Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

89

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
woocommerce-admin woocommerce-admin N/A WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure LOW *-1.0, [1.0, 1.0.4), [1.1, 1.1.4), [1.2, 1.2.5), [1.3, 1.3.3), [1.4, 1.4.1) 1.0.4 July 4, 2026
WooCommerce woocommerce
80
WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure LOW [*, 4.0), [4.0, 4.0.3), [4.1, 4.1.3), [4.2, 4.2.4), [4.3, 4.3.5), [4.4, 4.4.3) 4.0.3 July 4, 2026
thirstyaffiliates thirstyaffiliates N/A ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Authorization Bypass and Cross-Site Request Forgery LOW *-3.10.4 3.10.5 July 4, 2026
thirstyaffiliates thirstyaffiliates N/A ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Subscriber+ Arbitrary Affiliate Links Creation LOW *-3.10.4 3.10.5 July 4, 2026
opensea opensea
93
Opensea <= 1.0.2 - Cross-Site Scripting LOW *-1.0.2 1.0.3 July 4, 2026
thank-me-later thank-me-later N/A Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting LOW *-3.3.4 July 4, 2026
text-hover text-hover N/A Text Hover <= 4.1 - Admin+ Stored Cross-Site Scripting LOW *-4.1 4.2 July 4, 2026
pricing-table-by-supsystic pricing-table-by-supsystic N/A Pricing Table by Supsystic <= 1.9.4 - Reflected Cross-Site Scripting LOW *-1.9.4 1.9.5 July 4, 2026
page-and-post-restriction page-and-post-restriction
93
Page Restriction WordPress <= 1.2.6 - Admin+ Stored Cross-Site Scripting LOW *-1.2.6 1.2.7 July 4, 2026
menubar menubar
93
Menubar <= 5.7.2 - Reflected Cross-Site Scripting LOW *-5.7.2 5.8 July 4, 2026
google-maps-easy google-maps-easy
93
Easy Google Maps <= 1.9.31 - Reflected Cross-Site Scripting LOW *-1.9.31 1.9.32 July 4, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 2.11.5 - Cross-Site Request Forgery LOW [*, 2.11.6) 2.11.6 July 4, 2026
comments-from-facebook comments-from-facebook
93
Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting LOW *-2.4.9 2.5.0 July 4, 2026
coming-soon-by-supsystic coming-soon-by-supsystic
93
Coming Soon by Supsystic <= 1.7.5 - Reflected Cross-Site Scripting LOW *-1.7.5 1.7.6 July 4, 2026
nimble-builder nimble-builder
93
Nimble Page Builder <= 3.2.1 - Reflected Cross-Site Scripting LOW [*, 3.2.2) 3.2.2 July 4, 2026
Brevo – Email, SMS, Web Push, Chat, and more. mailin
76
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.39 - Cross-Site Scripting LOW *-3.1.39 3.1.40 July 4, 2026
english-wp-admin english-wp-admin
93
English WordPress Admin <= 1.5.1.1 - Unauthenticated Open Redirect LOW *-1.5.1.1 1.5.2 July 4, 2026
dw-question-answer-pro dw-question-answer-pro
93
DW Question & Answer Pro <= 1.3.6 - Cross-Site Request Forgery LOW *-1.3.6 1.3.7 July 4, 2026
dw-question-answer-pro dw-question-answer-pro
93
DW Question & Answer Pro <= 1.3.6 - Missing Authorization Checks LOW *-1.3.6 1.3.7 July 4, 2026
bookingpress-appointment-booking bookingpress-appointment-booking
93
BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.13 - SQL Injection LOW *-1.0.13 1.0.14 July 4, 2026
advanced-page-visit-counter advanced-page-visit-counter
93
Advanced Page Visit Counter <= 6.1.5 - Subscriber+ Blind SQL injection LOW [*, 6.1.6) 6.1.6 July 4, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty chaty
88
Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty <= 2.8.3 - Admin+ Stored Cross-Site Scripting LOW *-2.8.3 2.8.5 July 4, 2026
Plausible Analytics plausible-analytics N/A Plausible Analytics <= 1.2.2 - Stored Cross-Site Scripting LOW *-1.2.2 1.2.3 July 4, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read LOW *-0.9.70 0.9.71 July 4, 2026
visual-form-builder visual-form-builder N/A Visual Form Builder <= 3.0.6 - Admin+ Cross-Site Scripting LOW [*, 3.0.7) 3.0.7 July 4, 2026
UpdraftPlus: WP Backup & Migration Plugin updraftplus
69
UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting LOW [*, 1.22.9) 1.22.9 July 4, 2026
Security Optimizer – The All-In-One Protection Plugin sg-security
83
SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass LOW *-1.2.5 1.2.6 July 4, 2026
insert-special-characters insert-special-characters
93
async <= 2.6.3 and 3-3.2.2 - Prototype Pollution LOW *-1.0.4 1.0.5 July 4, 2026
ad-inserter-pro ad-inserter-pro
97
Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting LOW [*, 2.7.12) 2.7.12 July 4, 2026
ad-inserter ad-inserter
97
Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting LOW [*, 2.7.12) 2.7.12 July 4, 2026
unify unify N/A Unify <= 3.2.5 - Cross-Site Scripting LOW *-3.2.5 3.3.0 July 4, 2026
Security Optimizer – The All-In-One Protection Plugin sg-security
83
SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup LOW *-1.2.5 1.2.6 July 4, 2026
eroom-zoom-meetings-webinar eroom-zoom-meetings-webinar
93
eRoom – Zoom Meetings & Webinar <= 1.3.7 - Unauthorized Setting Update LOW *-1.3.7 1.3.8 July 4, 2026
content-egg content-egg
93
Content Egg <= 5.3.0 - Reflected Cross-Site Scripting LOW [*, 5.3.0) 5.3.0 July 4, 2026
pricing-table pricing-table N/A Pricing Table <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.5.2 July 4, 2026
wp-appbox wp-appbox N/A WP-Appbox <= 4.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.3.20 4.3.21 July 4, 2026
woo-lucky-wheel woo-lucky-wheel N/A Lucky Wheel for WooCommerce – Spin a Sale <= 1.0.10 - Cross-Site Scripting LOW *-1.0.10 1.0.11 July 4, 2026
tipsacarrier tipsacarrier N/A Tipsacarrier < 1.5.0.5 - Unauthenticated SQL Injection LOW [*, 1.5.0.5) 1.5.0.5 July 4, 2026
shortcode-for-current-date shortcode-for-current-date N/A Shortcode for Current Date <= 2.1.4 - Stored Cross-Site Scripting LOW *-2.1.4 2.1.5 July 4, 2026
persian-woocommerce-sms persian-woocommerce-sms
91
افزونه پیامک ووکامرس Persian WooCommerce SMS <= 4.4.0 - Cross-Site Scripting and SQL Injection LOW *-4.4.0 4.4.1 July 4, 2026
elasticpress elasticpress
93
Moment.js <= 2.29.1 - Directory Traversal LOW *-4.1.0 4.2.0 July 4, 2026
domain-replace domain-replace
91
Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting LOW *-1.3.8 July 4, 2026
campus-directory campus-directory
93
Faculty Staff and Student Directory Plugin – Campus Directory <= 1.7.4 - Authenticated Stored Cross-Site Scripting LOW *-1.7.4 1.7.5 July 4, 2026
blog2social blog2social
93
Blog2Social <= 6.9.3 - PHP Object Injection LOW *-6.9.3 6.9.4 July 4, 2026
advanced-page-visit-counter advanced-page-visit-counter
93
Advanced Page Visit Counter <= 5.0.8 - Unauthenticated Cross-Site Scripting LOW *-5.0.8 6.0.0 July 4, 2026
ad-invalid-click-protector ad-invalid-click-protector
97
Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery LOW *-1.2.5.2 1.2.7 July 4, 2026
testimonial-add testimonial-add N/A Testimonials Slider <= 3.5.8.3 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.5.8.3 3.5.8.4 July 4, 2026
wpdatatables wpdatatables N/A wpDataTables – WordPress Tables & Table Charts Plugin <= 2.1.27 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.1.27 2.1.28 July 4, 2026
fv-wordpress-flowplayer fv-wordpress-flowplayer
93
FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting LOW *-7.5.18.727 7.5.19.728 July 4, 2026
template-events-calendar template-events-calendar N/A Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.9.4 2.0 July 4, 2026
pinterest-pin-it-button-on-image-hover-and-post pinterest-pin-it-button-on-image-hover-and-post N/A Weblizar Pin It Button On Image Hover And Post < 3.4 - Authorization Bypass LOW [*, 3.4) 3.4 July 4, 2026
mycred mycred
93
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization LOW [*, 2.4.3.1) 2.4.3.1 July 4, 2026
events-widgets-for-elementor-and-the-events-calendar events-widgets-for-elementor-and-the-events-calendar
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.4.2 1.5 July 4, 2026
events-search-addon-for-the-events-calendar events-search-addon-for-the-events-calendar
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.1.3 1.2 July 4, 2026
events-notification-bar-addon events-notification-bar-addon
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.1 1.6 July 4, 2026
event-page-templates-addon-for-the-events-calendar event-page-templates-addon-for-the-events-calendar
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.5 1.6 July 4, 2026
cryptocurrency-widgets-for-elementor cryptocurrency-widgets-for-elementor
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW [*, 1.3) 1.3 July 4, 2026
cryptocurrency-price-ticker-widget cryptocurrency-price-ticker-widget
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-2.4 2.5.1 July 4, 2026
cryptocurrency-donation-box cryptocurrency-donation-box
91
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.7 1.8 July 4, 2026
countdown-for-the-events-calendar countdown-for-the-events-calendar
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-1.3.1 1.4 July 4, 2026
cool-timeline cool-timeline
93
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation LOW *-2.3.3 2.4 July 4, 2026
amr-users amr-users
95
amr users <= 4.59.3 - Admin+ Stored Cross-Site Scripting LOW [*, 4.59.4) 4.59.4 July 4, 2026
quick-adsense quick-adsense N/A Quick Adsense < 2.8.2 - Missing Authorization LOW [*, 2.8.2) 2.8.2 July 4, 2026
wp-youtube-live wp-youtube-live N/A WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting LOW *-1.7.21 1.7.22 July 4, 2026
uleak-security-dashboard uleak-security-dashboard N/A ULeak Security & Monitoring Plugin <= 1.2.3 - Stored Cross-Site Scripting LOW *-1.2.3 July 4, 2026
use-any-font use-any-font N/A Use Any Font <= 6.1.7 - Cross-Site Request Forgery to API Key Deactivation LOW *-6.1.7 6.1.8 July 4, 2026
wordpress-country-selector wordpress-country-selector N/A WordPress Country Selector <= 1.6.5 - Reflected Cross-Site Scripting via AJAX call of check_country_selector LOW *-1.6.5 1.6.6 July 4, 2026
video-synchro-pdf video-synchro-pdf N/A Videos sync PDF <= 1.7.4 - Unauthenticated Local File Inclusion LOW *-1.7.4 July 4, 2026
curtain curtain
91
Curtain < 1.0.2 - Unauthenticated Maintenance Mode Enabled/Disable LOW [*, 1.0.2) 1.0.2 July 4, 2026
clipr clipr
91
Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting LOW *-1.2.3 July 4, 2026
Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk cleantalk-spam-protect
71
Spam protection, AntiSpam, FireWall by CleanTalk <= 5.173 - Reflected Cross-Site Scripting LOW *-5.173 5.174.1 July 4, 2026
Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk cleantalk-spam-protect
71
Spam protection, AntiSpam, FireWall by CleanTalk <= 5.173 - Reflected Cross-Site Scripting LOW *-5.173 5.174.1 July 4, 2026
be-popia-compliant be-popia-compliant
93
Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure LOW *-1.1.5 1.1.16 July 4, 2026
animate-it animate-it
97
Animate It! < 2.4.0 - Cross-Site Scripting LOW [*, 2.4.0) 2.4.0 July 4, 2026
advanced-custom-fields-pro advanced-custom-fields-pro
97
Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure LOW [*, 5.12.1) 5.12.1 July 4, 2026
advanced-custom-fields advanced-custom-fields
97
Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure LOW [*, 5.12.1) 5.12.1 July 4, 2026
nd-donations nd-donations
89
Donations <= 1.8 - Unauthenticated SQL Injection LOW *-1.8 July 4, 2026
mycred mycred
93
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization LOW [*, 2.4.4) 2.4.4 July 4, 2026
mycred mycred
93
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization LOW [*, 2.4.4) 2.4.4 July 4, 2026
flo-launch flo-launch
93
FloLaunch <= 2.4 - Missing Authorization LOW [*, 2.4.1) 2.4.1 July 4, 2026
wp-easycart wp-easycart N/A Shopping Cart & eCommerce Store <= 5.2.4 - Cross-Site Request Forgery to Settings Update LOW *-5.2.4 5.2.5 July 4, 2026
tatsu tatsu N/A Tatsu <= 3.3.12 - Unauthenticated Remote Code Execution LOW *-3.3.12 3.3.13 July 4, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 2.11.5 - Admin+ Cross-Site Scripting LOW [*, 2.11.6) 2.11.6 July 4, 2026
caldera-forms caldera-forms
93
Caldera Forms <= 1.9.6 - Reflected Cross-Site Scripting via cf-api LOW [*, 1.9.7) 1.9.7 July 4, 2026
admin-word-count-column admin-word-count-column
95
Admin Word Count Column <= 2.2 - Arbitrary File Read LOW *-2.2 July 4, 2026
safe-svg safe-svg N/A Safe SVG <= 1.9.9 - Content-Type Bypass LOW [*, 1.9.10) 1.9.10 July 4, 2026
simple-event-planner simple-event-planner N/A Simple Event Planner <= 1.5.4 - Authenticated Stored Cross-Site Scripting LOW *-1.5.4 1.5.5 July 4, 2026
simple-event-planner simple-event-planner N/A Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting LOW *-1.5.4 1.5.5 July 4, 2026
hummingbird-performance hummingbird-performance
93
Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting LOW [*, 3.3.2) 3.3.2 July 4, 2026
amministrazione-aperta amministrazione-aperta
97
Amministrazione Aperta <= 3.7.3 - Admin+ Local File Inclusion LOW *-3.7.3 3.8 July 4, 2026
wp-downgrade wp-downgrade N/A WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting LOW [*, 1.2.3) 1.2.3 July 4, 2026
woo-product-table woo-product-table N/A Product Table for WooCommerce <= 3.1.2 - Missing Authorization LOW [*, 3.1.2) 3.1.3 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.7 - Email Address Disclosure LOW *-3.6.7 3.6.8 July 4, 2026
Loco Translate loco-translate
89
Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting LOW [*, 2.6.1) 2.6.1 July 4, 2026
ad-injection ad-injection
95
Ad Injection <= 1.2.0.19 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2.0.19 July 4, 2026
yoo-slider yoo-slider N/A Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting LOW [*, 2.1.0) 2.1.0 July 4, 2026
yoo-slider yoo-slider N/A Yoo Slider – Image Slider & Video Slider <= 2.0.0 - Cross-Site Request Forgery LOW [*, 2.1.0) 2.1.0 July 4, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.69 - Reflected Cross-Site Scripting via sub_page Parameter LOW [*, 0.9.70) 0.9.70 July 4, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting LOW *-2.3.2 2.4.0 July 4, 2026
salon-booking-system salon-booking-system N/A Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure LOW *-7.6.2 7.6.3 July 4, 2026
LOW

woocommerce-admin

woocommerce-admin

Score: N/A WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure Affected: *-1.0, [1.0, 1.0.4), [1.1, 1.1.4), [1.2, 1.2.5), [1.3, 1.3.3), [1.4, 1.4.1) Patched: 1.0.4 Updated: July 4, 2026
LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure Affected: [*, 4.0), [4.0, 4.0.3), [4.1, 4.1.3), [4.2, 4.2.4), [4.3, 4.3.5), [4.4, 4.4.3) Patched: 4.0.3 Updated: July 4, 2026
LOW

thirstyaffiliates

thirstyaffiliates

Score: N/A ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Authorization Bypass and Cross-Site Request Forgery Affected: *-3.10.4 Patched: 3.10.5 Updated: July 4, 2026
LOW

thirstyaffiliates

thirstyaffiliates

Score: N/A ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Subscriber+ Arbitrary Affiliate Links Creation Affected: *-3.10.4 Patched: 3.10.5 Updated: July 4, 2026
LOW

opensea

opensea

Score: 93/100 Opensea <= 1.0.2 - Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: July 4, 2026
LOW

thank-me-later

thank-me-later

Score: N/A Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting Affected: *-3.3.4 Patched: Updated: July 4, 2026
LOW

text-hover

text-hover

Score: N/A Text Hover <= 4.1 - Admin+ Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: July 4, 2026
LOW

pricing-table-by-supsystic

pricing-table-by-supsystic

Score: N/A Pricing Table by Supsystic <= 1.9.4 - Reflected Cross-Site Scripting Affected: *-1.9.4 Patched: 1.9.5 Updated: July 4, 2026
LOW

page-and-post-restriction

page-and-post-restriction

Score: 93/100 Page Restriction WordPress <= 1.2.6 - Admin+ Stored Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: July 4, 2026
LOW

menubar

menubar

Score: 93/100 Menubar <= 5.7.2 - Reflected Cross-Site Scripting Affected: *-5.7.2 Patched: 5.8 Updated: July 4, 2026
LOW

google-maps-easy

google-maps-easy

Score: 93/100 Easy Google Maps <= 1.9.31 - Reflected Cross-Site Scripting Affected: *-1.9.31 Patched: 1.9.32 Updated: July 4, 2026
LOW

comments-from-facebook

comments-from-facebook

Score: 93/100 Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting Affected: *-2.4.9 Patched: 2.5.0 Updated: July 4, 2026
LOW

coming-soon-by-supsystic

coming-soon-by-supsystic

Score: 93/100 Coming Soon by Supsystic <= 1.7.5 - Reflected Cross-Site Scripting Affected: *-1.7.5 Patched: 1.7.6 Updated: July 4, 2026
LOW

nimble-builder

nimble-builder

Score: 93/100 Nimble Page Builder <= 3.2.1 - Reflected Cross-Site Scripting Affected: [*, 3.2.2) Patched: 3.2.2 Updated: July 4, 2026
LOW

english-wp-admin

english-wp-admin

Score: 93/100 English WordPress Admin <= 1.5.1.1 - Unauthenticated Open Redirect Affected: *-1.5.1.1 Patched: 1.5.2 Updated: July 4, 2026
LOW

dw-question-answer-pro

dw-question-answer-pro

Score: 93/100 DW Question & Answer Pro <= 1.3.6 - Cross-Site Request Forgery Affected: *-1.3.6 Patched: 1.3.7 Updated: July 4, 2026
LOW

dw-question-answer-pro

dw-question-answer-pro

Score: 93/100 DW Question & Answer Pro <= 1.3.6 - Missing Authorization Checks Affected: *-1.3.6 Patched: 1.3.7 Updated: July 4, 2026
LOW

bookingpress-appointment-booking

bookingpress-appointment-booking

Score: 93/100 BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.13 - SQL Injection Affected: *-1.0.13 Patched: 1.0.14 Updated: July 4, 2026
LOW

advanced-page-visit-counter

advanced-page-visit-counter

Score: 93/100 Advanced Page Visit Counter <= 6.1.5 - Subscriber+ Blind SQL injection Affected: [*, 6.1.6) Patched: 6.1.6 Updated: July 4, 2026
LOW

Plausible Analytics

plausible-analytics

Score: N/A Plausible Analytics <= 1.2.2 - Stored Cross-Site Scripting Affected: *-1.2.2 Patched: 1.2.3 Updated: July 4, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read Affected: *-0.9.70 Patched: 0.9.71 Updated: July 4, 2026
LOW

visual-form-builder

visual-form-builder

Score: N/A Visual Form Builder <= 3.0.6 - Admin+ Cross-Site Scripting Affected: [*, 3.0.7) Patched: 3.0.7 Updated: July 4, 2026
LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting Affected: [*, 1.22.9) Patched: 1.22.9 Updated: July 4, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 async <= 2.6.3 and 3-3.2.2 - Prototype Pollution Affected: *-1.0.4 Patched: 1.0.5 Updated: July 4, 2026
LOW

ad-inserter-pro

ad-inserter-pro

Score: 97/100 Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting Affected: [*, 2.7.12) Patched: 2.7.12 Updated: July 4, 2026
LOW

ad-inserter

ad-inserter

Score: 97/100 Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting Affected: [*, 2.7.12) Patched: 2.7.12 Updated: July 4, 2026
LOW

unify

unify

Score: N/A Unify <= 3.2.5 - Cross-Site Scripting Affected: *-3.2.5 Patched: 3.3.0 Updated: July 4, 2026
LOW

eroom-zoom-meetings-webinar

eroom-zoom-meetings-webinar

Score: 93/100 eRoom – Zoom Meetings & Webinar <= 1.3.7 - Unauthorized Setting Update Affected: *-1.3.7 Patched: 1.3.8 Updated: July 4, 2026
LOW

content-egg

content-egg

Score: 93/100 Content Egg <= 5.3.0 - Reflected Cross-Site Scripting Affected: [*, 5.3.0) Patched: 5.3.0 Updated: July 4, 2026
LOW

pricing-table

pricing-table

Score: N/A Pricing Table <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.5.2 Patched: Updated: July 4, 2026
LOW

wp-appbox

wp-appbox

Score: N/A WP-Appbox <= 4.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.3.20 Patched: 4.3.21 Updated: July 4, 2026
LOW

woo-lucky-wheel

woo-lucky-wheel

Score: N/A Lucky Wheel for WooCommerce – Spin a Sale <= 1.0.10 - Cross-Site Scripting Affected: *-1.0.10 Patched: 1.0.11 Updated: July 4, 2026
LOW

tipsacarrier

tipsacarrier

Score: N/A Tipsacarrier < 1.5.0.5 - Unauthenticated SQL Injection Affected: [*, 1.5.0.5) Patched: 1.5.0.5 Updated: July 4, 2026
LOW

shortcode-for-current-date

shortcode-for-current-date

Score: N/A Shortcode for Current Date <= 2.1.4 - Stored Cross-Site Scripting Affected: *-2.1.4 Patched: 2.1.5 Updated: July 4, 2026
LOW

persian-woocommerce-sms

persian-woocommerce-sms

Score: 91/100 افزونه پیامک ووکامرس Persian WooCommerce SMS <= 4.4.0 - Cross-Site Scripting and SQL Injection Affected: *-4.4.0 Patched: 4.4.1 Updated: July 4, 2026
LOW

elasticpress

elasticpress

Score: 93/100 Moment.js <= 2.29.1 - Directory Traversal Affected: *-4.1.0 Patched: 4.2.0 Updated: July 4, 2026
LOW

domain-replace

domain-replace

Score: 91/100 Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting Affected: *-1.3.8 Patched: Updated: July 4, 2026
LOW

campus-directory

campus-directory

Score: 93/100 Faculty Staff and Student Directory Plugin – Campus Directory <= 1.7.4 - Authenticated Stored Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 4, 2026
LOW

blog2social

blog2social

Score: 93/100 Blog2Social <= 6.9.3 - PHP Object Injection Affected: *-6.9.3 Patched: 6.9.4 Updated: July 4, 2026
LOW

advanced-page-visit-counter

advanced-page-visit-counter

Score: 93/100 Advanced Page Visit Counter <= 5.0.8 - Unauthenticated Cross-Site Scripting Affected: *-5.0.8 Patched: 6.0.0 Updated: July 4, 2026
LOW

ad-invalid-click-protector

ad-invalid-click-protector

Score: 97/100 Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery Affected: *-1.2.5.2 Patched: 1.2.7 Updated: July 4, 2026
LOW

testimonial-add

testimonial-add

Score: N/A Testimonials Slider <= 3.5.8.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.5.8.3 Patched: 3.5.8.4 Updated: July 4, 2026
LOW

wpdatatables

wpdatatables

Score: N/A wpDataTables – WordPress Tables & Table Charts Plugin <= 2.1.27 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.27 Patched: 2.1.28 Updated: July 4, 2026
LOW

fv-wordpress-flowplayer

fv-wordpress-flowplayer

Score: 93/100 FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting Affected: *-7.5.18.727 Patched: 7.5.19.728 Updated: July 4, 2026
LOW

template-events-calendar

template-events-calendar

Score: N/A Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-1.9.4 Patched: 2.0 Updated: July 4, 2026
LOW

pinterest-pin-it-button-on-image-hover-and-post

pinterest-pin-it-button-on-image-hover-and-post

Score: N/A Weblizar Pin It Button On Image Hover And Post < 3.4 - Authorization Bypass Affected: [*, 3.4) Patched: 3.4 Updated: July 4, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization Affected: [*, 2.4.3.1) Patched: 2.4.3.1 Updated: July 4, 2026
LOW

events-search-addon-for-the-events-calendar

events-search-addon-for-the-events-calendar

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-1.1.3 Patched: 1.2 Updated: July 4, 2026
LOW

events-notification-bar-addon

events-notification-bar-addon

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-1.1 Patched: 1.6 Updated: July 4, 2026
LOW

event-page-templates-addon-for-the-events-calendar

event-page-templates-addon-for-the-events-calendar

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-1.5 Patched: 1.6 Updated: July 4, 2026
LOW

cryptocurrency-widgets-for-elementor

cryptocurrency-widgets-for-elementor

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: [*, 1.3) Patched: 1.3 Updated: July 4, 2026
LOW

cryptocurrency-price-ticker-widget

cryptocurrency-price-ticker-widget

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-2.4 Patched: 2.5.1 Updated: July 4, 2026
LOW

cryptocurrency-donation-box

cryptocurrency-donation-box

Score: 91/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-1.7 Patched: 1.8 Updated: July 4, 2026
LOW

countdown-for-the-events-calendar

countdown-for-the-events-calendar

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-1.3.1 Patched: 1.4 Updated: July 4, 2026
LOW

cool-timeline

cool-timeline

Score: 93/100 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation Affected: *-2.3.3 Patched: 2.4 Updated: July 4, 2026
LOW

amr-users

amr-users

Score: 95/100 amr users <= 4.59.3 - Admin+ Stored Cross-Site Scripting Affected: [*, 4.59.4) Patched: 4.59.4 Updated: July 4, 2026
LOW

quick-adsense

quick-adsense

Score: N/A Quick Adsense < 2.8.2 - Missing Authorization Affected: [*, 2.8.2) Patched: 2.8.2 Updated: July 4, 2026
LOW

wp-youtube-live

wp-youtube-live

Score: N/A WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting Affected: *-1.7.21 Patched: 1.7.22 Updated: July 4, 2026
LOW

uleak-security-dashboard

uleak-security-dashboard

Score: N/A ULeak Security & Monitoring Plugin <= 1.2.3 - Stored Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 4, 2026
LOW

use-any-font

use-any-font

Score: N/A Use Any Font <= 6.1.7 - Cross-Site Request Forgery to API Key Deactivation Affected: *-6.1.7 Patched: 6.1.8 Updated: July 4, 2026
LOW

wordpress-country-selector

wordpress-country-selector

Score: N/A WordPress Country Selector <= 1.6.5 - Reflected Cross-Site Scripting via AJAX call of check_country_selector Affected: *-1.6.5 Patched: 1.6.6 Updated: July 4, 2026
LOW

video-synchro-pdf

video-synchro-pdf

Score: N/A Videos sync PDF <= 1.7.4 - Unauthenticated Local File Inclusion Affected: *-1.7.4 Patched: Updated: July 4, 2026
LOW

curtain

curtain

Score: 91/100 Curtain < 1.0.2 - Unauthenticated Maintenance Mode Enabled/Disable Affected: [*, 1.0.2) Patched: 1.0.2 Updated: July 4, 2026
LOW

clipr

clipr

Score: 91/100 Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 4, 2026
LOW

be-popia-compliant

be-popia-compliant

Score: 93/100 Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure Affected: *-1.1.5 Patched: 1.1.16 Updated: July 4, 2026
LOW

animate-it

animate-it

Score: 97/100 Animate It! < 2.4.0 - Cross-Site Scripting Affected: [*, 2.4.0) Patched: 2.4.0 Updated: July 4, 2026
LOW

advanced-custom-fields-pro

advanced-custom-fields-pro

Score: 97/100 Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure Affected: [*, 5.12.1) Patched: 5.12.1 Updated: July 4, 2026
LOW

advanced-custom-fields

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure Affected: [*, 5.12.1) Patched: 5.12.1 Updated: July 4, 2026
LOW

nd-donations

nd-donations

Score: 89/100 Donations <= 1.8 - Unauthenticated SQL Injection Affected: *-1.8 Patched: Updated: July 4, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization Affected: [*, 2.4.4) Patched: 2.4.4 Updated: July 4, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization Affected: [*, 2.4.4) Patched: 2.4.4 Updated: July 4, 2026
LOW

flo-launch

flo-launch

Score: 93/100 FloLaunch <= 2.4 - Missing Authorization Affected: [*, 2.4.1) Patched: 2.4.1 Updated: July 4, 2026
LOW

wp-easycart

wp-easycart

Score: N/A Shopping Cart & eCommerce Store <= 5.2.4 - Cross-Site Request Forgery to Settings Update Affected: *-5.2.4 Patched: 5.2.5 Updated: July 4, 2026
LOW

tatsu

tatsu

Score: N/A Tatsu <= 3.3.12 - Unauthenticated Remote Code Execution Affected: *-3.3.12 Patched: 3.3.13 Updated: July 4, 2026
LOW

caldera-forms

caldera-forms

Score: 93/100 Caldera Forms <= 1.9.6 - Reflected Cross-Site Scripting via cf-api Affected: [*, 1.9.7) Patched: 1.9.7 Updated: July 4, 2026
LOW

admin-word-count-column

admin-word-count-column

Score: 95/100 Admin Word Count Column <= 2.2 - Arbitrary File Read Affected: *-2.2 Patched: Updated: July 4, 2026
LOW

safe-svg

safe-svg

Score: N/A Safe SVG <= 1.9.9 - Content-Type Bypass Affected: [*, 1.9.10) Patched: 1.9.10 Updated: July 4, 2026
LOW

simple-event-planner

simple-event-planner

Score: N/A Simple Event Planner <= 1.5.4 - Authenticated Stored Cross-Site Scripting Affected: *-1.5.4 Patched: 1.5.5 Updated: July 4, 2026
LOW

simple-event-planner

simple-event-planner

Score: N/A Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting Affected: *-1.5.4 Patched: 1.5.5 Updated: July 4, 2026
LOW

hummingbird-performance

hummingbird-performance

Score: 93/100 Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting Affected: [*, 3.3.2) Patched: 3.3.2 Updated: July 4, 2026
LOW

amministrazione-aperta

amministrazione-aperta

Score: 97/100 Amministrazione Aperta <= 3.7.3 - Admin+ Local File Inclusion Affected: *-3.7.3 Patched: 3.8 Updated: July 4, 2026
LOW

wp-downgrade

wp-downgrade

Score: N/A WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting Affected: [*, 1.2.3) Patched: 1.2.3 Updated: July 4, 2026
LOW

woo-product-table

woo-product-table

Score: N/A Product Table for WooCommerce <= 3.1.2 - Missing Authorization Affected: [*, 3.1.2) Patched: 3.1.3 Updated: July 4, 2026
LOW

Loco Translate

loco-translate

Score: 89/100 Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting Affected: [*, 2.6.1) Patched: 2.6.1 Updated: July 4, 2026
LOW

ad-injection

ad-injection

Score: 95/100 Ad Injection <= 1.2.0.19 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2.0.19 Patched: Updated: July 4, 2026
LOW

yoo-slider

yoo-slider

Score: N/A Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting Affected: [*, 2.1.0) Patched: 2.1.0 Updated: July 4, 2026
LOW

yoo-slider

yoo-slider

Score: N/A Yoo Slider – Image Slider & Video Slider <= 2.0.0 - Cross-Site Request Forgery Affected: [*, 2.1.0) Patched: 2.1.0 Updated: July 4, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.69 - Reflected Cross-Site Scripting via sub_page Parameter Affected: [*, 0.9.70) Patched: 0.9.70 Updated: July 4, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure Affected: *-7.6.2 Patched: 7.6.3 Updated: July 4, 2026

Showing 29401 to 29500 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 07:08 UTC.