Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

83

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
Email Log email-log
89
Email Log <= 2.4.6 - Admin+ SQL Injection LOW *-2.4.6 2.4.7 July 4, 2026
easy-paypal-donation easy-paypal-donation
93
Paypal Donation <= 1.3.1 - Admin+ Stored Cross-Site Scripting LOW *-1.3.1 1.3.2 July 4, 2026
content-staging content-staging
91
Content Staging <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.1 July 4, 2026
speed-booster-pack speed-booster-pack N/A Speed Booster Pack <= 4.3.3 - Admin+ SQL Injection LOW *-4.3.3 4.3.3.1 July 4, 2026
mpl-publisher mpl-publisher
93
MPL-Publisher <= 1.30.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.30.2 1.30.3 July 4, 2026
jobboardwp jobboardwp
93
JobBoardWP – Job Board Listings and Submissions <= 1.0.7 - Stored Cross-Site Scripting LOW *-1.0.7 1.1.0 July 4, 2026
indeed-job-importer indeed-job-importer
91
Indeed Job Importer <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.5 July 4, 2026
yop-poll yop-poll N/A YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module LOW *-6.3.0 6.3.1 July 4, 2026
yop-poll yop-poll N/A YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module LOW *-6.3.0 6.3.1 July 4, 2026
wpo365-login wpo365-login N/A WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 15.3 - Stored Cross-Site Scripting LOW *-15.3 15.4 July 4, 2026
wpgenious-job-listing wpgenious-job-listing N/A WpGenius Job Listing <= 1.0.2 - Stored Cross-Site Scripting LOW *-1.0.2 1.0.3 July 4, 2026
job-board-vanilla job-board-vanilla
91
Job Board Vanila Plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW 1.0 July 4, 2026
business-manager business-manager
93
Business Manager <= 1.4.5 - Stored Cross-Site Scripting LOW *-1.4.5 1.4.6 July 4, 2026
WP Fastest Cache – WordPress Cache Plugin wp-fastest-cache
78
WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW [*, 0.9.5) 0.9.5 July 4, 2026
WP Fastest Cache – WordPress Cache Plugin wp-fastest-cache
78
WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection LOW [*, 0.9.5) 0.9.5 July 4, 2026
mybb-cross-poster mybb-cross-poster
91
MyBB Cross-Poster <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
kjm-admin-notices kjm-admin-notices
91
KJM Admin Notices <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.1 July 4, 2026
job-portal job-portal
91
job-portal <= 0.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.0.1 July 4, 2026
job-manager job-manager
89
Job Manager <= 0.7.25 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.7.25 July 4, 2026
hal hal
93
HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting LOW *-2.1.1 2.2 July 4, 2026
author-bio-box author-bio-box
93
Author Bio Box <= 3.3.1 - Authenticated Stored Cross-Site Scripting LOW *-3.3.1 3.3.2 July 4, 2026
wp-cloudy wp-cloudy N/A WP Cloudy <= 4.4.9 - Authenticated (Admin+) SQL Injection LOW *-4.4.9 July 4, 2026
testimonial-builder testimonial-builder N/A Testimonial < 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 1.6.0) 1.6.0 July 4, 2026
simple-jwt-login simple-jwt-login N/A Simple JWT Login <= 3.2.1 - Insecure Password Creation LOW [*, 3.3.0) 3.3.0 July 4, 2026
colorful-categories colorful-categories
93
Colorful Categories < 2.0.15 - Cross-Site Request Forgery LOW [*, 2.0.15) 2.0.15 July 4, 2026
brizy brizy
93
Brizy - Page Builder <= 2.3.11 - Stored Cross-Site Scripting LOW *-2.3.11 2.3.12 July 4, 2026
brizy brizy
93
Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal LOW *-2.3.11 2.3.12 July 4, 2026
accesspress-anonymous-post accesspress-anonymous-post
95
AccessPress Anonymous Post = 2.8.0 - Backdoored LOW 2.8.0 2.8.1 July 4, 2026
woocommerce-discounts-plus woocommerce-discounts-plus N/A Discounts Manager for Products <= 3.4.4 - Reflected Cross-Site Scripting LOW [*, 3.4.5) 3.4.5 July 4, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.4.13 - Authenticated Stored Cross-Site Scripting LOW *-2.4.13 2.4.14 July 4, 2026
yith-woocommerce-product-vendors yith-woocommerce-product-vendors N/A YITH WooCommerce Multi Vendor <= 3.8.0 - Reflected Cross-Site Scripting LOW [*, 3.8.1) 3.8.1 July 4, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress < 2.1.10 - Reflected Cross-Site Scripting LOW [*, 2.1.10) 2.1.10 July 4, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.1.9 - SQL Injection LOW [*, 2.1.10) 2.1.10 July 4, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.1.16 - Stored Cross-Site Scripting LOW [*, 2.1.17) 2.1.17 July 4, 2026
wpdiscuz wpdiscuz N/A Comments - wpDiscuz <= 7.3.3 - Arbitrary Comment Addition/Edition/Deletion by Cross-Site Request Forgery LOW [*, 7.3.4) 7.3.4 July 4, 2026
wp-seo-redirect-301 wp-seo-redirect-301 N/A WP SEO Redirect 301 <= 2.3.1 - Cross-Site Request Forgery LOW [*, 2.3.2) 2.3.2 July 4, 2026
wp-header-images wp-header-images N/A WP Header Images <= 2.0.0 - Reflected Cross-Site Scripting LOW [*, 2.0.1) 2.0.1 July 4, 2026
woo-coupon-usage woo-coupon-usage N/A WooCommerce Affiliate Plugin – Coupon Affiliates < 4.11.3.4 - Cross-Site Request Forgery LOW [*, 4.11.3.4) 4.11.3.4 July 4, 2026
wc-frontend-manager wc-frontend-manager N/A WCFM - Frontend Manager for WooCommerce <= 6.5.11 - Customer/Subscriber+ SQL Injection LOW *-6.5.11 6.5.12 July 4, 2026
vision vision N/A Vision Interactive For WordPress <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 1.5.2 July 4, 2026
storefront-footer-text storefront-footer-text N/A Storefront Footer Text <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.1 July 4, 2026
similar-posts similar-posts N/A Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution LOW *-3.1.5 3.1.6 July 4, 2026
qwiz-online-quizzes-and-flashcards qwiz-online-quizzes-and-flashcards N/A Qwizcards <= 3.61 - Stored Cross-Site Scripting LOW *-3.61 3.62 July 4, 2026
quiz-tool-lite quiz-tool-lite N/A Quiz Tool Lite <= 2.3.15 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.15 July 4, 2026
print-o-matic print-o-matic N/A Print-O-Matic <= 2.0.2 - Admin+ Stored Cross-Site Scripting LOW *-2.0.2 2.0.3 July 4, 2026
post-expirator post-expirator N/A Post Expirator <= 2.5.1 - Contributor+ Arbitrary Post Schedule Deletion LOW *-2.5.1 2.6.0 July 4, 2026
pie-register pie-register
93
Pie Register <= 3.7.1.5 - Authentication Bypass LOW [*, 3.7.1.6) 3.7.1.6 July 4, 2026
pie-register pie-register
93
Pie Register <= 3.7.1.4 - Authentication Bypass LOW *-3.7.1.4 3.7.1.5 July 4, 2026
pie-register pie-register
93
Pie Register <= 3.7.1.5 - Unauthenticated SQL Injection LOW [*, 3.7.1.6) 3.7.1.6 July 4, 2026
maz-loader maz-loader
93
MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection LOW [*, 1.3.3) 1.3.3 July 4, 2026
Loco Translate loco-translate
89
Loco Translate <= 2.5.3 - Authenticated PHP Code Injection LOW [*, 2.5.4) 2.5.4 July 4, 2026
ipanorama-360-virtual-tour-builder-lite ipanorama-360-virtual-tour-builder-lite
93
iPanorama 360 WordPress Virtual Tour Builder < 1.6.22 - Reflected Cross-Site Scripting LOW [*, 1.6.22) 1.6.22 July 4, 2026
ipages-flipbook ipages-flipbook
93
iPages Flipbook < 1.4.3 - Reflected Cross-Site Scripting LOW [*, 1.4.3) 1.4.3 July 4, 2026
imagelinks-interactive-image-builder-lite imagelinks-interactive-image-builder-lite
93
ImageLinks Interactive Image Builder <= 1.5.2 - Reflected Cross-Site Scripting LOW *-1.5.2 1.5.3 July 4, 2026
Header Footer Code Manager header-footer-code-manager
87
Header Footer Code Manager <= 1.1.13 - Authenticated SQL Injections LOW [*, 1.1.14) 1.1.14 July 4, 2026
easy-custom-js-and-css easy-custom-js-and-css
91
Easy Custom JS And CSS <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 4, 2026
asgaros-forum asgaros-forum
97
Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection LOW *-1.15.12 1.15.13 July 4, 2026
affiliates-manager affiliates-manager
97
Affiliate Manager <= 2.8.6 - Admin+ SQL injection LOW *-2.8.6 2.8.7 July 4, 2026
404-to-301 404-to-301
97
404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery LOW [*, 3.0.9) 3.0.9 July 4, 2026
intelly-related-posts intelly-related-posts
93
Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting LOW *-3.0.4 3.0.5 July 4, 2026
comment-engine-pro comment-engine-pro
91
Comment Engine Pro <= 1.0 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
unlimited-popups unlimited-popups N/A Unlimited PopUps <= 4.5.3 - Authenticated (Admin+) SQL Injection LOW *-4.5.3 July 4, 2026
supportboard supportboard N/A Support Board <= 3.3.4 - Agent+ Stored Cross-Site Scripting LOW *-3.3.4 3.3.5 July 4, 2026
schreikasten schreikasten N/A Schreikasten <= 0.14.18 - Authenticated (Author+) SQL Injection LOW *-0.14.18 July 4, 2026
post-content-xmlrpc post-content-xmlrpc N/A Post Content XMLRPC <= 1.0 - Authenticated (Admin+) SQL Injection LOW *-1.0 July 4, 2026
mwp-forms mwp-forms
91
Wow Forms – create any form with custom style <= 3.1.3 - Authenticated (Admin+) SQL Injection LOW *-3.1.3 July 4, 2026
g-auto-hyperlink g-auto-hyperlink
91
G Auto-Hyperlink <= 1.0.1 - Authenticated (Admin+) SQL Injection LOW *-1.0.1 July 4, 2026
chameleon-css chameleon-css
91
Chameleon CSS <= 1.2 - Cross-Site Request Forgery LOW *-1.2 July 4, 2026
catalog catalog
91
SpiderCatalog <= 1.7.3 - Authenticated (Admin+) SQL Injection LOW *-1.7.3 July 4, 2026
access-demo-importer access-demo-importer
97
AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.0.6 1.0.7 July 4, 2026
wp-all-export wp-all-export N/A WP All Export <= 1.3.0 - Admin+ Stored Cross-Site Scripting LOW [*, 1.3.1) 1.3.1 July 4, 2026
visitors-traffic-real-time-statistics visitors-traffic-real-time-statistics N/A Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection LOW *-3.8 3.9 July 4, 2026
redirect-404-error-page-to-homepage-or-custom-page redirect-404-error-page-to-homepage-or-custom-page N/A Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.7.8 - Log Deletion via Cross-Site Request Forgery LOW *-1.7.8 1.7.9 July 4, 2026
phoenix-media-rename phoenix-media-rename
93
Phoenix Media Rename <= 3.4.2 - Author Arbitrary Media File Renaming LOW *-3.4.2 3.4.4 July 4, 2026
genie-wp-favicon genie-wp-favicon
91
Genie WP Favicon <= 0.5.2 - Cross-Site Request Forgery LOW *-0.5.2 July 4, 2026
formidable formidable
93
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting LOW [*, 5.0.07) 5.0.07 July 4, 2026
age-gate age-gate
97
Age Gate <= 2.16.3 - Stored Cross-Site Scripting LOW [*, 2.16.4) 2.16.4 July 4, 2026
wp-bannerize wp-bannerize N/A WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection via id Parameter LOW 2.0.0-4.0.2 July 4, 2026
fv-wordpress-flowplayer fv-wordpress-flowplayer
93
FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter LOW 7.5.0.727-7.5.2.727 7.5.3.727 July 4, 2026
wp-survey-plus wp-survey-plus N/A WP Survey Plus <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
wp-recall wp-recall N/A WP-Recall <= 16.24.47 - Reflected Cross-Site Scripting LOW *-16.24.47 16.24.48 July 4, 2026
wp-jobsearch wp-jobsearch N/A JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change LOW *-1.8.1 1.8.2 July 4, 2026
wp-jobsearch wp-jobsearch N/A JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update LOW *-1.8.1 1.8.2 July 4, 2026
wp-jobsearch wp-jobsearch N/A JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function LOW *-1.8.1 1.8.2 July 4, 2026
world-travel-information world-travel-information N/A World Travel Information <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 4, 2026
Yoast SEO – Advanced SEO with real-time guidance and built-in AI wordpress-seo
89
Yoast SEO <= 17.2 - Full Path Disclosure LOW [*, 17.3) 17.3 July 4, 2026
twchat twchat N/A Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion LOW *-3.1.4 3.1.5 July 4, 2026
twchat twchat N/A Two Way CHAT – Send or receive messages to your user <= 3.1.4 - Cross-Site Request Forgery LOW *-3.1.4 3.1.5 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail LOW *-3.9.4 3.9.5 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.5 - Contributor+ Arbitrary Thumbnail Removal LOW [*, 3.9.6) 3.9.6 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure LOW [*, 3.9.6) 3.9.6 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.5 - Log Reset LOW *-3.9.5 3.9.6 July 4, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.4 - Reflected Cross-Site Scripting LOW [*, 3.9.5) 3.9.5 July 4, 2026
perfect-survey perfect-survey
87
Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection LOW [*, 1.5.2) 1.5.2 July 4, 2026
perfect-survey perfect-survey
87
Perfect Survey <= 1.5.2 - Cross-Site Request Forgery LOW *-1.5.2 July 4, 2026
perfect-survey perfect-survey
87
Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting LOW *-1.5.2 July 4, 2026
perfect-survey perfect-survey
87
Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP LOW *-1.5.2 July 4, 2026
mstore-api mstore-api
93
MStore API < 3.4.5 - Arbitrary File Upload LOW [*, 3.4.5) 3.4.5 July 4, 2026
Translate WordPress – Google Language Translator google-language-translator
95
Translate WordPress - Google Language Translator <= 6.0.11 - Admin+ Stored Cross-Site Scripting LOW [*, 6.0.12) 6.0.12 July 4, 2026
bookingcom-product-helper bookingcom-product-helper
93
Booking.com Product Helper <= 1.0.1 - Cross-Site Scripting LOW [*, 1.0.2) 1.0.2 July 4, 2026
LOW

Email Log

email-log

Score: 89/100 Email Log <= 2.4.6 - Admin+ SQL Injection Affected: *-2.4.6 Patched: 2.4.7 Updated: July 4, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Paypal Donation <= 1.3.1 - Admin+ Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: July 4, 2026
LOW

content-staging

content-staging

Score: 91/100 Content Staging <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 4, 2026
LOW

speed-booster-pack

speed-booster-pack

Score: N/A Speed Booster Pack <= 4.3.3 - Admin+ SQL Injection Affected: *-4.3.3 Patched: 4.3.3.1 Updated: July 4, 2026
LOW

mpl-publisher

mpl-publisher

Score: 93/100 MPL-Publisher <= 1.30.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.30.2 Patched: 1.30.3 Updated: July 4, 2026
LOW

jobboardwp

jobboardwp

Score: 93/100 JobBoardWP – Job Board Listings and Submissions <= 1.0.7 - Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.1.0 Updated: July 4, 2026
LOW

indeed-job-importer

indeed-job-importer

Score: 91/100 Indeed Job Importer <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 4, 2026
LOW

yop-poll

yop-poll

Score: N/A YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module Affected: *-6.3.0 Patched: 6.3.1 Updated: July 4, 2026
LOW

yop-poll

yop-poll

Score: N/A YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module Affected: *-6.3.0 Patched: 6.3.1 Updated: July 4, 2026
LOW

wpo365-login

wpo365-login

Score: N/A WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 15.3 - Stored Cross-Site Scripting Affected: *-15.3 Patched: 15.4 Updated: July 4, 2026
LOW

wpgenious-job-listing

wpgenious-job-listing

Score: N/A WpGenius Job Listing <= 1.0.2 - Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: July 4, 2026
LOW

job-board-vanilla

job-board-vanilla

Score: 91/100 Job Board Vanila Plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: 1.0 Patched: Updated: July 4, 2026
LOW

business-manager

business-manager

Score: 93/100 Business Manager <= 1.4.5 - Stored Cross-Site Scripting Affected: *-1.4.5 Patched: 1.4.6 Updated: July 4, 2026
LOW

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

Score: 78/100 WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: [*, 0.9.5) Patched: 0.9.5 Updated: July 4, 2026
LOW

mybb-cross-poster

mybb-cross-poster

Score: 91/100 MyBB Cross-Poster <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

kjm-admin-notices

kjm-admin-notices

Score: 91/100 KJM Admin Notices <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 4, 2026
LOW

job-portal

job-portal

Score: 91/100 job-portal <= 0.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 4, 2026
LOW

job-manager

job-manager

Score: 89/100 Job Manager <= 0.7.25 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.7.25 Patched: Updated: July 4, 2026
LOW

hal

hal

Score: 93/100 HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.2 Updated: July 4, 2026
LOW

author-bio-box

author-bio-box

Score: 93/100 Author Bio Box <= 3.3.1 - Authenticated Stored Cross-Site Scripting Affected: *-3.3.1 Patched: 3.3.2 Updated: July 4, 2026
LOW

wp-cloudy

wp-cloudy

Score: N/A WP Cloudy <= 4.4.9 - Authenticated (Admin+) SQL Injection Affected: *-4.4.9 Patched: Updated: July 4, 2026
LOW

testimonial-builder

testimonial-builder

Score: N/A Testimonial < 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.6.0) Patched: 1.6.0 Updated: July 4, 2026
LOW

simple-jwt-login

simple-jwt-login

Score: N/A Simple JWT Login <= 3.2.1 - Insecure Password Creation Affected: [*, 3.3.0) Patched: 3.3.0 Updated: July 4, 2026
LOW

colorful-categories

colorful-categories

Score: 93/100 Colorful Categories < 2.0.15 - Cross-Site Request Forgery Affected: [*, 2.0.15) Patched: 2.0.15 Updated: July 4, 2026
LOW

brizy

brizy

Score: 93/100 Brizy - Page Builder <= 2.3.11 - Stored Cross-Site Scripting Affected: *-2.3.11 Patched: 2.3.12 Updated: July 4, 2026
LOW

brizy

brizy

Score: 93/100 Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal Affected: *-2.3.11 Patched: 2.3.12 Updated: July 4, 2026
LOW

accesspress-anonymous-post

accesspress-anonymous-post

Score: 95/100 AccessPress Anonymous Post = 2.8.0 - Backdoored Affected: 2.8.0 Patched: 2.8.1 Updated: July 4, 2026
LOW

woocommerce-discounts-plus

woocommerce-discounts-plus

Score: N/A Discounts Manager for Products <= 3.4.4 - Reflected Cross-Site Scripting Affected: [*, 3.4.5) Patched: 3.4.5 Updated: July 4, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.4.13 - Authenticated Stored Cross-Site Scripting Affected: *-2.4.13 Patched: 2.4.14 Updated: July 4, 2026
LOW

yith-woocommerce-product-vendors

yith-woocommerce-product-vendors

Score: N/A YITH WooCommerce Multi Vendor <= 3.8.0 - Reflected Cross-Site Scripting Affected: [*, 3.8.1) Patched: 3.8.1 Updated: July 4, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress < 2.1.10 - Reflected Cross-Site Scripting Affected: [*, 2.1.10) Patched: 2.1.10 Updated: July 4, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.1.9 - SQL Injection Affected: [*, 2.1.10) Patched: 2.1.10 Updated: July 4, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.1.16 - Stored Cross-Site Scripting Affected: [*, 2.1.17) Patched: 2.1.17 Updated: July 4, 2026
LOW

wpdiscuz

wpdiscuz

Score: N/A Comments - wpDiscuz <= 7.3.3 - Arbitrary Comment Addition/Edition/Deletion by Cross-Site Request Forgery Affected: [*, 7.3.4) Patched: 7.3.4 Updated: July 4, 2026
LOW

wp-seo-redirect-301

wp-seo-redirect-301

Score: N/A WP SEO Redirect 301 <= 2.3.1 - Cross-Site Request Forgery Affected: [*, 2.3.2) Patched: 2.3.2 Updated: July 4, 2026
LOW

wp-header-images

wp-header-images

Score: N/A WP Header Images <= 2.0.0 - Reflected Cross-Site Scripting Affected: [*, 2.0.1) Patched: 2.0.1 Updated: July 4, 2026
LOW

woo-coupon-usage

woo-coupon-usage

Score: N/A WooCommerce Affiliate Plugin – Coupon Affiliates < 4.11.3.4 - Cross-Site Request Forgery Affected: [*, 4.11.3.4) Patched: 4.11.3.4 Updated: July 4, 2026
LOW

wc-frontend-manager

wc-frontend-manager

Score: N/A WCFM - Frontend Manager for WooCommerce <= 6.5.11 - Customer/Subscriber+ SQL Injection Affected: *-6.5.11 Patched: 6.5.12 Updated: July 4, 2026
LOW

vision

vision

Score: N/A Vision Interactive For WordPress <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: July 4, 2026
LOW

storefront-footer-text

storefront-footer-text

Score: N/A Storefront Footer Text <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

similar-posts

similar-posts

Score: N/A Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution Affected: *-3.1.5 Patched: 3.1.6 Updated: July 4, 2026
LOW

qwiz-online-quizzes-and-flashcards

qwiz-online-quizzes-and-flashcards

Score: N/A Qwizcards <= 3.61 - Stored Cross-Site Scripting Affected: *-3.61 Patched: 3.62 Updated: July 4, 2026
LOW

quiz-tool-lite

quiz-tool-lite

Score: N/A Quiz Tool Lite <= 2.3.15 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.15 Patched: Updated: July 4, 2026
LOW

print-o-matic

print-o-matic

Score: N/A Print-O-Matic <= 2.0.2 - Admin+ Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: July 4, 2026
LOW

post-expirator

post-expirator

Score: N/A Post Expirator <= 2.5.1 - Contributor+ Arbitrary Post Schedule Deletion Affected: *-2.5.1 Patched: 2.6.0 Updated: July 4, 2026
LOW

pie-register

pie-register

Score: 93/100 Pie Register <= 3.7.1.5 - Authentication Bypass Affected: [*, 3.7.1.6) Patched: 3.7.1.6 Updated: July 4, 2026
LOW

pie-register

pie-register

Score: 93/100 Pie Register <= 3.7.1.4 - Authentication Bypass Affected: *-3.7.1.4 Patched: 3.7.1.5 Updated: July 4, 2026
LOW

pie-register

pie-register

Score: 93/100 Pie Register <= 3.7.1.5 - Unauthenticated SQL Injection Affected: [*, 3.7.1.6) Patched: 3.7.1.6 Updated: July 4, 2026
LOW

maz-loader

maz-loader

Score: 93/100 MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection Affected: [*, 1.3.3) Patched: 1.3.3 Updated: July 4, 2026
LOW

Loco Translate

loco-translate

Score: 89/100 Loco Translate <= 2.5.3 - Authenticated PHP Code Injection Affected: [*, 2.5.4) Patched: 2.5.4 Updated: July 4, 2026
LOW

ipanorama-360-virtual-tour-builder-lite

ipanorama-360-virtual-tour-builder-lite

Score: 93/100 iPanorama 360 WordPress Virtual Tour Builder < 1.6.22 - Reflected Cross-Site Scripting Affected: [*, 1.6.22) Patched: 1.6.22 Updated: July 4, 2026
LOW

ipages-flipbook

ipages-flipbook

Score: 93/100 iPages Flipbook < 1.4.3 - Reflected Cross-Site Scripting Affected: [*, 1.4.3) Patched: 1.4.3 Updated: July 4, 2026
LOW

imagelinks-interactive-image-builder-lite

imagelinks-interactive-image-builder-lite

Score: 93/100 ImageLinks Interactive Image Builder <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: July 4, 2026
LOW

Header Footer Code Manager

header-footer-code-manager

Score: 87/100 Header Footer Code Manager <= 1.1.13 - Authenticated SQL Injections Affected: [*, 1.1.14) Patched: 1.1.14 Updated: July 4, 2026
LOW

easy-custom-js-and-css

easy-custom-js-and-css

Score: 91/100 Easy Custom JS And CSS <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection Affected: *-1.15.12 Patched: 1.15.13 Updated: July 4, 2026
LOW

affiliates-manager

affiliates-manager

Score: 97/100 Affiliate Manager <= 2.8.6 - Admin+ SQL injection Affected: *-2.8.6 Patched: 2.8.7 Updated: July 4, 2026
LOW

404-to-301

404-to-301

Score: 97/100 404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery Affected: [*, 3.0.9) Patched: 3.0.9 Updated: July 4, 2026
LOW

intelly-related-posts

intelly-related-posts

Score: 93/100 Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: July 4, 2026
LOW

comment-engine-pro

comment-engine-pro

Score: 91/100 Comment Engine Pro <= 1.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

unlimited-popups

unlimited-popups

Score: N/A Unlimited PopUps <= 4.5.3 - Authenticated (Admin+) SQL Injection Affected: *-4.5.3 Patched: Updated: July 4, 2026
LOW

supportboard

supportboard

Score: N/A Support Board <= 3.3.4 - Agent+ Stored Cross-Site Scripting Affected: *-3.3.4 Patched: 3.3.5 Updated: July 4, 2026
LOW

schreikasten

schreikasten

Score: N/A Schreikasten <= 0.14.18 - Authenticated (Author+) SQL Injection Affected: *-0.14.18 Patched: Updated: July 4, 2026
LOW

post-content-xmlrpc

post-content-xmlrpc

Score: N/A Post Content XMLRPC <= 1.0 - Authenticated (Admin+) SQL Injection Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

mwp-forms

mwp-forms

Score: 91/100 Wow Forms – create any form with custom style <= 3.1.3 - Authenticated (Admin+) SQL Injection Affected: *-3.1.3 Patched: Updated: July 4, 2026
LOW

g-auto-hyperlink

g-auto-hyperlink

Score: 91/100 G Auto-Hyperlink <= 1.0.1 - Authenticated (Admin+) SQL Injection Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

chameleon-css

chameleon-css

Score: 91/100 Chameleon CSS <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

catalog

catalog

Score: 91/100 SpiderCatalog <= 1.7.3 - Authenticated (Admin+) SQL Injection Affected: *-1.7.3 Patched: Updated: July 4, 2026
LOW

access-demo-importer

access-demo-importer

Score: 97/100 AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.0.6 Patched: 1.0.7 Updated: July 4, 2026
LOW

wp-all-export

wp-all-export

Score: N/A WP All Export <= 1.3.0 - Admin+ Stored Cross-Site Scripting Affected: [*, 1.3.1) Patched: 1.3.1 Updated: July 4, 2026
LOW

visitors-traffic-real-time-statistics

visitors-traffic-real-time-statistics

Score: N/A Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection Affected: *-3.8 Patched: 3.9 Updated: July 4, 2026
LOW

redirect-404-error-page-to-homepage-or-custom-page

redirect-404-error-page-to-homepage-or-custom-page

Score: N/A Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.7.8 - Log Deletion via Cross-Site Request Forgery Affected: *-1.7.8 Patched: 1.7.9 Updated: July 4, 2026
LOW

phoenix-media-rename

phoenix-media-rename

Score: 93/100 Phoenix Media Rename <= 3.4.2 - Author Arbitrary Media File Renaming Affected: *-3.4.2 Patched: 3.4.4 Updated: July 4, 2026
LOW

genie-wp-favicon

genie-wp-favicon

Score: 91/100 Genie WP Favicon <= 0.5.2 - Cross-Site Request Forgery Affected: *-0.5.2 Patched: Updated: July 4, 2026
LOW

formidable

formidable

Score: 93/100 Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting Affected: [*, 5.0.07) Patched: 5.0.07 Updated: July 4, 2026
LOW

age-gate

age-gate

Score: 97/100 Age Gate <= 2.16.3 - Stored Cross-Site Scripting Affected: [*, 2.16.4) Patched: 2.16.4 Updated: July 4, 2026
LOW

wp-bannerize

wp-bannerize

Score: N/A WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection via id Parameter Affected: 2.0.0-4.0.2 Patched: Updated: July 4, 2026
LOW

fv-wordpress-flowplayer

fv-wordpress-flowplayer

Score: 93/100 FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter Affected: 7.5.0.727-7.5.2.727 Patched: 7.5.3.727 Updated: July 4, 2026
LOW

wp-survey-plus

wp-survey-plus

Score: N/A WP Survey Plus <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall <= 16.24.47 - Reflected Cross-Site Scripting Affected: *-16.24.47 Patched: 16.24.48 Updated: July 4, 2026
LOW

wp-jobsearch

wp-jobsearch

Score: N/A JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change Affected: *-1.8.1 Patched: 1.8.2 Updated: July 4, 2026
LOW

wp-jobsearch

wp-jobsearch

Score: N/A JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update Affected: *-1.8.1 Patched: 1.8.2 Updated: July 4, 2026
LOW

wp-jobsearch

wp-jobsearch

Score: N/A JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function Affected: *-1.8.1 Patched: 1.8.2 Updated: July 4, 2026
LOW

world-travel-information

world-travel-information

Score: N/A World Travel Information <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

twchat

twchat

Score: N/A Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion Affected: *-3.1.4 Patched: 3.1.5 Updated: July 4, 2026
LOW

twchat

twchat

Score: N/A Two Way CHAT – Send or receive messages to your user <= 3.1.4 - Cross-Site Request Forgery Affected: *-3.1.4 Patched: 3.1.5 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail Affected: *-3.9.4 Patched: 3.9.5 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.5 - Contributor+ Arbitrary Thumbnail Removal Affected: [*, 3.9.6) Patched: 3.9.6 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure Affected: [*, 3.9.6) Patched: 3.9.6 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.5 - Log Reset Affected: *-3.9.5 Patched: 3.9.6 Updated: July 4, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.4 - Reflected Cross-Site Scripting Affected: [*, 3.9.5) Patched: 3.9.5 Updated: July 4, 2026
LOW

perfect-survey

perfect-survey

Score: 87/100 Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection Affected: [*, 1.5.2) Patched: 1.5.2 Updated: July 4, 2026
LOW

perfect-survey

perfect-survey

Score: 87/100 Perfect Survey <= 1.5.2 - Cross-Site Request Forgery Affected: *-1.5.2 Patched: Updated: July 4, 2026
LOW

perfect-survey

perfect-survey

Score: 87/100 Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: Updated: July 4, 2026
LOW

perfect-survey

perfect-survey

Score: 87/100 Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP Affected: *-1.5.2 Patched: Updated: July 4, 2026
LOW

mstore-api

mstore-api

Score: 93/100 MStore API < 3.4.5 - Arbitrary File Upload Affected: [*, 3.4.5) Patched: 3.4.5 Updated: July 4, 2026
LOW

Translate WordPress – Google Language Translator

google-language-translator

Score: 95/100 Translate WordPress - Google Language Translator <= 6.0.11 - Admin+ Stored Cross-Site Scripting Affected: [*, 6.0.12) Patched: 6.0.12 Updated: July 4, 2026
LOW

bookingcom-product-helper

bookingcom-product-helper

Score: 93/100 Booking.com Product Helper <= 1.0.1 - Cross-Site Scripting Affected: [*, 1.0.2) Patched: 1.0.2 Updated: July 4, 2026

Showing 30801 to 30900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 21:20 UTC.