Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

76

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
newstatpress newstatpress
93
NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting LOW [*, 1.3.6) 1.3.6 July 4, 2026
easy-login-woocommerce easy-login-woocommerce
93
Login/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-2.2 2.3 July 4, 2026
capability-manager-enhanced capability-manager-enhanced
93
PublishPress Capabilities <= 2.3.2 - Reflected Cross-Site Scripting LOW *-2.3.2 2.3.3 July 4, 2026
wp-downloadmanager wp-downloadmanager N/A WP-DownloadManager plugin <= 1.68.6 - Stored Cross-Site Scripting LOW [*, 1.68.7) 1.68.7 July 4, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 - Missing Authorization Checks LOW [*, 6.4.1) 6.4.1 July 4, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A WP Ultimate CSV Importer <= 6.4.0 - Arbitrary File Upload LOW *-6.4.0 6.4.1 July 4, 2026
remove-footer-credit remove-footer-credit N/A Remove Footer Credit <= 1.0.10 - Admin+ Stored Cross-Site Scripting LOW *-1.0.10 1.0.11 July 4, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting LOW *-7.3.6 7.3.7 July 4, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery LOW *-7.3.5 7.3.7 July 4, 2026
quiz-master-next quiz-master-next N/A Quiz And Survey Master <= 7.3.6 - Reflected Cross-Site Scripting LOW *-7.3.6 7.3.7 July 4, 2026
powerpack-addon-for-beaver-builder powerpack-addon-for-beaver-builder N/A PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting LOW *-1.2.9.2 1.2.9.3 July 4, 2026
Brevo – Email, SMS, Web Push, Chat, and more. mailin
76
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.30 - Reflected Cross-Site Scripting via lang & pid Parameters LOW [*, 3.1.31) 3.1.31 July 4, 2026
ibtana-visual-editor ibtana-visual-editor
91
Ibtana – WordPress Website Builder <= 1.1.4.7 - Missing Authorization to Stored Cross-Site Scripting LOW [*, 1.1.4.9) 1.1.4.9 July 4, 2026
facebook-wall-and-social-integration facebook-wall-and-social-integration
93
Mitsol Social Post Feed <= 1.10 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.10 1.11 July 4, 2026
powerkit powerkit N/A Powerkit < 2.5.9 - Cross-Site Request Forgery LOW [*, 2.5.9) 2.5.9 July 4, 2026
mortgage-calculators-wp mortgage-calculators-wp
93
Mortgage Calculators WP < 1.53 - Authenticated Stored Cross-Site Scripting LOW [*, 1.53) 1.53 July 4, 2026
adaptive-images adaptive-images
97
Adaptive Images <= 0.6.68 - Reflected Cross-Site Scripting LOW *-0.6.68 0.6.69 July 4, 2026
access-demo-importer access-demo-importer
97
AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery LOW *-1.0.6 1.0.7 July 4, 2026
access-demo-importer access-demo-importer
97
AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation LOW *-1.0.6 1.0.7 July 4, 2026
wp-downloadmanager wp-downloadmanager N/A WP-DownloadManager <= 1.68.6 - Stored Cross-Site Scripting LOW [*, 1.68.7) 1.68.7 July 4, 2026
woocommerce-store-toolkit woocommerce-store-toolkit N/A Store Toolkit for WooCommerce <= 2.3.1 - Reflected Cross-Site Scripting LOW [*, 2.3.2) 2.3.2 July 4, 2026
woocommerce-exporter woocommerce-exporter N/A WooCommerce – Store Exporter <= 2.7 - Reflected Cross-Site Scripting LOW *-2.7 2.7.1 July 4, 2026
seur seur N/A SEUR Oficial < 1.7.2 - Authenticated Arbitrary File Download LOW [*, 1.7.2) 1.7.2 July 4, 2026
All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements mystickyelements
85
All-in-one Floating Contact Form <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 2.0.4 July 4, 2026
maps-block-apple maps-block-apple
93
markdown-it < 1.3.2 - Uncontrolled Resource Consumption LOW 1.0.3 1.1.0 July 4, 2026
Translate WordPress with GTranslate gtranslate
90
Translate WordPress with GTranslate <= 2.9.6 - Reflected Cross-Site Scripting LOW [*, 2.9.7) 2.9.7 July 4, 2026
cluevo-lms cluevo-lms
93
CLUEVO E-Learning Platform <= 1.8.0 - Authenticated Cross-Site Scripting LOW [*, 1.8.1) 1.8.1 July 4, 2026
add-search-to-menu add-search-to-menu
97
Ivory Search <= 5.4 - Multiple Admin+ Stored Cross-Site Scripting LOW *-5.4 5.4.1 July 4, 2026
paid-memberships-pro paid-memberships-pro
93
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection LOW [*, 2.6.7) 2.6.7 July 4, 2026
ultimate-reviews ultimate-reviews N/A Ultimate Reviews <= 3.0.15 - Authenticated Stored Cross-Site Scripting LOW *-3.0.15 3.0.16 July 4, 2026
ultimate-product-catalogue ultimate-product-catalogue N/A Ultimate Product Catalog – WordPress Catalog Plugin <= 5.0.25 - Cross-Site Request Forgery LOW [*, 5.0.26) 5.0.26 July 4, 2026
responsive-vector-maps responsive-vector-maps N/A RVM - Responsive Vector Maps <= 6.4.1 - Subscriber+ Arbitrary File Read LOW *-6.4.1 6.4.2 July 4, 2026
ip2location-country-blocker ip2location-country-blocker
93
IP2Location Country Blocker <= 2.26.4 - Ban Bypass LOW *-2.26.4 2.26.5 July 4, 2026
ip2location-country-blocker ip2location-country-blocker
93
IP2Location Country Blocker <= 2.26.4 - Subscriber+ Arbitrary Country Ban LOW *-2.26.4 2.26.5 July 4, 2026
ip2location-country-blocker ip2location-country-blocker
93
IP2Location Country Blocker <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery LOW *-2.26.5 2.26.6 July 4, 2026
wplegalpages wplegalpages N/A Privacy Policy Generator, Terms & Conditions Generator - WPLegalPages <= 2.7.0 - Arbitrary Settings Update to Stored Cross-Site Scripting LOW [*, 2.7.1) 2.7.1 July 4, 2026
supportcandy supportcandy N/A SupportCandy – Helpdesk & Support Ticket System <= 2.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW [*, 2.2.7) 2.2.7 July 4, 2026
supportcandy supportcandy N/A SupportCandy <= 2.2.6 - Reflected Cross-Site Scripting LOW *-2.2.6 2.2.7 July 4, 2026
supportcandy supportcandy N/A SupportCandy <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion LOW *-2.2.4 2.2.5 July 4, 2026
rearrange-woocommerce-products rearrange-woocommerce-products N/A Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection LOW [*, 3.0.8) 3.0.8 July 4, 2026
lead-form-builder lead-form-builder
93
Responsive Contact Form Builder & Lead Generation Plugin < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.7.0) 1.7.0 July 4, 2026
supportcandy supportcandy N/A SupportCandy <= 2.2.6 - Cross-Site Request Forgery to Arbitrary Ticket Deletion LOW [*, 2.2.7) 2.2.7 July 4, 2026
supportcandy supportcandy N/A SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode LOW [*, 2.2.7) 2.2.7 July 4, 2026
php-everywhere php-everywhere
93
PHP Everywhere <= 2.0.3 - Remote Code Execution by Contributor+ users via gutenberg block LOW *-2.0.3 3.0.0 July 4, 2026
php-everywhere php-everywhere
93
PHP Everywhere <= 2.0.3 - Authenticated (Contributor+) Remote Code Execution via Metabox LOW *-2.0.3 3.0.0 July 4, 2026
php-everywhere php-everywhere
93
PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode LOW *-2.0.3 3.0.0 July 4, 2026
futurio-extra futurio-extra
93
Futurio Extra <= 1.6.2 - Authenticated (Admin+) SQL Injection LOW [*, 1.6.3) 1.6.3 July 4, 2026
advanced-cron-manager-pro advanced-cron-manager-pro
97
Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion LOW [*, 2.4.2) 2.4.2 July 4, 2026
advanced-cron-manager advanced-cron-manager
97
Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion LOW [*, 2.4.2) 2.4.2 July 4, 2026
aawp aawp
97
Amazon Affiliate <= 3.17 - Reflected Cross-Site Scripting LOW *-3.17 3.17.1 July 4, 2026
yellow-pencil-visual-theme-customizer yellow-pencil-visual-theme-customizer N/A Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter LOW *-7.5.3 7.5.4 July 4, 2026
wp-asset-clean-up wp-asset-clean-up N/A Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action LOW [*, 1.3.8.5) 1.3.8.5 July 4, 2026
wp-asset-clean-up wp-asset-clean-up N/A Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting LOW *-1.3.8.4 1.3.8.5 July 4, 2026
trustmate-io-integration-for-woocommerce trustmate-io-integration-for-woocommerce N/A TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update LOW *-1.8.11 1.8.12 July 4, 2026
trustmate-io-integration-for-woocommerce trustmate-io-integration-for-woocommerce N/A TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update LOW *-1.8.11 1.8.12 July 4, 2026
svg-support svg-support N/A SVG Support <= 2.3.19 Admin+ Cross-Site Scripting LOW *-2.3.19 2.3.20 July 4, 2026
social-networks-auto-poster-facebook-twitter-g social-networks-auto-poster-facebook-twitter-g N/A NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting LOW [*, 4.3.24) 4.3.24 July 4, 2026
social-networks-auto-poster-facebook-twitter-g social-networks-auto-poster-facebook-twitter-g N/A NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery LOW [*, 4.3.25) 4.3.25 July 4, 2026
document-emberdder document-emberdder
93
Document Embedder < 1.7.6 - Sensitive Data Exposure LOW [*, 1.7.5) 1.7.6 July 4, 2026
document-emberdder document-emberdder
93
Document Embedder <= 1.7.8 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure LOW [*, 1.7.9) 1.7.9 July 4, 2026
contact-form-7-skins contact-form-7-skins
93
Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting LOW *-2.5.0 2.5.1 July 4, 2026
wp-photo-album-plus wp-photo-album-plus N/A WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting LOW [*, 8.0.10) 8.1.00 July 4, 2026
include-me include-me
93
Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution LOW *-1.2.1 1.2.2 July 4, 2026
wicked-folders wicked-folders N/A Wicked Folders <= 2.18.9 - Subscriber+ SQL Injection LOW *-2.18.9 2.18.10 July 4, 2026
link-library link-library
93
Link Library <= 7.2.7 - Missing Authorization Checks LOW *-7.2.7 7.2.8 July 4, 2026
link-library link-library
93
Link Library <= 7.2.8 - Reflected Cross-Site Scripting LOW *-7.2.8 7.2.9 July 4, 2026
link-library link-library
93
Link Library <= 7.2.7 - Cross-Site Request Forgery to Library Settings Reset LOW *-7.2.7 7.2.8 July 4, 2026
ag-custom-admin ag-custom-admin
97
Custom Dashboard & Login Page < 6.9.5 - Admin+ Stored Cross-Site Scripting LOW *-6.9.5 7.0 July 4, 2026
orange-form orange-form
89
Orange Form <= 1.0.1 - Cross-Site Request Forgery LOW *-1.0.1 July 4, 2026
orange-form orange-form
89
Orange Form <= 1.0.1 - Cross-Site Request Forgery LOW *-1.0.1 July 4, 2026
nd-learning nd-learning
93
Learning Courses < 5.0 - Authenticated Cross-Site Scripting LOW [*, 5.0) 5.0 July 4, 2026
error-log-viewer error-log-viewer
93
Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery LOW *-1.1.1 1.1.2 July 4, 2026
wp-downloadmanager wp-downloadmanager N/A WP-DownloadManager plugin <= 1.68.6 - Reflected Cross-Site Scripting LOW *-1.68.6 1.68.7 July 4, 2026
woocommerce-products-filter woocommerce-products-filter N/A WOOF - Products Filter for WooCommerce <= 1.2.6.2 - Reflected Cross-Site Scripting LOW [*, 1.2.6.3) 1.2.6.3 July 4, 2026
UpdraftPlus: WP Backup & Migration Plugin updraftplus
69
UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore LOW 0.7.4-1.16.68 1.16.69 July 4, 2026
labtools labtools
91
LabTools <= 1.0 - Missing Authorization LOW *-1.0 July 4, 2026
insight-core insight-core
91
Insight Core <= 1.0 - Authenticated PHP Object Injection & Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
dynamic-widgets dynamic-widgets
93
Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting LOW *-1.5.16 1.6 July 4, 2026
domain-check domain-check
93
Domain Check <= 1.0.16 - Reflected Cross-Site Scripting via domain LOW *-1.0.16 1.0.17 July 4, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
Registration Magic <= 5.0.1.8 - Reflected Cross-Site Scripting LOW *-5.0.1.8 5.0.1.9 July 4, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration wp-user-frontend N/A WP User Frontend <= 3.5.25 - SQL Injection & Reflected Cross-Site Scripting LOW *-3.5.25 3.5.26 July 4, 2026
wp-post-page-clone wp-post-page-clone N/A WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure LOW *-1.1 1.2 July 4, 2026
wp-extra-file-types wp-extra-file-types N/A WP Extra File Types <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.5 0.5.1 July 4, 2026
wp-cookie-user-info wp-cookie-user-info N/A Cookie Notification Plugin for WordPress < 1.0.9 - SQL Injection LOW [*, 1.0.9) 1.0.9 July 4, 2026
woo-orders-tracking woo-orders-tracking N/A Orders Tracking for WooCommerce <= 1.0.14 - Reflected Cross-Site Scripting LOW *-1.0.14 1.1.10 July 4, 2026
webp-converter-for-media webp-converter-for-media N/A WebP Converter for Media <= 4.0.2 - Unauthenticated Open Redirect LOW [*, 4.0.3) 4.0.3 July 4, 2026
ultimate-faqs ultimate-faqs N/A Ultimate FAQ <= 2.1.1 - Missing Authorization to Arbitrary FAQ Creation LOW [*, 2.1.2) 2.1.2 July 4, 2026
tutor tutor N/A Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting LOW *-1.9.11 1.9.12 July 4, 2026
tutor tutor N/A Tutor LMS <= 1.9.11 - Reflected Cross-Site Scripting LOW *-1.9.11 1.9.12 July 4, 2026
registrations-for-the-events-calendar registrations-for-the-events-calendar N/A Registrations for the Events Calendar <= 2.7.9 - Reflected Cross-Site Scripting LOW [*, 2.7.10) 2.7.10 July 4, 2026
qubely qubely N/A Qubely <= 1.7.7 - Missing Authorization to Arbitrary Post Deletion LOW [*, 1.7.8) 1.7.8 July 4, 2026
mycred mycred
93
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.3.2 - Reflected Cross-Site Scripting LOW *-2.3.2 2.4 July 4, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.7.0 - Reflected Cross-Site Scripting via effects LOW *-9.7.0 9.7.1 July 4, 2026
code-snippets code-snippets
93
Code Snippets <= 2.14.2 - Reflected Cross-Site Scripting LOW [*, 2.14.3) 2.14.3 July 4, 2026
af-companion af-companion
97
AF Companion <= 1.1.2 - Cross-Site Request Forgery LOW [1.1.0, 1.1.2) 1.2.0 July 4, 2026
wpgsi-professional wpgsi-professional N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Reflected Cross-Site Scripting LOW *-3.5.0 3.6.0 July 4, 2026
wpgsi-professional wpgsi-professional N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery LOW *-3.5.0 3.6.0 July 4, 2026
wpgsi wpgsi N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Reflected Cross-Site Scripting LOW *-3.5.0 3.6.0 July 4, 2026
wpgsi wpgsi N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery LOW *-3.5.0 3.6.0 July 4, 2026
mobile-events-manager mobile-events-manager
93
Mobile Events Manager < 1.4.4 - Cross-Site Scripting LOW [*, 1.4.4) 1.4.4 July 4, 2026
LOW

newstatpress

newstatpress

Score: 93/100 NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting Affected: [*, 1.3.6) Patched: 1.3.6 Updated: July 4, 2026
LOW

easy-login-woocommerce

easy-login-woocommerce

Score: 93/100 Login/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-2.2 Patched: 2.3 Updated: July 4, 2026
LOW

capability-manager-enhanced

capability-manager-enhanced

Score: 93/100 PublishPress Capabilities <= 2.3.2 - Reflected Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

wp-downloadmanager

wp-downloadmanager

Score: N/A WP-DownloadManager plugin <= 1.68.6 - Stored Cross-Site Scripting Affected: [*, 1.68.7) Patched: 1.68.7 Updated: July 4, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 - Missing Authorization Checks Affected: [*, 6.4.1) Patched: 6.4.1 Updated: July 4, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A WP Ultimate CSV Importer <= 6.4.0 - Arbitrary File Upload Affected: *-6.4.0 Patched: 6.4.1 Updated: July 4, 2026
LOW

remove-footer-credit

remove-footer-credit

Score: N/A Remove Footer Credit <= 1.0.10 - Admin+ Stored Cross-Site Scripting Affected: *-1.0.10 Patched: 1.0.11 Updated: July 4, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting Affected: *-7.3.6 Patched: 7.3.7 Updated: July 4, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery Affected: *-7.3.5 Patched: 7.3.7 Updated: July 4, 2026
LOW

quiz-master-next

quiz-master-next

Score: N/A Quiz And Survey Master <= 7.3.6 - Reflected Cross-Site Scripting Affected: *-7.3.6 Patched: 7.3.7 Updated: July 4, 2026
LOW

powerpack-addon-for-beaver-builder

powerpack-addon-for-beaver-builder

Score: N/A PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting Affected: *-1.2.9.2 Patched: 1.2.9.3 Updated: July 4, 2026
LOW

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Score: 76/100 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.30 - Reflected Cross-Site Scripting via lang & pid Parameters Affected: [*, 3.1.31) Patched: 3.1.31 Updated: July 4, 2026
LOW

ibtana-visual-editor

ibtana-visual-editor

Score: 91/100 Ibtana – WordPress Website Builder <= 1.1.4.7 - Missing Authorization to Stored Cross-Site Scripting Affected: [*, 1.1.4.9) Patched: 1.1.4.9 Updated: July 4, 2026
LOW

facebook-wall-and-social-integration

facebook-wall-and-social-integration

Score: 93/100 Mitsol Social Post Feed <= 1.10 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.10 Patched: 1.11 Updated: July 4, 2026
LOW

powerkit

powerkit

Score: N/A Powerkit < 2.5.9 - Cross-Site Request Forgery Affected: [*, 2.5.9) Patched: 2.5.9 Updated: July 4, 2026
LOW

mortgage-calculators-wp

mortgage-calculators-wp

Score: 93/100 Mortgage Calculators WP < 1.53 - Authenticated Stored Cross-Site Scripting Affected: [*, 1.53) Patched: 1.53 Updated: July 4, 2026
LOW

adaptive-images

adaptive-images

Score: 97/100 Adaptive Images <= 0.6.68 - Reflected Cross-Site Scripting Affected: *-0.6.68 Patched: 0.6.69 Updated: July 4, 2026
LOW

access-demo-importer

access-demo-importer

Score: 97/100 AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery Affected: *-1.0.6 Patched: 1.0.7 Updated: July 4, 2026
LOW

access-demo-importer

access-demo-importer

Score: 97/100 AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation Affected: *-1.0.6 Patched: 1.0.7 Updated: July 4, 2026
LOW

wp-downloadmanager

wp-downloadmanager

Score: N/A WP-DownloadManager <= 1.68.6 - Stored Cross-Site Scripting Affected: [*, 1.68.7) Patched: 1.68.7 Updated: July 4, 2026
LOW

woocommerce-store-toolkit

woocommerce-store-toolkit

Score: N/A Store Toolkit for WooCommerce <= 2.3.1 - Reflected Cross-Site Scripting Affected: [*, 2.3.2) Patched: 2.3.2 Updated: July 4, 2026
LOW

woocommerce-exporter

woocommerce-exporter

Score: N/A WooCommerce – Store Exporter <= 2.7 - Reflected Cross-Site Scripting Affected: *-2.7 Patched: 2.7.1 Updated: July 4, 2026
LOW

seur

seur

Score: N/A SEUR Oficial < 1.7.2 - Authenticated Arbitrary File Download Affected: [*, 1.7.2) Patched: 1.7.2 Updated: July 4, 2026
LOW

maps-block-apple

maps-block-apple

Score: 93/100 markdown-it < 1.3.2 - Uncontrolled Resource Consumption Affected: 1.0.3 Patched: 1.1.0 Updated: July 4, 2026
LOW

Translate WordPress with GTranslate

gtranslate

Score: 90/100 Translate WordPress with GTranslate <= 2.9.6 - Reflected Cross-Site Scripting Affected: [*, 2.9.7) Patched: 2.9.7 Updated: July 4, 2026
LOW

cluevo-lms

cluevo-lms

Score: 93/100 CLUEVO E-Learning Platform <= 1.8.0 - Authenticated Cross-Site Scripting Affected: [*, 1.8.1) Patched: 1.8.1 Updated: July 4, 2026
LOW

add-search-to-menu

add-search-to-menu

Score: 97/100 Ivory Search <= 5.4 - Multiple Admin+ Stored Cross-Site Scripting Affected: *-5.4 Patched: 5.4.1 Updated: July 4, 2026
LOW

paid-memberships-pro

paid-memberships-pro

Score: 93/100 Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection Affected: [*, 2.6.7) Patched: 2.6.7 Updated: July 4, 2026
LOW

ultimate-reviews

ultimate-reviews

Score: N/A Ultimate Reviews <= 3.0.15 - Authenticated Stored Cross-Site Scripting Affected: *-3.0.15 Patched: 3.0.16 Updated: July 4, 2026
LOW

ultimate-product-catalogue

ultimate-product-catalogue

Score: N/A Ultimate Product Catalog – WordPress Catalog Plugin <= 5.0.25 - Cross-Site Request Forgery Affected: [*, 5.0.26) Patched: 5.0.26 Updated: July 4, 2026
LOW

responsive-vector-maps

responsive-vector-maps

Score: N/A RVM - Responsive Vector Maps <= 6.4.1 - Subscriber+ Arbitrary File Read Affected: *-6.4.1 Patched: 6.4.2 Updated: July 4, 2026
LOW

ip2location-country-blocker

ip2location-country-blocker

Score: 93/100 IP2Location Country Blocker <= 2.26.4 - Ban Bypass Affected: *-2.26.4 Patched: 2.26.5 Updated: July 4, 2026
LOW

ip2location-country-blocker

ip2location-country-blocker

Score: 93/100 IP2Location Country Blocker <= 2.26.4 - Subscriber+ Arbitrary Country Ban Affected: *-2.26.4 Patched: 2.26.5 Updated: July 4, 2026
LOW

ip2location-country-blocker

ip2location-country-blocker

Score: 93/100 IP2Location Country Blocker <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery Affected: *-2.26.5 Patched: 2.26.6 Updated: July 4, 2026
LOW

wplegalpages

wplegalpages

Score: N/A Privacy Policy Generator, Terms & Conditions Generator - WPLegalPages <= 2.7.0 - Arbitrary Settings Update to Stored Cross-Site Scripting Affected: [*, 2.7.1) Patched: 2.7.1 Updated: July 4, 2026
LOW

supportcandy

supportcandy

Score: N/A SupportCandy – Helpdesk & Support Ticket System <= 2.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: [*, 2.2.7) Patched: 2.2.7 Updated: July 4, 2026
LOW

supportcandy

supportcandy

Score: N/A SupportCandy <= 2.2.6 - Reflected Cross-Site Scripting Affected: *-2.2.6 Patched: 2.2.7 Updated: July 4, 2026
LOW

supportcandy

supportcandy

Score: N/A SupportCandy <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion Affected: *-2.2.4 Patched: 2.2.5 Updated: July 4, 2026
LOW

rearrange-woocommerce-products

rearrange-woocommerce-products

Score: N/A Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection Affected: [*, 3.0.8) Patched: 3.0.8 Updated: July 4, 2026
LOW

lead-form-builder

lead-form-builder

Score: 93/100 Responsive Contact Form Builder & Lead Generation Plugin < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.7.0) Patched: 1.7.0 Updated: July 4, 2026
LOW

supportcandy

supportcandy

Score: N/A SupportCandy <= 2.2.6 - Cross-Site Request Forgery to Arbitrary Ticket Deletion Affected: [*, 2.2.7) Patched: 2.2.7 Updated: July 4, 2026
LOW

supportcandy

supportcandy

Score: N/A SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode Affected: [*, 2.2.7) Patched: 2.2.7 Updated: July 4, 2026
LOW

php-everywhere

php-everywhere

Score: 93/100 PHP Everywhere <= 2.0.3 - Remote Code Execution by Contributor+ users via gutenberg block Affected: *-2.0.3 Patched: 3.0.0 Updated: July 4, 2026
LOW

php-everywhere

php-everywhere

Score: 93/100 PHP Everywhere <= 2.0.3 - Authenticated (Contributor+) Remote Code Execution via Metabox Affected: *-2.0.3 Patched: 3.0.0 Updated: July 4, 2026
LOW

php-everywhere

php-everywhere

Score: 93/100 PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode Affected: *-2.0.3 Patched: 3.0.0 Updated: July 4, 2026
LOW

futurio-extra

futurio-extra

Score: 93/100 Futurio Extra <= 1.6.2 - Authenticated (Admin+) SQL Injection Affected: [*, 1.6.3) Patched: 1.6.3 Updated: July 4, 2026
LOW

advanced-cron-manager-pro

advanced-cron-manager-pro

Score: 97/100 Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion Affected: [*, 2.4.2) Patched: 2.4.2 Updated: July 4, 2026
LOW

advanced-cron-manager

advanced-cron-manager

Score: 97/100 Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion Affected: [*, 2.4.2) Patched: 2.4.2 Updated: July 4, 2026
LOW

aawp

aawp

Score: 97/100 Amazon Affiliate <= 3.17 - Reflected Cross-Site Scripting Affected: *-3.17 Patched: 3.17.1 Updated: July 4, 2026
LOW

yellow-pencil-visual-theme-customizer

yellow-pencil-visual-theme-customizer

Score: N/A Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter Affected: *-7.5.3 Patched: 7.5.4 Updated: July 4, 2026
LOW

wp-asset-clean-up

wp-asset-clean-up

Score: N/A Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action Affected: [*, 1.3.8.5) Patched: 1.3.8.5 Updated: July 4, 2026
LOW

wp-asset-clean-up

wp-asset-clean-up

Score: N/A Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting Affected: *-1.3.8.4 Patched: 1.3.8.5 Updated: July 4, 2026
LOW

trustmate-io-integration-for-woocommerce

trustmate-io-integration-for-woocommerce

Score: N/A TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update Affected: *-1.8.11 Patched: 1.8.12 Updated: July 4, 2026
LOW

trustmate-io-integration-for-woocommerce

trustmate-io-integration-for-woocommerce

Score: N/A TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update Affected: *-1.8.11 Patched: 1.8.12 Updated: July 4, 2026
LOW

svg-support

svg-support

Score: N/A SVG Support <= 2.3.19 Admin+ Cross-Site Scripting Affected: *-2.3.19 Patched: 2.3.20 Updated: July 4, 2026
LOW

social-networks-auto-poster-facebook-twitter-g

social-networks-auto-poster-facebook-twitter-g

Score: N/A NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 4.3.24) Patched: 4.3.24 Updated: July 4, 2026
LOW

social-networks-auto-poster-facebook-twitter-g

social-networks-auto-poster-facebook-twitter-g

Score: N/A NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery Affected: [*, 4.3.25) Patched: 4.3.25 Updated: July 4, 2026
LOW

document-emberdder

document-emberdder

Score: 93/100 Document Embedder < 1.7.6 - Sensitive Data Exposure Affected: [*, 1.7.5) Patched: 1.7.6 Updated: July 4, 2026
LOW

document-emberdder

document-emberdder

Score: 93/100 Document Embedder <= 1.7.8 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure Affected: [*, 1.7.9) Patched: 1.7.9 Updated: July 4, 2026
LOW

contact-form-7-skins

contact-form-7-skins

Score: 93/100 Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting Affected: *-2.5.0 Patched: 2.5.1 Updated: July 4, 2026
LOW

wp-photo-album-plus

wp-photo-album-plus

Score: N/A WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting Affected: [*, 8.0.10) Patched: 8.1.00 Updated: July 4, 2026
LOW

include-me

include-me

Score: 93/100 Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution Affected: *-1.2.1 Patched: 1.2.2 Updated: July 4, 2026
LOW

wicked-folders

wicked-folders

Score: N/A Wicked Folders <= 2.18.9 - Subscriber+ SQL Injection Affected: *-2.18.9 Patched: 2.18.10 Updated: July 4, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.2.7 - Missing Authorization Checks Affected: *-7.2.7 Patched: 7.2.8 Updated: July 4, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.2.8 - Reflected Cross-Site Scripting Affected: *-7.2.8 Patched: 7.2.9 Updated: July 4, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.2.7 - Cross-Site Request Forgery to Library Settings Reset Affected: *-7.2.7 Patched: 7.2.8 Updated: July 4, 2026
LOW

ag-custom-admin

ag-custom-admin

Score: 97/100 Custom Dashboard & Login Page < 6.9.5 - Admin+ Stored Cross-Site Scripting Affected: *-6.9.5 Patched: 7.0 Updated: July 4, 2026
LOW

orange-form

orange-form

Score: 89/100 Orange Form <= 1.0.1 - Cross-Site Request Forgery Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

orange-form

orange-form

Score: 89/100 Orange Form <= 1.0.1 - Cross-Site Request Forgery Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

nd-learning

nd-learning

Score: 93/100 Learning Courses < 5.0 - Authenticated Cross-Site Scripting Affected: [*, 5.0) Patched: 5.0 Updated: July 4, 2026
LOW

error-log-viewer

error-log-viewer

Score: 93/100 Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: 1.1.2 Updated: July 4, 2026
LOW

wp-downloadmanager

wp-downloadmanager

Score: N/A WP-DownloadManager plugin <= 1.68.6 - Reflected Cross-Site Scripting Affected: *-1.68.6 Patched: 1.68.7 Updated: July 4, 2026
LOW

woocommerce-products-filter

woocommerce-products-filter

Score: N/A WOOF - Products Filter for WooCommerce <= 1.2.6.2 - Reflected Cross-Site Scripting Affected: [*, 1.2.6.3) Patched: 1.2.6.3 Updated: July 4, 2026
LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore Affected: 0.7.4-1.16.68 Patched: 1.16.69 Updated: July 4, 2026
LOW

labtools

labtools

Score: 91/100 LabTools <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

insight-core

insight-core

Score: 91/100 Insight Core <= 1.0 - Authenticated PHP Object Injection & Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

dynamic-widgets

dynamic-widgets

Score: 93/100 Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting Affected: *-1.5.16 Patched: 1.6 Updated: July 4, 2026
LOW

domain-check

domain-check

Score: 93/100 Domain Check <= 1.0.16 - Reflected Cross-Site Scripting via domain Affected: *-1.0.16 Patched: 1.0.17 Updated: July 4, 2026
LOW

wp-post-page-clone

wp-post-page-clone

Score: N/A WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure Affected: *-1.1 Patched: 1.2 Updated: July 4, 2026
LOW

wp-extra-file-types

wp-extra-file-types

Score: N/A WP Extra File Types <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5 Patched: 0.5.1 Updated: July 4, 2026
LOW

wp-cookie-user-info

wp-cookie-user-info

Score: N/A Cookie Notification Plugin for WordPress < 1.0.9 - SQL Injection Affected: [*, 1.0.9) Patched: 1.0.9 Updated: July 4, 2026
LOW

woo-orders-tracking

woo-orders-tracking

Score: N/A Orders Tracking for WooCommerce <= 1.0.14 - Reflected Cross-Site Scripting Affected: *-1.0.14 Patched: 1.1.10 Updated: July 4, 2026
LOW

webp-converter-for-media

webp-converter-for-media

Score: N/A WebP Converter for Media <= 4.0.2 - Unauthenticated Open Redirect Affected: [*, 4.0.3) Patched: 4.0.3 Updated: July 4, 2026
LOW

ultimate-faqs

ultimate-faqs

Score: N/A Ultimate FAQ <= 2.1.1 - Missing Authorization to Arbitrary FAQ Creation Affected: [*, 2.1.2) Patched: 2.1.2 Updated: July 4, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting Affected: *-1.9.11 Patched: 1.9.12 Updated: July 4, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 1.9.11 - Reflected Cross-Site Scripting Affected: *-1.9.11 Patched: 1.9.12 Updated: July 4, 2026
LOW

registrations-for-the-events-calendar

registrations-for-the-events-calendar

Score: N/A Registrations for the Events Calendar <= 2.7.9 - Reflected Cross-Site Scripting Affected: [*, 2.7.10) Patched: 2.7.10 Updated: July 4, 2026
LOW

qubely

qubely

Score: N/A Qubely <= 1.7.7 - Missing Authorization to Arbitrary Post Deletion Affected: [*, 1.7.8) Patched: 1.7.8 Updated: July 4, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.3.2 - Reflected Cross-Site Scripting Affected: *-2.3.2 Patched: 2.4 Updated: July 4, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.7.0 - Reflected Cross-Site Scripting via effects Affected: *-9.7.0 Patched: 9.7.1 Updated: July 4, 2026
LOW

code-snippets

code-snippets

Score: 93/100 Code Snippets <= 2.14.2 - Reflected Cross-Site Scripting Affected: [*, 2.14.3) Patched: 2.14.3 Updated: July 4, 2026
LOW

af-companion

af-companion

Score: 97/100 AF Companion <= 1.1.2 - Cross-Site Request Forgery Affected: [1.1.0, 1.1.2) Patched: 1.2.0 Updated: July 4, 2026
LOW

wpgsi-professional

wpgsi-professional

Score: N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Reflected Cross-Site Scripting Affected: *-3.5.0 Patched: 3.6.0 Updated: July 4, 2026
LOW

wpgsi-professional

wpgsi-professional

Score: N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery Affected: *-3.5.0 Patched: 3.6.0 Updated: July 4, 2026
LOW

wpgsi

wpgsi

Score: N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Reflected Cross-Site Scripting Affected: *-3.5.0 Patched: 3.6.0 Updated: July 4, 2026
LOW

wpgsi

wpgsi

Score: N/A Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery Affected: *-3.5.0 Patched: 3.6.0 Updated: July 4, 2026
LOW

mobile-events-manager

mobile-events-manager

Score: 93/100 Mobile Events Manager < 1.4.4 - Cross-Site Scripting Affected: [*, 1.4.4) Patched: 1.4.4 Updated: July 4, 2026

Showing 30401 to 30500 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 17:06 UTC.