Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
molie-instructure-canvas-linking-tool molie-instructure-canvas-linking-tool
89
MOLIE <= 0.5 - SQL Injection LOW *-0.5 July 4, 2026
molie-instructure-canvas-linking-tool molie-instructure-canvas-linking-tool
89
MOLIE – Instructure Canvas Linking tool <= 0.5 - Reflected Cross-Site Scripting LOW *-0.5 July 4, 2026
lead-form-builder lead-form-builder
93
Contact Form & Lead Form Elementor Builder <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting LOW *-1.6.3 1.6.4 July 4, 2026
Download Manager download-manager
63
WordPress Download Manager <= 3.2.21 - Cross-Site Scripting LOW [*, 3.2.22) 3.2.22 July 4, 2026
correos-express correos-express
91
CorreosExpress <= 2.6.0 - Sensitive Data Exposure LOW *-2.6.0 July 4, 2026
buttonizer-multifunctional-button buttonizer-multifunctional-button
93
Buttonizer - Smart Floating Action Button <= 2.5.4 - Admin+ Stored Cross-Site Scripting LOW *-2.5.4 2.5.5 July 4, 2026
asgaros-forum asgaros-forum
97
Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting LOW *-1.15.13 1.15.14 July 4, 2026
social-networks-auto-poster-facebook-twitter-g social-networks-auto-poster-facebook-twitter-g N/A NextScripts: Social Networks Auto-Poster <= 4.3.20 - Reflected Cross-Site Scripting LOW *-4.3.20 4.3.21 July 4, 2026
awesome-support awesome-support
93
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.0.6 - Reflected Cross-Site Scripting LOW *-6.0.6 6.0.7 July 4, 2026
browser-and-operating-system-finder browser-and-operating-system-finder
91
Browser and Operating System Finder <= 1.1 - Cross-Site Request Forgery LOW [*, 1.2) 1.2 July 4, 2026
hide_my_wp hide_my_wp
91
Hide My WP <= 6.2.3 - Authorization Bypass LOW *-6.2.3 6.2.4 July 4, 2026
hide_my_wp hide_my_wp
91
Hide My WP <= 6.2.3 - SQL Injection LOW *-6.2.3 6.2.4 July 4, 2026
wpfront-user-role-editor wpfront-user-role-editor N/A WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting LOW [*, 3.2.1.11184) 3.2.1.11184 July 4, 2026
wpfront-user-role-editor wpfront-user-role-editor N/A WPFront User Role Editor <= 3.2.0 - Reflected Cross-Site Scripting LOW *-3.2.0 3.2.1 July 4, 2026
tickera-event-ticketing-system tickera-event-ticketing-system N/A Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting LOW *-3.4.8.2 3.4.8.3 July 4, 2026
paid-memberships-pro paid-memberships-pro
93
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting LOW [*, 2.6.6) 2.6.6 July 4, 2026
idpay-contact-form-7 idpay-contact-form-7
93
IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting LOW *-2.1.2 2.3.2 July 4, 2026
html5-responsive-faq html5-responsive-faq
91
HTML5 Responsive FAQ <= 2.8.5 - Authenticated Stored Cross-Site Scripting LOW *-2.8.5 July 4, 2026
gwolle-gb gwolle-gb
93
Gwolle Guestbook <= 4.1.2 - Reflected Cross-Site Scripting LOW *-4.1.2 4.2 July 4, 2026
cybersoldier cybersoldier
93
Cybersoldier < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.7.0) 1.7.0 July 4, 2026
wp-guppy wp-guppy N/A WP Guppy < 1.3 - Information Disclosure LOW [*, 1.3) 1.3 July 4, 2026
wc-multivendor-marketplace wc-multivendor-marketplace N/A WCFM - WooCommerce Multivendor Marketplace <= 3.4.11 - Unauthenticated SQL Injection LOW *-3.4.11 3.4.12 July 4, 2026
simple-slider simple-slider N/A Simple Slider < 1.1 - Reflected Cross-Site Scripting LOW [*, 1.1) 1.1 July 4, 2026
ni-woocommerce-custom-order-status ni-woocommerce-custom-order-status
93
Ni WooCommerce Custom Order Status <= 1.9.6 - SQL Injection LOW *-1.9.6 1.9.7 July 4, 2026
logo-carousel-free logo-carousel-free
93
Logo Carousel <= 3.4.1 - Unauthorised Private Post Access LOW *-3.4.1 3.4.2 July 4, 2026
logo-carousel-free logo-carousel-free
93
Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting LOW *-3.4.1 3.4.2 July 4, 2026
kudos-donations kudos-donations
93
Kudos Donations – Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery LOW [*, 3.1.2) 3.1.2 July 4, 2026
kiwi-logo-carousel kiwi-logo-carousel
93
Logo Carousel < 1.7.2 - Stored Cross-Site Scripting LOW [*, 1.7.2) 1.7.2 July 4, 2026
icegram icegram
93
Icegram <= 2.0.4 - Reflected Cross-Site Scripting via message_id LOW [*, 2.0.5) 2.0.5 July 4, 2026
exportfeed-list-woocommerce-products-on-ebay-store exportfeed-list-woocommerce-products-on-ebay-store
91
ExportFeed <= 2.0.1.0 - SQL Injection LOW *-2.0.1.0 July 4, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
Everest Forms <= 1.7.9 - Reflected Cross-Site Scripting LOW [*, 1.8.0) 1.8.0 July 4, 2026
blog2social blog2social
93
Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting LOW *-6.8.6 6.8.7 July 4, 2026
ninja-forms-uploads ninja-forms-uploads
93
Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting LOW *-3.3.12 3.3.13 July 4, 2026
child-theme-generator child-theme-generator
89
Child Theme Generator <= 2.2.7 Cross-Site Request Forgery to Arbitrary Folder Deletion LOW *-2.2.7 July 4, 2026
easy-registration-forms easy-registration-forms
87
Easy Registration Forms <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.1 July 4, 2026
woo-preview-emails woo-preview-emails N/A Preview E-Mails for WooCommerce <= 1.6.8 - Reflected Cross-Site Scripting LOW *-1.6.8 2.0.0 July 4, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration wp-user-frontend N/A WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress < 3.5.25 - Authenticated (Admin+) SQL Injection LOW [*, 3.5.25) 3.5.25 July 4, 2026
facebook-conversion-pixel facebook-conversion-pixel
93
Pixel Cat – Conversion Pixel Manager <= 2.6.3 - Reflected Cross-Site Scripting LOW *-2.6.3 2.6.4 July 4, 2026
child-theme-generator child-theme-generator
89
Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting LOW *-2.2.7 July 4, 2026
easy-login-woocommerce easy-login-woocommerce
93
Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.1 - Reflected Cross-Site Scripting LOW *-2.1 2.2 July 4, 2026
Backup Migration backup-backup
61
Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.5 1.1.6 July 4, 2026
sportspress sportspress N/A SportsPress <= 2.7.8 - Reflected Cross-Site Scripting LOW *-2.7.8 2.7.9 July 4, 2026
smart-product-review smart-product-review N/A Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload LOW *-1.0.4 1.0.5 July 4, 2026
push-notifications-for-wp push-notifications-for-wp N/A Push Notifications for WordPress (Lite) < 6.0.1 - Cross-Site Request Forgery LOW [*, 6.0.1) 6.0.1 July 4, 2026
mortgage-loan-calculator mortgage-loan-calculator
91
Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting LOW [*, 1.5.17) 1.5.17 July 4, 2026
directorist directorist
93
Directorist <= 7.0.6.1 - Cross-Site Request Forgery to Arbitrary File Upload LOW *-7.0.6.1 7.0.6.2 July 4, 2026
wp-user-avatar wp-user-avatar N/A ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting LOW [*, 3.2.3) 3.2.3 July 4, 2026
wp-user-avatar wp-user-avatar N/A ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting via ppress_cc_data Parameter LOW [*, 3.2.3) 3.2.3 July 4, 2026
wp-limits wp-limits N/A Wp Limits <= 1.0 - Cross-Site Request Forgery LOW *-1.0 July 4, 2026
wp-admin-logo-changer wp-admin-logo-changer N/A WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via Cross-Site Request Forgery LOW *-1.0 July 4, 2026
winterlock winterlock N/A WP System Log < 1.0.21 - Cross-Site Scripting LOW [*, 1.0.21) 1.0.21 July 4, 2026
user-meta-shortcodes user-meta-shortcodes N/A User meta shortcodes <= 0.5 - Improper Access Control LOW *-0.5 July 4, 2026
totop-link totop-link N/A ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection LOW *-1.7.1 July 4, 2026
titan-labs-security-audit titan-labs-security-audit N/A Security Audit <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting LOW *-1.0.0 July 4, 2026
temporary-login-without-password temporary-login-without-password N/A Temporary Login Without Password <= 1.7.0 - Subscriber+ Plugin Settings Update LOW *-1.7.0 1.7.1 July 4, 2026
stopbadbots stopbadbots N/A WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection LOW [*, 6.67) 6.67 July 4, 2026
single-post-exporter single-post-exporter N/A Single Post Exporter <= 1.1.1 - Cross-Site Request Forgery LOW *-1.1.1 July 4, 2026
shiny-buttons shiny-buttons N/A Shiny Buttons – CSS3 Button Generator for WordPress <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.1.0 July 4, 2026
seo-booster seo-booster N/A SEO Booster <= 3.7 - Admin+ SQL Injection LOW *-3.7 3.8 July 4, 2026
quotes-collection quotes-collection N/A Quotes Collection <= 2.5.2 - Authenticated (Admin+) SQL Injection LOW *-2.5.2 July 4, 2026
pagepost-content-shortcode pagepost-content-shortcode
91
Page/Post Content Shortcode <= 1.0 - Missing Authorization LOW *-1.0 July 4, 2026
nofollow nofollow
91
Ultimate NoFollow <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.8 July 4, 2026
modern-events-calendar-lite modern-events-calendar-lite
93
Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter LOW [*, 6.1.5) 6.1.5 July 4, 2026
modern-events-calendar-lite modern-events-calendar-lite
93
Modern Events Calendar Lite <= 6.1.0 - Reflected Cross-Site Scripting via current_month_divider parameter LOW *-6.1.0 6.1.5 July 4, 2026
mediamatic mediamatic
87
Mediamatic – Media Library Folders <= 2.8.0 - SQL Injection LOW *-2.8.0 2.8.1 July 4, 2026
inspirational-quote-rotator inspirational-quote-rotator
91
Inspirational Quote Rotator <= 1.0.0 - Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
improved-include-page improved-include-page
91
Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access LOW *-1.2 July 4, 2026
fsflex-local-fonts fsflex-local-fonts
91
Flex Local Fonts <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
filter-portfolio-gallery filter-portfolio-gallery
91
Filter Portfolio Gallery <= 1.5 - Cross-Site Request Forgery LOW *-1.5 July 4, 2026
facebook-conversion-pixel facebook-conversion-pixel
93
Pixel Cat Lite <= 2.6.2 - Admin+ Stored Cross-Site Scripting LOW *-2.6.2 2.6.3 July 4, 2026
facebook-conversion-pixel facebook-conversion-pixel
93
Pixel Cat – Conversion Pixel Manager <= 2.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.6.1 2.6.2 July 4, 2026
display-post-metadata display-post-metadata
93
Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting LOW [*, 1.5.0) 1.5.0 July 4, 2026
contact-form-advanced-database contact-form-advanced-database
91
Contact Form Advanced Database <= 1.0.8 - Missing Authorization LOW *-1.0.8 July 4, 2026
auto-post-thumbnail auto-post-thumbnail
93
Auto Featured Image <= 3.9.2 - Reflected Cross-Site Scripting LOW *-3.9.2 3.9.3 July 4, 2026
All-in-One Video Gallery all-in-one-video-gallery
70
All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion LOW *-2.4.9 2.5.0 July 4, 2026
nex-forms-express-wp-form-builder nex-forms-express-wp-form-builder
93
NEX-Forms – Ultimate Form Builder <= 8.4.2 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-8.4.2 8.4.3 July 4, 2026
Database for Contact Form 7, WPforms, Elementor forms contact-form-entries
84
Contact Form Entries <= 1.2.3 - Reflected Cross-Site Scripting LOW *-1.2.3 1.2.4 July 4, 2026
WP Popular Posts wordpress-popular-posts N/A WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload LOW *-5.3.2 5.3.3 July 4, 2026
flash-album-gallery flash-album-gallery
91
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 6.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-6.1.2 July 4, 2026
Database Addon for Contact Form 7 – CFDB7 contact-form-cfdb7
89
Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery LOW *-1.2.5.9 1.2.6.1 July 4, 2026
Database Addon for Contact Form 7 – CFDB7 contact-form-cfdb7
89
Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.2.6.1 1.2.6.2 July 4, 2026
contact-form-to-email contact-form-to-email
93
Contact Form Email <= 1.3.24 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.24 1.3.25 July 4, 2026
likebtn-like-button likebtn-like-button
93
Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure LOW *-2.6.37 2.6.38 July 4, 2026
caldera-forms caldera-forms
93
Caldera forms <= 1.9.4 - Admin+ Stored Cross-Site Scripting LOW [*, 1.9.5) 1.9.5 July 4, 2026
wp-reset wp-reset N/A WP Reset PRO 5.00-5.98 - Cross-Site Request Forgery LOW 5.00-5.98 5.99 July 4, 2026
wp-reset wp-reset N/A WP Reset – Most Advanced WordPress Reset Tool (PRO) 5.00- 5.98 - Missing Authorization to Database Reset LOW 5.00-5.98 5.99 July 4, 2026
meks-easy-instagram-widget meks-easy-instagram-widget
93
Meks Easy Photo Feed Widget < 1.2.4 - Authenticated Stored Cross-Site Scripting LOW [*, 1.2.4) 1.2.4 July 4, 2026
error-log-viewer error-log-viewer
93
Error Log Viewer <= 1.1.1 - Arbitrary File Deletion LOW *-1.1.1 1.1.2 July 4, 2026
Booking Package booking-package
85
Booking Package <= 1.5.10 - Reflected Cross-Site Scripting LOW [*, 1.5.11) 1.5.11 July 4, 2026
learnpress learnpress
93
LearnPress <= 4.1.3 - Authenticated SQL Injection LOW [*, 4.1.4) 4.1.4 July 4, 2026
get-custom-field-values get-custom-field-values
93
Get Custom Field Values <= 4.0.0 - Contributor+ Stored Cross-Site Scripting LOW [*, 4.0.1) 4.0.1 July 4, 2026
get-custom-field-values get-custom-field-values
93
Get Custom Field Values < 4.0 - Arbitrary Post Metadata Access LOW [*, 4.0) 4.0 July 4, 2026
WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards wp-data-access N/A WP Data Access <= 4.3.1 - Admin+ SQL Injection LOW *-4.3.1 5.0.0 July 4, 2026
woocommerce-currency-switcher woocommerce-currency-switcher N/A WooCommerce Currency Switcher <= 1.3.7 - Reflected Cross-Site Scripting LOW *-1.3.7 1.3.7.1 July 4, 2026
tawkto-live-chat tawkto-live-chat N/A Tawk.To Live Chat <= 0.5.4 - Missing Authorization to Visitor Monitoring & Chat Removal LOW [*, 0.6.0) 0.6.0 July 4, 2026
secure-copy-content-protection secure-copy-content-protection N/A Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection LOW *-2.8.1 2.8.2 July 4, 2026
registrations-for-the-events-calendar registrations-for-the-events-calendar N/A Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection LOW [*, 2.7.6) 2.7.6 July 4, 2026
peters-login-redirect peters-login-redirect
93
LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting via rul_login_url, rul_logout_url Parameter LOW [*, 3.0.0.5) 3.0.0.5 July 4, 2026
Email Log email-log
89
Email Log <= 2.4.7 - Reflected Cross-Site Scripting LOW *-2.4.7 2.4.8 July 4, 2026
bookly-responsive-appointment-booking-tool bookly-responsive-appointment-booking-tool
93
Bookly <= 20.3 - Staff Member Stored Cross-Site Scripting LOW *-20.3 20.3.1 July 4, 2026
LOW

molie-instructure-canvas-linking-tool

molie-instructure-canvas-linking-tool

Score: 89/100 MOLIE – Instructure Canvas Linking tool <= 0.5 - Reflected Cross-Site Scripting Affected: *-0.5 Patched: Updated: July 4, 2026
LOW

lead-form-builder

lead-form-builder

Score: 93/100 Contact Form & Lead Form Elementor Builder <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.6.3 Patched: 1.6.4 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 WordPress Download Manager <= 3.2.21 - Cross-Site Scripting Affected: [*, 3.2.22) Patched: 3.2.22 Updated: July 4, 2026
LOW

correos-express

correos-express

Score: 91/100 CorreosExpress <= 2.6.0 - Sensitive Data Exposure Affected: *-2.6.0 Patched: Updated: July 4, 2026
LOW

buttonizer-multifunctional-button

buttonizer-multifunctional-button

Score: 93/100 Buttonizer - Smart Floating Action Button <= 2.5.4 - Admin+ Stored Cross-Site Scripting Affected: *-2.5.4 Patched: 2.5.5 Updated: July 4, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting Affected: *-1.15.13 Patched: 1.15.14 Updated: July 4, 2026
LOW

social-networks-auto-poster-facebook-twitter-g

social-networks-auto-poster-facebook-twitter-g

Score: N/A NextScripts: Social Networks Auto-Poster <= 4.3.20 - Reflected Cross-Site Scripting Affected: *-4.3.20 Patched: 4.3.21 Updated: July 4, 2026
LOW

awesome-support

awesome-support

Score: 93/100 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.0.6 - Reflected Cross-Site Scripting Affected: *-6.0.6 Patched: 6.0.7 Updated: July 4, 2026
LOW

browser-and-operating-system-finder

browser-and-operating-system-finder

Score: 91/100 Browser and Operating System Finder <= 1.1 - Cross-Site Request Forgery Affected: [*, 1.2) Patched: 1.2 Updated: July 4, 2026
LOW

hide_my_wp

hide_my_wp

Score: 91/100 Hide My WP <= 6.2.3 - Authorization Bypass Affected: *-6.2.3 Patched: 6.2.4 Updated: July 4, 2026
LOW

hide_my_wp

hide_my_wp

Score: 91/100 Hide My WP <= 6.2.3 - SQL Injection Affected: *-6.2.3 Patched: 6.2.4 Updated: July 4, 2026
LOW

wpfront-user-role-editor

wpfront-user-role-editor

Score: N/A WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting Affected: [*, 3.2.1.11184) Patched: 3.2.1.11184 Updated: July 4, 2026
LOW

wpfront-user-role-editor

wpfront-user-role-editor

Score: N/A WPFront User Role Editor <= 3.2.0 - Reflected Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: July 4, 2026
LOW

tickera-event-ticketing-system

tickera-event-ticketing-system

Score: N/A Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.4.8.2 Patched: 3.4.8.3 Updated: July 4, 2026
LOW

paid-memberships-pro

paid-memberships-pro

Score: 93/100 Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting Affected: [*, 2.6.6) Patched: 2.6.6 Updated: July 4, 2026
LOW

idpay-contact-form-7

idpay-contact-form-7

Score: 93/100 IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting Affected: *-2.1.2 Patched: 2.3.2 Updated: July 4, 2026
LOW

html5-responsive-faq

html5-responsive-faq

Score: 91/100 HTML5 Responsive FAQ <= 2.8.5 - Authenticated Stored Cross-Site Scripting Affected: *-2.8.5 Patched: Updated: July 4, 2026
LOW

gwolle-gb

gwolle-gb

Score: 93/100 Gwolle Guestbook <= 4.1.2 - Reflected Cross-Site Scripting Affected: *-4.1.2 Patched: 4.2 Updated: July 4, 2026
LOW

cybersoldier

cybersoldier

Score: 93/100 Cybersoldier < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.7.0) Patched: 1.7.0 Updated: July 4, 2026
LOW

wp-guppy

wp-guppy

Score: N/A WP Guppy < 1.3 - Information Disclosure Affected: [*, 1.3) Patched: 1.3 Updated: July 4, 2026
LOW

wc-multivendor-marketplace

wc-multivendor-marketplace

Score: N/A WCFM - WooCommerce Multivendor Marketplace <= 3.4.11 - Unauthenticated SQL Injection Affected: *-3.4.11 Patched: 3.4.12 Updated: July 4, 2026
LOW

simple-slider

simple-slider

Score: N/A Simple Slider < 1.1 - Reflected Cross-Site Scripting Affected: [*, 1.1) Patched: 1.1 Updated: July 4, 2026
LOW

ni-woocommerce-custom-order-status

ni-woocommerce-custom-order-status

Score: 93/100 Ni WooCommerce Custom Order Status <= 1.9.6 - SQL Injection Affected: *-1.9.6 Patched: 1.9.7 Updated: July 4, 2026
LOW

logo-carousel-free

logo-carousel-free

Score: 93/100 Logo Carousel <= 3.4.1 - Unauthorised Private Post Access Affected: *-3.4.1 Patched: 3.4.2 Updated: July 4, 2026
LOW

logo-carousel-free

logo-carousel-free

Score: 93/100 Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: July 4, 2026
LOW

kudos-donations

kudos-donations

Score: 93/100 Kudos Donations – Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery Affected: [*, 3.1.2) Patched: 3.1.2 Updated: July 4, 2026
LOW

kiwi-logo-carousel

kiwi-logo-carousel

Score: 93/100 Logo Carousel < 1.7.2 - Stored Cross-Site Scripting Affected: [*, 1.7.2) Patched: 1.7.2 Updated: July 4, 2026
LOW

icegram

icegram

Score: 93/100 Icegram <= 2.0.4 - Reflected Cross-Site Scripting via message_id Affected: [*, 2.0.5) Patched: 2.0.5 Updated: July 4, 2026
LOW

blog2social

blog2social

Score: 93/100 Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting Affected: *-6.8.6 Patched: 6.8.7 Updated: July 4, 2026
LOW

ninja-forms-uploads

ninja-forms-uploads

Score: 93/100 Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting Affected: *-3.3.12 Patched: 3.3.13 Updated: July 4, 2026
LOW

child-theme-generator

child-theme-generator

Score: 89/100 Child Theme Generator <= 2.2.7 Cross-Site Request Forgery to Arbitrary Folder Deletion Affected: *-2.2.7 Patched: Updated: July 4, 2026
LOW

easy-registration-forms

easy-registration-forms

Score: 87/100 Easy Registration Forms <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: July 4, 2026
LOW

woo-preview-emails

woo-preview-emails

Score: N/A Preview E-Mails for WooCommerce <= 1.6.8 - Reflected Cross-Site Scripting Affected: *-1.6.8 Patched: 2.0.0 Updated: July 4, 2026
LOW

facebook-conversion-pixel

facebook-conversion-pixel

Score: 93/100 Pixel Cat – Conversion Pixel Manager <= 2.6.3 - Reflected Cross-Site Scripting Affected: *-2.6.3 Patched: 2.6.4 Updated: July 4, 2026
LOW

child-theme-generator

child-theme-generator

Score: 89/100 Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting Affected: *-2.2.7 Patched: Updated: July 4, 2026
LOW

easy-login-woocommerce

easy-login-woocommerce

Score: 93/100 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 4, 2026
LOW

Backup Migration

backup-backup

Score: 61/100 Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: July 4, 2026
LOW

sportspress

sportspress

Score: N/A SportsPress <= 2.7.8 - Reflected Cross-Site Scripting Affected: *-2.7.8 Patched: 2.7.9 Updated: July 4, 2026
LOW

smart-product-review

smart-product-review

Score: N/A Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload Affected: *-1.0.4 Patched: 1.0.5 Updated: July 4, 2026
LOW

push-notifications-for-wp

push-notifications-for-wp

Score: N/A Push Notifications for WordPress (Lite) < 6.0.1 - Cross-Site Request Forgery Affected: [*, 6.0.1) Patched: 6.0.1 Updated: July 4, 2026
LOW

mortgage-loan-calculator

mortgage-loan-calculator

Score: 91/100 Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting Affected: [*, 1.5.17) Patched: 1.5.17 Updated: July 4, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 7.0.6.1 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-7.0.6.1 Patched: 7.0.6.2 Updated: July 4, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting Affected: [*, 3.2.3) Patched: 3.2.3 Updated: July 4, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting via ppress_cc_data Parameter Affected: [*, 3.2.3) Patched: 3.2.3 Updated: July 4, 2026
LOW

wp-limits

wp-limits

Score: N/A Wp Limits <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-admin-logo-changer

wp-admin-logo-changer

Score: N/A WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

winterlock

winterlock

Score: N/A WP System Log < 1.0.21 - Cross-Site Scripting Affected: [*, 1.0.21) Patched: 1.0.21 Updated: July 4, 2026
LOW

user-meta-shortcodes

user-meta-shortcodes

Score: N/A User meta shortcodes <= 0.5 - Improper Access Control Affected: *-0.5 Patched: Updated: July 4, 2026
LOW

totop-link

totop-link

Score: N/A ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection Affected: *-1.7.1 Patched: Updated: July 4, 2026
LOW

titan-labs-security-audit

titan-labs-security-audit

Score: N/A Security Audit <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

temporary-login-without-password

temporary-login-without-password

Score: N/A Temporary Login Without Password <= 1.7.0 - Subscriber+ Plugin Settings Update Affected: *-1.7.0 Patched: 1.7.1 Updated: July 4, 2026
LOW

stopbadbots

stopbadbots

Score: N/A WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection Affected: [*, 6.67) Patched: 6.67 Updated: July 4, 2026
LOW

single-post-exporter

single-post-exporter

Score: N/A Single Post Exporter <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: Updated: July 4, 2026
LOW

shiny-buttons

shiny-buttons

Score: N/A Shiny Buttons – CSS3 Button Generator for WordPress <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

seo-booster

seo-booster

Score: N/A SEO Booster <= 3.7 - Admin+ SQL Injection Affected: *-3.7 Patched: 3.8 Updated: July 4, 2026
LOW

quotes-collection

quotes-collection

Score: N/A Quotes Collection <= 2.5.2 - Authenticated (Admin+) SQL Injection Affected: *-2.5.2 Patched: Updated: July 4, 2026
LOW

pagepost-content-shortcode

pagepost-content-shortcode

Score: 91/100 Page/Post Content Shortcode <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

nofollow

nofollow

Score: 91/100 Ultimate NoFollow <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.8 Patched: Updated: July 4, 2026
LOW

modern-events-calendar-lite

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter Affected: [*, 6.1.5) Patched: 6.1.5 Updated: July 4, 2026
LOW

modern-events-calendar-lite

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar Lite <= 6.1.0 - Reflected Cross-Site Scripting via current_month_divider parameter Affected: *-6.1.0 Patched: 6.1.5 Updated: July 4, 2026
LOW

mediamatic

mediamatic

Score: 87/100 Mediamatic – Media Library Folders <= 2.8.0 - SQL Injection Affected: *-2.8.0 Patched: 2.8.1 Updated: July 4, 2026
LOW

inspirational-quote-rotator

inspirational-quote-rotator

Score: 91/100 Inspirational Quote Rotator <= 1.0.0 - Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

improved-include-page

improved-include-page

Score: 91/100 Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

fsflex-local-fonts

fsflex-local-fonts

Score: 91/100 Flex Local Fonts <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

filter-portfolio-gallery

filter-portfolio-gallery

Score: 91/100 Filter Portfolio Gallery <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: July 4, 2026
LOW

facebook-conversion-pixel

facebook-conversion-pixel

Score: 93/100 Pixel Cat Lite <= 2.6.2 - Admin+ Stored Cross-Site Scripting Affected: *-2.6.2 Patched: 2.6.3 Updated: July 4, 2026
LOW

facebook-conversion-pixel

facebook-conversion-pixel

Score: 93/100 Pixel Cat – Conversion Pixel Manager <= 2.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.6.1 Patched: 2.6.2 Updated: July 4, 2026
LOW

display-post-metadata

display-post-metadata

Score: 93/100 Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting Affected: [*, 1.5.0) Patched: 1.5.0 Updated: July 4, 2026
LOW

contact-form-advanced-database

contact-form-advanced-database

Score: 91/100 Contact Form Advanced Database <= 1.0.8 - Missing Authorization Affected: *-1.0.8 Patched: Updated: July 4, 2026
LOW

auto-post-thumbnail

auto-post-thumbnail

Score: 93/100 Auto Featured Image <= 3.9.2 - Reflected Cross-Site Scripting Affected: *-3.9.2 Patched: 3.9.3 Updated: July 4, 2026
LOW

All-in-One Video Gallery

all-in-one-video-gallery

Score: 70/100 All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion Affected: *-2.4.9 Patched: 2.5.0 Updated: July 4, 2026
LOW

nex-forms-express-wp-form-builder

nex-forms-express-wp-form-builder

Score: 93/100 NEX-Forms – Ultimate Form Builder <= 8.4.2 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-8.4.2 Patched: 8.4.3 Updated: July 4, 2026
LOW

WP Popular Posts

wordpress-popular-posts

Score: N/A WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload Affected: *-5.3.2 Patched: 5.3.3 Updated: July 4, 2026
LOW

flash-album-gallery

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 6.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-6.1.2 Patched: Updated: July 4, 2026
LOW

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Score: 89/100 Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery Affected: *-1.2.5.9 Patched: 1.2.6.1 Updated: July 4, 2026
LOW

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Score: 89/100 Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.6.1 Patched: 1.2.6.2 Updated: July 4, 2026
LOW

contact-form-to-email

contact-form-to-email

Score: 93/100 Contact Form Email <= 1.3.24 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.24 Patched: 1.3.25 Updated: July 4, 2026
LOW

likebtn-like-button

likebtn-like-button

Score: 93/100 Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure Affected: *-2.6.37 Patched: 2.6.38 Updated: July 4, 2026
LOW

caldera-forms

caldera-forms

Score: 93/100 Caldera forms <= 1.9.4 - Admin+ Stored Cross-Site Scripting Affected: [*, 1.9.5) Patched: 1.9.5 Updated: July 4, 2026
LOW

wp-reset

wp-reset

Score: N/A WP Reset PRO 5.00-5.98 - Cross-Site Request Forgery Affected: 5.00-5.98 Patched: 5.99 Updated: July 4, 2026
LOW

wp-reset

wp-reset

Score: N/A WP Reset – Most Advanced WordPress Reset Tool (PRO) 5.00- 5.98 - Missing Authorization to Database Reset Affected: 5.00-5.98 Patched: 5.99 Updated: July 4, 2026
LOW

meks-easy-instagram-widget

meks-easy-instagram-widget

Score: 93/100 Meks Easy Photo Feed Widget < 1.2.4 - Authenticated Stored Cross-Site Scripting Affected: [*, 1.2.4) Patched: 1.2.4 Updated: July 4, 2026
LOW

error-log-viewer

error-log-viewer

Score: 93/100 Error Log Viewer <= 1.1.1 - Arbitrary File Deletion Affected: *-1.1.1 Patched: 1.1.2 Updated: July 4, 2026
LOW

Booking Package

booking-package

Score: 85/100 Booking Package <= 1.5.10 - Reflected Cross-Site Scripting Affected: [*, 1.5.11) Patched: 1.5.11 Updated: July 4, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.1.3 - Authenticated SQL Injection Affected: [*, 4.1.4) Patched: 4.1.4 Updated: July 4, 2026
LOW

get-custom-field-values

get-custom-field-values

Score: 93/100 Get Custom Field Values <= 4.0.0 - Contributor+ Stored Cross-Site Scripting Affected: [*, 4.0.1) Patched: 4.0.1 Updated: July 4, 2026
LOW

get-custom-field-values

get-custom-field-values

Score: 93/100 Get Custom Field Values < 4.0 - Arbitrary Post Metadata Access Affected: [*, 4.0) Patched: 4.0 Updated: July 4, 2026
LOW

woocommerce-currency-switcher

woocommerce-currency-switcher

Score: N/A WooCommerce Currency Switcher <= 1.3.7 - Reflected Cross-Site Scripting Affected: *-1.3.7 Patched: 1.3.7.1 Updated: July 4, 2026
LOW

tawkto-live-chat

tawkto-live-chat

Score: N/A Tawk.To Live Chat <= 0.5.4 - Missing Authorization to Visitor Monitoring & Chat Removal Affected: [*, 0.6.0) Patched: 0.6.0 Updated: July 4, 2026
LOW

secure-copy-content-protection

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection Affected: *-2.8.1 Patched: 2.8.2 Updated: July 4, 2026
LOW

registrations-for-the-events-calendar

registrations-for-the-events-calendar

Score: N/A Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection Affected: [*, 2.7.6) Patched: 2.7.6 Updated: July 4, 2026
LOW

peters-login-redirect

peters-login-redirect

Score: 93/100 LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting via rul_login_url, rul_logout_url Parameter Affected: [*, 3.0.0.5) Patched: 3.0.0.5 Updated: July 4, 2026
LOW

Email Log

email-log

Score: 89/100 Email Log <= 2.4.7 - Reflected Cross-Site Scripting Affected: *-2.4.7 Patched: 2.4.8 Updated: July 4, 2026
LOW

bookly-responsive-appointment-booking-tool

bookly-responsive-appointment-booking-tool

Score: 93/100 Bookly <= 20.3 - Staff Member Stored Cross-Site Scripting Affected: *-20.3 Patched: 20.3.1 Updated: July 4, 2026

Showing 30601 to 30700 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 19:13 UTC.