Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

86

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
ws-form-pro ws-form-pro N/A WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting LOW [*, 1.8.176) 1.8.176 July 4, 2026
ws-form-pro ws-form-pro N/A WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting LOW [*, 1.8.176) 1.8.176 July 4, 2026
WS Form LITE – Drag & Drop Contact Form Builder ws-form N/A WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting LOW [*, 1.8.176) 1.8.176 July 4, 2026
WS Form LITE – Drag & Drop Contact Form Builder ws-form N/A WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting LOW [*, 1.8.176) 1.8.176 July 4, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting LOW [*, 0.9.69) 0.9.69 July 4, 2026
wp-user wp-user N/A WP User – Custom Registration Forms, Login and User Profile < 7.0 - Reflected Cross-Site Scripting LOW [*, 7.0) 7.0 July 4, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 5.4 - Missing Authorization to Stored Cross-Site Scripting LOW *-5.4 5.5 July 4, 2026
wp-facebook-reviews wp-facebook-reviews N/A WP Review Slider < 11.0 - SQL Injection LOW [*, 11.0) 11.0 July 4, 2026
wp-email-users wp-email-users N/A WP Email Users <= 1.7.6 - SQL Injection LOW *-1.7.6 July 4, 2026
use-any-font use-any-font N/A Use Any Font <= 6.2.0 - Unauthenticated Arbitrary CSS Appending LOW [*, 6.2.1) 6.2.1 July 4, 2026
ti-woocommerce-wishlist-premium ti-woocommerce-wishlist-premium N/A TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection LOW [*, 1.40.1) 1.40.1 July 4, 2026
ti-woocommerce-wishlist ti-woocommerce-wishlist N/A TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection LOW [*, 1.40.1) 1.40.1 July 4, 2026
post-snippets post-snippets N/A Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.1.3 3.1.4 July 4, 2026
logo-showcase-with-slick-slider logo-showcase-with-slick-slider
93
Logo Showcase with Slick Slider <= 2.0 - Cross-Site Request Forgery LOW [*, 2.0.1) 2.0.1 July 4, 2026
fotobook fotobook
91
Fotobook <= 3.2.3 - Reflected Cross-Site Scripting LOW *-3.2.3 July 4, 2026
crazy-bone crazy-bone
91
Crazy Bone <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting LOW *-0.6.0 July 4, 2026
bnfw bnfw
93
Better Notifications for WP <= 1.8.6 - Email Address Disclosure LOW [*, 1.8.7) 1.8.7 July 4, 2026
blackhole-bad-bots blackhole-bad-bots
93
Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing LOW [*, 3.3.2) 3.3.2 July 4, 2026
asgaros-forum asgaros-forum
97
Asgaros Forum < 2.0.0 - SQL Injection LOW [*, 2.0.0) 2.0.0 July 4, 2026
perfect-woocommerce-brands perfect-woocommerce-brands
93
Perfect Brands for WooCommerce <= 2.0.4 - Server Information Disclosure LOW *-2.0.4 2.0.5 July 4, 2026
perfect-woocommerce-brands perfect-woocommerce-brands
93
Perfect Brands for WooCommerce <= 2.0.4 - Unauthorized Brand Creation LOW *-2.0.4 2.0.5 July 4, 2026
pricetable pricetable N/A Price Table <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2.2 July 4, 2026
whmcs-bridge whmcs-bridge N/A WHMCS Bridge <= 6.3 - Reflected Cross-Site Scripting LOW *-6.3 6.4b July 4, 2026
gmap-embed gmap-embed
93
WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery LOW *-1.8.3 1.8.4 July 4, 2026
autoresponder-gwa autoresponder-gwa
91
[GWA] AutoResponder <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.7.4 4.0 July 4, 2026
autoresponder-gwa autoresponder-gwa
91
[GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection LOW *-2.3 July 4, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A WP Ultimate CSV Importer <= 6.4.2 - Admin+ Stored Cross-Site Scripting LOW [*, 6.4.3) 6.4.3 July 4, 2026
wp-rss-aggregator wp-rss-aggregator N/A WP RSS Aggregator <= 4.19.3 - Reflected Cross-Site Scripting LOW *-4.19.3 4.20 July 4, 2026
wp-responsive-menu wp-responsive-menu N/A WP Responsive Menu <= 3.1.7 - Missing Authorization to Settings Update & Stored Cross-Site Scripting LOW *-3.1.7 3.1.7.1 July 4, 2026
wordpress-gdpr wordpress-gdpr N/A WordPress GDPR & CCPA <= 1.9.26 Reflected Cross-Site Scripting LOW [*, 1.9.27) 1.9.27 July 4, 2026
wordpress-gdpr wordpress-gdpr N/A WordPress GDPR & CCPA < 1.9.26 - Reflected Cross-Site Scripting LOW *-1.9.26 1.9.27 July 4, 2026
official-statcounter-plugin-for-wordpress official-statcounter-plugin-for-wordpress
93
StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting LOW [*, 2.0.7) 2.0.7 July 4, 2026
learnpress learnpress
93
LearnPress <= 4.1.4.1 - Arbitrary Image Renaming LOW *-4.1.4.1 4.1.5 July 4, 2026
embed-swagger embed-swagger
91
Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 4, 2026
add-subtitle add-subtitle
95
Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 4, 2026
simple-membership simple-membership N/A Simple Membership <= 4.0.8 - Cross-Site Request Forgery to Arbitrary Member Deletion LOW [*, 4.0.9) 4.0.9 July 4, 2026
ap-custom-testimonial ap-custom-testimonial
97
Testimonial WordPress Plugin < 1.4.7 - Reflected Cross-Site Scripting LOW [*, 1.4.7) 1.4.7 July 4, 2026
ap-custom-testimonial ap-custom-testimonial
97
AP Custom Testimonial <= 1.4.7 - SQL Injection LOW *-1.4.7 1.4.8 July 4, 2026
adsanity adsanity
97
AdSanity < 1.8.2 - Authenticated Arbitrary File Upload LOW [*, 1.8.2) 1.8.2 July 4, 2026
access-demo-importer access-demo-importer
97
Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery to Data Reset LOW *-1.0.7 1.0.8 July 4, 2026
WP Fastest Cache – WordPress Cache Plugin wp-fastest-cache
78
WP Fastest Cache <= 0.8.9.0 - Directory Traversal to Arbitrary File Deletion LOW *-0.8.9.0 0.8.9.1 July 4, 2026
wp-debugging wp-debugging N/A WP Debugging <= 2.11.7 - Cross-Site Request Forgery LOW *-2.11.7 2.11.8 July 4, 2026
wp-db-backup wp-db-backup N/A Database Backup for WordPress <= 2.5 - Admin+ SQL Injection LOW [*, 2.5.1) 2.5.1 July 4, 2026
popup-builder popup-builder N/A Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters LOW [*, 4.0.7) 4.0.7 July 4, 2026
popup-builder popup-builder N/A Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization LOW [*, 4.0.7) 4.0.7 July 4, 2026
lean-wp lean-wp
91
Lean WP <= 1.4.0 - Cross-Site Request Forgery LOW *-1.4.0 July 4, 2026
gotmls gotmls
93
Anti-Malware Security and Brute-Force Firewall <= 4.20.93 - Reflected Cross-Site Scripting LOW [*, 4.20.94) 4.20.94 July 4, 2026
float-menu float-menu
93
Float Menu <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery LOW *-4.3 4.3.1 July 4, 2026
duplicate-page-or-post duplicate-page-or-post
93
Duplicate Page or Post <= 1.5.0 - Missing Authorization to Stored Cross-Site Scripting LOW *-1.5.0 1.5.1 July 4, 2026
coming-soon-page coming-soon-page
93
Coming soon and Maintenance mode <= 3.6.6 - Missing Authorization to Arbitrary Email Send LOW *-3.6.6 3.6.7 July 4, 2026
classic-editor-addon classic-editor-addon
93
Classic Editor Addon < 2.6.4 - Cross-Site Request Forgery LOW *-2.6.3 2.6.4 July 4, 2026
catch-web-tools catch-web-tools
93
Catch Web Tools <= 2.7.0 - Missing Authorization LOW *-2.7.0 2.7.1 July 4, 2026
advanced-database-cleaner advanced-database-cleaner
97
Advanced Database Cleaner <= 3.0.3 - Reflected Cross-Site Scripting LOW [*, 3.0.4) 3.0.4 July 4, 2026
ad-inserter ad-inserter
97
Ad Inserter <= 2.7.9 - Reflected Cross-Site Scripting LOW [*, 2.7.10) 2.7.10 July 4, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
RegistrationMagic <= 5.0.1.5 - SQL Injection LOW *-5.0.1.5 5.0.1.6 July 4, 2026
coming-soon-page coming-soon-page
93
Coming soon and Maintenance mode <= 3.6.7 - Cross-Site request Forgery to Arbitrary Email Send LOW [*, 3.6.8) 3.6.8 July 4, 2026
super-forms super-forms N/A Super Forms - Drag & Drop Form Builder WordPress <= 6.0.3 - Reflected Cross-Site Scripting LOW *-6.0.3 6.0.4 July 4, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
85
Essential Addons for Elementor <= 5.0.4 - Local File Inclusion LOW 1.0.0-5.0.4 5.0.5 July 4, 2026
Download Manager download-manager
63
WordPress Download Manager <= 3.2.33 - Authenticated SQL Injection LOW [*, 3.2.34) 3.2.34 July 4, 2026
wp-simple-firewall wp-simple-firewall N/A Shield Security <= 13.0.5 - Admin+ Stored Cross-Site Scripting LOW *-13.0.5 13.0.6 July 4, 2026
wp-html-mail wp-html-mail N/A WP HTML Mail <= 3.0.9 - Missing Authorization on Rest Route LOW *-3.0.9 3.1 July 4, 2026
woocommerce-currency-switcher woocommerce-currency-switcher N/A WOOCS <= 1.3.7.4 - Reflected Cross-Site Scripting via AJAX action LOW *-1.3.7.4 1.3.7.5 July 4, 2026
supportboard supportboard N/A Support Board <= 3.4.1 - Authenticated SQL Injection LOW [*, 3.4.2) 3.4.2 July 4, 2026
anycomment anycomment
93
AnyComment <= 0.2.17 - Race Condition LOW [*, 0.2.18) 0.2.18 July 4, 2026
anycomment anycomment
93
AnyComment <= 0.2.17 - Cross-Site Request Forgery LOW [*, 0.2.18) 0.2.18 July 4, 2026
translation-exchange translation-exchange N/A Translation Exchange <= 1.0.14 - Stored Cross-Site Scripting LOW *-1.0.14 July 4, 2026
the-buffer-button the-buffer-button N/A The Buffer Button <= 1.0 - Cross-Site Scripting LOW *-1.0 July 4, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile LOW *-4.7.4 4.7.7 July 4, 2026
give give
93
GiveWP <= 2.17.2 - Reflected Cross-Site Scripting via Import Tool LOW [*, 2.17.3) 2.17.3 July 4, 2026
give give
93
GiveWP <= 2.17.2 - Reflected Cross-Site Scripting LOW [*, 2.17.3) 2.17.3 July 4, 2026
give give
93
GiveWP <= 2.17.2 - Reflected Cross-Site Scripting LOW [*, 2.17.3) 2.17.3 July 4, 2026
final-tiles-grid-gallery-lite final-tiles-grid-gallery-lite
93
Image Photo Gallery Final Tiles Grid <= 3.5.2 - Contributor+ Stored Cross-Site Scripting LOW *-3.5.2 3.5.3 July 4, 2026
feedwordpress feedwordpress
93
FeedWordPress <= 2021.0713 - Reflected Cross-Site Scripting LOW *-2021.0713 2022.0123 July 4, 2026
custom-landing-pages-leadmagic custom-landing-pages-leadmagic
91
User Registration, Login & Landing Pages <= 1.2.7 - Admin+ Stored Cross-Site Scripting LOW *-1.2.7 July 4, 2026
business-profile business-profile
93
Five Star Business Profile and Schema <= 2.1.6 - Subscriber+ Page Creation & Settings Update to Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 4, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages <= 1.9.9.148 - Cross-Site Request Forgery LOW *-1.9.9.148 1.9.9.149 July 4, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages <= 1.9.9.148 - Cross-Site Request Forgery LOW *-1.9.9.148 1.9.9.149 July 4, 2026
accesspress-social-icons accesspress-social-icons
97
AccessPress Social Icons 1.8.2 - Backdoor LOW 1.8.2 1.8.3 July 4, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A Import all XML, CSV & TXT into WordPress < 6.4.2 - Missing Authorization LOW *-6.4.1 6.4.2 July 4, 2026
wp-appbox wp-appbox N/A WP-Appbox <= 4.3.17 - Local File Inclusion LOW *-4.3.17 4.3.18 July 4, 2026
woocommerce-product-addon woocommerce-product-addon N/A PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting LOW *-23.9 24.0 July 4, 2026
permalink-manager permalink-manager
93
Permalink Manager Lite <= 2.2.14 Reflected Cross-Site Scripting LOW [*, 2.2.15) 2.2.15 July 4, 2026
newsletter-optin-box newsletter-optin-box
93
WordPress Newsletter Plugin – Noptin < 1.6.5 - Open Redirect LOW [*, 1.6.5) 1.6.5 July 4, 2026
mappress-google-maps-for-wordpress mappress-google-maps-for-wordpress
93
MapPress Maps <= 2.73.3 - Reflected Cross-Site Scripting LOW [*, 2.73.4) 2.73.4 July 4, 2026
magee-shortcodes magee-shortcodes
91
Magee Shortcodes < 2.0.9 - Cross-Site Scripting LOW *-2.0.8 2.0.9 July 4, 2026
m-wp-popup m-wp-popup
91
Popup | Custom Popup Builder <= 1.3 - Denial of Service LOW [*, 1.3.1) 1.3.1 July 4, 2026
Complianz | GDPR/CCPA Cookie Consent complianz-gdpr
93
Complianz - GDPR/CCPA Cookie Consent <= 5.5.2 - Reflected Cross-Site Scripting via s parameter LOW [*, 6.0.0) 6.0.0 July 4, 2026
cmp-coming-soon-maintenance cmp-coming-soon-maintenance
93
CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update LOW [*, 4.0.19) 4.0.19 July 4, 2026
cf7-store-to-db-lite cf7-store-to-db-lite
93
Form Store to DB <= 1.1.0 - Stored Cross-Site Scripting LOW *-1.1.0 1.1.1 July 4, 2026
wp-import-export-lite wp-import-export-lite N/A WP Import Export Lite & WP Import Export <= 3.9.15 - Unauthenticated Sensitive Data Disclosure LOW *-3.9.15 3.9.16 July 4, 2026
whmcs-bridge whmcs-bridge N/A WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting LOW *-6.1 6.3 July 4, 2026
themify-portfolio-post themify-portfolio-post N/A Themify Portfolio Post <= 1.1.6 - Reflected Cross-Site Scripting LOW *-1.1.6 1.1.7 July 4, 2026
random-banner random-banner N/A Random Banner <= 4.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.1.4 4.1.5 July 4, 2026
futurio-extra futurio-extra
93
Futurio Extra <= 1.6.2 - Sensitive Information Disclosure LOW [*, 1.6.3) 1.6.3 July 4, 2026
ad-invalid-click-protector ad-invalid-click-protector
97
Ad Invalid Click Protector <= 1.2.5 - SQL Injection LOW [*, 1.2.6) 1.2.6 July 4, 2026
php-everywhere php-everywhere
93
PHP Everywhere <= 2.0.2 - Cross-Site Request Forgery LOW *-2.0.2 2.0.3 July 4, 2026
waitlist-woocommerce waitlist-woocommerce N/A Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-2.5.1 2.5.2 July 4, 2026
spider-event-calendar spider-event-calendar N/A SpiderCalendar <= 1.6.64 - Reflected Cross-Site Scripting LOW *-1.5.65 1.6.65 July 4, 2026
side-cart-woocommerce side-cart-woocommerce N/A Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-2.0 2.1 July 4, 2026
rsvp rsvp N/A RSVP and Event Management <= 2.7.4 - Cross-Site Scripting LOW [*, 2.7.5) 2.7.5 July 4, 2026
LOW

ws-form-pro

ws-form-pro

Score: N/A WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting Affected: [*, 1.8.176) Patched: 1.8.176 Updated: July 4, 2026
LOW

ws-form-pro

ws-form-pro

Score: N/A WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting Affected: [*, 1.8.176) Patched: 1.8.176 Updated: July 4, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 0.9.69) Patched: 0.9.69 Updated: July 4, 2026
LOW

wp-user

wp-user

Score: N/A WP User – Custom Registration Forms, Login and User Profile < 7.0 - Reflected Cross-Site Scripting Affected: [*, 7.0) Patched: 7.0 Updated: July 4, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 5.4 - Missing Authorization to Stored Cross-Site Scripting Affected: *-5.4 Patched: 5.5 Updated: July 4, 2026
LOW

wp-facebook-reviews

wp-facebook-reviews

Score: N/A WP Review Slider < 11.0 - SQL Injection Affected: [*, 11.0) Patched: 11.0 Updated: July 4, 2026
LOW

wp-email-users

wp-email-users

Score: N/A WP Email Users <= 1.7.6 - SQL Injection Affected: *-1.7.6 Patched: Updated: July 4, 2026
LOW

use-any-font

use-any-font

Score: N/A Use Any Font <= 6.2.0 - Unauthenticated Arbitrary CSS Appending Affected: [*, 6.2.1) Patched: 6.2.1 Updated: July 4, 2026
LOW

ti-woocommerce-wishlist-premium

ti-woocommerce-wishlist-premium

Score: N/A TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection Affected: [*, 1.40.1) Patched: 1.40.1 Updated: July 4, 2026
LOW

ti-woocommerce-wishlist

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection Affected: [*, 1.40.1) Patched: 1.40.1 Updated: July 4, 2026
LOW

post-snippets

post-snippets

Score: N/A Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: July 4, 2026
LOW

logo-showcase-with-slick-slider

logo-showcase-with-slick-slider

Score: 93/100 Logo Showcase with Slick Slider <= 2.0 - Cross-Site Request Forgery Affected: [*, 2.0.1) Patched: 2.0.1 Updated: July 4, 2026
LOW

fotobook

fotobook

Score: 91/100 Fotobook <= 3.2.3 - Reflected Cross-Site Scripting Affected: *-3.2.3 Patched: Updated: July 4, 2026
LOW

crazy-bone

crazy-bone

Score: 91/100 Crazy Bone <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.6.0 Patched: Updated: July 4, 2026
LOW

bnfw

bnfw

Score: 93/100 Better Notifications for WP <= 1.8.6 - Email Address Disclosure Affected: [*, 1.8.7) Patched: 1.8.7 Updated: July 4, 2026
LOW

blackhole-bad-bots

blackhole-bad-bots

Score: 93/100 Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing Affected: [*, 3.3.2) Patched: 3.3.2 Updated: July 4, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum < 2.0.0 - SQL Injection Affected: [*, 2.0.0) Patched: 2.0.0 Updated: July 4, 2026
LOW

perfect-woocommerce-brands

perfect-woocommerce-brands

Score: 93/100 Perfect Brands for WooCommerce <= 2.0.4 - Server Information Disclosure Affected: *-2.0.4 Patched: 2.0.5 Updated: July 4, 2026
LOW

perfect-woocommerce-brands

perfect-woocommerce-brands

Score: 93/100 Perfect Brands for WooCommerce <= 2.0.4 - Unauthorized Brand Creation Affected: *-2.0.4 Patched: 2.0.5 Updated: July 4, 2026
LOW

pricetable

pricetable

Score: N/A Price Table <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.2 Patched: Updated: July 4, 2026
LOW

whmcs-bridge

whmcs-bridge

Score: N/A WHMCS Bridge <= 6.3 - Reflected Cross-Site Scripting Affected: *-6.3 Patched: 6.4b Updated: July 4, 2026
LOW

gmap-embed

gmap-embed

Score: 93/100 WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery Affected: *-1.8.3 Patched: 1.8.4 Updated: July 4, 2026
LOW

autoresponder-gwa

autoresponder-gwa

Score: 91/100 [GWA] AutoResponder <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.7.4 Patched: 4.0 Updated: July 4, 2026
LOW

autoresponder-gwa

autoresponder-gwa

Score: 91/100 [GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection Affected: *-2.3 Patched: Updated: July 4, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A WP Ultimate CSV Importer <= 6.4.2 - Admin+ Stored Cross-Site Scripting Affected: [*, 6.4.3) Patched: 6.4.3 Updated: July 4, 2026
LOW

wp-rss-aggregator

wp-rss-aggregator

Score: N/A WP RSS Aggregator <= 4.19.3 - Reflected Cross-Site Scripting Affected: *-4.19.3 Patched: 4.20 Updated: July 4, 2026
LOW

wp-responsive-menu

wp-responsive-menu

Score: N/A WP Responsive Menu <= 3.1.7 - Missing Authorization to Settings Update & Stored Cross-Site Scripting Affected: *-3.1.7 Patched: 3.1.7.1 Updated: July 4, 2026
LOW

wordpress-gdpr

wordpress-gdpr

Score: N/A WordPress GDPR & CCPA <= 1.9.26 Reflected Cross-Site Scripting Affected: [*, 1.9.27) Patched: 1.9.27 Updated: July 4, 2026
LOW

wordpress-gdpr

wordpress-gdpr

Score: N/A WordPress GDPR & CCPA < 1.9.26 - Reflected Cross-Site Scripting Affected: *-1.9.26 Patched: 1.9.27 Updated: July 4, 2026
LOW

official-statcounter-plugin-for-wordpress

official-statcounter-plugin-for-wordpress

Score: 93/100 StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting Affected: [*, 2.0.7) Patched: 2.0.7 Updated: July 4, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.1.4.1 - Arbitrary Image Renaming Affected: *-4.1.4.1 Patched: 4.1.5 Updated: July 4, 2026
LOW

embed-swagger

embed-swagger

Score: 91/100 Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

add-subtitle

add-subtitle

Score: 95/100 Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

simple-membership

simple-membership

Score: N/A Simple Membership <= 4.0.8 - Cross-Site Request Forgery to Arbitrary Member Deletion Affected: [*, 4.0.9) Patched: 4.0.9 Updated: July 4, 2026
LOW

ap-custom-testimonial

ap-custom-testimonial

Score: 97/100 Testimonial WordPress Plugin < 1.4.7 - Reflected Cross-Site Scripting Affected: [*, 1.4.7) Patched: 1.4.7 Updated: July 4, 2026
LOW

ap-custom-testimonial

ap-custom-testimonial

Score: 97/100 AP Custom Testimonial <= 1.4.7 - SQL Injection Affected: *-1.4.7 Patched: 1.4.8 Updated: July 4, 2026
LOW

adsanity

adsanity

Score: 97/100 AdSanity < 1.8.2 - Authenticated Arbitrary File Upload Affected: [*, 1.8.2) Patched: 1.8.2 Updated: July 4, 2026
LOW

access-demo-importer

access-demo-importer

Score: 97/100 Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery to Data Reset Affected: *-1.0.7 Patched: 1.0.8 Updated: July 4, 2026
LOW

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

Score: 78/100 WP Fastest Cache <= 0.8.9.0 - Directory Traversal to Arbitrary File Deletion Affected: *-0.8.9.0 Patched: 0.8.9.1 Updated: July 4, 2026
LOW

wp-debugging

wp-debugging

Score: N/A WP Debugging <= 2.11.7 - Cross-Site Request Forgery Affected: *-2.11.7 Patched: 2.11.8 Updated: July 4, 2026
LOW

wp-db-backup

wp-db-backup

Score: N/A Database Backup for WordPress <= 2.5 - Admin+ SQL Injection Affected: [*, 2.5.1) Patched: 2.5.1 Updated: July 4, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters Affected: [*, 4.0.7) Patched: 4.0.7 Updated: July 4, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization Affected: [*, 4.0.7) Patched: 4.0.7 Updated: July 4, 2026
LOW

lean-wp

lean-wp

Score: 91/100 Lean WP <= 1.4.0 - Cross-Site Request Forgery Affected: *-1.4.0 Patched: Updated: July 4, 2026
LOW

gotmls

gotmls

Score: 93/100 Anti-Malware Security and Brute-Force Firewall <= 4.20.93 - Reflected Cross-Site Scripting Affected: [*, 4.20.94) Patched: 4.20.94 Updated: July 4, 2026
LOW

float-menu

float-menu

Score: 93/100 Float Menu <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery Affected: *-4.3 Patched: 4.3.1 Updated: July 4, 2026
LOW

duplicate-page-or-post

duplicate-page-or-post

Score: 93/100 Duplicate Page or Post <= 1.5.0 - Missing Authorization to Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: July 4, 2026
LOW

coming-soon-page

coming-soon-page

Score: 93/100 Coming soon and Maintenance mode <= 3.6.6 - Missing Authorization to Arbitrary Email Send Affected: *-3.6.6 Patched: 3.6.7 Updated: July 4, 2026
LOW

classic-editor-addon

classic-editor-addon

Score: 93/100 Classic Editor Addon < 2.6.4 - Cross-Site Request Forgery Affected: *-2.6.3 Patched: 2.6.4 Updated: July 4, 2026
LOW

catch-web-tools

catch-web-tools

Score: 93/100 Catch Web Tools <= 2.7.0 - Missing Authorization Affected: *-2.7.0 Patched: 2.7.1 Updated: July 4, 2026
LOW

advanced-database-cleaner

advanced-database-cleaner

Score: 97/100 Advanced Database Cleaner <= 3.0.3 - Reflected Cross-Site Scripting Affected: [*, 3.0.4) Patched: 3.0.4 Updated: July 4, 2026
LOW

ad-inserter

ad-inserter

Score: 97/100 Ad Inserter <= 2.7.9 - Reflected Cross-Site Scripting Affected: [*, 2.7.10) Patched: 2.7.10 Updated: July 4, 2026
LOW

coming-soon-page

coming-soon-page

Score: 93/100 Coming soon and Maintenance mode <= 3.6.7 - Cross-Site request Forgery to Arbitrary Email Send Affected: [*, 3.6.8) Patched: 3.6.8 Updated: July 4, 2026
LOW

super-forms

super-forms

Score: N/A Super Forms - Drag & Drop Form Builder WordPress <= 6.0.3 - Reflected Cross-Site Scripting Affected: *-6.0.3 Patched: 6.0.4 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 WordPress Download Manager <= 3.2.33 - Authenticated SQL Injection Affected: [*, 3.2.34) Patched: 3.2.34 Updated: July 4, 2026
LOW

wp-simple-firewall

wp-simple-firewall

Score: N/A Shield Security <= 13.0.5 - Admin+ Stored Cross-Site Scripting Affected: *-13.0.5 Patched: 13.0.6 Updated: July 4, 2026
LOW

wp-html-mail

wp-html-mail

Score: N/A WP HTML Mail <= 3.0.9 - Missing Authorization on Rest Route Affected: *-3.0.9 Patched: 3.1 Updated: July 4, 2026
LOW

woocommerce-currency-switcher

woocommerce-currency-switcher

Score: N/A WOOCS <= 1.3.7.4 - Reflected Cross-Site Scripting via AJAX action Affected: *-1.3.7.4 Patched: 1.3.7.5 Updated: July 4, 2026
LOW

supportboard

supportboard

Score: N/A Support Board <= 3.4.1 - Authenticated SQL Injection Affected: [*, 3.4.2) Patched: 3.4.2 Updated: July 4, 2026
LOW

anycomment

anycomment

Score: 93/100 AnyComment <= 0.2.17 - Race Condition Affected: [*, 0.2.18) Patched: 0.2.18 Updated: July 4, 2026
LOW

anycomment

anycomment

Score: 93/100 AnyComment <= 0.2.17 - Cross-Site Request Forgery Affected: [*, 0.2.18) Patched: 0.2.18 Updated: July 4, 2026
LOW

translation-exchange

translation-exchange

Score: N/A Translation Exchange <= 1.0.14 - Stored Cross-Site Scripting Affected: *-1.0.14 Patched: Updated: July 4, 2026
LOW

the-buffer-button

the-buffer-button

Score: N/A The Buffer Button <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile Affected: *-4.7.4 Patched: 4.7.7 Updated: July 4, 2026
LOW

give

give

Score: 93/100 GiveWP <= 2.17.2 - Reflected Cross-Site Scripting via Import Tool Affected: [*, 2.17.3) Patched: 2.17.3 Updated: July 4, 2026
LOW

give

give

Score: 93/100 GiveWP <= 2.17.2 - Reflected Cross-Site Scripting Affected: [*, 2.17.3) Patched: 2.17.3 Updated: July 4, 2026
LOW

give

give

Score: 93/100 GiveWP <= 2.17.2 - Reflected Cross-Site Scripting Affected: [*, 2.17.3) Patched: 2.17.3 Updated: July 4, 2026
LOW

final-tiles-grid-gallery-lite

final-tiles-grid-gallery-lite

Score: 93/100 Image Photo Gallery Final Tiles Grid <= 3.5.2 - Contributor+ Stored Cross-Site Scripting Affected: *-3.5.2 Patched: 3.5.3 Updated: July 4, 2026
LOW

feedwordpress

feedwordpress

Score: 93/100 FeedWordPress <= 2021.0713 - Reflected Cross-Site Scripting Affected: *-2021.0713 Patched: 2022.0123 Updated: July 4, 2026
LOW

custom-landing-pages-leadmagic

custom-landing-pages-leadmagic

Score: 91/100 User Registration, Login & Landing Pages <= 1.2.7 - Admin+ Stored Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 4, 2026
LOW

business-profile

business-profile

Score: 93/100 Five Star Business Profile and Schema <= 2.1.6 - Subscriber+ Page Creation & Settings Update to Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 4, 2026
LOW

accesspress-social-icons

accesspress-social-icons

Score: 97/100 AccessPress Social Icons 1.8.2 - Backdoor Affected: 1.8.2 Patched: 1.8.3 Updated: July 4, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A Import all XML, CSV & TXT into WordPress < 6.4.2 - Missing Authorization Affected: *-6.4.1 Patched: 6.4.2 Updated: July 4, 2026
LOW

wp-appbox

wp-appbox

Score: N/A WP-Appbox <= 4.3.17 - Local File Inclusion Affected: *-4.3.17 Patched: 4.3.18 Updated: July 4, 2026
LOW

woocommerce-product-addon

woocommerce-product-addon

Score: N/A PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting Affected: *-23.9 Patched: 24.0 Updated: July 4, 2026
LOW

permalink-manager

permalink-manager

Score: 93/100 Permalink Manager Lite <= 2.2.14 Reflected Cross-Site Scripting Affected: [*, 2.2.15) Patched: 2.2.15 Updated: July 4, 2026
LOW

newsletter-optin-box

newsletter-optin-box

Score: 93/100 WordPress Newsletter Plugin – Noptin < 1.6.5 - Open Redirect Affected: [*, 1.6.5) Patched: 1.6.5 Updated: July 4, 2026
LOW

mappress-google-maps-for-wordpress

mappress-google-maps-for-wordpress

Score: 93/100 MapPress Maps <= 2.73.3 - Reflected Cross-Site Scripting Affected: [*, 2.73.4) Patched: 2.73.4 Updated: July 4, 2026
LOW

magee-shortcodes

magee-shortcodes

Score: 91/100 Magee Shortcodes < 2.0.9 - Cross-Site Scripting Affected: *-2.0.8 Patched: 2.0.9 Updated: July 4, 2026
LOW

m-wp-popup

m-wp-popup

Score: 91/100 Popup | Custom Popup Builder <= 1.3 - Denial of Service Affected: [*, 1.3.1) Patched: 1.3.1 Updated: July 4, 2026
LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz - GDPR/CCPA Cookie Consent <= 5.5.2 - Reflected Cross-Site Scripting via s parameter Affected: [*, 6.0.0) Patched: 6.0.0 Updated: July 4, 2026
LOW

cmp-coming-soon-maintenance

cmp-coming-soon-maintenance

Score: 93/100 CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update Affected: [*, 4.0.19) Patched: 4.0.19 Updated: July 4, 2026
LOW

cf7-store-to-db-lite

cf7-store-to-db-lite

Score: 93/100 Form Store to DB <= 1.1.0 - Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: July 4, 2026
LOW

wp-import-export-lite

wp-import-export-lite

Score: N/A WP Import Export Lite & WP Import Export <= 3.9.15 - Unauthenticated Sensitive Data Disclosure Affected: *-3.9.15 Patched: 3.9.16 Updated: July 4, 2026
LOW

whmcs-bridge

whmcs-bridge

Score: N/A WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting Affected: *-6.1 Patched: 6.3 Updated: July 4, 2026
LOW

themify-portfolio-post

themify-portfolio-post

Score: N/A Themify Portfolio Post <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: July 4, 2026
LOW

random-banner

random-banner

Score: N/A Random Banner <= 4.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.1.4 Patched: 4.1.5 Updated: July 4, 2026
LOW

futurio-extra

futurio-extra

Score: 93/100 Futurio Extra <= 1.6.2 - Sensitive Information Disclosure Affected: [*, 1.6.3) Patched: 1.6.3 Updated: July 4, 2026
LOW

ad-invalid-click-protector

ad-invalid-click-protector

Score: 97/100 Ad Invalid Click Protector <= 1.2.5 - SQL Injection Affected: [*, 1.2.6) Patched: 1.2.6 Updated: July 4, 2026
LOW

php-everywhere

php-everywhere

Score: 93/100 PHP Everywhere <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: 2.0.3 Updated: July 4, 2026
LOW

waitlist-woocommerce

waitlist-woocommerce

Score: N/A Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-2.5.1 Patched: 2.5.2 Updated: July 4, 2026
LOW

spider-event-calendar

spider-event-calendar

Score: N/A SpiderCalendar <= 1.6.64 - Reflected Cross-Site Scripting Affected: *-1.5.65 Patched: 1.6.65 Updated: July 4, 2026
LOW

side-cart-woocommerce

side-cart-woocommerce

Score: N/A Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-2.0 Patched: 2.1 Updated: July 4, 2026
LOW

rsvp

rsvp

Score: N/A RSVP and Event Management <= 2.7.4 - Cross-Site Scripting Affected: [*, 2.7.5) Patched: 2.7.5 Updated: July 4, 2026

Showing 30301 to 30400 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 16:10 UTC.