Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
video-onclick	video-onclick	N/A	Video Onclick <= 0.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.4.7		June 30, 2026
simple-bible-verse-via-shortcode	simple-bible-verse-via-shortcode	N/A	Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1		June 30, 2026
wikiloops-track-player	wikiloops-track-player	N/A	Wikiloops Track Player <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.1		June 30, 2026
subitem-al-slider	subitem-al-slider	N/A	Subitem AL Slider <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0.0		June 30, 2026
title-animator	title-animator	N/A	TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0		June 30, 2026
advanced-country-blocker	advanced-country-blocker	97	Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key	LOW	*-2.3.1	2.3.2	June 30, 2026
omigo	omigo	N/A	OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.3		June 30, 2026
mp-ukagaka	mp-ukagaka	N/A	MP-Ukagaka <= 1.5.2 - Reflected Cross-Site Scripting	LOW	*-1.5.2		June 30, 2026
wonka-slide	wonka-slide	N/A	Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.3.3		June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.4.8		June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid	LOW	*-5.5.3		June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode	LOW	*-5.5.1		June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode	LOW	*-5.5.7		June 30, 2026
publishpress-authors	publishpress-authors	N/A	PublishPress Authors <= 4.10.1 - Missing Authorization	LOW	*-4.10.1	4.11.0	June 30, 2026
mycred	mycred	N/A	myCred <= 2.9.7.3 - Missing Authorization	LOW	*-2.9.7.3	2.9.7.4	June 30, 2026
library-viewer	library-viewer	93	Library Viewer < 3.2.0 - Reflected Cross-Site Scripting	LOW	[*, 3.2.0)	3.2.0	June 30, 2026
Advanced Coupons for WooCommerce Coupons & Store Credit	advanced-coupons-for-woocommerce-free	80	Advanced Coupons for WooCommerce Coupons <= 4.7.1 - Missing Authorization	LOW	*-4.7.1	4.7.1.1	June 30, 2026
Yoast SEO – Advanced SEO with real-time guidance and built-in AI	wordpress-seo	89	Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute	LOW	*-26.8	26.9	June 30, 2026
local-sync	local-sync	93	WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action	LOW	*-1.1.8	1.1.9	June 30, 2026
events-listing-widget	events-listing-widget	93	Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field	LOW	*-1.3.4	1.3.5	June 30, 2026
code-snippets	code-snippets	93	Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions	LOW	*-3.9.4	3.9.5	June 30, 2026
employee-staff-directory	employee-staff-directory	93	Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute	LOW	*-1.2.1	1.2.2	June 30, 2026
docus	docus	93	Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.6	1.0.7	June 30, 2026
wavesurfer-wp	wavesurfer-wp	N/A	WaveSurfer-WP <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute	LOW	*-2.8.3	2.8.4	June 30, 2026
orange-confort-plus	orange-confort-plus	N/A	Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.7	0.7.1	June 30, 2026
miniorange-login-with-eve-online-google-facebook	miniorange-login-with-eve-online-google-facebook	93	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization	LOW	*-6.26.14	6.26.15	June 30, 2026
timeline-block-block	timeline-block-block	N/A	Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute	LOW	*-1.3.3	1.3.4	June 30, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css	LOW	*-12.6	12.6.1	June 30, 2026
wp-user-extra-fields	wp-user-extra-fields	N/A	User Extra Fields <= 17.0 - Unauthenticated Arbitrary File Deletion	LOW	*-17.0	17.1	June 30, 2026
wp-user-extra-fields	wp-user-extra-fields	N/A	User Extra Fields <= 17.0 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-17.0		June 30, 2026
woo-file-dropzone	woo-file-dropzone	N/A	Woo File Dropzone <= 1.1.7 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-1.1.7		June 30, 2026
tune-library	tune-library	N/A	Tune Library <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import	LOW	*-1.6.3	1.6.4	June 30, 2026
swp-portfolio	swp-portfolio	N/A	Portfolio Builder <= 1.2.5 - Unauthenticated Local File Inclusion	LOW	*-1.2.5		June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 10.3.4 - Missing Authorization	LOW	*-10.3.4	10.3.5	June 30, 2026
prdctfltr	prdctfltr	N/A	Product Filter for WooCommerce <= 9.1.2 - Authenticated (Shop Manager+) Privilege Escalation	LOW	*-9.1.2	9.1.3	June 30, 2026
okay-toolkit	okay-toolkit	N/A	Okay Toolkit <= 2.3 - Reflected Cross-Site Scripting	LOW	*-2.3		June 30, 2026
lottiefiles	lottiefiles	93	LottieFiles <= 3.0.0 - Missing Authorization	LOW	*-3.0.0	3.1.0	June 30, 2026
immonex-kickstart	immonex-kickstart	93	immonex Kickstart <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.13.0	1.13.4	June 30, 2026
gravity-forms-icontact	gravity-forms-icontact	91	iContact for Gravity Forms <= 1.3.2 - Reflected Cross-Site Scripting	LOW	*-1.3.2		June 30, 2026
gmap-targeting	gmap-targeting	93	GMap Targeting <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1.7	1.1.8	June 30, 2026
ghl-wizard	ghl-wizard	91	LC Wizard <= 2.1.1 - Missing Authorization to Unauthenticated Settings Update	LOW	*-2.1.1	2.1.2	June 30, 2026
ga-for-wp	ga-for-wp	89	GA4WP: Google Analytics for WordPress <= 2.10.0 - Missing Authorization	LOW	*-2.10.0		June 30, 2026
filter-plus	filter-plus	91	Filter Plus <= 1.1.17 - Missing Authorization	LOW	*-1.1.17		June 30, 2026
erp	erp	93	ERP <= 1.16.10 - Authenticated (Crm agent+) SQL Injection	LOW	*-1.16.10	1.16.11	June 30, 2026
elementinvader-addons-for-elementor	elementinvader-addons-for-elementor	93	ElementInvader Addons for Elementor <= 1.4.1 - Missing Authorization	LOW	*-1.4.1	1.4.2	June 30, 2026
ele-blog	ele-blog	87	Eleblog – Elementor Blog And Magazine Addons <= 2.0.3 - Unauthenticated Local File Inclusion	LOW	*-2.0.3		June 30, 2026
court-reservation	court-reservation	89	Court Reservation <= 1.10.8 - Reflected Cross-Site Scripting	LOW	*-1.10.8		June 30, 2026
checkout-gateway-iris	checkout-gateway-iris	93	Checkout Gateway for IRIS <= 1.3 - Missing Authorization	LOW	*-1.3	1.4	June 30, 2026
advance-wc-analytics	advance-wc-analytics	97	Advanced WC Analytics <= 3.19.0 - Missing Authorization to Unauthenticated Settings Update	LOW	*-3.19.0	4.0.0	June 30, 2026
addonify-floating-cart	addonify-floating-cart	95	Addonify Floating Cart For WooCommerce <= 1.2.17 - Missing Authorization	LOW	*-1.2.17		June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-3.3.5	3.3.6	June 30, 2026
image-viewer	image-viewer	93	All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint	LOW	*-1.0.2	1.0.3	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification	LOW	*-5.9.7.2	5.9.7.3	June 30, 2026
peters-date-countdown	peters-date-countdown	N/A	Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-2.0.0	2.0.1	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension	LOW	*-5.9.7.2	5.9.7.3	June 30, 2026
robin-image-optimizer	robin-image-optimizer	N/A	Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field	LOW	*-2.0.2	2.0.3	June 30, 2026
dynamic-widget-content	dynamic-widget-content	93	Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field	LOW	*-1.3.6	1.3.7	June 30, 2026
essential-widgets	essential-widgets	93	Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes	LOW	*-3.0	3.0.1	June 30, 2026
shortpixel-image-optimiser	shortpixel-image-optimiser	N/A	ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter	LOW	*-6.4.2	6.4.3	June 30, 2026
popup-builder-block	popup-builder-block	N/A	Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints	LOW	*-2.2.0	2.2.1	June 30, 2026
topper-pack	topper-pack	N/A	TopperPack – Complete Elementor Addons, Theme & CPT Builder <= 1.2.1 - Unauthenticated Local File Inclusion	LOW	*-1.2.1	1.2.2	June 30, 2026
the-events-calendar-shortcode	the-events-calendar-shortcode	N/A	The Events Calendar Shortcode & Block <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.1	3.1.2	June 30, 2026
product-sync-master-sheet	product-sync-master-sheet	N/A	Sync Master Sheet – Product Sync with Google Sheet for WooCommerce <= 1.1.3 - Missing Authorization	LOW	*-1.1.3	1.1.4	June 30, 2026
nps-computy	nps-computy	N/A	NPS computy <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.8.2	2.8.3	June 30, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms <= 9.1.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-9.1.7	9.1.8	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Modula Image Gallery <= 2.13.4 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-2.13.4	2.13.5	June 30, 2026
gsheetconnector-wpforms	gsheetconnector-wpforms	93	WPForms Google Sheet Connector <= 4.0.1 - Authenticated (Subscriber+) Remote Code Execution	LOW	*-4.0.1	4.0.2	June 30, 2026
export-media-urls	export-media-urls	93	Export Media URLs <= 2.2 - Reflected Cross-Site Scripting	LOW	*-2.2	2.3	June 30, 2026
contact-manager	contact-manager	91	Contact Manager <= 9.1 - Unauthenticated PHP Object Injection	LOW	*-9.1		June 30, 2026
bluex-for-woocommerce	bluex-for-woocommerce	91	Plugin BlueX for WooCommerce <= 3.1.4 - Missing Authorization	LOW	*-3.1.4		June 30, 2026
addonify-wishlist	addonify-wishlist	97	Addonify – WooCommerce Wishlist <= 2.0.15 - Missing Authorization to Unauthenticated Settings Update	LOW	*-2.0.15	2.0.16	June 30, 2026
addonify-compare-products	addonify-compare-products	97	Addonify – Compare Products For WooCommerce <= 1.1.17 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.1.17	1.1.18	June 30, 2026
sportspress	sportspress	N/A	SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode	LOW	*-2.7.26	2.7.27	June 30, 2026
fortis-for-woocommerce	fortis-for-woocommerce	93	Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint	LOW	*-1.2.0	1.3.0	June 30, 2026
code-explorer	code-explorer	91	Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter	LOW	*-1.4.6		June 30, 2026
MyRewards	woorewards	N/A	MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification	LOW	*-5.6.1	5.7.0	June 30, 2026
all-push-notification	all-push-notification	92	All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter	LOW	*-1.5.3		June 30, 2026
infility-global	infility-global	81	Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass	LOW	*-2.14.46		June 30, 2026
smart-appointment-booking	smart-appointment-booking	N/A	Smart Appointment & Booking <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action	LOW	*-1.0.7	1.0.8	June 30, 2026
wp-content-permission	wp-content-permission	N/A	WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter	LOW	*-1.2		June 30, 2026
webpurifytextreplace	webpurifytextreplace	N/A	WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options	LOW	*-4.0.2	4.0.3	June 30, 2026
chapa-payment-gateway-for-woocommerce	chapa-payment-gateway-for-woocommerce	91	Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure	LOW	*-1.0.3		June 30, 2026
magic-import-document-extractor	magic-import-document-extractor	91	Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure	LOW	*-1.0.6		June 30, 2026
magic-import-document-extractor	magic-import-document-extractor	91	Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification	LOW	*-1.0.5	1.0.6	June 30, 2026
woo-xendit-virtual-accounts	woo-xendit-virtual-accounts	N/A	Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid	LOW	*-6.0.2	6.1.0	June 30, 2026
lupsonline-link-netwerk	lupsonline-link-netwerk	93	SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification	LOW	*-2.2.1	3.0.0	June 30, 2026
sibs-woocommerce	sibs-woocommerce	N/A	SIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter	LOW	*-2.2.0		June 30, 2026
extended-random-number-generator	extended-random-number-generator	91	Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings	LOW	*-1.1		June 30, 2026
wp-foft-loader	wp-foft-loader	N/A	WP FOFT Loader <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload	LOW	*-2.1.39	2.1.40	June 30, 2026
menu-icons	menu-icons	93	Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-0.13.20	0.13.21	June 30, 2026
wp-job-portal	wp-job-portal	N/A	WP Job Portal <= 2.4.4 - Missing Authorization	LOW	*-2.4.4	2.4.5	June 30, 2026
woocommerce-delivery-notes	woocommerce-delivery-notes	N/A	Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Missing Authorization	LOW	*-5.8.0	5.9.0	June 30, 2026
super-custom-login	super-custom-login	N/A	Super Custom Login <= 1.1 - Missing Authorization	LOW	*-1.1		June 30, 2026
subscribe2	subscribe2	N/A	Subscribe2 <= 10.44 - Missing Authorization	LOW	*-10.44	10.45	June 30, 2026
responsive-lightbox	responsive-lightbox	N/A	Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 2.6.1)	2.6.1	June 30, 2026
reflector-plugins	reflector-plugins	N/A	Reflector <= 1.2.2 - Reflected Cross-Site Scripting	LOW	*-1.2.2	1.2.3	June 30, 2026
optimize-more-images	optimize-more-images	N/A	Optimize More! – Images <= 1.1.3 - Missing Authorization	LOW	*-1.1.3		June 30, 2026
latest-post-shortcode	latest-post-shortcode	93	Latest Post Shortcode <= 14.2.1 - Missing Authorization	LOW	*-14.2.1	14.2.2	June 30, 2026
bizreview	bizreview	91	BizReview <= 1.5.14 - Missing Authorization	LOW	*-1.5.14		June 30, 2026
authorsy	authorsy	93	Authorsy <= 1.0.6 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.0.6	1.0.7	June 30, 2026

LOW

video-onclick

Score: N/A Video Onclick <= 0.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.4.7 Patched: Updated: June 30, 2026

LOW

simple-bible-verse-via-shortcode

Score: N/A Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

wikiloops-track-player

Score: N/A Wikiloops Track Player <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

subitem-al-slider

Score: N/A Subitem AL Slider <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

title-animator

Score: N/A TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

advanced-country-blocker

Score: 97/100 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

omigo

Score: N/A OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.3 Patched: Updated: June 30, 2026

LOW

mp-ukagaka

Score: N/A MP-Ukagaka <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: Updated: June 30, 2026

LOW

wonka-slide

Score: N/A Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.3 Patched: Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.4.8 Patched: Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid Affected: *-5.5.3 Patched: Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode Affected: *-5.5.1 Patched: Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode Affected: *-5.5.7 Patched: Updated: June 30, 2026

LOW

publishpress-authors

Score: N/A PublishPress Authors <= 4.10.1 - Missing Authorization Affected: *-4.10.1 Patched: 4.11.0 Updated: June 30, 2026

LOW

mycred

Score: N/A myCred <= 2.9.7.3 - Missing Authorization Affected: *-2.9.7.3 Patched: 2.9.7.4 Updated: June 30, 2026

LOW

library-viewer

Score: 93/100 Library Viewer < 3.2.0 - Reflected Cross-Site Scripting Affected: [*, 3.2.0) Patched: 3.2.0 Updated: June 30, 2026

LOW

Advanced Coupons for WooCommerce Coupons & Store Credit

advanced-coupons-for-woocommerce-free

Score: 80/100 Advanced Coupons for WooCommerce Coupons <= 4.7.1 - Missing Authorization Affected: *-4.7.1 Patched: 4.7.1.1 Updated: June 30, 2026

LOW

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Score: 89/100 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute Affected: *-26.8 Patched: 26.9 Updated: June 30, 2026

LOW

local-sync

Score: 93/100 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

events-listing-widget

Score: 93/100 Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

code-snippets

Score: 93/100 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions Affected: *-3.9.4 Patched: 3.9.5 Updated: June 30, 2026

LOW

employee-staff-directory

Score: 93/100 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

docus

Score: 93/100 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

wavesurfer-wp

Score: N/A WaveSurfer-WP <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute Affected: *-2.8.3 Patched: 2.8.4 Updated: June 30, 2026

LOW

Score: N/A Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.7 Patched: 0.7.1 Updated: June 30, 2026

LOW

miniorange-login-with-eve-online-google-facebook

Score: 93/100 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization Affected: *-6.26.14 Patched: 6.26.15 Updated: June 30, 2026

LOW

timeline-block-block

Score: N/A Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css Affected: *-12.6 Patched: 12.6.1 Updated: June 30, 2026

LOW

wp-user-extra-fields

Score: N/A User Extra Fields <= 17.0 - Unauthenticated Arbitrary File Deletion Affected: *-17.0 Patched: 17.1 Updated: June 30, 2026

LOW

wp-user-extra-fields

Score: N/A User Extra Fields <= 17.0 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-17.0 Patched: Updated: June 30, 2026

LOW

woo-file-dropzone

Score: N/A Woo File Dropzone <= 1.1.7 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

tune-library

Score: N/A Tune Library <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import Affected: *-1.6.3 Patched: 1.6.4 Updated: June 30, 2026

LOW

swp-portfolio

Score: N/A Portfolio Builder <= 1.2.5 - Unauthenticated Local File Inclusion Affected: *-1.2.5 Patched: Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 10.3.4 - Missing Authorization Affected: *-10.3.4 Patched: 10.3.5 Updated: June 30, 2026

LOW

prdctfltr

Score: N/A Product Filter for WooCommerce <= 9.1.2 - Authenticated (Shop Manager+) Privilege Escalation Affected: *-9.1.2 Patched: 9.1.3 Updated: June 30, 2026

LOW

okay-toolkit

Score: N/A Okay Toolkit <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

lottiefiles

Score: 93/100 LottieFiles <= 3.0.0 - Missing Authorization Affected: *-3.0.0 Patched: 3.1.0 Updated: June 30, 2026

LOW

immonex-kickstart

Score: 93/100 immonex Kickstart <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.13.0 Patched: 1.13.4 Updated: June 30, 2026

LOW

gravity-forms-icontact

Score: 91/100 iContact for Gravity Forms <= 1.3.2 - Reflected Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

gmap-targeting

Score: 93/100 GMap Targeting <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

ghl-wizard

Score: 91/100 LC Wizard <= 2.1.1 - Missing Authorization to Unauthenticated Settings Update Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

ga-for-wp

Score: 89/100 GA4WP: Google Analytics for WordPress <= 2.10.0 - Missing Authorization Affected: *-2.10.0 Patched: Updated: June 30, 2026

LOW

filter-plus

Score: 91/100 Filter Plus <= 1.1.17 - Missing Authorization Affected: *-1.1.17 Patched: Updated: June 30, 2026

LOW

erp

Score: 93/100 ERP <= 1.16.10 - Authenticated (Crm agent+) SQL Injection Affected: *-1.16.10 Patched: 1.16.11 Updated: June 30, 2026

LOW

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.4.1 - Missing Authorization Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026

LOW

ele-blog

Score: 87/100 Eleblog – Elementor Blog And Magazine Addons <= 2.0.3 - Unauthenticated Local File Inclusion Affected: *-2.0.3 Patched: Updated: June 30, 2026

LOW

court-reservation

Score: 89/100 Court Reservation <= 1.10.8 - Reflected Cross-Site Scripting Affected: *-1.10.8 Patched: Updated: June 30, 2026

LOW

checkout-gateway-iris

Score: 93/100 Checkout Gateway for IRIS <= 1.3 - Missing Authorization Affected: *-1.3 Patched: 1.4 Updated: June 30, 2026

LOW

advance-wc-analytics

Score: 97/100 Advanced WC Analytics <= 3.19.0 - Missing Authorization to Unauthenticated Settings Update Affected: *-3.19.0 Patched: 4.0.0 Updated: June 30, 2026

LOW

addonify-floating-cart

Score: 95/100 Addonify Floating Cart For WooCommerce <= 1.2.17 - Missing Authorization Affected: *-1.2.17 Patched: Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-3.3.5 Patched: 3.3.6 Updated: June 30, 2026

LOW

image-viewer

Score: 93/100 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification Affected: *-5.9.7.2 Patched: 5.9.7.3 Updated: June 30, 2026

LOW

peters-date-countdown

Score: N/A Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension Affected: *-5.9.7.2 Patched: 5.9.7.3 Updated: June 30, 2026

LOW

robin-image-optimizer

Score: N/A Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

dynamic-widget-content

Score: 93/100 Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

essential-widgets

Score: 93/100 Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes Affected: *-3.0 Patched: 3.0.1 Updated: June 30, 2026

LOW

shortpixel-image-optimiser

Score: N/A ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter Affected: *-6.4.2 Patched: 6.4.3 Updated: June 30, 2026

LOW

popup-builder-block

Score: N/A Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints Affected: *-2.2.0 Patched: 2.2.1 Updated: June 30, 2026

LOW

topper-pack

Score: N/A TopperPack – Complete Elementor Addons, Theme & CPT Builder <= 1.2.1 - Unauthenticated Local File Inclusion Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

the-events-calendar-shortcode

Score: N/A The Events Calendar Shortcode & Block <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.1 Patched: 3.1.2 Updated: June 30, 2026

LOW

product-sync-master-sheet

Score: N/A Sync Master Sheet – Product Sync with Google Sheet for WooCommerce <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

nps-computy

Score: N/A NPS computy <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.8.2 Patched: 2.8.3 Updated: June 30, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms <= 9.1.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-9.1.7 Patched: 9.1.8 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Modula Image Gallery <= 2.13.4 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.13.4 Patched: 2.13.5 Updated: June 30, 2026

LOW

gsheetconnector-wpforms

Score: 93/100 WPForms Google Sheet Connector <= 4.0.1 - Authenticated (Subscriber+) Remote Code Execution Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026

LOW

export-media-urls

Score: 93/100 Export Media URLs <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

contact-manager

Score: 91/100 Contact Manager <= 9.1 - Unauthenticated PHP Object Injection Affected: *-9.1 Patched: Updated: June 30, 2026

LOW

bluex-for-woocommerce

Score: 91/100 Plugin BlueX for WooCommerce <= 3.1.4 - Missing Authorization Affected: *-3.1.4 Patched: Updated: June 30, 2026

LOW

addonify-wishlist

Score: 97/100 Addonify – WooCommerce Wishlist <= 2.0.15 - Missing Authorization to Unauthenticated Settings Update Affected: *-2.0.15 Patched: 2.0.16 Updated: June 30, 2026

LOW

addonify-compare-products

Score: 97/100 Addonify – Compare Products For WooCommerce <= 1.1.17 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.17 Patched: 1.1.18 Updated: June 30, 2026

LOW

sportspress

Score: N/A SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode Affected: *-2.7.26 Patched: 2.7.27 Updated: June 30, 2026

LOW

fortis-for-woocommerce

Score: 93/100 Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint Affected: *-1.2.0 Patched: 1.3.0 Updated: June 30, 2026

LOW

code-explorer

Score: 91/100 Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter Affected: *-1.4.6 Patched: Updated: June 30, 2026

LOW

MyRewards

woorewards

Score: N/A MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification Affected: *-5.6.1 Patched: 5.7.0 Updated: June 30, 2026

LOW

all-push-notification

Score: 92/100 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter Affected: *-1.5.3 Patched: Updated: June 30, 2026

LOW

infility-global

Score: 81/100 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass Affected: *-2.14.46 Patched: Updated: June 30, 2026

LOW

smart-appointment-booking

Score: N/A Smart Appointment & Booking <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

wp-content-permission

Score: N/A WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

webpurifytextreplace

Score: N/A WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

chapa-payment-gateway-for-woocommerce

Score: 91/100 Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

magic-import-document-extractor

Score: 91/100 Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

magic-import-document-extractor

Score: 91/100 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification Affected: *-1.0.5 Patched: 1.0.6 Updated: June 30, 2026

LOW

woo-xendit-virtual-accounts

Score: N/A Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid Affected: *-6.0.2 Patched: 6.1.0 Updated: June 30, 2026

LOW

lupsonline-link-netwerk

Score: 93/100 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification Affected: *-2.2.1 Patched: 3.0.0 Updated: June 30, 2026

LOW

sibs-woocommerce

Score: N/A SIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter Affected: *-2.2.0 Patched: Updated: June 30, 2026

LOW

extended-random-number-generator

Score: 91/100 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

wp-foft-loader

Score: N/A WP FOFT Loader <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload Affected: *-2.1.39 Patched: 2.1.40 Updated: June 30, 2026

LOW

menu-icons

Score: 93/100 Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-0.13.20 Patched: 0.13.21 Updated: June 30, 2026

LOW

wp-job-portal

Score: N/A WP Job Portal <= 2.4.4 - Missing Authorization Affected: *-2.4.4 Patched: 2.4.5 Updated: June 30, 2026

LOW

woocommerce-delivery-notes

Score: N/A Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Missing Authorization Affected: *-5.8.0 Patched: 5.9.0 Updated: June 30, 2026

LOW

super-custom-login

Score: N/A Super Custom Login <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

subscribe2

Score: N/A Subscribe2 <= 10.44 - Missing Authorization Affected: *-10.44 Patched: 10.45 Updated: June 30, 2026

LOW

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 2.6.1) Patched: 2.6.1 Updated: June 30, 2026

LOW

reflector-plugins

Score: N/A Reflector <= 1.2.2 - Reflected Cross-Site Scripting Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026

LOW

optimize-more-images

Score: N/A Optimize More! – Images <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

latest-post-shortcode

Score: 93/100 Latest Post Shortcode <= 14.2.1 - Missing Authorization Affected: *-14.2.1 Patched: 14.2.2 Updated: June 30, 2026

LOW

bizreview

Score: 91/100 BizReview <= 1.5.14 - Missing Authorization Affected: *-1.5.14 Patched: Updated: June 30, 2026

LOW

authorsy

Score: 93/100 Authorsy <= 1.0.6 - Unauthenticated Insecure Direct Object Reference Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

Showing 2901 to 3000 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 09:50 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List