
eroom-zoom-meetings-webinar eroom-zoom-meetings-webinar
93
eRoom – Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery LOW *-1.3.7 1.3.8 July 4, 2026
yoo-slider yoo-slider N/A Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery LOW *-2.0.0 2.1.0 July 4, 2026
yoo-slider yoo-slider N/A Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery LOW *-2.0.0 2.1.0 July 4, 2026
Responsive Tabs responsive-tabs
95
Responsive Tabs <= 4.0.5 - Authenticated Stored Cross-Site Scripting LOW *-4.0.5 4.0.6 July 4, 2026
visual-form-builder visual-form-builder N/A Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification LOW [*, 3.0.8) 3.0.8 July 4, 2026
searchiq searchiq N/A SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting LOW *-3.8 3.9 July 4, 2026
rsvp rsvp N/A RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure LOW *-2.7.7 2.7.8 July 4, 2026
photo-gallery photo-gallery
93
Photo Gallery by 10Web <= 1.6.2 - SQL Injection LOW [*, 1.6.3) 1.6.3 July 4, 2026
photo-gallery photo-gallery
93
Photo Gallery by 10Web <= 1.6.2 - Cross-Site Scripting LOW [*, 1.6.3) 1.6.3 July 4, 2026
one-click-demo-import one-click-demo-import
93
Catch Themes Demo Import <= 3.0.2 - Authenticated (Admin+) Arbitrary File Upload LOW [*, 3.1.0) 3.1.0 July 4, 2026
master-elements master-elements
91
Master Elements <= 8.0 - Unauthenticated SQL injection LOW *-8.0 July 4, 2026
leadin leadin
93
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 8.8.13 - Server Side Request Forgery LOW [*, 8.8.15) 8.8.15 July 4, 2026
layerslider layerslider
93
LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting LOW *-7.1.1 7.1.2 July 4, 2026
jc-importer jc-importer
93
Import WP – Import and Export WordPress data to XML or CSV files <= 2.4.5 - Authenticated Arbitrary File Upload LOW *-2.4.5 2.4.6 July 4, 2026
import-users-from-csv-with-meta import-users-from-csv-with-meta
93
Import and export users and customers <= 1.19.2 - Stored Cross-Site Scripting LOW [*, 1.19.2.1) 1.19.2.1 July 4, 2026
gotmls gotmls
93
Anti-Malware Security and Brute-Force Firewall <= 4.20.95 - Reflected Cross-Site Scripting LOW [*, 4.20.96) 4.20.96 July 4, 2026
good-bad-comments good-bad-comments
91
Good & Bad Comments <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
easy-social-icons easy-social-icons
93
Easy Social Icons <= 3.1.4 - Admin+ Cross-Site Scripting LOW *-3.1.4 3.2.0 July 4, 2026
easy-social-icons easy-social-icons
93
Easy Social Icons <= 3.2.0 - Authenticated (Admin+) Cross-Site Scripting and Missing Authorization Checks LOW *-3.2.0 3.2.1 July 4, 2026
easy-social-icons easy-social-icons
93
Easy Social Icons <= 3.2.2 - Admin+ Cross-Site Scripting LOW *-3.2.2 3.2.3 July 4, 2026
easy-facebook-likebox-premium easy-facebook-likebox-premium
91
Easy Social Feed <= 6.2.6 - Reflected Cross-Site Scripting LOW *-6.2.6 6.2.7 July 4, 2026
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress easy-facebook-likebox
72
Easy Social Feed <= 6.2.6 - Reflected Cross-Site Scripting LOW *-6.2.6 6.2.7 July 4, 2026
contexture-page-security contexture-page-security
91
Page Security & Membership <= 1.5.15 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.15 July 4, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting LOW [*, 4.4.11) 4.4.11 July 4, 2026
AdRotate Banner Manager adrotate
74
AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Group Names LOW [*, 5.8.23) 5.8.23 July 4, 2026
AdRotate Banner Manager adrotate
74
AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Advert Names LOW [*, 5.8.23) 5.8.23 July 4, 2026
LOW

bulk-edit-user-profiles-in-spreadsheet

bulk-edit-user-profiles-in-spreadsheet

Score: 93/100 Bulk Edit and Create User Profiles – WP Sheet Editor <= 1.5.13 - Cross-Site Scripting Affected: [*, 1.5.14) Patched: 1.5.14 Updated: July 4, 2026
LOW

bmi-bmr-calculator

bmi-bmr-calculator

Score: 91/100 BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 4, 2026
LOW

automatic-grid-image-listing

automatic-grid-image-listing

Score: 91/100 AGIL(Automatic Grid Image Listing) <= 1.0 - Arbitrary File Upload Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

advanced-uploader

advanced-uploader

Score: 95/100 Advanced uploader <= 4.2 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-4.2 Patched: Updated: July 4, 2026
LOW

advanced-image-sitemap

advanced-image-sitemap

Score: 95/100 Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Arbitrary File Upload Affected: *-1.5.3 Patched: 1.5.4 Updated: July 4, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Sensitive Information Exposure Affected: *-1.5.3 Patched: 1.5.4 Updated: July 4, 2026
LOW

ubigeo-peru

ubigeo-peru

Score: N/A Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection Affected: [*, 3.6.4) Patched: 3.6.4 Updated: July 4, 2026
LOW

slide-anything

slide-anything

Score: N/A Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.43 - Editor+ Cross-Site Scripting Affected: [*, 2.3.44) Patched: 2.3.44 Updated: July 4, 2026
LOW

popup-by-supsystic

popup-by-supsystic

Score: N/A Popup by Supsystic <= 1.10.8 - Sensitive Information Disclosure Affected: [*, 1.10.9) Patched: 1.10.9 Updated: July 4, 2026
LOW

personal-dictionary

personal-dictionary

Score: 93/100 Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection Affected: [*, 1.3.4) Patched: 1.3.4 Updated: July 4, 2026
LOW

mapsvg

mapsvg

Score: 91/100 MapSVG <= 6.2.19 - SQL Injection Affected: [*, 6.2.20) Patched: 6.2.20 Updated: July 4, 2026
LOW

event-list

event-list

Score: 93/100 Event List < 0.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.8.7 Patched: 0.8.8 Updated: July 4, 2026
LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 9.1 - PHP Object Injection via Shortcode Affected: *-9.1 Patched: 9.1.1 Updated: July 4, 2026
LOW

woc-open-close

woc-open-close

Score: N/A Woocommerce Open Close – Best Business Schedules Manager <= 4.3.0 - Reflected Cross-Site Scripting Affected: *-4.3.0 Patched: 4.3.1 Updated: July 4, 2026
LOW

sitesupercharger

sitesupercharger

Score: N/A SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection Affected: *-5.1.10 Patched: 5.2.0 Updated: July 4, 2026
LOW

kb-support

kb-support

Score: 91/100 KB Support – WordPress Help Desk <= 1.5.5 - Multiple Unauthenticated Stored Cross-Site Scripting Affected: *-1.5.5 Patched: 1.5.6 Updated: July 4, 2026
LOW

wp-maintenance

wp-maintenance

Score: N/A WP Maintenance <= 6.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-6.0.5 Patched: 6.0.6 Updated: July 4, 2026
LOW

simple-ajax-chat

simple-ajax-chat

Score: N/A Simple Ajax Chat <= 20220115 - Cross-Site Request Forgery Affected: *-20220115 Patched: 20220216 Updated: July 4, 2026
LOW

simple-ajax-chat

simple-ajax-chat

Score: N/A Simple Ajax Chat Plugin <= 20220115 - Sensitive Information Disclosure Affected: *-20220115 Patched: 20220216 Updated: July 4, 2026
LOW

wp-easycart

wp-easycart

Score: N/A Shopping Cart & eCommerce Store <= 5.2.6 - Cross-Site Request Forgery Affected: *-5.2.6 Patched: 5.3.0 Updated: July 4, 2026
LOW

product-filter-for-woocommerce-product

product-filter-for-woocommerce-product

Score: N/A Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection Affected: *-1.3.0 Patched: Updated: July 4, 2026
LOW

modern-events-calendar-lite

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar Lite <= 6.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-6.5.1 Patched: 6.5.2 Updated: July 4, 2026
LOW

fancy-product-designer

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-4.7.5 Patched: 4.7.6 Updated: July 4, 2026
LOW

exmage-wp-image-links

exmage-wp-image-links

Score: 93/100 EXMAGE – WordPress Image Links <= 1.0.6 - Admin+ Blind SSRF Affected: *-1.0.6 Patched: 1.0.7 Updated: July 4, 2026
LOW

wp-video-gallery-free

wp-video-gallery-free

Score: N/A WP Video Gallery <= 1.7.1 - SQL Injection Affected: *-1.7.1 Patched: Updated: July 4, 2026
LOW

wp-system-log

wp-system-log

Score: N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: * Patched: Updated: July 4, 2026
LOW

wp-social-buttons

wp-social-buttons

Score: N/A WP Social Buttons <= 2.1 - Admin+ Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 4, 2026
LOW

wp-2fa

wp-2fa

Score: N/A WP 2FA – Two-factor authentication for WordPress <= 2.1.0 - Insecure Direct Object Reference Affected: *-2.1.0 Patched: 2.2.0 Updated: July 4, 2026
LOW

woo-document-preview

woo-document-preview

Score: N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.4.0) Patched: 1.4.0 Updated: July 4, 2026
LOW

woo-audio-preview

woo-audio-preview

Score: N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.4.0) Patched: 1.4.0 Updated: July 4, 2026
LOW

wbcom-designs-buddypress-search

wbcom-designs-buddypress-search

Score: N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: * Patched: Updated: July 4, 2026
LOW

wbcom-designs-buddypress-ads

wbcom-designs-buddypress-ads

Score: N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.3.1) Patched: 1.3.1 Updated: July 4, 2026
LOW

users-ultra

users-ultra

Score: N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection Affected: *-3.1.0 Patched: Updated: July 4, 2026
LOW

udraw

udraw

Score: N/A Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access Affected: *-3.3.3 Patched: 3.4.0 Updated: July 4, 2026
LOW

tipsacarrier

tipsacarrier

Score: N/A Tipsacarrier < 1.5.0.5 - Missing Authorization to Order Disclosure Affected: [*, 1.5.0.5) Patched: 1.5.0.5 Updated: July 4, 2026
LOW

sitemap-by-click5

sitemap-by-click5

Score: N/A Sitemap by click5 <= 1.0.35 - Unauthenticated Arbitrary Options Update Affected: *-1.0.35 Patched: 1.0.36 Updated: July 4, 2026
LOW

sema-api

sema-api

Score: N/A SEMA API <= 3.64 - SQL Injection Affected: *-3.64 Patched: 4.02 Updated: July 4, 2026
LOW

rsfirewall

rsfirewall

Score: N/A RSFirewall! <= 1.1.24 - IP Address Spoofing Affected: *-1.1.24 Patched: 1.1.25 Updated: July 4, 2026
LOW

review-buddypress-groups

review-buddypress-groups

Score: N/A Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 2.8.1) Patched: 2.8.1 Updated: July 4, 2026
LOW

multiple-shipping-address-woocommerce

multiple-shipping-address-woocommerce

Score: 93/100 Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection Affected: [*, 2.0) Patched: 2.0 Updated: July 4, 2026
LOW

lock-my-bp

lock-my-bp

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.7.0) Patched: 1.7.0 Updated: July 4, 2026
LOW

lifterlms-gateway-paypal

lifterlms-gateway-paypal

Score: 93/100 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting Affected: [*, 1.4.0) Patched: 1.4.0 Updated: July 4, 2026
LOW

igniteup

igniteup

Score: 93/100 IgniteUp – Coming Soon and Maintenance Mode <= 3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: July 4, 2026
LOW

fast-flow-dashboard

fast-flow-dashboard

Score: 93/100 Fast Flow <= 1.2.10 - Cross-Site Scripting Affected: *-1.2.10 Patched: 1.2.11 Updated: July 4, 2026
LOW

easily-generate-rest-api-url

easily-generate-rest-api-url

Score: 91/100 Easily Generate Rest API Url <= 1.0.0 - Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

documentor-lite

documentor-lite

Score: 93/100 Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection Affected: *-1.5.3 Patched: 1.5.4 Updated: July 4, 2026
LOW

daily-prayer-time-for-mosques

daily-prayer-time-for-mosques

Score: 93/100 Daily Prayer Time < 2022.03.01 - Unauthenticated SQL Injection Affected: [*, 2022.03.01) Patched: 2022.03.01 Updated: July 4, 2026
LOW

custom-font-uploader

custom-font-uploader

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 2.2.0) Patched: 2.2.0 Updated: July 4, 2026
LOW

custom-email-options

custom-email-options

Score: 91/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: * Patched: Updated: July 4, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection Affected: *-13.1.0.5 Patched: 13.1.0.6 Updated: July 4, 2026
LOW

cart-link-for-woocommerce

cart-link-for-woocommerce

Score: 93/100 Cart Link for WooCommerce <= 2.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: 1.1.0 Updated: July 4, 2026
LOW

buddypress-sticky-post

buddypress-sticky-post

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.9.9) Patched: 1.9.9 Updated: July 4, 2026
LOW

buddypress-hashtag

buddypress-hashtag

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 2.7.0) Patched: 2.7.0 Updated: July 4, 2026
LOW

buddypress-check-ins-pro

buddypress-check-ins-pro

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.4.0) Patched: 1.4.0 Updated: July 4, 2026
LOW

bp-user-to-do-list

bp-user-to-do-list

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 3.0.0) Patched: 3.0.0 Updated: July 4, 2026
LOW

bp-user-profile-reviews

bp-user-profile-reviews

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 2.7.0) Patched: 2.7.0 Updated: July 4, 2026
LOW

bp-job-manager-integration

bp-job-manager-integration

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 2.6.1) Patched: 2.6.1 Updated: July 4, 2026
LOW

bp-create-group-type

bp-create-group-type

Score: 91/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: * Patched: Updated: July 4, 2026
LOW

bp-check-in

bp-check-in

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 1.9.4) Patched: 1.9.4 Updated: July 4, 2026
LOW

bp-activity-social-share

bp-activity-social-share

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 3.3.0) Patched: 3.3.0 Updated: July 4, 2026
LOW

bp-activity-filter

bp-activity-filter

Score: 93/100 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Affected: [*, 2.8.0) Patched: 2.8.0 Updated: July 4, 2026
LOW

books-papers

books-papers

Score: 93/100 Books & Papers <= 0.20210223 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.20210223 Patched: 0.20220219 Updated: July 4, 2026
LOW

badgeos

badgeos

Score: 83/100 BadgeOS <= 3.7.0 - Unauthenticated SQL Injection Affected: *-3.7.0 Patched: 3.7.1 Updated: July 4, 2026
LOW

autolinks

autolinks

Score: 91/100 Autolinks <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

admin-menu-restriction

admin-menu-restriction

Score: 95/100 Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 4, 2026
LOW

ad-invalid-click-protector

ad-invalid-click-protector

Score: 97/100 Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Cross-Site Request Forgery to Arbitrary Ban Deletion Affected: *-1.2.5.2 Patched: 1.2.7 Updated: July 4, 2026
LOW

5-stars-rating-funnel

5-stars-rating-funnel

Score: 95/100 5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection Affected: *-1.2.53 Patched: 1.2.54 Updated: July 4, 2026
LOW

calderawp-license-manager

calderawp-license-manager

Score: 91/100 CalderaWP License Manager <= 1.2.11 - Cross-Site Request Forgery Affected: *-1.2.11 Patched: Updated: July 4, 2026
LOW

woc-order-alert

woc-order-alert

Score: N/A Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection Affected: [*, 3.2.2) Patched: 3.2.2 Updated: July 4, 2026
LOW

themify-ptb-search

themify-ptb-search

Score: N/A Themify PTB Search Addon <= 1.3.9 - Reflected Cross-Site Scripting Affected: *-1.3.9 Patched: 1.4.0 Updated: July 4, 2026
LOW

eroom-zoom-meetings-webinar

eroom-zoom-meetings-webinar

Score: 93/100 eRoom – Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery Affected: *-1.3.8 Patched: 1.3.9 Updated: July 4, 2026
LOW

eroom-zoom-meetings-webinar

eroom-zoom-meetings-webinar

Score: 93/100 eRoom – Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery Affected: *-1.3.7 Patched: 1.3.8 Updated: July 4, 2026
LOW

yoo-slider

yoo-slider

Score: N/A Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: 2.1.0 Updated: July 4, 2026
LOW

yoo-slider

yoo-slider

Score: N/A Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: 2.1.0 Updated: July 4, 2026
LOW

Responsive Tabs

responsive-tabs

Score: 95/100 Responsive Tabs <= 4.0.5 - Authenticated Stored Cross-Site Scripting Affected: *-4.0.5 Patched: 4.0.6 Updated: July 4, 2026
LOW

visual-form-builder

visual-form-builder

Score: N/A Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification Affected: [*, 3.0.8) Patched: 3.0.8 Updated: July 4, 2026
LOW

searchiq

searchiq

Score: N/A SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.8 Patched: 3.9 Updated: July 4, 2026
LOW

rsvp

rsvp

Score: N/A RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure Affected: *-2.7.7 Patched: 2.7.8 Updated: July 4, 2026
LOW

photo-gallery

photo-gallery

Score: 93/100 Photo Gallery by 10Web <= 1.6.2 - SQL Injection Affected: [*, 1.6.3) Patched: 1.6.3 Updated: July 4, 2026
LOW

photo-gallery

photo-gallery

Score: 93/100 Photo Gallery by 10Web <= 1.6.2 - Cross-Site Scripting Affected: [*, 1.6.3) Patched: 1.6.3 Updated: July 4, 2026
LOW

one-click-demo-import

one-click-demo-import

Score: 93/100 Catch Themes Demo Import <= 3.0.2 - Authenticated (Admin+) Arbitrary File Upload Affected: [*, 3.1.0) Patched: 3.1.0 Updated: July 4, 2026
LOW

master-elements

master-elements

Score: 91/100 Master Elements <= 8.0 - Unauthenticated SQL injection Affected: *-8.0 Patched: Updated: July 4, 2026
LOW

leadin

leadin

Score: 93/100 HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 8.8.13 - Server Side Request Forgery Affected: [*, 8.8.15) Patched: 8.8.15 Updated: July 4, 2026
LOW

layerslider

layerslider

Score: 93/100 LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting Affected: *-7.1.1 Patched: 7.1.2 Updated: July 4, 2026
LOW

jc-importer

jc-importer

Score: 93/100 Import WP – Import and Export WordPress data to XML or CSV files <= 2.4.5 - Authenticated Arbitrary File Upload Affected: *-2.4.5 Patched: 2.4.6 Updated: July 4, 2026
LOW

import-users-from-csv-with-meta

import-users-from-csv-with-meta

Score: 93/100 Import and export users and customers <= 1.19.2 - Stored Cross-Site Scripting Affected: [*, 1.19.2.1) Patched: 1.19.2.1 Updated: July 4, 2026
LOW

gotmls

gotmls

Score: 93/100 Anti-Malware Security and Brute-Force Firewall <= 4.20.95 - Reflected Cross-Site Scripting Affected: [*, 4.20.96) Patched: 4.20.96 Updated: July 4, 2026
LOW

good-bad-comments

good-bad-comments

Score: 91/100 Good & Bad Comments <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

easy-social-icons

easy-social-icons

Score: 93/100 Easy Social Icons <= 3.1.4 - Admin+ Cross-Site Scripting Affected: *-3.1.4 Patched: 3.2.0 Updated: July 4, 2026
LOW

easy-social-icons

easy-social-icons

Score: 93/100 Easy Social Icons <= 3.2.0 - Authenticated (Admin+) Cross-Site Scripting and Missing Authorization Checks Affected: *-3.2.0 Patched: 3.2.1 Updated: July 4, 2026
LOW

easy-social-icons

easy-social-icons

Score: 93/100 Easy Social Icons <= 3.2.2 - Admin+ Cross-Site Scripting Affected: *-3.2.2 Patched: 3.2.3 Updated: July 4, 2026
LOW

easy-facebook-likebox-premium

easy-facebook-likebox-premium

Score: 91/100 Easy Social Feed <= 6.2.6 - Reflected Cross-Site Scripting Affected: *-6.2.6 Patched: 6.2.7 Updated: July 4, 2026
LOW

contexture-page-security

contexture-page-security

Score: 91/100 Page Security & Membership <= 1.5.15 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5.15 Patched: Updated: July 4, 2026
LOW

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Score: 72/100 All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting Affected: [*, 4.4.11) Patched: 4.4.11 Updated: July 4, 2026
LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Group Names Affected: [*, 5.8.23) Patched: 5.8.23 Updated: July 4, 2026
LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Advert Names Affected: [*, 5.8.23) Patched: 5.8.23 Updated: July 4, 2026

Showing 29301 to 29400 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 06:08 UTC.