Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

86

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
affiliates-manager affiliates-manager
97
Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting LOW *-2.8.9 2.9.0 July 4, 2026
acf-extended acf-extended
97
Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection LOW *-0.8.8.6 0.8.8.7 July 4, 2026
wp125 wp125 N/A WP125 <= 1.5.4 - Cross-Site Request Forgery to Arbitrary Ad Deletion LOW *-1.5.4 1.5.5 July 4, 2026
woo-product-feed-pro woo-product-feed-pro N/A Product Feed PRO for WooCommerce <= 11.0.6 - Settings Update to Stored Cross-Site Scripting LOW [*, 11.0.7) 11.0.7 July 4, 2026
protect-wp-admin protect-wp-admin N/A Protect WP Admin <= 3.6 - Unauthenticated Plugin Deactivation LOW *-3.6 3.7 July 4, 2026
Brevo – Email, SMS, Web Push, Chat, and more. mailin
76
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.24 - Reflected Cross-Site Scripting LOW [*, 3.1.25) 3.1.25 July 4, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 4.7 - SQL Injection LOW [*, 4.8) 4.8 July 4, 2026
smart-seo-tool smart-seo-tool N/A Smart SEO Tool <= 3.0.5 - Reflected Cross-Site Scripting LOW [*, 3.0.6) 3.0.6 July 4, 2026
Event Tickets and Registration event-tickets
86
Event Tickets <= 5.2.1 - Open Redirect LOW *-5.2.1 5.2.2 July 4, 2026
yikes-inc-easy-mailchimp-extender yikes-inc-easy-mailchimp-extender N/A Easy Forms for Mailchimp <= 6.8.5 - Reflected Cross-Site Scripting LOW [*, 6.8.6) 6.8.6 July 4, 2026
wp-time-capsule wp-time-capsule N/A Backup and Staging by WP Time Capsule <= 1.22.6 - Reflected Cross-Site Scripting LOW *-1.22.6 1.22.7 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities LOW *-3.9.8 3.9.9 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes LOW *-3.9.10 3.9.11 July 4, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations N/A Five Star Restaurant Reservations <= 2.4.7 - Subscriber+ Stored Cross-Site Scripting LOW *-2.4.7 2.4.8 July 4, 2026
asgaros-forum asgaros-forum
97
Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id LOW *-1.15.14 1.15.15 July 4, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-13.1.0.9 14.0.0 July 4, 2026
vc-tabs vc-tabs N/A Responsive Tabs with WooCommerce Product Tab Extension <= 3.5.4 - Unauthenticated Arbitrary Option Update LOW [*, 3.6.0) 3.6.0 July 4, 2026
seur seur N/A SEUR Oficial <= 1.6.0 - Cross-Site Scripting LOW [*, 1.7.0) 1.7.0 July 4, 2026
navz-photo-gallery navz-photo-gallery
93
ACF Photo Gallery Field <= 1.7.4 - Reflected Cross-Site Scripting LOW *-1.7.4 1.7.5 July 4, 2026
event-calendar-wd event-calendar-wd
93
Event Calendar <= 1.1.50 - Subscriber+ Event Creation LOW *-1.1.50 1.1.51 July 4, 2026
event-calendar-wd event-calendar-wd
93
Event Calendar <= 1.1.50 - Reflected Cross-Site Scripting LOW *-1.1.50 1.1.51 July 4, 2026
anycomment anycomment
93
AnyComment <= 0.3.4 - Open Redirect via redirect parameter LOW [*, 0.3.5) 0.3.5 July 4, 2026
tarteaucitronjs tarteaucitronjs N/A tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting LOW *-1.6 1.6.1 July 4, 2026
page-builder-add page-builder-add
93
Landing Page Builder <= 1.4.9.5 - Reflected Cross-Site Scripting LOW *-1.4.9.5 1.4.9.6 July 4, 2026
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress custom-facebook-feed
66
Smash Balloon Social Post Feed <= 4.1 - Reflected Cross-Site Scripting LOW [*, 4.1.1) 4.1.1 July 4, 2026
crisp crisp
93
Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.31 0.32 July 4, 2026
image-hover-effects-ultimate image-hover-effects-ultimate
91
Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update LOW *-9.6.1 9.6.2 July 4, 2026
accelerated-mobile-pages accelerated-mobile-pages
97
AMP for WP <= 1.0.77.32 - Authenticated Stored Cross-Site Scripting LOW *-1.0.77.32 1.0.77.33 July 4, 2026
post-grid post-grid N/A Post Grid <= 2.1.12 - Contributor+ SQL Injection LOW [*, 2.1.13) 2.1.13 July 4, 2026
woo-myghpay-payment-gateway woo-myghpay-payment-gateway N/A WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting LOW *-3.0 July 4, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic all-in-one-seo-pack
88
All in One SEO 4.0.0 - 4.1.5.2 Authorization Bypass LOW 4.0.0-4.1.5.2 4.1.5.3 July 4, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic all-in-one-seo-pack
88
All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection LOW 4.1.3.1-4.1.5.2 4.1.5.3 July 4, 2026
simple-responsive-image-gallery simple-responsive-image-gallery N/A Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting LOW *-1.0.6 July 4, 2026
seo-local-rank seo-local-rank N/A True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read LOW *-2.2.2 2.2.4 July 4, 2026
duofaq-responsive-flat-simple-faq duofaq-responsive-flat-simple-faq
91
duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 - Reflected Cross-Site Scripting LOW *-1.4.8 July 4, 2026
woocommerce-currency-switcher woocommerce-currency-switcher N/A WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting LOW *-1.3.7.2 1.3.7.3 July 4, 2026
woo-enviopack woo-enviopack N/A WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting LOW *-1.2 July 4, 2026
theplus_elementor_addon theplus_elementor_addon N/A The Plus Addons for Elementor Pro <= 5.0.6 - Sensitive Data Disclosure LOW [*, 5.0.7) 5.0.7 July 4, 2026
theplus_elementor_addon theplus_elementor_addon N/A The Plus Addons for Elementor - Pro <= 5.0.6 - SQL Injection LOW [*, 5.0.7) 5.0.7 July 4, 2026
real-wysiwyg real-wysiwyg N/A Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting LOW *-0.0.2 July 4, 2026
parsian-bank-gateway-for-woocommerce parsian-bank-gateway-for-woocommerce
91
Parsian Bank Gateway for Woocommerce <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
out-of-the-box out-of-the-box
93
Out-of-the-Box <= 1.20.2 - Reflected Cross-Site Scripting LOW [*, 1.20.3) 1.20.3 July 4, 2026
magic-post-voice magic-post-voice
91
Magic Post Voice <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 4, 2026
link-list-manager link-list-manager
91
link-list-manager <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
lets-box lets-box
93
Lets-Box < 1.15.3 - Reflected Cross-Site Scripting LOW [*, 1.15.3) 1.15.3 July 4, 2026
htaccess-redirect htaccess-redirect
91
.htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting LOW *-0.3.1 July 4, 2026
h5p-css-editor h5p-css-editor
91
H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
accelerated-mobile-pages accelerated-mobile-pages
97
AMP for WP – Accelerated Mobile Pages <= 1.0.77.31 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.77.31 1.0.77.32 July 4, 2026
WP Booking System – Booking Calendar wp-booking-system N/A WP Booking System – Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting LOW [*, 2.0.15) 2.0.15 July 4, 2026
tarteaucitronjs tarteaucitronjs N/A tarteaucitron.js – Cookies legislation & GDPR <= 1.5.4 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.5.4 1.6 July 4, 2026
easy-paypal-donation easy-paypal-donation
93
Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery LOW *-1.3.3 1.3.4 July 4, 2026
Fathom Analytics for WP fathom-analytics
93
Fathom Analytics <= 3.0.4 - Stored Cross-Site Scripting LOW *-3.0.4 3.0.5 July 4, 2026
gmap-embed gmap-embed
93
WP Google Map <= 1.8.0 - Missing Authorization LOW *-1.8.0 1.8.1 July 4, 2026
gmap-embed gmap-embed
93
WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update LOW *-1.8.0 1.8.1 July 4, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
RegistrationMagic <= 5.0.1.7 - Authentication Bypass LOW *-5.0.1.7 5.0.1.8 July 4, 2026
capability-manager-enhanced capability-manager-enhanced
93
PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update LOW [*, 2.3.1) 2.3.1 July 4, 2026
wd-instagram-feed wd-instagram-feed N/A 10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting LOW *-1.4.28 1.4.29 July 4, 2026
wpcalc wpcalc N/A WPcalc – Create any online calculators <= 2.1 - SQL Injection LOW *-2.1 July 4, 2026
woocommerce-pdf-invoices-packing-slips woocommerce-pdf-invoices-packing-slips N/A WooCommerce PDF Invoices & Packing Slips <= 2.10.4 - Reflected Cross-Site Scripting via tab and section parameter LOW [*, 2.10.5) 2.10.5 July 4, 2026
use-your-drive use-your-drive N/A Use-Your-Drive < 1.18.3 - Reflected Cross-Site Scripting LOW [*, 1.18.3) 1.18.3 July 4, 2026
UpdraftPlus: WP Backup & Migration Plugin updraftplus
69
UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting LOW [*, 1.16.66) 1.16.66 July 4, 2026
tabbed tabbed N/A Tab – Accordion, FAQ < 1.3.2 - Unauthenticated Arbitrary Tab Modification LOW [*, 1.3.2) 1.3.2 July 4, 2026
stars-rating stars-rating N/A Stars Rating <= 3.5.0 - Denial of Service LOW [*, 3.5.1) 3.5.1 July 4, 2026
Site Reviews site-reviews N/A Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting LOW *-5.17.2 5.17.3 July 4, 2026
share-one-drive share-one-drive N/A Share-one-Drive <= 1.15.2 - Reflected Cross-Site Scripting LOW [*, 1.15.3) 1.15.3 July 4, 2026
powerpack-lite-for-elementor powerpack-lite-for-elementor N/A PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting LOW *-2.6.1 2.6.2 July 4, 2026
events-made-easy events-made-easy
91
Events Made Easy <= 2.2.35 - Subscriber+ SQL Injection LOW *-2.2.35 2.2.36 July 4, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting LOW [*, 3.8.4) 3.8.4 July 4, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty chaty
88
Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button - Chaty <= 2.8.2 Reflected Cross-Site Scripting LOW [*, 2.8.3) 2.8.3 July 4, 2026
Booking Calendar booking
71
Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting LOW *-8.9.1 8.9.2 July 4, 2026
wp-coder wp-coder N/A WP Coder <= 2.5.1 - Remote File Inclusion leading to Remote Code Execution via Cross-Site Request Forgery LOW *-2.5.1 2.5.2 July 4, 2026
modal-window modal-window
93
Modal Window – create popup modal window <= 5.2.1 - Cross-Site Request Forgery to Remote Code Execution LOW [*, 5.2.2) 5.2.2 July 4, 2026
button-generation button-generation
93
Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery LOW *-2.3.2 2.3.3 July 4, 2026
survey-maker survey-maker N/A Survey Maker <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0.6 2.0.7 July 4, 2026
modern-events-calendar-lite modern-events-calendar-lite
93
Modern Events Calendar Lite <= 6.1.6 - Subscriber+ Category Add Leading to Stored Cross-Site Scripting LOW *-6.1.6 6.2.0 July 4, 2026
post-duplicator post-duplicator N/A Post Duplicator <= 2.23 - Cross-Site Scripting LOW [*, 2.24) 2.24 July 4, 2026
customize-login-image customize-login-image
93
Customize Login Image <= 3.4 - Cross-Site Scripting LOW *-3.4 3.5 July 4, 2026
advanced-custom-fields-pro advanced-custom-fields-pro
97
Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes LOW [*, 5.11) 5.11 July 4, 2026
advanced-custom-fields-pro advanced-custom-fields-pro
97
Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure LOW [*, 5.11) 5.11 July 4, 2026
advanced-custom-fields-pro advanced-custom-fields-pro
97
Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure LOW [*, 5.11) 5.11 July 4, 2026
advanced-custom-fields advanced-custom-fields
97
Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes LOW [*, 5.11) 5.11 July 4, 2026
advanced-custom-fields advanced-custom-fields
97
Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure LOW [*, 5.11) 5.11 July 4, 2026
advanced-custom-fields advanced-custom-fields
97
Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure LOW [*, 5.11) 5.11 July 4, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software wp-travel-engine N/A WP Travel Engine <= 5.3.0 - Editor+ Stored Cross-Site Scripting LOW *-5.3.0 5.3.1 July 4, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in Product XML Feeds Module LOW [*, 5.4.9) 5.4.9 July 4, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in PDF Invoicing Module LOW [*, 5.4.9) 5.4.9 July 4, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in General Module LOW [*, 5.4.9) 5.4.9 July 4, 2026
product-variation-swatches-for-woocommerce product-variation-swatches-for-woocommerce N/A Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.1.1 2.1.2 July 4, 2026
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. host-webfonts-local
92
OMGF <= 4.5.11 - Authenticated (Admin+) Arbitrary Folder Deletion via Path Traversal LOW *-4.5.11 4.5.12 July 4, 2026
CAOS | Host Google Analytics Locally host-analyticsjs-local
96
CAOS <= 4.1.8 - Admin+ Arbitrary Folder Deletion via Path Traversal LOW *-4.1.8 4.1.9 July 4, 2026
video-conferencing-with-zoom-api video-conferencing-with-zoom-api N/A Video Conferencing with Zoom < 3.8.16 - Reflected Cross-Site Scripting LOW [*, 3.8.16) 3.8.16 July 4, 2026
LiteSpeed Cache litespeed-cache
69
LiteSpeed Cache <= 4.4.3 - Reflected Cross-Site Scripting via qc_res LOW 1.0.15-4.4.3 4.4.4 July 4, 2026
LiteSpeed Cache litespeed-cache
69
LiteSpeed Cache <= 4.4.3 - Authorization Bypass LOW 1.0.15-4.4.3 4.4.4 July 4, 2026
contact-form-with-captcha contact-form-with-captcha
91
Contact Form With Captcha <= 1.6.7 - Cross-Site Request Forgery LOW *-1.6.7 1.6.8 July 4, 2026
wpremote wpremote N/A The WP Remote WordPress Plugin <= 4.64 - Reflected Cross-Site Scripting LOW *-4.64 4.65 July 4, 2026
wp-rss-aggregator wp-rss-aggregator N/A WP RSS Aggregator <= 4.19.2 - Subscriber+ Stored Cross-Site Scripting LOW [*, 4.19.3) 4.19.3 July 4, 2026
WP Mail Logging wp-mail-logging
87
WP Mail Logging < 1.10.0 - Unauthenticated Arbitrary Settings Change LOW [*, 1.10.0) 1.10.0 July 4, 2026
typebot typebot N/A Typebot | Build beautiful conversational forms < 1.4.3 - Authenticated (Admin+) Cross-Site Scripting LOW [*, 1.4.3) 1.4.3 July 4, 2026
stetic stetic N/A Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 4, 2026
rich-reviews rich-reviews N/A Rich Reviews by Starfish <= 1.9.5 - SQL Injection LOW [*, 1.9.6) 1.9.6 July 4, 2026
LOW

affiliates-manager

affiliates-manager

Score: 97/100 Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.8.9 Patched: 2.9.0 Updated: July 4, 2026
LOW

acf-extended

acf-extended

Score: 97/100 Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection Affected: *-0.8.8.6 Patched: 0.8.8.7 Updated: July 4, 2026
LOW

wp125

wp125

Score: N/A WP125 <= 1.5.4 - Cross-Site Request Forgery to Arbitrary Ad Deletion Affected: *-1.5.4 Patched: 1.5.5 Updated: July 4, 2026
LOW

woo-product-feed-pro

woo-product-feed-pro

Score: N/A Product Feed PRO for WooCommerce <= 11.0.6 - Settings Update to Stored Cross-Site Scripting Affected: [*, 11.0.7) Patched: 11.0.7 Updated: July 4, 2026
LOW

protect-wp-admin

protect-wp-admin

Score: N/A Protect WP Admin <= 3.6 - Unauthenticated Plugin Deactivation Affected: *-3.6 Patched: 3.7 Updated: July 4, 2026
LOW

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Score: 76/100 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.24 - Reflected Cross-Site Scripting Affected: [*, 3.1.25) Patched: 3.1.25 Updated: July 4, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 4.7 - SQL Injection Affected: [*, 4.8) Patched: 4.8 Updated: July 4, 2026
LOW

smart-seo-tool

smart-seo-tool

Score: N/A Smart SEO Tool <= 3.0.5 - Reflected Cross-Site Scripting Affected: [*, 3.0.6) Patched: 3.0.6 Updated: July 4, 2026
LOW

Event Tickets and Registration

event-tickets

Score: 86/100 Event Tickets <= 5.2.1 - Open Redirect Affected: *-5.2.1 Patched: 5.2.2 Updated: July 4, 2026
LOW

yikes-inc-easy-mailchimp-extender

yikes-inc-easy-mailchimp-extender

Score: N/A Easy Forms for Mailchimp <= 6.8.5 - Reflected Cross-Site Scripting Affected: [*, 6.8.6) Patched: 6.8.6 Updated: July 4, 2026
LOW

wp-time-capsule

wp-time-capsule

Score: N/A Backup and Staging by WP Time Capsule <= 1.22.6 - Reflected Cross-Site Scripting Affected: *-1.22.6 Patched: 1.22.7 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities Affected: *-3.9.8 Patched: 3.9.9 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes Affected: *-3.9.10 Patched: 3.9.11 Updated: July 4, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id Affected: *-1.15.14 Patched: 1.15.15 Updated: July 4, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-13.1.0.9 Patched: 14.0.0 Updated: July 4, 2026
LOW

vc-tabs

vc-tabs

Score: N/A Responsive Tabs with WooCommerce Product Tab Extension <= 3.5.4 - Unauthenticated Arbitrary Option Update Affected: [*, 3.6.0) Patched: 3.6.0 Updated: July 4, 2026
LOW

seur

seur

Score: N/A SEUR Oficial <= 1.6.0 - Cross-Site Scripting Affected: [*, 1.7.0) Patched: 1.7.0 Updated: July 4, 2026
LOW

navz-photo-gallery

navz-photo-gallery

Score: 93/100 ACF Photo Gallery Field <= 1.7.4 - Reflected Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 4, 2026
LOW

event-calendar-wd

event-calendar-wd

Score: 93/100 Event Calendar <= 1.1.50 - Subscriber+ Event Creation Affected: *-1.1.50 Patched: 1.1.51 Updated: July 4, 2026
LOW

event-calendar-wd

event-calendar-wd

Score: 93/100 Event Calendar <= 1.1.50 - Reflected Cross-Site Scripting Affected: *-1.1.50 Patched: 1.1.51 Updated: July 4, 2026
LOW

anycomment

anycomment

Score: 93/100 AnyComment <= 0.3.4 - Open Redirect via redirect parameter Affected: [*, 0.3.5) Patched: 0.3.5 Updated: July 4, 2026
LOW

tarteaucitronjs

tarteaucitronjs

Score: N/A tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting Affected: *-1.6 Patched: 1.6.1 Updated: July 4, 2026
LOW

page-builder-add

page-builder-add

Score: 93/100 Landing Page Builder <= 1.4.9.5 - Reflected Cross-Site Scripting Affected: *-1.4.9.5 Patched: 1.4.9.6 Updated: July 4, 2026
LOW

crisp

crisp

Score: 93/100 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.31 Patched: 0.32 Updated: July 4, 2026
LOW

image-hover-effects-ultimate

image-hover-effects-ultimate

Score: 91/100 Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update Affected: *-9.6.1 Patched: 9.6.2 Updated: July 4, 2026
LOW

accelerated-mobile-pages

accelerated-mobile-pages

Score: 97/100 AMP for WP <= 1.0.77.32 - Authenticated Stored Cross-Site Scripting Affected: *-1.0.77.32 Patched: 1.0.77.33 Updated: July 4, 2026
LOW

post-grid

post-grid

Score: N/A Post Grid <= 2.1.12 - Contributor+ SQL Injection Affected: [*, 2.1.13) Patched: 2.1.13 Updated: July 4, 2026
LOW

woo-myghpay-payment-gateway

woo-myghpay-payment-gateway

Score: N/A WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 4, 2026
LOW

simple-responsive-image-gallery

simple-responsive-image-gallery

Score: N/A Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 4, 2026
LOW

seo-local-rank

seo-local-rank

Score: N/A True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read Affected: *-2.2.2 Patched: 2.2.4 Updated: July 4, 2026
LOW

duofaq-responsive-flat-simple-faq

duofaq-responsive-flat-simple-faq

Score: 91/100 duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 - Reflected Cross-Site Scripting Affected: *-1.4.8 Patched: Updated: July 4, 2026
LOW

woocommerce-currency-switcher

woocommerce-currency-switcher

Score: N/A WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting Affected: *-1.3.7.2 Patched: 1.3.7.3 Updated: July 4, 2026
LOW

woo-enviopack

woo-enviopack

Score: N/A WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

theplus_elementor_addon

theplus_elementor_addon

Score: N/A The Plus Addons for Elementor Pro <= 5.0.6 - Sensitive Data Disclosure Affected: [*, 5.0.7) Patched: 5.0.7 Updated: July 4, 2026
LOW

theplus_elementor_addon

theplus_elementor_addon

Score: N/A The Plus Addons for Elementor - Pro <= 5.0.6 - SQL Injection Affected: [*, 5.0.7) Patched: 5.0.7 Updated: July 4, 2026
LOW

real-wysiwyg

real-wysiwyg

Score: N/A Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting Affected: *-0.0.2 Patched: Updated: July 4, 2026
LOW

parsian-bank-gateway-for-woocommerce

parsian-bank-gateway-for-woocommerce

Score: 91/100 Parsian Bank Gateway for Woocommerce <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

out-of-the-box

out-of-the-box

Score: 93/100 Out-of-the-Box <= 1.20.2 - Reflected Cross-Site Scripting Affected: [*, 1.20.3) Patched: 1.20.3 Updated: July 4, 2026
LOW

magic-post-voice

magic-post-voice

Score: 91/100 Magic Post Voice <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

link-list-manager

link-list-manager

Score: 91/100 link-list-manager <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

lets-box

lets-box

Score: 93/100 Lets-Box < 1.15.3 - Reflected Cross-Site Scripting Affected: [*, 1.15.3) Patched: 1.15.3 Updated: July 4, 2026
LOW

htaccess-redirect

htaccess-redirect

Score: 91/100 .htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting Affected: *-0.3.1 Patched: Updated: July 4, 2026
LOW

h5p-css-editor

h5p-css-editor

Score: 91/100 H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

accelerated-mobile-pages

accelerated-mobile-pages

Score: 97/100 AMP for WP – Accelerated Mobile Pages <= 1.0.77.31 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.77.31 Patched: 1.0.77.32 Updated: July 4, 2026
LOW

WP Booking System – Booking Calendar

wp-booking-system

Score: N/A WP Booking System – Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting Affected: [*, 2.0.15) Patched: 2.0.15 Updated: July 4, 2026
LOW

tarteaucitronjs

tarteaucitronjs

Score: N/A tarteaucitron.js – Cookies legislation & GDPR <= 1.5.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.5.4 Patched: 1.6 Updated: July 4, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery Affected: *-1.3.3 Patched: 1.3.4 Updated: July 4, 2026
LOW

Fathom Analytics for WP

fathom-analytics

Score: 93/100 Fathom Analytics <= 3.0.4 - Stored Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: July 4, 2026
LOW

gmap-embed

gmap-embed

Score: 93/100 WP Google Map <= 1.8.0 - Missing Authorization Affected: *-1.8.0 Patched: 1.8.1 Updated: July 4, 2026
LOW

gmap-embed

gmap-embed

Score: 93/100 WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update Affected: *-1.8.0 Patched: 1.8.1 Updated: July 4, 2026
LOW

capability-manager-enhanced

capability-manager-enhanced

Score: 93/100 PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update Affected: [*, 2.3.1) Patched: 2.3.1 Updated: July 4, 2026
LOW

wd-instagram-feed

wd-instagram-feed

Score: N/A 10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting Affected: *-1.4.28 Patched: 1.4.29 Updated: July 4, 2026
LOW

wpcalc

wpcalc

Score: N/A WPcalc – Create any online calculators <= 2.1 - SQL Injection Affected: *-2.1 Patched: Updated: July 4, 2026
LOW

woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips

Score: N/A WooCommerce PDF Invoices & Packing Slips <= 2.10.4 - Reflected Cross-Site Scripting via tab and section parameter Affected: [*, 2.10.5) Patched: 2.10.5 Updated: July 4, 2026
LOW

use-your-drive

use-your-drive

Score: N/A Use-Your-Drive < 1.18.3 - Reflected Cross-Site Scripting Affected: [*, 1.18.3) Patched: 1.18.3 Updated: July 4, 2026
LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting Affected: [*, 1.16.66) Patched: 1.16.66 Updated: July 4, 2026
LOW

tabbed

tabbed

Score: N/A Tab – Accordion, FAQ < 1.3.2 - Unauthenticated Arbitrary Tab Modification Affected: [*, 1.3.2) Patched: 1.3.2 Updated: July 4, 2026
LOW

stars-rating

stars-rating

Score: N/A Stars Rating <= 3.5.0 - Denial of Service Affected: [*, 3.5.1) Patched: 3.5.1 Updated: July 4, 2026
LOW

Site Reviews

site-reviews

Score: N/A Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.17.2 Patched: 5.17.3 Updated: July 4, 2026
LOW

share-one-drive

share-one-drive

Score: N/A Share-one-Drive <= 1.15.2 - Reflected Cross-Site Scripting Affected: [*, 1.15.3) Patched: 1.15.3 Updated: July 4, 2026
LOW

powerpack-lite-for-elementor

powerpack-lite-for-elementor

Score: N/A PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting Affected: *-2.6.1 Patched: 2.6.2 Updated: July 4, 2026
LOW

events-made-easy

events-made-easy

Score: 91/100 Events Made Easy <= 2.2.35 - Subscriber+ SQL Injection Affected: *-2.2.35 Patched: 2.2.36 Updated: July 4, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting Affected: [*, 3.8.4) Patched: 3.8.4 Updated: July 4, 2026
LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting Affected: *-8.9.1 Patched: 8.9.2 Updated: July 4, 2026
LOW

wp-coder

wp-coder

Score: N/A WP Coder <= 2.5.1 - Remote File Inclusion leading to Remote Code Execution via Cross-Site Request Forgery Affected: *-2.5.1 Patched: 2.5.2 Updated: July 4, 2026
LOW

modal-window

modal-window

Score: 93/100 Modal Window – create popup modal window <= 5.2.1 - Cross-Site Request Forgery to Remote Code Execution Affected: [*, 5.2.2) Patched: 5.2.2 Updated: July 4, 2026
LOW

button-generation

button-generation

Score: 93/100 Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: July 4, 2026
LOW

modern-events-calendar-lite

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar Lite <= 6.1.6 - Subscriber+ Category Add Leading to Stored Cross-Site Scripting Affected: *-6.1.6 Patched: 6.2.0 Updated: July 4, 2026
LOW

post-duplicator

post-duplicator

Score: N/A Post Duplicator <= 2.23 - Cross-Site Scripting Affected: [*, 2.24) Patched: 2.24 Updated: July 4, 2026
LOW

customize-login-image

customize-login-image

Score: 93/100 Customize Login Image <= 3.4 - Cross-Site Scripting Affected: *-3.4 Patched: 3.5 Updated: July 4, 2026
LOW

advanced-custom-fields-pro

advanced-custom-fields-pro

Score: 97/100 Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes Affected: [*, 5.11) Patched: 5.11 Updated: July 4, 2026
LOW

advanced-custom-fields-pro

advanced-custom-fields-pro

Score: 97/100 Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure Affected: [*, 5.11) Patched: 5.11 Updated: July 4, 2026
LOW

advanced-custom-fields-pro

advanced-custom-fields-pro

Score: 97/100 Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure Affected: [*, 5.11) Patched: 5.11 Updated: July 4, 2026
LOW

advanced-custom-fields

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes Affected: [*, 5.11) Patched: 5.11 Updated: July 4, 2026
LOW

advanced-custom-fields

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure Affected: [*, 5.11) Patched: 5.11 Updated: July 4, 2026
LOW

advanced-custom-fields

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure Affected: [*, 5.11) Patched: 5.11 Updated: July 4, 2026
LOW

product-variation-swatches-for-woocommerce

product-variation-swatches-for-woocommerce

Score: N/A Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 4, 2026
LOW

CAOS | Host Google Analytics Locally

host-analyticsjs-local

Score: 96/100 CAOS <= 4.1.8 - Admin+ Arbitrary Folder Deletion via Path Traversal Affected: *-4.1.8 Patched: 4.1.9 Updated: July 4, 2026
LOW

video-conferencing-with-zoom-api

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom < 3.8.16 - Reflected Cross-Site Scripting Affected: [*, 3.8.16) Patched: 3.8.16 Updated: July 4, 2026
LOW

LiteSpeed Cache

litespeed-cache

Score: 69/100 LiteSpeed Cache <= 4.4.3 - Reflected Cross-Site Scripting via qc_res Affected: 1.0.15-4.4.3 Patched: 4.4.4 Updated: July 4, 2026
LOW

LiteSpeed Cache

litespeed-cache

Score: 69/100 LiteSpeed Cache <= 4.4.3 - Authorization Bypass Affected: 1.0.15-4.4.3 Patched: 4.4.4 Updated: July 4, 2026
LOW

contact-form-with-captcha

contact-form-with-captcha

Score: 91/100 Contact Form With Captcha <= 1.6.7 - Cross-Site Request Forgery Affected: *-1.6.7 Patched: 1.6.8 Updated: July 4, 2026
LOW

wpremote

wpremote

Score: N/A The WP Remote WordPress Plugin <= 4.64 - Reflected Cross-Site Scripting Affected: *-4.64 Patched: 4.65 Updated: July 4, 2026
LOW

wp-rss-aggregator

wp-rss-aggregator

Score: N/A WP RSS Aggregator <= 4.19.2 - Subscriber+ Stored Cross-Site Scripting Affected: [*, 4.19.3) Patched: 4.19.3 Updated: July 4, 2026
LOW

WP Mail Logging

wp-mail-logging

Score: 87/100 WP Mail Logging < 1.10.0 - Unauthenticated Arbitrary Settings Change Affected: [*, 1.10.0) Patched: 1.10.0 Updated: July 4, 2026
LOW

typebot

typebot

Score: N/A Typebot | Build beautiful conversational forms < 1.4.3 - Authenticated (Admin+) Cross-Site Scripting Affected: [*, 1.4.3) Patched: 1.4.3 Updated: July 4, 2026
LOW

stetic

stetic

Score: N/A Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 4, 2026
LOW

rich-reviews

rich-reviews

Score: N/A Rich Reviews by Starfish <= 1.9.5 - SQL Injection Affected: [*, 1.9.6) Patched: 1.9.6 Updated: July 4, 2026

Showing 30501 to 30600 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 18:13 UTC.