Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
backup-and-restore-for-wp backup-and-restore-for-wp
91
Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion LOW *-1.0.3 July 4, 2026
testimonial-builder testimonial-builder N/A Testimonial Builder <= 1.6.1 - Authenticated Stored Cross-Site Scripting LOW *-1.6.1 1.6.2 July 4, 2026
wp-google-fonts wp-google-fonts N/A WP Google Fonts <= 3.1.4 - Reflected Cross-Site Scripting LOW *-3.1.4 3.1.5 July 4, 2026
visual-form-builder visual-form-builder N/A Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure LOW [*, 3.0.6) 3.0.6 July 4, 2026
visual-form-builder visual-form-builder N/A Visual Form Builder <= 3.0.5 - CSV Injection LOW [*, 3.0.6) 3.0.6 July 4, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change LOW [*, 3.5.3) 3.5.3 July 4, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Missing Authorization LOW [*, 3.5.3) 3.5.3 July 4, 2026
email-tracker email-tracker
93
Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) < 5.2.6 - Reflected Cross-Site Scripting LOW [*, 5.2.6) 5.2.6 July 4, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
Import any XML or CSV File to WordPress <= 3.6.2 - Authenticated Stored Cross-Site Scripting LOW [*, 3.6.3) 3.6.3 July 4, 2026
arforms-form-builder arforms-form-builder
95
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder < 1.5 - Cross-Site Scripting LOW [*, 1.5) 1.5 July 4, 2026
add-search-to-menu add-search-to-menu
97
Ivory Search <= 4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.7.1 4.8 July 4, 2026
email-tracker email-tracker
93
Email Tracker <= 5.2.6 - Cross-Site Request Forgery LOW *-5.2.6 5.2.7 July 4, 2026
google-maps-easy google-maps-easy
93
Google Maps Easy <= 1.9.33 - Stored Cross-Site Scripting LOW *-1.9.33 1.10.1 July 4, 2026
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation optinmonster
89
OptinMonster <= 2.6.4 - Unprotected REST-API Endpoints LOW *-2.6.4 2.6.5 July 4, 2026
wp-rss-aggregator wp-rss-aggregator N/A WP RSS Aggregator <= 4.19.1 - Admin+ Stored Cross-Site Scripting LOW *-4.19.1 4.19.2 July 4, 2026
stylish-cost-calculator stylish-cost-calculator N/A Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting LOW *-7.0.3 7.0.4 July 4, 2026
shop-page-wp shop-page-wp N/A Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting LOW [*, 1.2.8) 1.2.8 July 4, 2026
mycred mycred
93
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.2 - Subscriber+ SQL Injection LOW *-2.2 2.3 July 4, 2026
my-calendar my-calendar
93
My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting LOW *-3.2.17 3.2.18 July 4, 2026
ibtana-ecommerce-product-addons ibtana-ecommerce-product-addons
91
Ibtana - Ecommerce Product Addons <= 0.2.3 - Reflected Cross-Site Scripting LOW *-0.2.3 0.2.4 July 4, 2026
generateblocks generateblocks
93
GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.5 1.4.0 July 4, 2026
email-before-download email-before-download
93
Email Before Download <= 6.7 - Admin+ SQL Injection LOW *-6.7 6.8 July 4, 2026
contest-gallery contest-gallery
93
Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure LOW [*, 13.1.0.7) 13.1.0.7 July 4, 2026
Check & Log Email – Easy Email Testing & Mail logging check-email
84
Check & Log Email <= 1.0.3 - Reflected Cross-Site Scripting LOW [*, 1.0.4) 1.0.4 July 4, 2026
bsk-pdf-manager bsk-pdf-manager
91
BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection LOW [*, 3.1.2) 3.1.2 July 4, 2026
download-monitor download-monitor
93
Download Monitor <= 4.4.6 - Reflected Cross-Site Scripting LOW *-4.4.6 4.4.7 July 4, 2026
download-monitor download-monitor
93
Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download LOW *-4.4.6 4.4.7 July 4, 2026
download-monitor download-monitor
93
Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.4.6 4.4.7 July 4, 2026
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress custom-facebook-feed
66
Smash Balloon Social Post Feed <= 4.0 - Arbitrary Plugin Settings Update to Stored Cross-Site Scripting LOW [*, 4.0.1) 4.0.1 July 4, 2026
url-shortify url-shortify N/A URL Shortify <= 1.5.0 - Cross-Site Request Forgery LOW *-1.5.0 1.5.1 July 4, 2026
ulisting ulisting N/A uListing <= 1.6.6 - Unauthenticated SQL Injection LOW [*, 1.7) 1.7 July 4, 2026
hotel-listing hotel-listing
86
Hotel Listings < 1.3.3 - Authenticated Stored Cross-Site Scripting LOW [*, 1.3.3) 1.3.3 July 4, 2026
contact-form-by-supsystic contact-form-by-supsystic
93
Contact Form by Supsystic < 1.7.20 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.7.20) 1.7.20 July 4, 2026
floating-social-media-icon floating-social-media-icon
91
Social Media Flying Icons | Floating Social Media Icon <= 4.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.3.5 July 4, 2026
wps-hide-login wps-hide-login N/A WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure LOW *-1.9.0 1.9.1 July 4, 2026
registrations-for-the-events-calendar registrations-for-the-events-calendar N/A Registrations for The Events Calendar <= 2.7.4 - Reflected Cross-Site Scripting LOW *-2.7.4 2.7.5 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection LOW [*, 3.6.4) 3.6.4 July 4, 2026
hashthemes-demo-importer hashthemes-demo-importer
93
HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe LOW *-1.1.1 1.1.2 July 4, 2026
bulk-datetime-change bulk-datetime-change
93
Bulk Datetime Change <= 1.11 - Missing Authorisation LOW [*, 1.12) 1.12 July 4, 2026
about-author-box about-author-box
97
About Author Box < 1.0.2 - Cross-Site Scripting LOW [*, 1.0.2) 1.0.2 July 4, 2026
wp-spell-check wp-spell-check N/A WP Spell Check <= 9.2 - Reflected Cross-Site Scripting LOW [*, 9.3) 9.3 July 4, 2026
slideshow-gallery slideshow-gallery N/A Slideshow Gallery < 1.7.4 - Cross-Site Scripting LOW [*, 1.7.4) 1.7.4 July 4, 2026
reviews-plus reviews-plus N/A Reviews Plus < 1.2.14 - Denial of Service LOW [*, 1.2.14) 1.2.15 July 4, 2026
popup-anything-on-click popup-anything-on-click N/A Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting LOW *-2.0.3 2.0.4 July 4, 2026
notification notification
93
Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 - Authenticated Stored Cross-Site Scripting LOW *-7.2.4 8.0.0 July 4, 2026
ninja-tables ninja-tables
93
Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting LOW *-4.1.7 4.1.8 July 4, 2026
media-tags media-tags
91
Media-Tags <= 3.2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.0.2 July 4, 2026
maz-loader maz-loader
93
MAZ Loader – Preloader Builder for WordPress <= 1.4.0 - Cross-Site Request Forgery LOW *-1.4.0 1.4.1 July 4, 2026
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites mainwp-child N/A MainWP Child <= 4.1.7.1 - SQL Injection via orderby, order Parameters LOW [*, 4.1.8) 4.1.8 July 4, 2026
falang falang
93
Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting LOW [*, 1.3.18) 1.3.18 July 4, 2026
editable-table editable-table
91
Editable Table Simple Fast FrontEnd From Sql tables <= 0.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.1.4 July 4, 2026
ecommerce-two-factor-authentication ecommerce-two-factor-authentication
93
Ecommerce - Two Factor Authentication <= 1.0.4 - Reflected Cross-Site Scripting LOW [*, 1.0.5) 1.0.5 July 4, 2026
ecommerce-product-catalog ecommerce-product-catalog
93
eCommerce Product Catalog <= 3.0.38 Reflected Cross-Site Scripting LOW [*, 3.0.39) 3.0.39 July 4, 2026
cm-video-lesson-manager-pro cm-video-lesson-manager-pro
93
Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting LOW *-3.5.8 3.5.9 July 4, 2026
cm-video-lesson-manager cm-video-lesson-manager
93
Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting LOW *-1.7.1 1.7.2 July 4, 2026
logo-showcase-with-slick-slider logo-showcase-with-slick-slider
93
Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.4 - Cross-Site Request Forgery LOW [*, 1.2.5) 1.2.5 July 4, 2026
simple-job-board simple-job-board N/A Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting LOW *-2.9.4 2.9.5 July 4, 2026
sassy-social-share sassy-social-share N/A Sassy Social Share 3.3.23 - Object Injection LOW 3.3.23 3.3.24 July 4, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 2.11.2 - Reflected Cross-Site Scripting LOW *-2.11.2 2.11.2.1 July 4, 2026
catch-themes-demo-import catch-themes-demo-import
93
Catch Themes Demo Import <= 1.7 - Arbitrary File Upload LOW *-1.7 1.8 July 4, 2026
template-kit-import template-kit-import N/A Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload LOW *-1.0.13 1.0.14 July 4, 2026
seo-automatic-wp-core-tweaks seo-automatic-wp-core-tweaks N/A Core Tweaks WP Setup <= 4.1 - Cross-Site Request Forgery LOW *-4.1 July 4, 2026
pie-register pie-register N/A Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments <= 3.7.2.3 - Open Redirect LOW [*, 3.7.2.4) 3.7.2.4 July 4, 2026
envato-elements envato-elements
93
Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload LOW *-2.0.10 2.0.11 July 4, 2026
slider-factory slider-factory N/A Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Missing Authorization LOW [*, 1.3.6) 1.3.6 July 4, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting LOW [*, 1.15.4) 1.15.4 July 4, 2026
download-monitor download-monitor
93
Download Monitor <= 4.4.4 - Admin+ SQL Injection via orderby parameter LOW [*, 4.4.5) 4.4.5 July 4, 2026
betterlinks betterlinks
93
BetterLinks – Shorten, Track and Manage any URL <= 1.2.5 - Stored Cross-Site Scripting LOW [*, 1.2.6) 1.2.6 July 4, 2026
tutor tutor N/A Tutor LMS <= 1.9.10 - Reflected Cross-Site Scripting LOW *-1.9.10 1.9.11 July 4, 2026
relevanssi-premium relevanssi-premium N/A Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting LOW [*, 2.16.3) 2.16.4 July 4, 2026
relevanssi relevanssi N/A Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting LOW [*, 4.14.3) 4.14.4 July 4, 2026
mangboard mangboard
93
Mangboard <= 1.9.9 - SQL Injection LOW *-1.9.9 2.0.0 July 4, 2026
logo-showcase-with-slick-slider logo-showcase-with-slick-slider
93
Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting LOW [*, 1.2.4) 1.2.4 July 4, 2026
images-to-webp images-to-webp
93
Images to WebP <= 1.8 - Local File Inclusion LOW *-1.8 1.9 July 4, 2026
images-to-webp images-to-webp
93
Images to WebP < 1.9 - Cross-Site Request Forgery LOW [*, 1.9) 1.9 July 4, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.11.2 - Reflected Cross-Site Scripting LOW *-2.11.2 2.11.2.1 July 4, 2026
download-plugin download-plugin
93
Download Plugin < 1.6.1 - Cross-Site Request Forgery LOW [*, 1.6.1) 1.6.1 July 4, 2026
copy-delete-posts copy-delete-posts
93
Duplicate Post WordPress Plugin <= 1.1.9 - SQL Injection LOW [*, 1.2.0) 1.2.0 July 4, 2026
advanced-access-manager advanced-access-manager
97
Advanced Access Manager <= 6.7.9 - Admin+ Stored Cross-Site Scripting LOW [*, 6.8.0) 6.8.0 July 4, 2026
learnpress learnpress
93
LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile LOW *-4.1.3.1 4.1.3.2 July 4, 2026
wp-performance-score-booster wp-performance-score-booster N/A WP Performance Score Booster <= 2.0 - Settings Change via Cross-Site Request Forgery LOW *-2.0 2.1 July 4, 2026
supportboard supportboard N/A Support Board < 3.3.6 - Cross-Site Request Forgery LOW [*, 3.3.6) 3.3.6 July 4, 2026
stream stream N/A Stream <= 3.8.1 - Admin+ SQL Injection LOW *-3.8.1 3.8.2 July 4, 2026
sprout-invoices sprout-invoices N/A Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting LOW [*, 19.9.7) 19.9.7 July 4, 2026
slider-factory slider-factory N/A Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Cross-Site Request Forgery LOW [*, 1.3.2) 1.3.2 July 4, 2026
simple-jwt-login simple-jwt-login N/A Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery LOW [*, 3.2.1) 3.2.1 July 4, 2026
Shared Files – Frontend File Upload Form & Secure File Sharing shared-files
78
Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.60 - Cross-Site Scripting LOW [*, 1.6.61) 1.6.61 July 4, 2026
seo-redirection seo-redirection N/A SEO Redirection <= 8.1 - Subscriber+ SQL Injection LOW *-8.1 8.2 July 4, 2026
qr-redirector qr-redirector N/A QR Redirector <= 1.5 - Cross-Site Request Forgery LOW [*, 1.6) 1.6 July 4, 2026
qr-redirector qr-redirector N/A QR Redirector < 1.6.1 - Stored Cross-Site Scripting LOW [*, 1.6.1) 1.6.1 July 4, 2026
posts-table-filterable posts-table-filterable N/A TableOn – WordPress Posts Table Filterable <= 1.0.0 - Reflected Cross-Site Scripting LOW [*, 1.0.1) 1.0.1 July 4, 2026
my-tickets my-tickets
93
My Tickets <= 1.8.30 - Unauthenticated Stored Cross-Site Scripting LOW [*, 1.8.31) 1.8.31 July 4, 2026
mousewheel-smooth-scroll mousewheel-smooth-scroll
93
MouseWheel Smooth Scroll <= 5.6 - Plugin's Setting Update via Cross-Site Request Forgery LOW *-5.6 5.7 July 4, 2026
microsoft-clarity microsoft-clarity
93
Microsoft Clarity <= 0.3 - Authenticated Stored Cross-Site Scripting LOW *-0.3 0.4 July 4, 2026
leaky-paywall leaky-paywall
93
Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting LOW *-4.16.5 4.16.6 July 4, 2026
ldap-login-for-intranet-sites ldap-login-for-intranet-sites
93
Active Directory Integration / LDAP Integration <= 3.6.94 - Reflected Cross-Site Scripting LOW [*, 3.6.95) 3.6.95 July 4, 2026
insert-pages insert-pages
93
Insert Pages <= 3.6.1 - Contributor+ Arbitrary Posts/Pages Access LOW *-3.6.1 3.7.0 July 4, 2026
insert-pages insert-pages
93
Insert Pages <= 3.6.1 - Contributor+ Stored Cross-Site Scripting LOW *-3.6.1 3.7.0 July 4, 2026
idx-broker-platinum idx-broker-platinum
93
IMPress for IDX Broker <= 3.0.5 - Reflected Cross-Site Scripting LOW [*, 3.0.6) 3.0.6 July 4, 2026
helpful helpful
93
Helpful <= 4.4.58 - Admin+ Stored Cross-Site Scripting LOW [*, 4.4.59) 4.4.59 July 4, 2026
LOW

backup-and-restore-for-wp

backup-and-restore-for-wp

Score: 91/100 Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion Affected: *-1.0.3 Patched: Updated: July 4, 2026
LOW

testimonial-builder

testimonial-builder

Score: N/A Testimonial Builder <= 1.6.1 - Authenticated Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.6.2 Updated: July 4, 2026
LOW

wp-google-fonts

wp-google-fonts

Score: N/A WP Google Fonts <= 3.1.4 - Reflected Cross-Site Scripting Affected: *-3.1.4 Patched: 3.1.5 Updated: July 4, 2026
LOW

visual-form-builder

visual-form-builder

Score: N/A Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure Affected: [*, 3.0.6) Patched: 3.0.6 Updated: July 4, 2026
LOW

visual-form-builder

visual-form-builder

Score: N/A Visual Form Builder <= 3.0.5 - CSV Injection Affected: [*, 3.0.6) Patched: 3.0.6 Updated: July 4, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change Affected: [*, 3.5.3) Patched: 3.5.3 Updated: July 4, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Missing Authorization Affected: [*, 3.5.3) Patched: 3.5.3 Updated: July 4, 2026
LOW

email-tracker

email-tracker

Score: 93/100 Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) < 5.2.6 - Reflected Cross-Site Scripting Affected: [*, 5.2.6) Patched: 5.2.6 Updated: July 4, 2026
LOW

arforms-form-builder

arforms-form-builder

Score: 95/100 Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder < 1.5 - Cross-Site Scripting Affected: [*, 1.5) Patched: 1.5 Updated: July 4, 2026
LOW

add-search-to-menu

add-search-to-menu

Score: 97/100 Ivory Search <= 4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.7.1 Patched: 4.8 Updated: July 4, 2026
LOW

email-tracker

email-tracker

Score: 93/100 Email Tracker <= 5.2.6 - Cross-Site Request Forgery Affected: *-5.2.6 Patched: 5.2.7 Updated: July 4, 2026
LOW

google-maps-easy

google-maps-easy

Score: 93/100 Google Maps Easy <= 1.9.33 - Stored Cross-Site Scripting Affected: *-1.9.33 Patched: 1.10.1 Updated: July 4, 2026
LOW

wp-rss-aggregator

wp-rss-aggregator

Score: N/A WP RSS Aggregator <= 4.19.1 - Admin+ Stored Cross-Site Scripting Affected: *-4.19.1 Patched: 4.19.2 Updated: July 4, 2026
LOW

stylish-cost-calculator

stylish-cost-calculator

Score: N/A Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting Affected: *-7.0.3 Patched: 7.0.4 Updated: July 4, 2026
LOW

shop-page-wp

shop-page-wp

Score: N/A Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting Affected: [*, 1.2.8) Patched: 1.2.8 Updated: July 4, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.2 - Subscriber+ SQL Injection Affected: *-2.2 Patched: 2.3 Updated: July 4, 2026
LOW

my-calendar

my-calendar

Score: 93/100 My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting Affected: *-3.2.17 Patched: 3.2.18 Updated: July 4, 2026
LOW

ibtana-ecommerce-product-addons

ibtana-ecommerce-product-addons

Score: 91/100 Ibtana - Ecommerce Product Addons <= 0.2.3 - Reflected Cross-Site Scripting Affected: *-0.2.3 Patched: 0.2.4 Updated: July 4, 2026
LOW

generateblocks

generateblocks

Score: 93/100 GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.5 Patched: 1.4.0 Updated: July 4, 2026
LOW

email-before-download

email-before-download

Score: 93/100 Email Before Download <= 6.7 - Admin+ SQL Injection Affected: *-6.7 Patched: 6.8 Updated: July 4, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure Affected: [*, 13.1.0.7) Patched: 13.1.0.7 Updated: July 4, 2026
LOW

bsk-pdf-manager

bsk-pdf-manager

Score: 91/100 BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection Affected: [*, 3.1.2) Patched: 3.1.2 Updated: July 4, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.4.6 - Reflected Cross-Site Scripting Affected: *-4.4.6 Patched: 4.4.7 Updated: July 4, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download Affected: *-4.4.6 Patched: 4.4.7 Updated: July 4, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.4.6 Patched: 4.4.7 Updated: July 4, 2026
LOW

url-shortify

url-shortify

Score: N/A URL Shortify <= 1.5.0 - Cross-Site Request Forgery Affected: *-1.5.0 Patched: 1.5.1 Updated: July 4, 2026
LOW

ulisting

ulisting

Score: N/A uListing <= 1.6.6 - Unauthenticated SQL Injection Affected: [*, 1.7) Patched: 1.7 Updated: July 4, 2026
LOW

hotel-listing

hotel-listing

Score: 86/100 Hotel Listings < 1.3.3 - Authenticated Stored Cross-Site Scripting Affected: [*, 1.3.3) Patched: 1.3.3 Updated: July 4, 2026
LOW

contact-form-by-supsystic

contact-form-by-supsystic

Score: 93/100 Contact Form by Supsystic < 1.7.20 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.7.20) Patched: 1.7.20 Updated: July 4, 2026
LOW

floating-social-media-icon

floating-social-media-icon

Score: 91/100 Social Media Flying Icons | Floating Social Media Icon <= 4.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.3.5 Patched: Updated: July 4, 2026
LOW

wps-hide-login

wps-hide-login

Score: N/A WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure Affected: *-1.9.0 Patched: 1.9.1 Updated: July 4, 2026
LOW

registrations-for-the-events-calendar

registrations-for-the-events-calendar

Score: N/A Registrations for The Events Calendar <= 2.7.4 - Reflected Cross-Site Scripting Affected: *-2.7.4 Patched: 2.7.5 Updated: July 4, 2026
LOW

hashthemes-demo-importer

hashthemes-demo-importer

Score: 93/100 HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe Affected: *-1.1.1 Patched: 1.1.2 Updated: July 4, 2026
LOW

bulk-datetime-change

bulk-datetime-change

Score: 93/100 Bulk Datetime Change <= 1.11 - Missing Authorisation Affected: [*, 1.12) Patched: 1.12 Updated: July 4, 2026
LOW

about-author-box

about-author-box

Score: 97/100 About Author Box < 1.0.2 - Cross-Site Scripting Affected: [*, 1.0.2) Patched: 1.0.2 Updated: July 4, 2026
LOW

wp-spell-check

wp-spell-check

Score: N/A WP Spell Check <= 9.2 - Reflected Cross-Site Scripting Affected: [*, 9.3) Patched: 9.3 Updated: July 4, 2026
LOW

slideshow-gallery

slideshow-gallery

Score: N/A Slideshow Gallery < 1.7.4 - Cross-Site Scripting Affected: [*, 1.7.4) Patched: 1.7.4 Updated: July 4, 2026
LOW

reviews-plus

reviews-plus

Score: N/A Reviews Plus < 1.2.14 - Denial of Service Affected: [*, 1.2.14) Patched: 1.2.15 Updated: July 4, 2026
LOW

popup-anything-on-click

popup-anything-on-click

Score: N/A Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 4, 2026
LOW

notification

notification

Score: 93/100 Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 - Authenticated Stored Cross-Site Scripting Affected: *-7.2.4 Patched: 8.0.0 Updated: July 4, 2026
LOW

ninja-tables

ninja-tables

Score: 93/100 Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting Affected: *-4.1.7 Patched: 4.1.8 Updated: July 4, 2026
LOW

media-tags

media-tags

Score: 91/100 Media-Tags <= 3.2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.0.2 Patched: Updated: July 4, 2026
LOW

maz-loader

maz-loader

Score: 93/100 MAZ Loader – Preloader Builder for WordPress <= 1.4.0 - Cross-Site Request Forgery Affected: *-1.4.0 Patched: 1.4.1 Updated: July 4, 2026
LOW

falang

falang

Score: 93/100 Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting Affected: [*, 1.3.18) Patched: 1.3.18 Updated: July 4, 2026
LOW

editable-table

editable-table

Score: 91/100 Editable Table Simple Fast FrontEnd From Sql tables <= 0.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.1.4 Patched: Updated: July 4, 2026
LOW

ecommerce-two-factor-authentication

ecommerce-two-factor-authentication

Score: 93/100 Ecommerce - Two Factor Authentication <= 1.0.4 - Reflected Cross-Site Scripting Affected: [*, 1.0.5) Patched: 1.0.5 Updated: July 4, 2026
LOW

ecommerce-product-catalog

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog <= 3.0.38 Reflected Cross-Site Scripting Affected: [*, 3.0.39) Patched: 3.0.39 Updated: July 4, 2026
LOW

cm-video-lesson-manager-pro

cm-video-lesson-manager-pro

Score: 93/100 Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting Affected: *-3.5.8 Patched: 3.5.9 Updated: July 4, 2026
LOW

cm-video-lesson-manager

cm-video-lesson-manager

Score: 93/100 Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting Affected: *-1.7.1 Patched: 1.7.2 Updated: July 4, 2026
LOW

logo-showcase-with-slick-slider

logo-showcase-with-slick-slider

Score: 93/100 Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.4 - Cross-Site Request Forgery Affected: [*, 1.2.5) Patched: 1.2.5 Updated: July 4, 2026
LOW

simple-job-board

simple-job-board

Score: N/A Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting Affected: *-2.9.4 Patched: 2.9.5 Updated: July 4, 2026
LOW

sassy-social-share

sassy-social-share

Score: N/A Sassy Social Share 3.3.23 - Object Injection Affected: 3.3.23 Patched: 3.3.24 Updated: July 4, 2026
LOW

catch-themes-demo-import

catch-themes-demo-import

Score: 93/100 Catch Themes Demo Import <= 1.7 - Arbitrary File Upload Affected: *-1.7 Patched: 1.8 Updated: July 4, 2026
LOW

template-kit-import

template-kit-import

Score: N/A Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.0.13 Patched: 1.0.14 Updated: July 4, 2026
LOW

seo-automatic-wp-core-tweaks

seo-automatic-wp-core-tweaks

Score: N/A Core Tweaks WP Setup <= 4.1 - Cross-Site Request Forgery Affected: *-4.1 Patched: Updated: July 4, 2026
LOW

pie-register

pie-register

Score: N/A Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments <= 3.7.2.3 - Open Redirect Affected: [*, 3.7.2.4) Patched: 3.7.2.4 Updated: July 4, 2026
LOW

envato-elements

envato-elements

Score: 93/100 Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-2.0.10 Patched: 2.0.11 Updated: July 4, 2026
LOW

slider-factory

slider-factory

Score: N/A Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Missing Authorization Affected: [*, 1.3.6) Patched: 1.3.6 Updated: July 4, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 4.4.4 - Admin+ SQL Injection via orderby parameter Affected: [*, 4.4.5) Patched: 4.4.5 Updated: July 4, 2026
LOW

betterlinks

betterlinks

Score: 93/100 BetterLinks – Shorten, Track and Manage any URL <= 1.2.5 - Stored Cross-Site Scripting Affected: [*, 1.2.6) Patched: 1.2.6 Updated: July 4, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 1.9.10 - Reflected Cross-Site Scripting Affected: *-1.9.10 Patched: 1.9.11 Updated: July 4, 2026
LOW

relevanssi-premium

relevanssi-premium

Score: N/A Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting Affected: [*, 2.16.3) Patched: 2.16.4 Updated: July 4, 2026
LOW

relevanssi

relevanssi

Score: N/A Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting Affected: [*, 4.14.3) Patched: 4.14.4 Updated: July 4, 2026
LOW

mangboard

mangboard

Score: 93/100 Mangboard <= 1.9.9 - SQL Injection Affected: *-1.9.9 Patched: 2.0.0 Updated: July 4, 2026
LOW

logo-showcase-with-slick-slider

logo-showcase-with-slick-slider

Score: 93/100 Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting Affected: [*, 1.2.4) Patched: 1.2.4 Updated: July 4, 2026
LOW

images-to-webp

images-to-webp

Score: 93/100 Images to WebP <= 1.8 - Local File Inclusion Affected: *-1.8 Patched: 1.9 Updated: July 4, 2026
LOW

images-to-webp

images-to-webp

Score: 93/100 Images to WebP < 1.9 - Cross-Site Request Forgery Affected: [*, 1.9) Patched: 1.9 Updated: July 4, 2026
LOW

download-plugin

download-plugin

Score: 93/100 Download Plugin < 1.6.1 - Cross-Site Request Forgery Affected: [*, 1.6.1) Patched: 1.6.1 Updated: July 4, 2026
LOW

copy-delete-posts

copy-delete-posts

Score: 93/100 Duplicate Post WordPress Plugin <= 1.1.9 - SQL Injection Affected: [*, 1.2.0) Patched: 1.2.0 Updated: July 4, 2026
LOW

advanced-access-manager

advanced-access-manager

Score: 97/100 Advanced Access Manager <= 6.7.9 - Admin+ Stored Cross-Site Scripting Affected: [*, 6.8.0) Patched: 6.8.0 Updated: July 4, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile Affected: *-4.1.3.1 Patched: 4.1.3.2 Updated: July 4, 2026
LOW

wp-performance-score-booster

wp-performance-score-booster

Score: N/A WP Performance Score Booster <= 2.0 - Settings Change via Cross-Site Request Forgery Affected: *-2.0 Patched: 2.1 Updated: July 4, 2026
LOW

supportboard

supportboard

Score: N/A Support Board < 3.3.6 - Cross-Site Request Forgery Affected: [*, 3.3.6) Patched: 3.3.6 Updated: July 4, 2026
LOW

stream

stream

Score: N/A Stream <= 3.8.1 - Admin+ SQL Injection Affected: *-3.8.1 Patched: 3.8.2 Updated: July 4, 2026
LOW

sprout-invoices

sprout-invoices

Score: N/A Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting Affected: [*, 19.9.7) Patched: 19.9.7 Updated: July 4, 2026
LOW

slider-factory

slider-factory

Score: N/A Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Cross-Site Request Forgery Affected: [*, 1.3.2) Patched: 1.3.2 Updated: July 4, 2026
LOW

simple-jwt-login

simple-jwt-login

Score: N/A Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery Affected: [*, 3.2.1) Patched: 3.2.1 Updated: July 4, 2026
LOW

seo-redirection

seo-redirection

Score: N/A SEO Redirection <= 8.1 - Subscriber+ SQL Injection Affected: *-8.1 Patched: 8.2 Updated: July 4, 2026
LOW

qr-redirector

qr-redirector

Score: N/A QR Redirector <= 1.5 - Cross-Site Request Forgery Affected: [*, 1.6) Patched: 1.6 Updated: July 4, 2026
LOW

qr-redirector

qr-redirector

Score: N/A QR Redirector < 1.6.1 - Stored Cross-Site Scripting Affected: [*, 1.6.1) Patched: 1.6.1 Updated: July 4, 2026
LOW

posts-table-filterable

posts-table-filterable

Score: N/A TableOn – WordPress Posts Table Filterable <= 1.0.0 - Reflected Cross-Site Scripting Affected: [*, 1.0.1) Patched: 1.0.1 Updated: July 4, 2026
LOW

my-tickets

my-tickets

Score: 93/100 My Tickets <= 1.8.30 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 1.8.31) Patched: 1.8.31 Updated: July 4, 2026
LOW

mousewheel-smooth-scroll

mousewheel-smooth-scroll

Score: 93/100 MouseWheel Smooth Scroll <= 5.6 - Plugin's Setting Update via Cross-Site Request Forgery Affected: *-5.6 Patched: 5.7 Updated: July 4, 2026
LOW

microsoft-clarity

microsoft-clarity

Score: 93/100 Microsoft Clarity <= 0.3 - Authenticated Stored Cross-Site Scripting Affected: *-0.3 Patched: 0.4 Updated: July 4, 2026
LOW

leaky-paywall

leaky-paywall

Score: 93/100 Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting Affected: *-4.16.5 Patched: 4.16.6 Updated: July 4, 2026
LOW

ldap-login-for-intranet-sites

ldap-login-for-intranet-sites

Score: 93/100 Active Directory Integration / LDAP Integration <= 3.6.94 - Reflected Cross-Site Scripting Affected: [*, 3.6.95) Patched: 3.6.95 Updated: July 4, 2026
LOW

insert-pages

insert-pages

Score: 93/100 Insert Pages <= 3.6.1 - Contributor+ Arbitrary Posts/Pages Access Affected: *-3.6.1 Patched: 3.7.0 Updated: July 4, 2026
LOW

insert-pages

insert-pages

Score: 93/100 Insert Pages <= 3.6.1 - Contributor+ Stored Cross-Site Scripting Affected: *-3.6.1 Patched: 3.7.0 Updated: July 4, 2026
LOW

idx-broker-platinum

idx-broker-platinum

Score: 93/100 IMPress for IDX Broker <= 3.0.5 - Reflected Cross-Site Scripting Affected: [*, 3.0.6) Patched: 3.0.6 Updated: July 4, 2026
LOW

helpful

helpful

Score: 93/100 Helpful <= 4.4.58 - Admin+ Stored Cross-Site Scripting Affected: [*, 4.4.59) Patched: 4.4.59 Updated: July 4, 2026

Showing 30701 to 30800 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 20:16 UTC.