Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
salon-booking-system salon-booking-system N/A Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Information Disclosure LOW *-7.6.2 7.6.3 July 4, 2026
podcast-importer-secondline podcast-importer-secondline N/A Podcast Importer SecondLine < 1.3.8 - SQL Injection LOW [*, 1.3.8) 1.3.8 July 4, 2026
optimole-wp optimole-wp
93
Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting LOW [*, 3.3.2) 3.3.2 July 4, 2026
favicon-by-realfavicongenerator favicon-by-realfavicongenerator
93
Favicon by RealFaviconGenerator <= 1.3.22 - Reflected Cross-Site Scripting LOW [*, 1.3.23) 1.3.23 July 4, 2026
export-all-urls export-all-urls
93
Export All URLs <= 4.1 - Reflected Cross-Site Scripting LOW [*, 4.2) 4.2 July 4, 2026
export-all-urls export-all-urls
93
Export All URLs <= 4.2 - Cross-Site Request Forgery to Sensitive Data Export LOW [*, 4.3) 4.3 July 4, 2026
easy-social-icons easy-social-icons
93
Easy Social Icons <= 3.2.0 - Admin+ Stored Cross-Site Scripting LOW [*, 3.2.1) 3.2.1 July 4, 2026
advanced-booking-calendar advanced-booking-calendar
95
Advanced Booking Calendar <= 1.7.0 - Reflected Cross-Site Scripting LOW *-1.7.0 1.7.1 July 4, 2026
advanced-booking-calendar advanced-booking-calendar
95
Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection LOW [*, 1.7.1) 1.7.1 July 4, 2026
fv-wordpress-flowplayer fv-wordpress-flowplayer
93
FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection LOW *-7.5.15.727 7.5.18.727 July 4, 2026
insert-special-characters insert-special-characters
93
Minimist <= 1.2.5 - Prototype Pollution LOW *-1.0.4 1.0.5 July 4, 2026
Convert to Blocks convert-to-blocks
99
Minimist <= 1.2.5 - Prototype Pollution LOW *-1.2.0 1.2.1 July 4, 2026
ad-refresh-control ad-refresh-control
97
Minimist <= 1.2.5 - Prototype Pollution LOW *-1.1.1 1.1.2 July 4, 2026
article-directory article-directory
95
Article Directory <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'publish_terms_text' LOW *-1.3 July 4, 2026
responsive-menu responsive-menu N/A Responsive Menu <= 4.1.7 - Missing Authorization Checks LOW [*, 4.1.8) 4.1.8 July 4, 2026
stopbadbots stopbadbots N/A WP Block and Stop Bad Bots <= 6.92 - SQL Injection LOW [*, 6.930) 6.930 July 4, 2026
learnpress learnpress
93
LearnPress <= 4.1.5 - Reflected Cross-Site Scripting LOW [*, 4.1.6) 4.1.6 July 4, 2026
iq-block-country iq-block-country
93
iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip LOW [*, 1.2.13) 1.2.13 July 4, 2026
Download Manager download-manager
63
Download Manager <= 3.2.38 - Unauthenticated Brute Force of File Master Key LOW [*, 3.2.39) 3.2.39 July 4, 2026
super-socializer super-socializer N/A Social Share, Social Login and Social Comments < 7.13.30 - Reflected Cross-Site Scripting LOW [*, 7.13.30) 7.13.30 July 4, 2026
sassy-social-share sassy-social-share N/A Sassy Social Share <= 3.3.39 - Reflected Cross-Site Scripting LOW [*, 3.3.40) 3.3.40 July 4, 2026
post-grid post-grid N/A Post Grid <= 2.1.15 - Cross-Site Scripting LOW [*, 2.1.16) 2.1.16 July 4, 2026
post-grid post-grid N/A Post Grid < 2.1.16 - Reflected Cross-Site Scripting LOW [*, 2.1.16) 2.1.16 July 4, 2026
portfolio-wp portfolio-wp N/A GridKit Portfolio <= 2.0.0 - Subscriber+ Stored Cross-Site Scripting LOW [*, 2.1.0) 2.1.0 July 4, 2026
ns-woocommerce-watermark ns-woocommerce-watermark
93
NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality LOW *-2.11.3 3.0.0 July 4, 2026
members-list members-list
93
Members List Plugin <= 4.3.6 - Reflected Cross-Site Scripting LOW *-4.3.6 4.3.7 July 4, 2026
mark-posts mark-posts
93
Mark Posts <= 2.0.0 - Admin+ Stored Cross-Site Scripting LOW [*, 2.0.1) 2.0.1 July 4, 2026
mappress-google-maps-for-wordpress mappress-google-maps-for-wordpress
93
MapPress Maps for WordPress <= 2.73.12 - Admin+ File Upload to Remote Code Execution LOW [*, 2.73.13) 2.73.13 July 4, 2026
kingcomposer kingcomposer
89
Page Builder KingComposer <= 2.9.6 - Authenticated Arbitrary Profile Creation and Stored Cross-Site Scripting LOW *-2.9.6 July 4, 2026
file-manager file-manager
93
Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion LOW *-5.2.2 5.2.3 July 4, 2026
dropdown-menu-widget dropdown-menu-widget
87
Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.9.7 July 4, 2026
Booking for Appointments and Events Calendar – Amelia ameliabooking
97
Appointment and Event Booking Calendar for WordPress – Amelia < 1.0.49 - Arbitrary Booking Update and Sensitive Data Exposure LOW [*, 1.0.49) 1.0.49 July 4, 2026
Booking for Appointments and Events Calendar – Amelia ameliabooking
97
Appointment and Event Booking Calendar for WordPress – Amelia <= 1.0.47 - Information Disclosure and SMS Spam LOW [*, 1.0.48) 1.0.48 July 4, 2026
material-design-for-contact-form-7 material-design-for-contact-form-7
91
Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update LOW *-2.6.4 July 4, 2026
gutenberg gutenberg
97
WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor LOW [*, 12.7.2) 12.7.2 July 4, 2026
WooCommerce woocommerce
80
WooCommerce < 6.3.1 - Unauthorized Order Status Change LOW [3.5, 3.5.10), [3.6, 3.6.7), [3.7, 3.7.3), [3.8, 3.8.3), [3.9, 3.9.5), [4.0, 4.0.4) 3.5.10 July 4, 2026
profile-builder profile-builder N/A Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting LOW [*, 3.6.8) 3.6.8 July 4, 2026
Booking Package booking-package
85
Booking Package <= 1.5.28 - Unauthenticated Sensitive Data Disclosure LOW [*, 1.5.29) 1.5.29 July 4, 2026
analytics-cat analytics-cat
97
Fatcat Apps Analytics Cat <= 1.0.9 - Cross-Site Request Forgery LOW *-1.0.9 1.1.0 July 4, 2026
stopbadbots stopbadbots N/A WP Block and Stop Bad Bots <= 6.88 - SQL Injection LOW [*, 6.88) 6.90 July 4, 2026
google-pagespeed-insights google-pagespeed-insights
93
Google Pagespeed Insights <= 4.0.3 - Reflected Cross-Site Scripting LOW [*, 4.0.4) 4.0.4 July 4, 2026
formbuilder formbuilder
91
FormBuilder <= 1.08 - Cross-Site Request Forgery LOW *-1.08 July 4, 2026
easy-social-icons easy-social-icons
93
Easy Social Icons <= 3.1.3 - Admin+ SQL Injection LOW *-3.1.3 3.1.4 July 4, 2026
Redirection for Contact Form 7 wpcf7-redirect N/A Redirection for Contact Form 7 <= 2.4.0 - Reflected Cross-Site Scripting LOW *-2.4.0 2.5.0 July 4, 2026
wp-experiments-free wp-experiments-free N/A Title Experiments Free <= 9.0.0 - SQL Injection LOW [*, 9.0.1) 9.0.1 July 4, 2026
speakout speakout N/A SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQL Injection LOW [*, 2.14.15.1) 2.14.15.1 July 4, 2026
popup-builder popup-builder N/A Popup Builder <= 4.1.0 - SQL Injection LOW [*, 4.1.1) 4.1.1 July 4, 2026
plezi plezi N/A Plezi < 1.0.3 - Unauthenticated Stored Cross-Site Scripting LOW [*, 1.0.3) 1.0.3 July 4, 2026
mwp-countdown mwp-countdown
91
Wow Countdowns <= 3.1.2 - Authenticated (Admin+) SQL Injection LOW *-3.1.2 July 4, 2026
menu-image menu-image
93
Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting LOW [*, 3.0.8) 3.0.8 July 4, 2026
interactive-medical-drawing-of-human-body interactive-medical-drawing-of-human-body
91
Interactive Medical Drawing of Human Body < 2.4 - Admin+ Stored Cross-Site Scripting LOW [*, 2.4) 2.4 July 4, 2026
Translate WordPress with GTranslate gtranslate
90
Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure LOW [*, 2.9.9) 2.9.9 July 4, 2026
Translate WordPress – Google Language Translator google-language-translator
95
Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure LOW *-6.0.13 6.0.14 July 4, 2026
exportfeed-for-woocommerce-google-product-feed exportfeed-for-woocommerce-google-product-feed
91
Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Authenticated (Admin+) SQL Injection LOW *-1.2.4 July 4, 2026
Drag and Drop Multiple File Upload for Contact Form 7 drag-and-drop-multiple-file-upload-contact-form-7
93
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.6.2 - Unauthenticated Stored Cross-Site Scripting LOW *-1.3.6.2 1.3.6.3 July 4, 2026
church-admin church-admin
93
Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure LOW [*, 3.4.135) 3.4.135 July 4, 2026
ays-facebook-popup-likebox ays-facebook-popup-likebox
93
Popup Like box <= 3.6.0 - Reflected Cross-Site Scripting LOW [*, 3.6.1) 3.6.1 July 4, 2026
akismet-privacy-policies akismet-privacy-policies
95
Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.1 July 4, 2026
zip-codes-redirect zip-codes-redirect N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW *-4.0.1 4.1.1 July 4, 2026
yt-player yt-player N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.5.1) 1.5.1 July 4, 2026
yet-another-stars-rating yet-another-stars-rating N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.0.2) 2.0.2 July 4, 2026
yatri-tools yatri-tools N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.1.3) 1.1.3 July 4, 2026
yandex-money-button yandex-money-button N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
xt-woo-variation-swatches xt-woo-variation-swatches N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.8.1) 1.8.1 July 4, 2026
xt-woo-quick-view-lite xt-woo-quick-view-lite N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.9.6) 1.9.6 July 4, 2026
xt-woo-points-rewards xt-woo-points-rewards N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.4.3) 1.4.3 July 4, 2026
xt-woo-ajax-add-to-cart xt-woo-ajax-add-to-cart N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.0.4) 1.0.4 July 4, 2026
wupo-group-attributes wupo-group-attributes N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW *-2.0.0 2.0.1 July 4, 2026
ws-bootstrap-vc ws-bootstrap-vc N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wptools-masonry-gallery-posts-for-divi wptools-masonry-gallery-posts-for-divi N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 3.1.2) 3.1.2 July 4, 2026
wpoptin wpoptin N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW *-1.2.3 1.2.4 July 4, 2026
wpmailer wpmailer N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wplocalplus-lite wplocalplus-lite N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.4.5) 1.4.5 July 4, 2026
wpgt-google-translate wpgt-google-translate N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.2) 1.2 July 4, 2026
wpgsi wpgsi N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 3.6.1) 3.6.1 July 4, 2026
Redirection for Contact Form 7 wpcf7-redirect N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.5.0) 2.5.0 July 4, 2026
wpbits-addons-for-elementor wpbits-addons-for-elementor N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.3.2) 1.3.2 July 4, 2026
wp-woo-commerce-sync-for-g-sheet wp-woo-commerce-sync-for-g-sheet N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wp-twilio-core wp-twilio-core N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.3.7) 1.3.7 July 4, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software wp-travel-engine N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 5.3.8) 5.3.8 July 4, 2026
wp-top-news wp-top-news N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.0) 2.0 July 4, 2026
wp-tools-gravity-forms-divi-module wp-tools-gravity-forms-divi-module N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 6.6.3) 6.6.3 July 4, 2026
wp-tools-divi-product-carousel wp-tools-divi-product-carousel N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.5.0) 1.5.0 July 4, 2026
wp-tools-divi-blog-carousel wp-tools-divi-blog-carousel N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.3.0) 1.3.0 July 4, 2026
wp-table-builder wp-table-builder N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.3.16) 1.3.16 July 4, 2026
wp-structured-data-schema wp-structured-data-schema N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW *-4.0.1 4.0.2 July 4, 2026
wp-stripe-donation wp-stripe-donation N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.9) 2.9 July 4, 2026
wp-spid-italia wp-spid-italia N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.3.5) 2.3.5 July 4, 2026
wp-smart-export wp-smart-export N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.24.13) 2.24.13 July 4, 2026
wp-seo-keyword-optimizer wp-seo-keyword-optimizer N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
WP Activity Log wp-security-audit-log N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 4.4.0) 4.4.0 July 4, 2026
wp-search-filter wp-search-filter N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wp-school-calendar-lite wp-school-calendar-lite N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 3.6) 3.6 July 4, 2026
wp-relevant-ads wp-relevant-ads N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wp-radio wp-radio N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 3.1.4) 3.1.4 July 4, 2026
wp-post-block wp-post-block N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW * July 4, 2026
wp-photo-effects wp-photo-effects N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.2.1) 1.2.1 July 4, 2026
wp-persistent-login wp-persistent-login N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 2.0.0) 2.0.0 July 4, 2026
wp-offers wp-offers N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks LOW [*, 1.1.4) 1.1.4 July 4, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Information Disclosure Affected: *-7.6.2 Patched: 7.6.3 Updated: July 4, 2026
LOW

podcast-importer-secondline

podcast-importer-secondline

Score: N/A Podcast Importer SecondLine < 1.3.8 - SQL Injection Affected: [*, 1.3.8) Patched: 1.3.8 Updated: July 4, 2026
LOW

optimole-wp

optimole-wp

Score: 93/100 Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting Affected: [*, 3.3.2) Patched: 3.3.2 Updated: July 4, 2026
LOW

favicon-by-realfavicongenerator

favicon-by-realfavicongenerator

Score: 93/100 Favicon by RealFaviconGenerator <= 1.3.22 - Reflected Cross-Site Scripting Affected: [*, 1.3.23) Patched: 1.3.23 Updated: July 4, 2026
LOW

export-all-urls

export-all-urls

Score: 93/100 Export All URLs <= 4.1 - Reflected Cross-Site Scripting Affected: [*, 4.2) Patched: 4.2 Updated: July 4, 2026
LOW

export-all-urls

export-all-urls

Score: 93/100 Export All URLs <= 4.2 - Cross-Site Request Forgery to Sensitive Data Export Affected: [*, 4.3) Patched: 4.3 Updated: July 4, 2026
LOW

easy-social-icons

easy-social-icons

Score: 93/100 Easy Social Icons <= 3.2.0 - Admin+ Stored Cross-Site Scripting Affected: [*, 3.2.1) Patched: 3.2.1 Updated: July 4, 2026
LOW

advanced-booking-calendar

advanced-booking-calendar

Score: 95/100 Advanced Booking Calendar <= 1.7.0 - Reflected Cross-Site Scripting Affected: *-1.7.0 Patched: 1.7.1 Updated: July 4, 2026
LOW

advanced-booking-calendar

advanced-booking-calendar

Score: 95/100 Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection Affected: [*, 1.7.1) Patched: 1.7.1 Updated: July 4, 2026
LOW

fv-wordpress-flowplayer

fv-wordpress-flowplayer

Score: 93/100 FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection Affected: *-7.5.15.727 Patched: 7.5.18.727 Updated: July 4, 2026
LOW

insert-special-characters

insert-special-characters

Score: 93/100 Minimist <= 1.2.5 - Prototype Pollution Affected: *-1.0.4 Patched: 1.0.5 Updated: July 4, 2026
LOW

Convert to Blocks

convert-to-blocks

Score: 99/100 Minimist <= 1.2.5 - Prototype Pollution Affected: *-1.2.0 Patched: 1.2.1 Updated: July 4, 2026
LOW

ad-refresh-control

ad-refresh-control

Score: 97/100 Minimist <= 1.2.5 - Prototype Pollution Affected: *-1.1.1 Patched: 1.1.2 Updated: July 4, 2026
LOW

article-directory

article-directory

Score: 95/100 Article Directory <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'publish_terms_text' Affected: *-1.3 Patched: Updated: July 4, 2026
LOW

responsive-menu

responsive-menu

Score: N/A Responsive Menu <= 4.1.7 - Missing Authorization Checks Affected: [*, 4.1.8) Patched: 4.1.8 Updated: July 4, 2026
LOW

stopbadbots

stopbadbots

Score: N/A WP Block and Stop Bad Bots <= 6.92 - SQL Injection Affected: [*, 6.930) Patched: 6.930 Updated: July 4, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.1.5 - Reflected Cross-Site Scripting Affected: [*, 4.1.6) Patched: 4.1.6 Updated: July 4, 2026
LOW

iq-block-country

iq-block-country

Score: 93/100 iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip Affected: [*, 1.2.13) Patched: 1.2.13 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.38 - Unauthenticated Brute Force of File Master Key Affected: [*, 3.2.39) Patched: 3.2.39 Updated: July 4, 2026
LOW

super-socializer

super-socializer

Score: N/A Social Share, Social Login and Social Comments < 7.13.30 - Reflected Cross-Site Scripting Affected: [*, 7.13.30) Patched: 7.13.30 Updated: July 4, 2026
LOW

sassy-social-share

sassy-social-share

Score: N/A Sassy Social Share <= 3.3.39 - Reflected Cross-Site Scripting Affected: [*, 3.3.40) Patched: 3.3.40 Updated: July 4, 2026
LOW

post-grid

post-grid

Score: N/A Post Grid <= 2.1.15 - Cross-Site Scripting Affected: [*, 2.1.16) Patched: 2.1.16 Updated: July 4, 2026
LOW

post-grid

post-grid

Score: N/A Post Grid < 2.1.16 - Reflected Cross-Site Scripting Affected: [*, 2.1.16) Patched: 2.1.16 Updated: July 4, 2026
LOW

portfolio-wp

portfolio-wp

Score: N/A GridKit Portfolio <= 2.0.0 - Subscriber+ Stored Cross-Site Scripting Affected: [*, 2.1.0) Patched: 2.1.0 Updated: July 4, 2026
LOW

ns-woocommerce-watermark

ns-woocommerce-watermark

Score: 93/100 NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality Affected: *-2.11.3 Patched: 3.0.0 Updated: July 4, 2026
LOW

members-list

members-list

Score: 93/100 Members List Plugin <= 4.3.6 - Reflected Cross-Site Scripting Affected: *-4.3.6 Patched: 4.3.7 Updated: July 4, 2026
LOW

mark-posts

mark-posts

Score: 93/100 Mark Posts <= 2.0.0 - Admin+ Stored Cross-Site Scripting Affected: [*, 2.0.1) Patched: 2.0.1 Updated: July 4, 2026
LOW

mappress-google-maps-for-wordpress

mappress-google-maps-for-wordpress

Score: 93/100 MapPress Maps for WordPress <= 2.73.12 - Admin+ File Upload to Remote Code Execution Affected: [*, 2.73.13) Patched: 2.73.13 Updated: July 4, 2026
LOW

kingcomposer

kingcomposer

Score: 89/100 Page Builder KingComposer <= 2.9.6 - Authenticated Arbitrary Profile Creation and Stored Cross-Site Scripting Affected: *-2.9.6 Patched: Updated: July 4, 2026
LOW

file-manager

file-manager

Score: 93/100 Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion Affected: *-5.2.2 Patched: 5.2.3 Updated: July 4, 2026
LOW

dropdown-menu-widget

dropdown-menu-widget

Score: 87/100 Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.9.7 Patched: Updated: July 4, 2026
LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Appointment and Event Booking Calendar for WordPress – Amelia < 1.0.49 - Arbitrary Booking Update and Sensitive Data Exposure Affected: [*, 1.0.49) Patched: 1.0.49 Updated: July 4, 2026
LOW

material-design-for-contact-form-7

material-design-for-contact-form-7

Score: 91/100 Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update Affected: *-2.6.4 Patched: Updated: July 4, 2026
LOW

gutenberg

gutenberg

Score: 97/100 WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor Affected: [*, 12.7.2) Patched: 12.7.2 Updated: July 4, 2026
LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce < 6.3.1 - Unauthorized Order Status Change Affected: [3.5, 3.5.10), [3.6, 3.6.7), [3.7, 3.7.3), [3.8, 3.8.3), [3.9, 3.9.5), [4.0, 4.0.4) Patched: 3.5.10 Updated: July 4, 2026
LOW

profile-builder

profile-builder

Score: N/A Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting Affected: [*, 3.6.8) Patched: 3.6.8 Updated: July 4, 2026
LOW

Booking Package

booking-package

Score: 85/100 Booking Package <= 1.5.28 - Unauthenticated Sensitive Data Disclosure Affected: [*, 1.5.29) Patched: 1.5.29 Updated: July 4, 2026
LOW

analytics-cat

analytics-cat

Score: 97/100 Fatcat Apps Analytics Cat <= 1.0.9 - Cross-Site Request Forgery Affected: *-1.0.9 Patched: 1.1.0 Updated: July 4, 2026
LOW

stopbadbots

stopbadbots

Score: N/A WP Block and Stop Bad Bots <= 6.88 - SQL Injection Affected: [*, 6.88) Patched: 6.90 Updated: July 4, 2026
LOW

google-pagespeed-insights

google-pagespeed-insights

Score: 93/100 Google Pagespeed Insights <= 4.0.3 - Reflected Cross-Site Scripting Affected: [*, 4.0.4) Patched: 4.0.4 Updated: July 4, 2026
LOW

formbuilder

formbuilder

Score: 91/100 FormBuilder <= 1.08 - Cross-Site Request Forgery Affected: *-1.08 Patched: Updated: July 4, 2026
LOW

easy-social-icons

easy-social-icons

Score: 93/100 Easy Social Icons <= 3.1.3 - Admin+ SQL Injection Affected: *-3.1.3 Patched: 3.1.4 Updated: July 4, 2026
LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 2.4.0 - Reflected Cross-Site Scripting Affected: *-2.4.0 Patched: 2.5.0 Updated: July 4, 2026
LOW

wp-experiments-free

wp-experiments-free

Score: N/A Title Experiments Free <= 9.0.0 - SQL Injection Affected: [*, 9.0.1) Patched: 9.0.1 Updated: July 4, 2026
LOW

speakout

speakout

Score: N/A SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQL Injection Affected: [*, 2.14.15.1) Patched: 2.14.15.1 Updated: July 4, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder <= 4.1.0 - SQL Injection Affected: [*, 4.1.1) Patched: 4.1.1 Updated: July 4, 2026
LOW

plezi

plezi

Score: N/A Plezi < 1.0.3 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 1.0.3) Patched: 1.0.3 Updated: July 4, 2026
LOW

mwp-countdown

mwp-countdown

Score: 91/100 Wow Countdowns <= 3.1.2 - Authenticated (Admin+) SQL Injection Affected: *-3.1.2 Patched: Updated: July 4, 2026
LOW

menu-image

menu-image

Score: 93/100 Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting Affected: [*, 3.0.8) Patched: 3.0.8 Updated: July 4, 2026
LOW

interactive-medical-drawing-of-human-body

interactive-medical-drawing-of-human-body

Score: 91/100 Interactive Medical Drawing of Human Body < 2.4 - Admin+ Stored Cross-Site Scripting Affected: [*, 2.4) Patched: 2.4 Updated: July 4, 2026
LOW

Translate WordPress with GTranslate

gtranslate

Score: 90/100 Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure Affected: [*, 2.9.9) Patched: 2.9.9 Updated: July 4, 2026
LOW

Translate WordPress – Google Language Translator

google-language-translator

Score: 95/100 Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure Affected: *-6.0.13 Patched: 6.0.14 Updated: July 4, 2026
LOW

exportfeed-for-woocommerce-google-product-feed

exportfeed-for-woocommerce-google-product-feed

Score: 91/100 Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Authenticated (Admin+) SQL Injection Affected: *-1.2.4 Patched: Updated: July 4, 2026
LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.6.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.6.2 Patched: 1.3.6.3 Updated: July 4, 2026
LOW

church-admin

church-admin

Score: 93/100 Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure Affected: [*, 3.4.135) Patched: 3.4.135 Updated: July 4, 2026
LOW

ays-facebook-popup-likebox

ays-facebook-popup-likebox

Score: 93/100 Popup Like box <= 3.6.0 - Reflected Cross-Site Scripting Affected: [*, 3.6.1) Patched: 3.6.1 Updated: July 4, 2026
LOW

akismet-privacy-policies

akismet-privacy-policies

Score: 95/100 Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 4, 2026
LOW

zip-codes-redirect

zip-codes-redirect

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: *-4.0.1 Patched: 4.1.1 Updated: July 4, 2026
LOW

yt-player

yt-player

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.5.1) Patched: 1.5.1 Updated: July 4, 2026
LOW

yet-another-stars-rating

yet-another-stars-rating

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 2.0.2) Patched: 2.0.2 Updated: July 4, 2026
LOW

yatri-tools

yatri-tools

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.1.3) Patched: 1.1.3 Updated: July 4, 2026
LOW

yandex-money-button

yandex-money-button

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

xt-woo-variation-swatches

xt-woo-variation-swatches

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.8.1) Patched: 1.8.1 Updated: July 4, 2026
LOW

xt-woo-quick-view-lite

xt-woo-quick-view-lite

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.9.6) Patched: 1.9.6 Updated: July 4, 2026
LOW

xt-woo-points-rewards

xt-woo-points-rewards

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.4.3) Patched: 1.4.3 Updated: July 4, 2026
LOW

xt-woo-ajax-add-to-cart

xt-woo-ajax-add-to-cart

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.0.4) Patched: 1.0.4 Updated: July 4, 2026
LOW

wupo-group-attributes

wupo-group-attributes

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: *-2.0.0 Patched: 2.0.1 Updated: July 4, 2026
LOW

ws-bootstrap-vc

ws-bootstrap-vc

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wptools-masonry-gallery-posts-for-divi

wptools-masonry-gallery-posts-for-divi

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 3.1.2) Patched: 3.1.2 Updated: July 4, 2026
LOW

wpoptin

wpoptin

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: *-1.2.3 Patched: 1.2.4 Updated: July 4, 2026
LOW

wpmailer

wpmailer

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wplocalplus-lite

wplocalplus-lite

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.4.5) Patched: 1.4.5 Updated: July 4, 2026
LOW

wpgt-google-translate

wpgt-google-translate

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.2) Patched: 1.2 Updated: July 4, 2026
LOW

wpgsi

wpgsi

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 3.6.1) Patched: 3.6.1 Updated: July 4, 2026
LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 2.5.0) Patched: 2.5.0 Updated: July 4, 2026
LOW

wpbits-addons-for-elementor

wpbits-addons-for-elementor

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.3.2) Patched: 1.3.2 Updated: July 4, 2026
LOW

wp-woo-commerce-sync-for-g-sheet

wp-woo-commerce-sync-for-g-sheet

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wp-twilio-core

wp-twilio-core

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.3.7) Patched: 1.3.7 Updated: July 4, 2026
LOW

wp-top-news

wp-top-news

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 2.0) Patched: 2.0 Updated: July 4, 2026
LOW

wp-tools-gravity-forms-divi-module

wp-tools-gravity-forms-divi-module

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 6.6.3) Patched: 6.6.3 Updated: July 4, 2026
LOW

wp-tools-divi-product-carousel

wp-tools-divi-product-carousel

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.5.0) Patched: 1.5.0 Updated: July 4, 2026
LOW

wp-tools-divi-blog-carousel

wp-tools-divi-blog-carousel

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.3.0) Patched: 1.3.0 Updated: July 4, 2026
LOW

wp-table-builder

wp-table-builder

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.3.16) Patched: 1.3.16 Updated: July 4, 2026
LOW

wp-structured-data-schema

wp-structured-data-schema

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: *-4.0.1 Patched: 4.0.2 Updated: July 4, 2026
LOW

wp-stripe-donation

wp-stripe-donation

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 2.9) Patched: 2.9 Updated: July 4, 2026
LOW

wp-spid-italia

wp-spid-italia

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 2.3.5) Patched: 2.3.5 Updated: July 4, 2026
LOW

wp-smart-export

wp-smart-export

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wp-seo-keyword-optimizer

wp-seo-keyword-optimizer

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

WP Activity Log

wp-security-audit-log

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 4.4.0) Patched: 4.4.0 Updated: July 4, 2026
LOW

wp-search-filter

wp-search-filter

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wp-school-calendar-lite

wp-school-calendar-lite

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 3.6) Patched: 3.6 Updated: July 4, 2026
LOW

wp-relevant-ads

wp-relevant-ads

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wp-radio

wp-radio

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 3.1.4) Patched: 3.1.4 Updated: July 4, 2026
LOW

wp-post-block

wp-post-block

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: * Patched: Updated: July 4, 2026
LOW

wp-photo-effects

wp-photo-effects

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.2.1) Patched: 1.2.1 Updated: July 4, 2026
LOW

wp-persistent-login

wp-persistent-login

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 2.0.0) Patched: 2.0.0 Updated: July 4, 2026
LOW

wp-offers

wp-offers

Score: N/A Freemius SDK <= 2.4.2 - Missing Authorization Checks Affected: [*, 1.1.4) Patched: 1.1.4 Updated: July 4, 2026

Showing 29501 to 29600 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 08:08 UTC.