Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
premmerce-dev-tools	premmerce-dev-tools	N/A	Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation	LOW	*-2.0		June 28, 2026
video-conferencing-with-zoom-api	video-conferencing-with-zoom-api	N/A	Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action	LOW	*-4.6.7	4.6.8	June 28, 2026
wp-event-solution	wp-event-solution	N/A	Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) <= 4.1.12 - Missing Authorization	LOW	*-4.1.12	4.1.13	June 28, 2026
workscout-core	workscout-core	N/A	Workscout Core <= 1.7.11 - Unauthenticated Arbitrary File Deletion	LOW	*-1.7.11	1.7.12	June 28, 2026
woocommerce-pos	woocommerce-pos	N/A	WCPOS – Point of Sale (POS) plugin for WooCommerce <= 1.8.14 - Missing Authorization	LOW	*-1.8.14	1.9.0	June 28, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	PDF Builder for WooCommerce. Create invoices,packing slips and more <= 2.0.8 - Authenticated (Subscriber+) Remote Code Execution	LOW	*-2.0.8	2.0.9	June 28, 2026
GEO Plugin by Squirrly SEO	squirrly-seo	N/A	GEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization	LOW	*-12.4.16	12.4.17	June 28, 2026
sigmaforms-pro	sigmaforms-pro	N/A	Sigma Forms Pro <= 1.4.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.4.5	1.4.6	June 28, 2026
pods	pods	N/A	Pods – Custom Content Types and Fields <= 3.3.8 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.3.8	3.3.9	June 28, 2026
media-library-assistant	media-library-assistant	N/A	Media Library Assistant <= 3.35 - Reflected Cross-Site Scripting	LOW	*-3.35	3.36	June 28, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection	LOW	*-3.8.10.1	3.8.10.2	June 28, 2026
getgenie	getgenie	93	GetGenie – AI Content Writer with Keyword Research & SEO Tracking <= 4.4.1 - Unauthenticated Information Exposure	LOW	*-4.4.1	4.4.2	June 28, 2026
geo-my-wp	geo-my-wp	93	GEO my WP <= 4.5.5 - Unauthenticated SQL Injection	LOW	*-4.5.5	4.5.5.1	June 28, 2026
fusion-builder	fusion-builder	93	Avada (Fusion) Builder <= 3.15.4 - Authenticated (Contributor+) PHP Object Injection	LOW	*-3.15.4	3.15.5	June 28, 2026
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More	envira-gallery-lite	94	Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More <= 1.12.5 - Missing Authorization	LOW	*-1.12.5	1.12.6	June 28, 2026
attendance-manager	attendance-manager	89	Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-0.6.2	0.6.3	June 28, 2026
bookly-responsive-appointment-booking-tool	bookly-responsive-appointment-booking-tool	93	Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie	LOW	*-27.2	27.3	June 28, 2026
meow-gallery	meow-gallery	N/A	Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation	LOW	*-5.4.4	5.4.5	June 28, 2026
pagelayer	pagelayer	N/A	Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'	LOW	*-2.0.9	2.1.0	June 28, 2026
pagelayer	pagelayer	N/A	Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block	LOW	*-2.0.9	2.1.0	June 28, 2026
canvas	canvas	N/A	Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute	LOW	*-2.5.2	2.5.3	June 28, 2026
Gallery by FooGallery	foogallery	82	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter	LOW	*-3.1.31	3.1.32	June 28, 2026
GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites	gptranslate	89	GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage	LOW	*-2.31	2.32	June 28, 2026
wp-ticket	wp-ticket	N/A	WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter	LOW	*-6.0.4	6.0.5	June 28, 2026
lws-optimize	lws-optimize	93	WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read	LOW	*-3.3.19	3.3.20	June 28, 2026
wp_scraper	wp_scraper	N/A	WordPress & WooCommerce Scraper Plugin, Import Data from Any WebSite. <= 1.0.7 - Unauthenticated Arbitrary File Upload	LOW	*-1.0.7		June 28, 2026
wp_scraper	wp_scraper	N/A	WordPress & WooCommerce Scraper Plugin, Import Data from Any WebSite. <= 1.0.7 - Unauthenticated Arbitrary File Download	LOW	*-1.0.7		June 28, 2026
seo-redirection	seo-redirection	N/A	SEO Redirection Plugin – 301 Redirect Manager <= 9.17 - Unauthenticated Stored Cross-Site Scripting	LOW	*-9.17	9.18	June 28, 2026
ovabookpro	ovabookpro	N/A	BookPro <= 1.1.0 - Unauthenticated Arbitrary File Deletion	LOW	*-1.1.0		June 28, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.10 - Unauthenticated PHP Object Injection	LOW	*-3.8.10	3.8.10.1	June 28, 2026
hash-elements	hash-elements	93	Hash Elements <= 1.5.4 - Authenticated (Contributor+) Information Exposure	LOW	*-1.5.4	1.5.5	June 28, 2026
fediverse-embeds	fediverse-embeds	93	Fediverse Embeds <= 1.5.7 - Unauthenticated Server-Side Request Forgery	LOW	*-1.5.7	1.5.9	June 28, 2026
fediverse-embeds	fediverse-embeds	93	Fediverse Embeds <= 1.5.7 - Unauthenticated Server-Side Request Forgery	LOW	*-1.5.7	1.5.9	June 28, 2026
fastdup	fastdup	93	FastDup – Fastest WordPress Migration & Duplicator <= 2.7.2 - Unauthenticated Path Traversal	LOW	*-2.7.2	2.7.3	June 28, 2026
presto-player	presto-player	N/A	The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute	LOW	*-4.2.0	4.2.1	June 28, 2026
wp-photo-album-plus	wp-photo-album-plus	N/A	WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection	LOW	[*, 9.1.11.001)	9.1.11.001	June 28, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters	wp-google-map-plugin	74	WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters < 4.9.3 - Authenticated (Subscriber+) Local File Inclusion	LOW	[*, 4.9.3)	4.9.3	June 28, 2026
schema-and-structured-data-for-wp	schema-and-structured-data-for-wp	N/A	Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload	LOW	[*, 1.60)	1.60	June 28, 2026
Custom Block Builder – Lazy Blocks	lazy-blocks	96	Custom Block Builder – Lazy Blocks < 4.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 4.3.0)	4.3.0	June 28, 2026
fortis-for-woocommerce	fortis-for-woocommerce	93	Fortis for WooCommerce < 1.3.1 - Unauthenticated Information Exposure	LOW	[*, 1.3.1)	1.3.1	June 28, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin)	feeds-for-youtube	68	Feeds for YouTube (YouTube video, channel, and gallery plugin) < 2.6.4 - Missing Authorization	LOW	[*, 2.6.4)	2.6.4	June 28, 2026
Email Encoder – Protect Email Addresses and Phone Numbers	email-encoder-bundle	91	Email Encoder – Protect Email Addresses and Phone Numbers < 2.4.7 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 2.4.7)	2.4.7	June 28, 2026
decent-comments	decent-comments	N/A	Decent Comments < 3.0.2 - Unauthenticated Information Exopsure	LOW	[*, 3.0.2)	3.0.2	June 28, 2026
Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk	cleantalk-spam-protect	71	CleanTalk Anti-Spam. Spam Firewall & Bot protection < 6.79 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 6.79)	6.79	June 28, 2026
ajax-load-more	ajax-load-more	97	Ajax Load More – Infinite Scroll, Load More, & Lazy Load < 7.8.4 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 7.8.4)	7.8.4	June 28, 2026
agile-store-locator	agile-store-locator	97	Store Locator WordPress < 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 1.6.6)	1.6.6	June 28, 2026
UpdraftPlus: WP Backup & Migration Plugin	updraftplus	69	UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 (free) < 2.26.5 (premium) - Unauthenticated Authentication Bypass via UpdraftCentral udrpc	LOW	*-1.26.4, [2.0, 2.26.5)	1.26.5	June 28, 2026
open-user-map-pro	open-user-map-pro	N/A	Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'	LOW	*-1.4.31	1.4.32	June 28, 2026
wp-migrate-db	wp-migrate-db	N/A	WP Migrate Lite – Migration Made Easy <= 2.7.8 - Cross-Site Request Forgery	LOW	*-2.7.8	2.7.9	June 28, 2026
woocommerce-digital-signature	woocommerce-digital-signature	N/A	Digital Signature Add-on for WooCommerce <= 2.0 - Unauthenticated Information Exposure	LOW	*-2.0	2.0.1	June 28, 2026
wc-multishipping	wc-multishipping	N/A	WCMultiShipping — Mondial Relay, Inpost & Chronopost for WooCommerce <= 3.0.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.0.2	3.0.3	June 28, 2026
vikrentcar	vikrentcar	N/A	VikRentCar Car Rental Management System <= 1.4.5 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.4.5	1.4.6	June 28, 2026
taskbuilder	taskbuilder	N/A	Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.7 - Authenticated (Subscriber+) SQL Injection	LOW	*-5.0.7	5.0.8	June 28, 2026
PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget	pushengage	86	PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget <= 4.2.3 - Authenticated (Subscriber+) Information Exposure	LOW	*-4.2.3	4.2.4	June 28, 2026
payerurl-crypto-currency-payment-gateway-for-woocommerce	payerurl-crypto-currency-payment-gateway-for-woocommerce	N/A	ABC Crypto Checkout <= 1.8.2 - Unauthenticated Information Exposure	LOW	*-1.8.2	1.8.3	June 28, 2026
jet-blog	jet-blog	93	JetBlog <= 2.4.8 - Unauthenticated Information Exposure	LOW	*-2.4.8	2.4.8.1	June 28, 2026
doctreat_core	doctreat_core	N/A	Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation	LOW	*-1.6.8	1.7.0	June 28, 2026
newsletters-lite	newsletters-lite	N/A	Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter	LOW	*-4.13	4.14	June 28, 2026
athemes-addons-for-elementor-lite	athemes-addons-for-elementor-lite	93	aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting	LOW	*-1.1.8	1.1.9	June 28, 2026
mw-wp-form	mw-wp-form	N/A	MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter	LOW	*-5.1.3	5.1.4	June 28, 2026
easy-image-collage	easy-image-collage	93	Easy Image Collage <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters	LOW	*-1.13.6	2.0.0	June 28, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates – Affiliate Plugin for WooCommerce <= 7.8.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-7.8.1	7.8.2	June 28, 2026
ecommerce-product-catalog	ecommerce-product-catalog	93	eCommerce Product Catalog Plugin for WordPress <= 3.5.5 - Unauthenticated SQL Injection	LOW	*-3.5.5	3.5.6	June 28, 2026
animation-addons-for-elementor	animation-addons-for-elementor	95	Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters	LOW	*-2.6.7		June 28, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	wp-user-frontend	N/A	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation	LOW	*-4.3.2	4.3.3	June 28, 2026
Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages	unlimited-elementor-inner-sections-by-boomdevs	N/A	Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings	LOW	*-1.3.3	1.3.4	June 28, 2026
mailerpress	mailerpress	93	MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field	LOW	*-2.0.4	2.0.5	June 28, 2026
revslider	revslider	N/A	Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure	LOW	7.0-7.0.10	7.0.11	June 28, 2026
events-for-geodirectory	events-for-geodirectory	93	Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-2.3.28	2.3.29	June 28, 2026
product-filter-widget-for-elementor	product-filter-widget-for-elementor	N/A	Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter	LOW	*-1.0.6		June 28, 2026
kk-blog-card	kk-blog-card	N/A	kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.3		June 28, 2026
jquery-hover-footnotes	jquery-hover-footnotes	N/A	jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-1.4		June 28, 2026
jquery-hover-footnotes	jquery-hover-footnotes	N/A	jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)	LOW	*-1.4		June 28, 2026
360crest-themeone-tinymce-shortcodes	360crest-themeone-tinymce-shortcodes	N/A	TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute	LOW	*-1.0.0		June 28, 2026
global-body-mass-index-calculator	global-body-mass-index-calculator	N/A	Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.2		June 28, 2026
wp-applicantstack-jobs-display	wp-applicantstack-jobs-display	N/A	WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1.1		June 28, 2026
romancart-ecommerce	romancart-ecommerce	N/A	RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-2.0.8		June 28, 2026
recoverexit-for-woocommerce	recoverexit-for-woocommerce	N/A	Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter	LOW	*-1.0.3		June 28, 2026
6storage-rentals	6storage-rentals	92	6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter	LOW	*-2.22.0		June 28, 2026
wp-meta-sort-posts	wp-meta-sort-posts	N/A	WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-0.9		June 28, 2026
wp-emoticon-rating	wp-emoticon-rating	N/A	WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter	LOW	*-1.0.1		June 28, 2026
wp-mobi	wp-mobi	N/A	WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action	LOW	*-0.0.3		June 28, 2026
wp-ultimate-map	wp-ultimate-map	N/A	WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter	LOW	*-1.1		June 28, 2026
fastpicker	fastpicker	N/A	FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save	LOW	*-1.0.2		June 28, 2026
report-comments	report-comments	N/A	AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update	LOW	*-2.0.4		June 28, 2026
extra-settings-for-rocketchat	extra-settings-for-rocketchat	N/A	Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.1		June 28, 2026
wp-gdpr-cookie-consent	wp-gdpr-cookie-consent	N/A	WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action	LOW	*-1.0.0		June 28, 2026
helpfulcrowd-product-reviews	helpfulcrowd-product-reviews	N/A	Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update	LOW	*-1.2.9		June 28, 2026
epaperflip-publisher	epaperflip-publisher	N/A	ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute	LOW	*-1		June 28, 2026
enable-media-replace	enable-media-replace	93	Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter	LOW	*-4.1.8	4.1.9	June 28, 2026
fv-wordpress-flowplayer	fv-wordpress-flowplayer	93	FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text	LOW	*-7.5.49.7212	7.5.50.7212	June 28, 2026
accordions	accordions	97	Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field	LOW	*-2.3.23	2.3.25	June 28, 2026
wpzoom-portfolio	wpzoom-portfolio	N/A	WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.21 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.4.21	1.4.22	June 28, 2026
wpdatatables	wpdatatables	N/A	wpDataTables (Premium) <= 7.3.6 - Unauthenticated SQL Injection	LOW	*-7.3.6	7.4	June 28, 2026
wpc-product-options	wpc-product-options	N/A	WPC Product Options for WooCommerce <= 3.2.1 - Unauthenticated Arbitrary File Download	LOW	*-3.2.1	3.2.2	June 28, 2026
woocommerce-dropshipping	woocommerce-dropshipping	N/A	WooCommerce Dropshipping Premium <= 5.2.4 - Missing Authorization	LOW	*-5.2.4	5.2.5	June 28, 2026
woocommerce-anti-fraud	woocommerce-anti-fraud	N/A	WooCommerce Anti-Fraud <= 7.2.6 - Missing Authorization	LOW	*-7.2.6	7.2.7	June 28, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar 6.15.12-6.16.2 - Unauthenticated SQL Injection	LOW	6.15.12-6.16.2	6.16.3	June 28, 2026
loginpress-pro	loginpress-pro	93	LoginPress Pro <= 6.2.2 - Unauthenticated Privilege Escalation	LOW	*-6.2.2	6.2.3	June 28, 2026
listdom	listdom	93	Listdom: AI-powered Business Directory with Classifieds Ads Listings <= 5.5.0 - Unauthenticated Privilege Escalation	LOW	*-5.5.0	5.6.0	June 28, 2026

LOW

premmerce-dev-tools

Score: N/A Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation Affected: *-2.0 Patched: Updated: June 28, 2026

LOW

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action Affected: *-4.6.7 Patched: 4.6.8 Updated: June 28, 2026

LOW

wp-event-solution

Score: N/A Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) <= 4.1.12 - Missing Authorization Affected: *-4.1.12 Patched: 4.1.13 Updated: June 28, 2026

LOW

workscout-core

Score: N/A Workscout Core <= 1.7.11 - Unauthenticated Arbitrary File Deletion Affected: *-1.7.11 Patched: 1.7.12 Updated: June 28, 2026

LOW

woocommerce-pos

Score: N/A WCPOS – Point of Sale (POS) plugin for WooCommerce <= 1.8.14 - Missing Authorization Affected: *-1.8.14 Patched: 1.9.0 Updated: June 28, 2026

LOW

woo-pdf-invoice-builder

Score: N/A PDF Builder for WooCommerce. Create invoices,packing slips and more <= 2.0.8 - Authenticated (Subscriber+) Remote Code Execution Affected: *-2.0.8 Patched: 2.0.9 Updated: June 28, 2026

LOW

GEO Plugin by Squirrly SEO

squirrly-seo

Score: N/A GEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization Affected: *-12.4.16 Patched: 12.4.17 Updated: June 28, 2026

LOW

sigmaforms-pro

Score: N/A Sigma Forms Pro <= 1.4.5 - Unauthenticated Arbitrary File Upload Affected: *-1.4.5 Patched: 1.4.6 Updated: June 28, 2026

LOW

pods

Score: N/A Pods – Custom Content Types and Fields <= 3.3.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.3.8 Patched: 3.3.9 Updated: June 28, 2026

LOW

media-library-assistant

Score: N/A Media Library Assistant <= 3.35 - Reflected Cross-Site Scripting Affected: *-3.35 Patched: 3.36 Updated: June 28, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection Affected: *-3.8.10.1 Patched: 3.8.10.2 Updated: June 28, 2026

LOW

getgenie

Score: 93/100 GetGenie – AI Content Writer with Keyword Research & SEO Tracking <= 4.4.1 - Unauthenticated Information Exposure Affected: *-4.4.1 Patched: 4.4.2 Updated: June 28, 2026

LOW

geo-my-wp

Score: 93/100 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection Affected: *-4.5.5 Patched: 4.5.5.1 Updated: June 28, 2026

LOW

fusion-builder

Score: 93/100 Avada (Fusion) Builder <= 3.15.4 - Authenticated (Contributor+) PHP Object Injection Affected: *-3.15.4 Patched: 3.15.5 Updated: June 28, 2026

LOW

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

Score: 94/100 Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More <= 1.12.5 - Missing Authorization Affected: *-1.12.5 Patched: 1.12.6 Updated: June 28, 2026

LOW

attendance-manager

Score: 89/100 Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection Affected: *-0.6.2 Patched: 0.6.3 Updated: June 28, 2026

LOW

bookly-responsive-appointment-booking-tool

Score: 93/100 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie Affected: *-27.2 Patched: 27.3 Updated: June 28, 2026

LOW

meow-gallery

Score: N/A Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation Affected: *-5.4.4 Patched: 5.4.5 Updated: June 28, 2026

LOW

pagelayer

Score: N/A Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts' Affected: *-2.0.9 Patched: 2.1.0 Updated: June 28, 2026

LOW

pagelayer

Score: N/A Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block Affected: *-2.0.9 Patched: 2.1.0 Updated: June 28, 2026

LOW

canvas

Score: N/A Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute Affected: *-2.5.2 Patched: 2.5.3 Updated: June 28, 2026

LOW

Gallery by FooGallery

foogallery

Score: 82/100 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter Affected: *-3.1.31 Patched: 3.1.32 Updated: June 28, 2026

LOW

GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites

gptranslate

Score: 89/100 GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage Affected: *-2.31 Patched: 2.32 Updated: June 28, 2026

LOW

wp-ticket

Score: N/A WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter Affected: *-6.0.4 Patched: 6.0.5 Updated: June 28, 2026

LOW

lws-optimize

Score: 93/100 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read Affected: *-3.3.19 Patched: 3.3.20 Updated: June 28, 2026

LOW

wp_scraper

Score: N/A WordPress & WooCommerce Scraper Plugin, Import Data from Any WebSite. <= 1.0.7 - Unauthenticated Arbitrary File Upload Affected: *-1.0.7 Patched: Updated: June 28, 2026

LOW

wp_scraper

Score: N/A WordPress & WooCommerce Scraper Plugin, Import Data from Any WebSite. <= 1.0.7 - Unauthenticated Arbitrary File Download Affected: *-1.0.7 Patched: Updated: June 28, 2026

LOW

seo-redirection

Score: N/A SEO Redirection Plugin – 301 Redirect Manager <= 9.17 - Unauthenticated Stored Cross-Site Scripting Affected: *-9.17 Patched: 9.18 Updated: June 28, 2026

LOW

ovabookpro

Score: N/A BookPro <= 1.1.0 - Unauthenticated Arbitrary File Deletion Affected: *-1.1.0 Patched: Updated: June 28, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.10 - Unauthenticated PHP Object Injection Affected: *-3.8.10 Patched: 3.8.10.1 Updated: June 28, 2026

LOW

hash-elements

Score: 93/100 Hash Elements <= 1.5.4 - Authenticated (Contributor+) Information Exposure Affected: *-1.5.4 Patched: 1.5.5 Updated: June 28, 2026

LOW

fediverse-embeds

Score: 93/100 Fediverse Embeds <= 1.5.7 - Unauthenticated Server-Side Request Forgery Affected: *-1.5.7 Patched: 1.5.9 Updated: June 28, 2026

LOW

fediverse-embeds

Score: 93/100 Fediverse Embeds <= 1.5.7 - Unauthenticated Server-Side Request Forgery Affected: *-1.5.7 Patched: 1.5.9 Updated: June 28, 2026

LOW

fastdup

Score: 93/100 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.2 - Unauthenticated Path Traversal Affected: *-2.7.2 Patched: 2.7.3 Updated: June 28, 2026

LOW

presto-player

Score: N/A The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute Affected: *-4.2.0 Patched: 4.2.1 Updated: June 28, 2026

LOW

wp-photo-album-plus

Score: N/A WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection Affected: [*, 9.1.11.001) Patched: 9.1.11.001 Updated: June 28, 2026

LOW

WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

wp-google-map-plugin

Score: 74/100 WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters < 4.9.3 - Authenticated (Subscriber+) Local File Inclusion Affected: [*, 4.9.3) Patched: 4.9.3 Updated: June 28, 2026

LOW

schema-and-structured-data-for-wp

Score: N/A Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload Affected: [*, 1.60) Patched: 1.60 Updated: June 28, 2026

LOW

Custom Block Builder – Lazy Blocks

lazy-blocks

Score: 96/100 Custom Block Builder – Lazy Blocks < 4.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 4.3.0) Patched: 4.3.0 Updated: June 28, 2026

LOW

fortis-for-woocommerce

Score: 93/100 Fortis for WooCommerce < 1.3.1 - Unauthenticated Information Exposure Affected: [*, 1.3.1) Patched: 1.3.1 Updated: June 28, 2026

LOW

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

Score: 68/100 Feeds for YouTube (YouTube video, channel, and gallery plugin) < 2.6.4 - Missing Authorization Affected: [*, 2.6.4) Patched: 2.6.4 Updated: June 28, 2026

LOW

Email Encoder – Protect Email Addresses and Phone Numbers

email-encoder-bundle

Score: 91/100 Email Encoder – Protect Email Addresses and Phone Numbers < 2.4.7 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 2.4.7) Patched: 2.4.7 Updated: June 28, 2026

LOW

decent-comments

Score: N/A Decent Comments < 3.0.2 - Unauthenticated Information Exopsure Affected: [*, 3.0.2) Patched: 3.0.2 Updated: June 28, 2026

LOW

Anti Spam for Contact Forms, Comments & Online Stores – CleanTalk

cleantalk-spam-protect

Score: 71/100 CleanTalk Anti-Spam. Spam Firewall & Bot protection < 6.79 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 6.79) Patched: 6.79 Updated: June 28, 2026

LOW

ajax-load-more

Score: 97/100 Ajax Load More – Infinite Scroll, Load More, & Lazy Load < 7.8.4 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 7.8.4) Patched: 7.8.4 Updated: June 28, 2026

LOW

agile-store-locator

Score: 97/100 Store Locator WordPress < 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 1.6.6) Patched: 1.6.6 Updated: June 28, 2026

LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 (free) < 2.26.5 (premium) - Unauthenticated Authentication Bypass via UpdraftCentral udrpc Affected: *-1.26.4, [2.0, 2.26.5) Patched: 1.26.5 Updated: June 28, 2026

LOW

open-user-map-pro

Score: N/A Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification' Affected: *-1.4.31 Patched: 1.4.32 Updated: June 28, 2026

LOW

wp-migrate-db

Score: N/A WP Migrate Lite – Migration Made Easy <= 2.7.8 - Cross-Site Request Forgery Affected: *-2.7.8 Patched: 2.7.9 Updated: June 28, 2026

LOW

woocommerce-digital-signature

Score: N/A Digital Signature Add-on for WooCommerce <= 2.0 - Unauthenticated Information Exposure Affected: *-2.0 Patched: 2.0.1 Updated: June 28, 2026

LOW

wc-multishipping

Score: N/A WCMultiShipping — Mondial Relay, Inpost & Chronopost for WooCommerce <= 3.0.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.0.2 Patched: 3.0.3 Updated: June 28, 2026

LOW

vikrentcar

Score: N/A VikRentCar Car Rental Management System <= 1.4.5 - Unauthenticated Insecure Direct Object Reference Affected: *-1.4.5 Patched: 1.4.6 Updated: June 28, 2026

LOW

taskbuilder

Score: N/A Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.7 - Authenticated (Subscriber+) SQL Injection Affected: *-5.0.7 Patched: 5.0.8 Updated: June 28, 2026

LOW

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

pushengage

Score: 86/100 PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget <= 4.2.3 - Authenticated (Subscriber+) Information Exposure Affected: *-4.2.3 Patched: 4.2.4 Updated: June 28, 2026

LOW

payerurl-crypto-currency-payment-gateway-for-woocommerce

Score: N/A ABC Crypto Checkout <= 1.8.2 - Unauthenticated Information Exposure Affected: *-1.8.2 Patched: 1.8.3 Updated: June 28, 2026

LOW

jet-blog

Score: 93/100 JetBlog <= 2.4.8 - Unauthenticated Information Exposure Affected: *-2.4.8 Patched: 2.4.8.1 Updated: June 28, 2026

LOW

doctreat_core

Score: N/A Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation Affected: *-1.6.8 Patched: 1.7.0 Updated: June 28, 2026

LOW

newsletters-lite

Score: N/A Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter Affected: *-4.13 Patched: 4.14 Updated: June 28, 2026

LOW

athemes-addons-for-elementor-lite

Score: 93/100 aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting Affected: *-1.1.8 Patched: 1.1.9 Updated: June 28, 2026

LOW

mw-wp-form

Score: N/A MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter Affected: *-5.1.3 Patched: 5.1.4 Updated: June 28, 2026

LOW

easy-image-collage

Score: 93/100 Easy Image Collage <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters Affected: *-1.13.6 Patched: 2.0.0 Updated: June 28, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates – Affiliate Plugin for WooCommerce <= 7.8.1 - Authenticated (Subscriber+) Information Exposure Affected: *-7.8.1 Patched: 7.8.2 Updated: June 28, 2026

LOW

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog Plugin for WordPress <= 3.5.5 - Unauthenticated SQL Injection Affected: *-3.5.5 Patched: 3.5.6 Updated: June 28, 2026

LOW

animation-addons-for-elementor

Score: 95/100 Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters Affected: *-2.6.7 Patched: Updated: June 28, 2026

LOW

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

wp-user-frontend

Score: N/A User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation Affected: *-4.3.2 Patched: 4.3.3 Updated: June 28, 2026

LOW

Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages

unlimited-elementor-inner-sections-by-boomdevs

Score: N/A Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings Affected: *-1.3.3 Patched: 1.3.4 Updated: June 28, 2026

LOW

mailerpress

Score: 93/100 MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field Affected: *-2.0.4 Patched: 2.0.5 Updated: June 28, 2026

LOW

revslider

Score: N/A Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure Affected: 7.0-7.0.10 Patched: 7.0.11 Updated: June 28, 2026

LOW

events-for-geodirectory

Score: 93/100 Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.3.28 Patched: 2.3.29 Updated: June 28, 2026

LOW

product-filter-widget-for-elementor

Score: N/A Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter Affected: *-1.0.6 Patched: Updated: June 28, 2026

LOW

kk-blog-card

Score: N/A kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.3 Patched: Updated: June 28, 2026

LOW

jquery-hover-footnotes

Score: N/A jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.4 Patched: Updated: June 28, 2026

LOW

jquery-hover-footnotes

Score: N/A jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) Affected: *-1.4 Patched: Updated: June 28, 2026

LOW

360crest-themeone-tinymce-shortcodes

Score: N/A TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute Affected: *-1.0.0 Patched: Updated: June 28, 2026

LOW

global-body-mass-index-calculator

Score: N/A Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.2 Patched: Updated: June 28, 2026

LOW

wp-applicantstack-jobs-display

Score: N/A WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1.1 Patched: Updated: June 28, 2026

LOW

romancart-ecommerce

Score: N/A RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-2.0.8 Patched: Updated: June 28, 2026

LOW

recoverexit-for-woocommerce

Score: N/A Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter Affected: *-1.0.3 Patched: Updated: June 28, 2026

LOW

6storage-rentals

Score: 92/100 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter Affected: *-2.22.0 Patched: Updated: June 28, 2026

LOW

wp-meta-sort-posts

Score: N/A WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-0.9 Patched: Updated: June 28, 2026

LOW

wp-emoticon-rating

Score: N/A WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter Affected: *-1.0.1 Patched: Updated: June 28, 2026

LOW

wp-mobi

Score: N/A WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action Affected: *-0.0.3 Patched: Updated: June 28, 2026

LOW

wp-ultimate-map

Score: N/A WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter Affected: *-1.1 Patched: Updated: June 28, 2026

LOW

fastpicker

Score: N/A FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save Affected: *-1.0.2 Patched: Updated: June 28, 2026

LOW

report-comments

Score: N/A AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update Affected: *-2.0.4 Patched: Updated: June 28, 2026

LOW

extra-settings-for-rocketchat

Score: N/A Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.1 Patched: Updated: June 28, 2026

LOW

wp-gdpr-cookie-consent

Score: N/A WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action Affected: *-1.0.0 Patched: Updated: June 28, 2026

LOW

helpfulcrowd-product-reviews

Score: N/A Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update Affected: *-1.2.9 Patched: Updated: June 28, 2026

LOW

epaperflip-publisher

Score: N/A ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute Affected: *-1 Patched: Updated: June 28, 2026

LOW

enable-media-replace

Score: 93/100 Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter Affected: *-4.1.8 Patched: 4.1.9 Updated: June 28, 2026

LOW

fv-wordpress-flowplayer

Score: 93/100 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text Affected: *-7.5.49.7212 Patched: 7.5.50.7212 Updated: June 28, 2026

LOW

accordions

Score: 97/100 Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field Affected: *-2.3.23 Patched: 2.3.25 Updated: June 28, 2026

LOW

wpzoom-portfolio

Score: N/A WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.21 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.4.21 Patched: 1.4.22 Updated: June 28, 2026

LOW

wpdatatables

Score: N/A wpDataTables (Premium) <= 7.3.6 - Unauthenticated SQL Injection Affected: *-7.3.6 Patched: 7.4 Updated: June 28, 2026

LOW

wpc-product-options

Score: N/A WPC Product Options for WooCommerce <= 3.2.1 - Unauthenticated Arbitrary File Download Affected: *-3.2.1 Patched: 3.2.2 Updated: June 28, 2026

LOW

woocommerce-dropshipping

Score: N/A WooCommerce Dropshipping Premium <= 5.2.4 - Missing Authorization Affected: *-5.2.4 Patched: 5.2.5 Updated: June 28, 2026

LOW

woocommerce-anti-fraud

Score: N/A WooCommerce Anti-Fraud <= 7.2.6 - Missing Authorization Affected: *-7.2.6 Patched: 7.2.7 Updated: June 28, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar 6.15.12-6.16.2 - Unauthenticated SQL Injection Affected: 6.15.12-6.16.2 Patched: 6.16.3 Updated: June 28, 2026

LOW

loginpress-pro

Score: 93/100 LoginPress Pro <= 6.2.2 - Unauthenticated Privilege Escalation Affected: *-6.2.2 Patched: 6.2.3 Updated: June 28, 2026

LOW

listdom

Score: 93/100 Listdom: AI-powered Business Directory with Classifieds Ads Listings <= 5.5.0 - Unauthenticated Privilege Escalation Affected: *-5.5.0 Patched: 5.6.0 Updated: June 28, 2026

Showing 201 to 300 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 28, 2026 at 18:10 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List