Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
advanced-cf7-db advanced-cf7-db
95
Advanced Contact form 7 DB <= 1.8.6 - Authenticated Arbitrary File Deletion LOW [*, 1.8.7) 1.8.7 July 4, 2026
wpcargo wpcargo N/A WPCargo <= 6.8.9 - Unauthenticated Remote Code Execution LOW [*, 6.9.0) 6.9.0 July 4, 2026
wp-multisite-content-copier-pro wp-multisite-content-copier-pro N/A Multisite Content Copier/Updater Pro < 2.1.2 - Reflected Cross-Site Scripting LOW [*, 2.1.2) 2.1.2 July 4, 2026
wp-home-page-menu wp-home-page-menu N/A WP Home Page Menu < 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 3.1) 3.1 July 4, 2026
wp-gdpr-compliance wp-gdpr-compliance N/A Cookie Information | Free GDPR Consent Solution <= 2.0.7 - Reflected Cross-Site Scripting LOW [*, 2.0.8) 2.0.8 July 4, 2026
simple-theme-options simple-theme-options N/A Simple Tracking <= 1.6 - Stored Cross-Site Scripting LOW *-1.6 1.7 July 4, 2026
seo-301-meta seo-301-meta N/A Seo 301 Meta <= 1.9.1 - Stored Cross-Site Scripting LOW *-1.9.1 July 4, 2026
List Petfinder Pets petfinder-listings
92
Petfinder Listings <= 1.0.19 - Admin+ Stored Cross-Site Scripting LOW *-1.0.18 1.0.19 July 4, 2026
master-addons master-addons
93
Master Addons for Elementor <= 1.8.1 - Reflected Cross-Site Scripting LOW [*, 1.8.5) 1.8.5 July 4, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
Event Manager and Tickets Selling for WooCommerce < 3.5.8 - SQL Injection LOW [*, 3.5.8) 3.5.8 July 4, 2026
hide-admin-bar-based-on-user-roles hide-admin-bar-based-on-user-roles
93
Hide Admin Bar Based On User Roles < 3.1.0 - Cross-Site Request Forgery LOW [*, 3.1.0) 3.1.0 July 4, 2026
gd-mylist gd-mylist
91
GD Mylist <= 1.1.1 - Stored Cross-Site Scripting LOW *-1.1.1 July 4, 2026
countdown-builder countdown-builder
91
Countdown & Clock <= 2.2.8 - Reflected Cross-Site Scripting LOW [*, 2.2.9) 2.2.9 July 4, 2026
contact-form-submissions contact-form-submissions
93
Contact Form Submissions <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting LOW [*, 1.7.3) 1.7.3 July 4, 2026
commonsbooking commonsbooking
93
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection LOW [*, 2.6.8) 2.6.8 July 4, 2026
circle-image-slider-with-lightbox circle-image-slider-with-lightbox
93
Team Circle Image Slider With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting LOW *-1.0.15 1.0.16 July 4, 2026
patreon-connect patreon-connect
93
Patreon WordPress <= 1.8.1 - Authenticated Stored Cross-Site Scripting LOW [*, 1.8.2) 1.8.2 July 4, 2026
zero-spam zero-spam N/A Zero Spam <= 5.2.10 - Admin+ SQL Injection LOW *-5.2.10 5.2.11 July 4, 2026
Header Footer Code Manager header-footer-code-manager
87
Header Footer Code Manager <= 1.1.16 - Reflected Cross-Site Scripting LOW *-1.1.16 1.1.17 July 4, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
85
Essential Addons for Elementor Lite <= 5.0.8 - Reflected Cross-Site Scripting LOW *-5.0.8 5.0.9 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via platform LOW *-13.1.5 13.1.6 July 4, 2026
updraftplus-pro updraftplus-pro N/A UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure LOW [*, 2.22.3) 2.22.3 July 4, 2026
UpdraftPlus: WP Backup & Migration Plugin updraftplus
69
UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure LOW [1.16.7, 1.22.3) 1.22.3 July 4, 2026
sync-qcloud-cos sync-qcloud-cos N/A Sync QCloud COS Plugin < 2.0.1 - Authenticated (Admin+) Cross-Site Scripting LOW [*, 2.0.1) 2.0.1 July 4, 2026
profile-builder profile-builder N/A Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter LOW *-3.6.1 3.6.2 July 4, 2026
kunze-law kunze-law
91
Kunze Law < 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 2.1) 2.1 July 4, 2026
ari-stream-quiz ari-stream-quiz
97
ARI Stream Quiz – WordPress Quizzes Builder <= 1.2.26 - Reflected Cross-Site Scripting LOW *-1.2.26 1.2.27 July 4, 2026
ari-fancy-lightbox ari-fancy-lightbox
97
ARI Fancy Lightbox <= 1.3.8 - Reflected Cross-Site Scripting LOW [*, 1.3.9) 1.3.9 July 4, 2026
ari-cf7-connector ari-cf7-connector
97
Contact Form 7 Connector <= 1.1.13 - Reflected Cross-Site Scripting LOW *-1.1.13 1.1.14 July 4, 2026
simple-ajax-chat simple-ajax-chat N/A Simple Ajax Chat <= 20220115 - Unauthenticated Stored Cross-Site Scripting LOW *-20220115 20220216 July 4, 2026
wp-content-copy-protection wp-content-copy-protection N/A WP Content Copy Protection <= 3.4.4 - Cross-Site Request Forgery to Setting Update LOW *-3.4.4 3.4.5 July 4, 2026
wp-voting-contest wp-voting-contest N/A WP Voting Contest < 3.0 - Reflected Cross-Site Scripting LOW [*, 3.0) 3.0 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via current_page_type LOW *-13.1.5 13.1.6 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.5 - Unauthenticated SQL Injection LOW *-13.1.5 13.1.6 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via IP LOW *-13.1.5 13.1.6 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via IP LOW *-13.1.5 13.1.6 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via browser LOW *-13.1.5 13.1.6 July 4, 2026
simple-quotation simple-quotation N/A Simple Quotation <= 1.3.2 - SQL injection LOW *-1.3.2 July 4, 2026
simple-quotation simple-quotation N/A Simple Quotation <= 1.3.2 - Cross-Site Request Forgery LOW *-1.3.2 July 4, 2026
login-with-phone-number login-with-phone-number
93
Login with phone number <= 1.3.6 - Unauthenticated Remote Plugin Deletion LOW [*, 1.3.7) 1.3.7 July 4, 2026
kingcomposer kingcomposer
89
Page Builder KingComposer <= 2.9.6 - Open Redirect LOW *-2.9.6 July 4, 2026
hub2word hub2word
91
Easy Embed for HubSpot Forms, CTAs, Links, Files & add HubSpot to WP Search Results <= 1.1.0 - Missing Authorization to Arbitrary Options Update LOW *-1.1.0 July 4, 2026
flexi flexi
89
Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting LOW [*, 4.20) 4.20 July 4, 2026
bwp-google-xml-sitemaps bwp-google-xml-sitemaps
91
Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.4.1 July 4, 2026
relevanssi-premium relevanssi-premium N/A Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization LOW [*, 2.16.5) 2.16.5 July 4, 2026
relevanssi relevanssi N/A Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization LOW [*, 4.14.6) 4.14.6 July 4, 2026
photo-gallery photo-gallery
93
Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter LOW [*, 1.6.0) 1.6.0 July 4, 2026
persian-woocommerce persian-woocommerce
93
Persian WooCommerce <= 5.8.0 - Reflected Cross-Site Scripting LOW *-5.8.0 5.9.8 July 4, 2026
advanced-product-labels-for-woocommerce advanced-product-labels-for-woocommerce
97
Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting LOW [*, 1.2.3.7) 1.2.3.7 July 4, 2026
yop-poll yop-poll N/A YOP Poll <= 6.3.4 - Author+ Stored Cross-Site Scripting LOW *-6.3.4 6.3.5 July 4, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection LOW [*, 5.6) 5.6 July 4, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG LOW [*, 4.16.3) 4.16.3 July 4, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode LOW [*, 4.16.3) 4.16.3 July 4, 2026
wp-event-manager wp-event-manager N/A WP Event Manager <= 3.1.22 - Admin+ Stored Cross-Site Scripting LOW *-3.1.22 3.1.23 July 4, 2026
wp-cerber wp-cerber N/A WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting LOW *-8.9.5.2 8.9.6 July 4, 2026
video-conferencing-with-zoom-api video-conferencing-with-zoom-api N/A Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure LOW [*, 3.8.17) 3.8.17 July 4, 2026
userswp userswp N/A UsersWP <= 1.2.3 - Subscriber+ User Avatar Override LOW [*, 1.2.3.1) 1.2.3.1 July 4, 2026
smart-forms smart-forms N/A Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure LOW [*, 2.6.71) 2.6.71 July 4, 2026
loginpress loginpress
93
LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter LOW [*, 1.5.12) 1.5.12 July 4, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection LOW [*, 5.3.2) 5.3.2 July 4, 2026
social-media-feather social-media-feather N/A Social Media Feather <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.4 2.0.5 July 4, 2026
spiffy-calendar spiffy-calendar N/A Spiffy Calendar <= 4.9.0 - Edit/Delete event via IDOR LOW *-4.9.0 4.9.1 July 4, 2026
wpdiscuz wpdiscuz N/A Comments - wpDiscuz <= 7.3.11 Sensitive Information Disclosure LOW *-7.3.11 7.3.12 July 4, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics <= 13.1.4 - Unauthenticated Blind SQL Injection LOW *-13.1.4 13.1.5 July 4, 2026
spiffy-calendar spiffy-calendar N/A Spiffy Calendar <= 4.9.0 - Event deletion via Cross-Site Request Forgery LOW *-4.9.0 4.9.1 July 4, 2026
e2pdf e2pdf
93
E2Pdf <= 1.16.44 - Stored Cross-Site Scripting LOW *-1.16.44 1.16.45 July 4, 2026
ditty-news-ticker ditty-news-ticker
93
Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting LOW [*, 3.0.15) 3.0.15 July 4, 2026
gotmls gotmls
93
Anti-Malware Security and Brute-Force Firewall <= 4.21.74 - Reflected Cross-Site Scripting LOW *-4.21.74 4.21.83 July 4, 2026
fancy-product-designer fancy-product-designer
93
Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection LOW *-4.7.4 4.7.5 July 4, 2026
wp-piwik wp-piwik N/A WP-Matomo Integration (WP-Piwik) <= 1.0.26 - Cross-Site Request Forgery LOW [*, 1.0.27) 1.0.27 July 4, 2026
wp-multisite-content-copier wp-multisite-content-copier N/A Multisite Content Copier/Updater <= 1.4.0 - Reflected Cross-Site Scripting LOW *-1.4.0 1.5.0 July 4, 2026
wordpress-multisite-user-sync wordpress-multisite-user-sync N/A WordPress Multisite User Sync/Unsync (Premium) <= 2.1.1 Reflected Cross-Site Scripting LOW *-2.1.1 2.1.2 July 4, 2026
white-label-cms white-label-cms N/A White Label MS <= 2.2.8 - Reflected Cross-Site Scripting LOW [*, 2.2.9) 2.2.9 July 4, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms simple-tags
70
TaxoPress <= 3.4.4 - Reflected Cross-Site Scripting LOW *-3.4.4 3.4.5 July 4, 2026
real-cookie-banner real-cookie-banner N/A WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery LOW [*, 2.14.2) 2.14.2 July 4, 2026
ip2location-country-blocker ip2location-country-blocker
93
IP2Location Country Blocker < 2.26.9 - Authenticated Stored Cross-Site Scripting LOW [*, 2.26.9) 2.26.9 July 4, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
RegistrationMagic <= 5.0.2.1 - SQL Injection LOW [*, 5.0.2.2) 5.0.2.2 July 4, 2026
catch-themes-demo-import catch-themes-demo-import
93
Catch Themes Demo Import <= 2.1 - Authenticated (Admin+) Arbitrary File Upload LOW [*, 2.1.1) 2.1.1 July 4, 2026
All-in-One WP Migration and Backup all-in-one-wp-migration
94
All-in-One WP Migration <= 7.40 - Authenticated (Admin+) Arbitrary File Upload LOW *-7.40 7.41 July 4, 2026
AdRotate Banner Manager adrotate
74
AdRotate – Ad manager & AdSense Ads <= 5.8.17 - Admin+ SQL Injection LOW *-5.8.17 5.8.22 July 4, 2026
simple-job-board simple-job-board N/A Simple Job Board <= 2.9.3 - Local File Inclusion LOW *-2.9.3 2.9.4 July 4, 2026
yet-another-stars-rating yet-another-stars-rating N/A Yasr – Yet Another Stars Rating <= 2.9.9 - Cross-Site Scripting via source LOW *-2.9.9 3.0.0 July 4, 2026
easyjobs easyjobs
93
EasyJobs <= 1.4.7 - Reflected Cross-Site Scripting LOW [*, 1.4.8) 1.4.8 July 4, 2026
ad-inserter ad-inserter
97
Ad Inserter < 2.7.11 - Authenticated (Admin+) Remote Code Execution LOW [*, 2.7.11) 2.7.11 July 4, 2026
wp-time-slots-booking-form wp-time-slots-booking-form N/A WP Time Slots Booking Form <= 1.1.62 - Stored Cross-Site Scripting LOW *-1.1.62 1.1.63 July 4, 2026
notificationx notificationx
93
NotificationX <= 2.3.8 - Blind SQL Injection LOW *-2.3.8 2.3.9 July 4, 2026
Download Manager download-manager
63
Download Manager <= 3.2.34 - Sensitive Information Disclosure LOW [*, 3.2.35) 3.2.35 July 4, 2026
custom-content-shortcode custom-content-shortcode
89
Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting LOW *-4.0.1 4.0.2 July 4, 2026
custom-content-shortcode custom-content-shortcode
89
Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access LOW *-3.8.8 4.0.1 July 4, 2026
custom-content-shortcode custom-content-shortcode
89
Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion LOW *-4.0.1 4.0.2 July 4, 2026
cp-blocks cp-blocks
93
CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings LOW [*, 1.0.15) 1.0.15 July 4, 2026
advanced-iframe advanced-iframe
97
Advanced iFrame <= 2021.9 Reflected Cross-Site Scripting LOW *-2021.9 2022 July 4, 2026
woo-product-feed-pro woo-product-feed-pro N/A Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting LOW [*, 11.2.3) 11.2.3 July 4, 2026
page-views-count page-views-count
91
Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection LOW [*, 2.4.15) 2.4.15 July 4, 2026
nd-projects nd-projects
87
Cost Calculator <= 1.5 - Contributor+ Stored Cross-Site Scripting LOW *-1.5 1.6 July 4, 2026
nd-projects nd-projects
87
Cost Calculator <= 1.8 - Authenticated Local File Inclusion LOW *-1.8 July 4, 2026
masterstudy-lms-learning-management-system masterstudy-lms-learning-management-system
93
MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation LOW *-2.7.5 2.7.6 July 4, 2026
lead-form-builder lead-form-builder
93
Contact Form & Lead Form Elementor Builder < 1.7.4 - Arbitrary Settings Change LOW [*, 1.7.4) 1.7.4 July 4, 2026
enhanced-e-commerce-for-woocommerce-store enhanced-e-commerce-for-woocommerce-store
93
Conversios.io - Google Analytics and Google Shopping plugin for WooCommerce <= 4.6.1 Authenticated SQL Injection LOW [*, 4.6.2) 4.6.2 July 4, 2026
easy-pricing-tables easy-pricing-tables
93
Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery LOW *-3.1.2 3.1.3 July 4, 2026
LOW

advanced-cf7-db

advanced-cf7-db

Score: 95/100 Advanced Contact form 7 DB <= 1.8.6 - Authenticated Arbitrary File Deletion Affected: [*, 1.8.7) Patched: 1.8.7 Updated: July 4, 2026
LOW

wpcargo

wpcargo

Score: N/A WPCargo <= 6.8.9 - Unauthenticated Remote Code Execution Affected: [*, 6.9.0) Patched: 6.9.0 Updated: July 4, 2026
LOW

wp-multisite-content-copier-pro

wp-multisite-content-copier-pro

Score: N/A Multisite Content Copier/Updater Pro < 2.1.2 - Reflected Cross-Site Scripting Affected: [*, 2.1.2) Patched: 2.1.2 Updated: July 4, 2026
LOW

wp-home-page-menu

wp-home-page-menu

Score: N/A WP Home Page Menu < 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 3.1) Patched: 3.1 Updated: July 4, 2026
LOW

wp-gdpr-compliance

wp-gdpr-compliance

Score: N/A Cookie Information | Free GDPR Consent Solution <= 2.0.7 - Reflected Cross-Site Scripting Affected: [*, 2.0.8) Patched: 2.0.8 Updated: July 4, 2026
LOW

simple-theme-options

simple-theme-options

Score: N/A Simple Tracking <= 1.6 - Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: July 4, 2026
LOW

seo-301-meta

seo-301-meta

Score: N/A Seo 301 Meta <= 1.9.1 - Stored Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: July 4, 2026
LOW

List Petfinder Pets

petfinder-listings

Score: 92/100 Petfinder Listings <= 1.0.19 - Admin+ Stored Cross-Site Scripting Affected: *-1.0.18 Patched: 1.0.19 Updated: July 4, 2026
LOW

master-addons

master-addons

Score: 93/100 Master Addons for Elementor <= 1.8.1 - Reflected Cross-Site Scripting Affected: [*, 1.8.5) Patched: 1.8.5 Updated: July 4, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 Event Manager and Tickets Selling for WooCommerce < 3.5.8 - SQL Injection Affected: [*, 3.5.8) Patched: 3.5.8 Updated: July 4, 2026
LOW

hide-admin-bar-based-on-user-roles

hide-admin-bar-based-on-user-roles

Score: 93/100 Hide Admin Bar Based On User Roles < 3.1.0 - Cross-Site Request Forgery Affected: [*, 3.1.0) Patched: 3.1.0 Updated: July 4, 2026
LOW

gd-mylist

gd-mylist

Score: 91/100 GD Mylist <= 1.1.1 - Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 4, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown & Clock <= 2.2.8 - Reflected Cross-Site Scripting Affected: [*, 2.2.9) Patched: 2.2.9 Updated: July 4, 2026
LOW

contact-form-submissions

contact-form-submissions

Score: 93/100 Contact Form Submissions <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 1.7.3) Patched: 1.7.3 Updated: July 4, 2026
LOW

commonsbooking

commonsbooking

Score: 93/100 CommonsBooking < 2.6.8 - Unauthenticated SQL Injection Affected: [*, 2.6.8) Patched: 2.6.8 Updated: July 4, 2026
LOW

circle-image-slider-with-lightbox

circle-image-slider-with-lightbox

Score: 93/100 Team Circle Image Slider With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting Affected: *-1.0.15 Patched: 1.0.16 Updated: July 4, 2026
LOW

patreon-connect

patreon-connect

Score: 93/100 Patreon WordPress <= 1.8.1 - Authenticated Stored Cross-Site Scripting Affected: [*, 1.8.2) Patched: 1.8.2 Updated: July 4, 2026
LOW

zero-spam

zero-spam

Score: N/A Zero Spam <= 5.2.10 - Admin+ SQL Injection Affected: *-5.2.10 Patched: 5.2.11 Updated: July 4, 2026
LOW

Header Footer Code Manager

header-footer-code-manager

Score: 87/100 Header Footer Code Manager <= 1.1.16 - Reflected Cross-Site Scripting Affected: *-1.1.16 Patched: 1.1.17 Updated: July 4, 2026
LOW

updraftplus-pro

updraftplus-pro

Score: N/A UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure Affected: [*, 2.22.3) Patched: 2.22.3 Updated: July 4, 2026
LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure Affected: [1.16.7, 1.22.3) Patched: 1.22.3 Updated: July 4, 2026
LOW

sync-qcloud-cos

sync-qcloud-cos

Score: N/A Sync QCloud COS Plugin < 2.0.1 - Authenticated (Admin+) Cross-Site Scripting Affected: [*, 2.0.1) Patched: 2.0.1 Updated: July 4, 2026
LOW

profile-builder

profile-builder

Score: N/A Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter Affected: *-3.6.1 Patched: 3.6.2 Updated: July 4, 2026
LOW

kunze-law

kunze-law

Score: 91/100 Kunze Law < 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.1) Patched: 2.1 Updated: July 4, 2026
LOW

ari-stream-quiz

ari-stream-quiz

Score: 97/100 ARI Stream Quiz – WordPress Quizzes Builder <= 1.2.26 - Reflected Cross-Site Scripting Affected: *-1.2.26 Patched: 1.2.27 Updated: July 4, 2026
LOW

ari-fancy-lightbox

ari-fancy-lightbox

Score: 97/100 ARI Fancy Lightbox <= 1.3.8 - Reflected Cross-Site Scripting Affected: [*, 1.3.9) Patched: 1.3.9 Updated: July 4, 2026
LOW

ari-cf7-connector

ari-cf7-connector

Score: 97/100 Contact Form 7 Connector <= 1.1.13 - Reflected Cross-Site Scripting Affected: *-1.1.13 Patched: 1.1.14 Updated: July 4, 2026
LOW

simple-ajax-chat

simple-ajax-chat

Score: N/A Simple Ajax Chat <= 20220115 - Unauthenticated Stored Cross-Site Scripting Affected: *-20220115 Patched: 20220216 Updated: July 4, 2026
LOW

wp-content-copy-protection

wp-content-copy-protection

Score: N/A WP Content Copy Protection <= 3.4.4 - Cross-Site Request Forgery to Setting Update Affected: *-3.4.4 Patched: 3.4.5 Updated: July 4, 2026
LOW

wp-voting-contest

wp-voting-contest

Score: N/A WP Voting Contest < 3.0 - Reflected Cross-Site Scripting Affected: [*, 3.0) Patched: 3.0 Updated: July 4, 2026
LOW

simple-quotation

simple-quotation

Score: N/A Simple Quotation <= 1.3.2 - SQL injection Affected: *-1.3.2 Patched: Updated: July 4, 2026
LOW

simple-quotation

simple-quotation

Score: N/A Simple Quotation <= 1.3.2 - Cross-Site Request Forgery Affected: *-1.3.2 Patched: Updated: July 4, 2026
LOW

login-with-phone-number

login-with-phone-number

Score: 93/100 Login with phone number <= 1.3.6 - Unauthenticated Remote Plugin Deletion Affected: [*, 1.3.7) Patched: 1.3.7 Updated: July 4, 2026
LOW

kingcomposer

kingcomposer

Score: 89/100 Page Builder KingComposer <= 2.9.6 - Open Redirect Affected: *-2.9.6 Patched: Updated: July 4, 2026
LOW

hub2word

hub2word

Score: 91/100 Easy Embed for HubSpot Forms, CTAs, Links, Files & add HubSpot to WP Search Results <= 1.1.0 - Missing Authorization to Arbitrary Options Update Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

flexi

flexi

Score: 89/100 Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting Affected: [*, 4.20) Patched: 4.20 Updated: July 4, 2026
LOW

bwp-google-xml-sitemaps

bwp-google-xml-sitemaps

Score: 91/100 Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 4, 2026
LOW

relevanssi-premium

relevanssi-premium

Score: N/A Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization Affected: [*, 2.16.5) Patched: 2.16.5 Updated: July 4, 2026
LOW

relevanssi

relevanssi

Score: N/A Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization Affected: [*, 4.14.6) Patched: 4.14.6 Updated: July 4, 2026
LOW

photo-gallery

photo-gallery

Score: 93/100 Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter Affected: [*, 1.6.0) Patched: 1.6.0 Updated: July 4, 2026
LOW

persian-woocommerce

persian-woocommerce

Score: 93/100 Persian WooCommerce <= 5.8.0 - Reflected Cross-Site Scripting Affected: *-5.8.0 Patched: 5.9.8 Updated: July 4, 2026
LOW

advanced-product-labels-for-woocommerce

advanced-product-labels-for-woocommerce

Score: 97/100 Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting Affected: [*, 1.2.3.7) Patched: 1.2.3.7 Updated: July 4, 2026
LOW

yop-poll

yop-poll

Score: N/A YOP Poll <= 6.3.4 - Author+ Stored Cross-Site Scripting Affected: *-6.3.4 Patched: 6.3.5 Updated: July 4, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection Affected: [*, 5.6) Patched: 5.6 Updated: July 4, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG Affected: [*, 4.16.3) Patched: 4.16.3 Updated: July 4, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode Affected: [*, 4.16.3) Patched: 4.16.3 Updated: July 4, 2026
LOW

wp-event-manager

wp-event-manager

Score: N/A WP Event Manager <= 3.1.22 - Admin+ Stored Cross-Site Scripting Affected: *-3.1.22 Patched: 3.1.23 Updated: July 4, 2026
LOW

wp-cerber

wp-cerber

Score: N/A WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-8.9.5.2 Patched: 8.9.6 Updated: July 4, 2026
LOW

video-conferencing-with-zoom-api

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure Affected: [*, 3.8.17) Patched: 3.8.17 Updated: July 4, 2026
LOW

userswp

userswp

Score: N/A UsersWP <= 1.2.3 - Subscriber+ User Avatar Override Affected: [*, 1.2.3.1) Patched: 1.2.3.1 Updated: July 4, 2026
LOW

smart-forms

smart-forms

Score: N/A Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure Affected: [*, 2.6.71) Patched: 2.6.71 Updated: July 4, 2026
LOW

loginpress

loginpress

Score: 93/100 LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter Affected: [*, 1.5.12) Patched: 1.5.12 Updated: July 4, 2026
LOW

social-media-feather

social-media-feather

Score: N/A Social Media Feather <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 4, 2026
LOW

spiffy-calendar

spiffy-calendar

Score: N/A Spiffy Calendar <= 4.9.0 - Edit/Delete event via IDOR Affected: *-4.9.0 Patched: 4.9.1 Updated: July 4, 2026
LOW

wpdiscuz

wpdiscuz

Score: N/A Comments - wpDiscuz <= 7.3.11 Sensitive Information Disclosure Affected: *-7.3.11 Patched: 7.3.12 Updated: July 4, 2026
LOW

spiffy-calendar

spiffy-calendar

Score: N/A Spiffy Calendar <= 4.9.0 - Event deletion via Cross-Site Request Forgery Affected: *-4.9.0 Patched: 4.9.1 Updated: July 4, 2026
LOW

e2pdf

e2pdf

Score: 93/100 E2Pdf <= 1.16.44 - Stored Cross-Site Scripting Affected: *-1.16.44 Patched: 1.16.45 Updated: July 4, 2026
LOW

ditty-news-ticker

ditty-news-ticker

Score: 93/100 Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting Affected: [*, 3.0.15) Patched: 3.0.15 Updated: July 4, 2026
LOW

gotmls

gotmls

Score: 93/100 Anti-Malware Security and Brute-Force Firewall <= 4.21.74 - Reflected Cross-Site Scripting Affected: *-4.21.74 Patched: 4.21.83 Updated: July 4, 2026
LOW

fancy-product-designer

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection Affected: *-4.7.4 Patched: 4.7.5 Updated: July 4, 2026
LOW

wp-piwik

wp-piwik

Score: N/A WP-Matomo Integration (WP-Piwik) <= 1.0.26 - Cross-Site Request Forgery Affected: [*, 1.0.27) Patched: 1.0.27 Updated: July 4, 2026
LOW

wp-multisite-content-copier

wp-multisite-content-copier

Score: N/A Multisite Content Copier/Updater <= 1.4.0 - Reflected Cross-Site Scripting Affected: *-1.4.0 Patched: 1.5.0 Updated: July 4, 2026
LOW

wordpress-multisite-user-sync

wordpress-multisite-user-sync

Score: N/A WordPress Multisite User Sync/Unsync (Premium) <= 2.1.1 Reflected Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 4, 2026
LOW

white-label-cms

white-label-cms

Score: N/A White Label MS <= 2.2.8 - Reflected Cross-Site Scripting Affected: [*, 2.2.9) Patched: 2.2.9 Updated: July 4, 2026
LOW

real-cookie-banner

real-cookie-banner

Score: N/A WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery Affected: [*, 2.14.2) Patched: 2.14.2 Updated: July 4, 2026
LOW

ip2location-country-blocker

ip2location-country-blocker

Score: 93/100 IP2Location Country Blocker < 2.26.9 - Authenticated Stored Cross-Site Scripting Affected: [*, 2.26.9) Patched: 2.26.9 Updated: July 4, 2026
LOW

catch-themes-demo-import

catch-themes-demo-import

Score: 93/100 Catch Themes Demo Import <= 2.1 - Authenticated (Admin+) Arbitrary File Upload Affected: [*, 2.1.1) Patched: 2.1.1 Updated: July 4, 2026
LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration <= 7.40 - Authenticated (Admin+) Arbitrary File Upload Affected: *-7.40 Patched: 7.41 Updated: July 4, 2026
LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads <= 5.8.17 - Admin+ SQL Injection Affected: *-5.8.17 Patched: 5.8.22 Updated: July 4, 2026
LOW

simple-job-board

simple-job-board

Score: N/A Simple Job Board <= 2.9.3 - Local File Inclusion Affected: *-2.9.3 Patched: 2.9.4 Updated: July 4, 2026
LOW

yet-another-stars-rating

yet-another-stars-rating

Score: N/A Yasr – Yet Another Stars Rating <= 2.9.9 - Cross-Site Scripting via source Affected: *-2.9.9 Patched: 3.0.0 Updated: July 4, 2026
LOW

easyjobs

easyjobs

Score: 93/100 EasyJobs <= 1.4.7 - Reflected Cross-Site Scripting Affected: [*, 1.4.8) Patched: 1.4.8 Updated: July 4, 2026
LOW

ad-inserter

ad-inserter

Score: 97/100 Ad Inserter < 2.7.11 - Authenticated (Admin+) Remote Code Execution Affected: [*, 2.7.11) Patched: 2.7.11 Updated: July 4, 2026
LOW

wp-time-slots-booking-form

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.1.62 - Stored Cross-Site Scripting Affected: *-1.1.62 Patched: 1.1.63 Updated: July 4, 2026
LOW

notificationx

notificationx

Score: 93/100 NotificationX <= 2.3.8 - Blind SQL Injection Affected: *-2.3.8 Patched: 2.3.9 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.2.34 - Sensitive Information Disclosure Affected: [*, 3.2.35) Patched: 3.2.35 Updated: July 4, 2026
LOW

custom-content-shortcode

custom-content-shortcode

Score: 89/100 Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: July 4, 2026
LOW

custom-content-shortcode

custom-content-shortcode

Score: 89/100 Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access Affected: *-3.8.8 Patched: 4.0.1 Updated: July 4, 2026
LOW

custom-content-shortcode

custom-content-shortcode

Score: 89/100 Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion Affected: *-4.0.1 Patched: 4.0.2 Updated: July 4, 2026
LOW

cp-blocks

cp-blocks

Score: 93/100 CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings Affected: [*, 1.0.15) Patched: 1.0.15 Updated: July 4, 2026
LOW

advanced-iframe

advanced-iframe

Score: 97/100 Advanced iFrame <= 2021.9 Reflected Cross-Site Scripting Affected: *-2021.9 Patched: 2022 Updated: July 4, 2026
LOW

woo-product-feed-pro

woo-product-feed-pro

Score: N/A Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting Affected: [*, 11.2.3) Patched: 11.2.3 Updated: July 4, 2026
LOW

page-views-count

page-views-count

Score: 91/100 Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection Affected: [*, 2.4.15) Patched: 2.4.15 Updated: July 4, 2026
LOW

nd-projects

nd-projects

Score: 87/100 Cost Calculator <= 1.5 - Contributor+ Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 4, 2026
LOW

nd-projects

nd-projects

Score: 87/100 Cost Calculator <= 1.8 - Authenticated Local File Inclusion Affected: *-1.8 Patched: Updated: July 4, 2026
LOW

masterstudy-lms-learning-management-system

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation Affected: *-2.7.5 Patched: 2.7.6 Updated: July 4, 2026
LOW

lead-form-builder

lead-form-builder

Score: 93/100 Contact Form & Lead Form Elementor Builder < 1.7.4 - Arbitrary Settings Change Affected: [*, 1.7.4) Patched: 1.7.4 Updated: July 4, 2026
LOW

enhanced-e-commerce-for-woocommerce-store

enhanced-e-commerce-for-woocommerce-store

Score: 93/100 Conversios.io - Google Analytics and Google Shopping plugin for WooCommerce <= 4.6.1 Authenticated SQL Injection Affected: [*, 4.6.2) Patched: 4.6.2 Updated: July 4, 2026
LOW

easy-pricing-tables

easy-pricing-tables

Score: 93/100 Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery Affected: *-3.1.2 Patched: 3.1.3 Updated: July 4, 2026

Showing 30201 to 30300 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 15:13 UTC.