Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
bookingcom-banner-creator bookingcom-banner-creator
91
Booking.com Banner Creator <= 1.4.2 - Cross-Site Scripting LOW [*, 1.4.3) 1.4.3 July 4, 2026
batch-cat batch-cat
91
Batch Cat <= 0.3 - Missing Authorization LOW *-0.3 July 4, 2026
wp-logo-showcase wp-logo-showcase N/A Logo Slider and Showcase <= 1.3.36 - Settings Update LOW [*, 1.3.37) 1.3.37 July 4, 2026
themify-builder themify-builder N/A Themify Builder <= 5.3.1 - Reflected Cross-Site Scripting LOW *-5.3.1 5.3.2 July 4, 2026
mp3-music-player-by-sonaar mp3-music-player-by-sonaar
93
MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting LOW *-2.4.1 2.4.2 July 4, 2026
Image Source Control Lite – Show Image Credits and Captions image-source-control-isc
89
Image Source Control Lite < 2.3.1 - Insecure Direct Object Reference LOW [*, 2.3.1) 2.3.1 July 4, 2026
far-future-expiry-header far-future-expiry-header
93
Far Future Expiry Header <= 1.4 - Plugin's Settings Update via Cross-Site Request Forgery LOW *-1.4 1.5 July 4, 2026
events-made-easy events-made-easy
91
Events Made Easy <= 2.2.23 - Admin+ Stored Cross-Site Scripting LOW [*, 2.2.24) 2.2.24 July 4, 2026
easy-paypal-donation easy-paypal-donation
93
Paypal Donation <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 1.3.1 July 4, 2026
easy-paypal-donation easy-paypal-donation
93
Accept Donations with PayPal <= 1.3.0 Cross-Site Request Forgery to Post Deletion LOW [*, 1.3.1) 1.3.1 July 4, 2026
coming-soon-wp coming-soon-wp
93
Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 - Admin+ Stored Cross-Site Scripting LOW *-1.6.3 1.6.7 July 4, 2026
cardinity-free-payment-gateway-for-woocommerce cardinity-free-payment-gateway-for-woocommerce
93
Cardinity Payment Gateway for WooCommerce <= 3.0.6 - Reflected Cross-Site Scripting LOW *-3.0.6 3.0.7 July 4, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
BP Better Messages <= 1.9.9.37 - Reflected Cross-Site Scripting LOW [*, 1.9.9.41) 1.9.9.41 July 4, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
BP Better Messages <= 1.9.9.37 - Cross-Site Request Forgery LOW [*, 1.9.9.41) 1.9.9.41 July 4, 2026
astra-sites astra-sites
93
Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 - Missing Authorization to Stored Cross-Site Scripting LOW *-2.7.0 2.7.1 July 4, 2026
stripe-for-woocommerce stripe-for-woocommerce N/A Stripe for WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking LOW 3.0.0-3.3.9 3.3.10 July 4, 2026
add-search-to-menu add-search-to-menu
97
Ivory Search <= 4.6.6 - Reflected Cross-Site Scripting LOW *-4.6.6 4.7 July 4, 2026
js-jobs js-jobs
81
JS Job Manager < 1.1.9 - Arbitrary Plugin Installation/Activation LOW [*, 1.1.9) 1.1.9 July 4, 2026
credova-financial credova-financial
93
Credova_Financial <= 1.4.8 - Sensitive Information Disclosure LOW *-1.4.8 1.4.9 July 4, 2026
wpematico wpematico N/A WPeMatico RSS Feed Fetcher <= 2.6.11 - Admin+ Stored Cross-Site Scripting LOW [*, 2.6.12) 2.6.12 July 4, 2026
stylish-price-list stylish-price-list N/A Stylish Price List <= 6.9.0 - Missing Authorization LOW *-6.9.0 6.9.1 July 4, 2026
stylish-price-list stylish-price-list N/A Stylish Price List < 6.9.0 - Arbitrary Image Upload LOW [*, 6.9.0) 6.9.0 July 4, 2026
modern-events-calendar-lite modern-events-calendar-lite
93
Modern Events Calendar Lite <= 5.22.2 - Authenticated Stored Cross Site Scripting LOW *-5.22.2 5.22.3 July 4, 2026
Download Manager download-manager
63
WordPress Download Manager <= 3.2.15 - Cross-Site Scripting LOW [*, 3.2.16) 3.2.16 July 4, 2026
wp-reactions-lite wp-reactions-lite N/A WP Reactions Lite <= 1.3.3 - Cross-Site Scripting LOW [*, 1.3.6) 1.3.6 July 4, 2026
og-tags og-tags
93
OG Tags <= 2.0.1 - Cross-Site Request Forgery LOW *-2.0.1 2.0.2 July 4, 2026
mp-restaurant-menu mp-restaurant-menu
91
Restaurant Menu by MotoPress <= 2.4.1 - Admin+ Stored Cross Site Scripting LOW [*, 2.4.2) 2.4.2 July 4, 2026
flat-preloader flat-preloader
93
Flat Preloader < 1.5.5 - Stored Cross-Site Scripting LOW [*, 1.5.5) 1.5.5 July 4, 2026
flat-preloader flat-preloader
93
Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW [*, 1.5.4) 1.5.4 July 4, 2026
cool-tag-cloud cool-tag-cloud
89
Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting LOW *-2.25 2.26 July 4, 2026
connections connections
91
Connections Business Directory <= 10.4.2 - Admin+ Stored Cross-Site Scripting LOW [*, 10.4.3) 10.4.3 July 4, 2026
automatorwp automatorwp
93
AutomatorWP <= 1.7.5 - Privilege Escalation LOW [*, 1.7.6) 1.7.6 July 4, 2026
countdown-wpdevart-extended countdown-wpdevart-extended
93
Countdown and CountUp, WooCommerce Sales Timers <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.7 1.5.8 July 4, 2026
wp-visited-countries-reloaded wp-visited-countries-reloaded N/A WP Visited Countries Reloaded <= 3.1.0 - Cross-Site Scripting LOW *-3.1.0 3.1.1 July 4, 2026
wp-table-builder wp-table-builder N/A WP Table Builder – WordPress Table Plugin <= 1.3.9 - Reflected Cross-Site Scripting LOW *-1.3.9 1.3.10 July 4, 2026
wp-debugging wp-debugging N/A WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update LOW *-2.10.2 2.11.0 July 4, 2026
Product Table & List Builder for WooCommerce Lite wc-product-table-lite N/A WooCommerce Product Table Lite <= 2.4.0 - Reflected Cross-Site Scripting LOW *-2.3.0 2.4.0 July 4, 2026
wappointment wappointment N/A Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.2.4 - Stored Cross-Site Scripting LOW *-2.2.4 2.2.5 July 4, 2026
visual-form-builder visual-form-builder N/A Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting LOW *-3.0.3 3.0.4 July 4, 2026
permalink-manager permalink-manager
93
Permalink Manager Lite <= 2.2.12 - Admin+ SQL Injection LOW *-2.2.12 2.2.13.1 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms <= 3.5.8.1 - Cross-Site Scripting LOW [*, 3.5.8.2) 3.5.8.2 July 4, 2026
lastform lastform
91
Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Authenticated (Admin+) Arbitrary System File Read LOW *-1.0.5 July 4, 2026
great-quotes great-quotes
91
Great Quotes <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
contact-forms contact-forms
93
Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting LOW [*, 1.4.12) 1.4.12 July 4, 2026
Check & Log Email – Easy Email Testing & Mail logging check-email
84
Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters LOW *-1.0.2 1.0.3 July 4, 2026
shapepress-dsgvo shapepress-dsgvo N/A WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting LOW [*, 3.1.24) 3.1.24 July 4, 2026
yith-maintenance-mode yith-maintenance-mode N/A YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting LOW *-1.3.8 1.4.0 July 4, 2026
ark-wysiwyg-comment-editor ark-wysiwyg-comment-editor
95
ark-commenteditor <= 2.15.6 - iframe Injection LOW *-2.15.6 July 4, 2026
ag-custom-admin ag-custom-admin
97
Absolutely Glamorous Custom Admin <= 6.8 - Authenticated Stored Cross-Site Scripting LOW *-6.8 6.9 July 4, 2026
3dprint-lite 3dprint-lite
97
3DPrint Lite < 1.9.1.5 - Arbitrary File Upload LOW [*, 1.9.1.5) 1.9.1.5 July 4, 2026
iq-block-country iq-block-country
93
WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting LOW *-1.2.11 1.2.12 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure LOW *-3.5.7 3.5.8 July 4, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection LOW *-3.5.7 3.5.8 July 4, 2026
yt-player yt-player N/A Video Player for YouTube <= 1.3 - Cross-Site Scripting LOW [*, 1.4) 1.4 July 4, 2026
WP User Manager – User Profile Builder & Membership wp-user-manager
83
WP User Manager <= 2.6.2 - Arbitrary User Password Reset LOW *-2.6.2 2.6.3 July 4, 2026
easy-media-download easy-media-download
93
Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting LOW *-1.1.5 1.1.7 July 4, 2026
cookie-bar cookie-bar
93
Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting LOW *-1.8.8 1.8.9 July 4, 2026
telefication telefication N/A Telefication <= 1.8.0 - Open Relay and Server-Side Request Forgery LOW *-1.8.0 July 4, 2026
wp-special-textboxes wp-special-textboxes N/A Special Text Boxes <= 5.9.109 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.9.109 5.9.110 July 4, 2026
wp-html-author-bio-by-ahmad-awais wp-html-author-bio-by-ahmad-awais N/A WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.2.0 July 4, 2026
st-daily-tip st-daily-tip N/A St Daily Tip <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.7 July 4, 2026
smart-grid-gallery smart-grid-gallery N/A Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Stored Cross-Site Scripting LOW [*, 1.1.5) 1.1.5 July 4, 2026
shapepress-dsgvo shapepress-dsgvo N/A WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion LOW *-3.1.23 3.1.24 July 4, 2026
request-a-quote request-a-quote N/A Request a Quote <= 2.3.4 - Stored Cross-Site Scripting LOW [*, 2.3.5) 2.3.5 July 4, 2026
motopress-slider-lite motopress-slider-lite
91
Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.2.0 July 4, 2026
jquery-reply-to-comment jquery-reply-to-comment
91
jQuery Reply to Comment <= 1.31 - Cross-Site Request Forgery LOW *-1.31 July 4, 2026
game-server-status game-server-status
91
Game Server Status <= 1.0 - Authenticated (Admin+) SQL Injection LOW *-1.0 July 4, 2026
frontend-uploader frontend-uploader
91
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting LOW *-1.3.2 July 4, 2026
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation optinmonster
89
OptinMonster <= 2.6.0 - Reflected Cross-Site Scripting LOW *-2.6.0 2.6.1 July 4, 2026
yith-easy-login-register-popup-for-woocommerce yith-easy-login-register-popup-for-woocommerce N/A YITH Easy Login & Register Popup for WooCommerce <= 1.8.0 - Authentication Bypass via Password Reset LOW *-1.8.0 1.8.1 July 4, 2026
wp-ticket wp-ticket N/A Customer Service Software & Support Ticket System < 5.10.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW [*, 5.10.4) 5.10.4 July 4, 2026
wp-cookiechoise wp-cookiechoise N/A Wp Cookie Choice <= 1.1.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.1.0 July 4, 2026
wechat-reward wechat-reward N/A Wechat Reward <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7 July 4, 2026
tutor tutor N/A Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting LOW [*, 1.9.9) 1.9.9 July 4, 2026
to-top to-top N/A CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 2.3) 2.3 July 4, 2026
streamcast streamcast N/A StreamCast – Radio Player for WordPress <= 2.1.0 - Cross-Site Scripting LOW [*, 2.1.1) 2.1.1 July 4, 2026
sociable sociable N/A Sociable <= 4.3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.3.4.1 July 4, 2026
scroll-baner scroll-baner N/A Scroll Baner <= 1.0 - Cross-Site Request Forgery to Remote Code Execution and/or Cross-Site Scripting LOW *-1.0 July 4, 2026
polo-video-gallery polo-video-gallery
91
Polo Video Gallery – Best wordpress video gallery plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 4, 2026
pdf-viewer-block pdf-viewer-block
93
Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting LOW [*, 1.0.1) 1.0.1 July 4, 2026
one-user-avatar one-user-avatar
93
One User Avatar <= 2.3.6 - Cross-Site Request Forgery LOW [*, 2.3.7) 2.3.7 July 4, 2026
one-user-avatar one-user-avatar
93
One User Avatar <= 2.3.6 - Stored Cross-Site Scripting LOW [*, 2.3.7) 2.3.7 July 4, 2026
mainwp-child-reports mainwp-child-reports
93
MainWP Child Reports <= 2.0.7 - Admin+ SQL Injection LOW *-2.0.7 2.0.8 July 4, 2026
learnpress learnpress
93
LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting LOW *-4.1.3 4.1.3.1 July 4, 2026
html5-audio-player html5-audio-player
93
Html5 Audio Player <= 2.1.2 - Contributor+ Stored Cross-Site Scripting LOW *-2.1.2 2.1.3 July 4, 2026
header-enhancement header-enhancement
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.5) 1.5 July 4, 2026
generate-child-theme generate-child-theme
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.6) 1.6 July 4, 2026
gamepress gamepress
91
GamePress – The Game Database Plugin <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 4, 2026
essential-widgets essential-widgets
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.9) 1.9 July 4, 2026
essential-content-types essential-content-types
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.9) 1.9 July 4, 2026
easy-twitter-feeds easy-twitter-feeds
93
Easy Twitter Feed < 1.2 - Cross-Site Scripting LOW [*, 1.2) 1.2 July 4, 2026
catch-web-tools catch-web-tools
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 2.7) 2.7 July 4, 2026
catch-under-construction catch-under-construction
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.4) 1.4 July 4, 2026
catch-themes-demo-import catch-themes-demo-import
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.6) 1.6 July 4, 2026
catch-sticky-menu catch-sticky-menu
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.7) 1.7 July 4, 2026
catch-scroll-progress-bar catch-scroll-progress-bar
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.6) 1.6 July 4, 2026
catch-instagram-feed-gallery-widget catch-instagram-feed-gallery-widget
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 2.3) 2.3 July 4, 2026
catch-infinite-scroll catch-infinite-scroll
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.9) 1.9 July 4, 2026
catch-import-export catch-import-export
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 1.9) 1.9 July 4, 2026
catch-ids catch-ids
93
CatchThemes Plugins (Various Versions) - Missing Authorization LOW [*, 2.4) 2.4 July 4, 2026
LOW

bookingcom-banner-creator

bookingcom-banner-creator

Score: 91/100 Booking.com Banner Creator <= 1.4.2 - Cross-Site Scripting Affected: [*, 1.4.3) Patched: 1.4.3 Updated: July 4, 2026
LOW

batch-cat

batch-cat

Score: 91/100 Batch Cat <= 0.3 - Missing Authorization Affected: *-0.3 Patched: Updated: July 4, 2026
LOW

wp-logo-showcase

wp-logo-showcase

Score: N/A Logo Slider and Showcase <= 1.3.36 - Settings Update Affected: [*, 1.3.37) Patched: 1.3.37 Updated: July 4, 2026
LOW

themify-builder

themify-builder

Score: N/A Themify Builder <= 5.3.1 - Reflected Cross-Site Scripting Affected: *-5.3.1 Patched: 5.3.2 Updated: July 4, 2026
LOW

mp3-music-player-by-sonaar

mp3-music-player-by-sonaar

Score: 93/100 MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting Affected: *-2.4.1 Patched: 2.4.2 Updated: July 4, 2026
LOW

far-future-expiry-header

far-future-expiry-header

Score: 93/100 Far Future Expiry Header <= 1.4 - Plugin's Settings Update via Cross-Site Request Forgery Affected: *-1.4 Patched: 1.5 Updated: July 4, 2026
LOW

events-made-easy

events-made-easy

Score: 91/100 Events Made Easy <= 2.2.23 - Admin+ Stored Cross-Site Scripting Affected: [*, 2.2.24) Patched: 2.2.24 Updated: July 4, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Paypal Donation <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: 1.3.1 Updated: July 4, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Accept Donations with PayPal <= 1.3.0 Cross-Site Request Forgery to Post Deletion Affected: [*, 1.3.1) Patched: 1.3.1 Updated: July 4, 2026
LOW

coming-soon-wp

coming-soon-wp

Score: 93/100 Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 - Admin+ Stored Cross-Site Scripting Affected: *-1.6.3 Patched: 1.6.7 Updated: July 4, 2026
LOW

cardinity-free-payment-gateway-for-woocommerce

cardinity-free-payment-gateway-for-woocommerce

Score: 93/100 Cardinity Payment Gateway for WooCommerce <= 3.0.6 - Reflected Cross-Site Scripting Affected: *-3.0.6 Patched: 3.0.7 Updated: July 4, 2026
LOW

astra-sites

astra-sites

Score: 93/100 Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 - Missing Authorization to Stored Cross-Site Scripting Affected: *-2.7.0 Patched: 2.7.1 Updated: July 4, 2026
LOW

stripe-for-woocommerce

stripe-for-woocommerce

Score: N/A Stripe for WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking Affected: 3.0.0-3.3.9 Patched: 3.3.10 Updated: July 4, 2026
LOW

add-search-to-menu

add-search-to-menu

Score: 97/100 Ivory Search <= 4.6.6 - Reflected Cross-Site Scripting Affected: *-4.6.6 Patched: 4.7 Updated: July 4, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager < 1.1.9 - Arbitrary Plugin Installation/Activation Affected: [*, 1.1.9) Patched: 1.1.9 Updated: July 4, 2026
LOW

credova-financial

credova-financial

Score: 93/100 Credova_Financial <= 1.4.8 - Sensitive Information Disclosure Affected: *-1.4.8 Patched: 1.4.9 Updated: July 4, 2026
LOW

wpematico

wpematico

Score: N/A WPeMatico RSS Feed Fetcher <= 2.6.11 - Admin+ Stored Cross-Site Scripting Affected: [*, 2.6.12) Patched: 2.6.12 Updated: July 4, 2026
LOW

stylish-price-list

stylish-price-list

Score: N/A Stylish Price List <= 6.9.0 - Missing Authorization Affected: *-6.9.0 Patched: 6.9.1 Updated: July 4, 2026
LOW

stylish-price-list

stylish-price-list

Score: N/A Stylish Price List < 6.9.0 - Arbitrary Image Upload Affected: [*, 6.9.0) Patched: 6.9.0 Updated: July 4, 2026
LOW

modern-events-calendar-lite

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar Lite <= 5.22.2 - Authenticated Stored Cross Site Scripting Affected: *-5.22.2 Patched: 5.22.3 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 WordPress Download Manager <= 3.2.15 - Cross-Site Scripting Affected: [*, 3.2.16) Patched: 3.2.16 Updated: July 4, 2026
LOW

wp-reactions-lite

wp-reactions-lite

Score: N/A WP Reactions Lite <= 1.3.3 - Cross-Site Scripting Affected: [*, 1.3.6) Patched: 1.3.6 Updated: July 4, 2026
LOW

og-tags

og-tags

Score: 93/100 OG Tags <= 2.0.1 - Cross-Site Request Forgery Affected: *-2.0.1 Patched: 2.0.2 Updated: July 4, 2026
LOW

mp-restaurant-menu

mp-restaurant-menu

Score: 91/100 Restaurant Menu by MotoPress <= 2.4.1 - Admin+ Stored Cross Site Scripting Affected: [*, 2.4.2) Patched: 2.4.2 Updated: July 4, 2026
LOW

flat-preloader

flat-preloader

Score: 93/100 Flat Preloader < 1.5.5 - Stored Cross-Site Scripting Affected: [*, 1.5.5) Patched: 1.5.5 Updated: July 4, 2026
LOW

flat-preloader

flat-preloader

Score: 93/100 Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: [*, 1.5.4) Patched: 1.5.4 Updated: July 4, 2026
LOW

cool-tag-cloud

cool-tag-cloud

Score: 89/100 Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting Affected: *-2.25 Patched: 2.26 Updated: July 4, 2026
LOW

connections

connections

Score: 91/100 Connections Business Directory <= 10.4.2 - Admin+ Stored Cross-Site Scripting Affected: [*, 10.4.3) Patched: 10.4.3 Updated: July 4, 2026
LOW

automatorwp

automatorwp

Score: 93/100 AutomatorWP <= 1.7.5 - Privilege Escalation Affected: [*, 1.7.6) Patched: 1.7.6 Updated: July 4, 2026
LOW

countdown-wpdevart-extended

countdown-wpdevart-extended

Score: 93/100 Countdown and CountUp, WooCommerce Sales Timers <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.7 Patched: 1.5.8 Updated: July 4, 2026
LOW

wp-visited-countries-reloaded

wp-visited-countries-reloaded

Score: N/A WP Visited Countries Reloaded <= 3.1.0 - Cross-Site Scripting Affected: *-3.1.0 Patched: 3.1.1 Updated: July 4, 2026
LOW

wp-table-builder

wp-table-builder

Score: N/A WP Table Builder – WordPress Table Plugin <= 1.3.9 - Reflected Cross-Site Scripting Affected: *-1.3.9 Patched: 1.3.10 Updated: July 4, 2026
LOW

wp-debugging

wp-debugging

Score: N/A WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update Affected: *-2.10.2 Patched: 2.11.0 Updated: July 4, 2026
LOW

wappointment

wappointment

Score: N/A Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.2.4 - Stored Cross-Site Scripting Affected: *-2.2.4 Patched: 2.2.5 Updated: July 4, 2026
LOW

visual-form-builder

visual-form-builder

Score: N/A Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: July 4, 2026
LOW

permalink-manager

permalink-manager

Score: 93/100 Permalink Manager Lite <= 2.2.12 - Admin+ SQL Injection Affected: *-2.2.12 Patched: 2.2.13.1 Updated: July 4, 2026
LOW

lastform

lastform

Score: 91/100 Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Authenticated (Admin+) Arbitrary System File Read Affected: *-1.0.5 Patched: Updated: July 4, 2026
LOW

great-quotes

great-quotes

Score: 91/100 Great Quotes <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

contact-forms

contact-forms

Score: 93/100 Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting Affected: [*, 1.4.12) Patched: 1.4.12 Updated: July 4, 2026
LOW

shapepress-dsgvo

shapepress-dsgvo

Score: N/A WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 3.1.24) Patched: 3.1.24 Updated: July 4, 2026
LOW

yith-maintenance-mode

yith-maintenance-mode

Score: N/A YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting Affected: *-1.3.8 Patched: 1.4.0 Updated: July 4, 2026
LOW

ark-wysiwyg-comment-editor

ark-wysiwyg-comment-editor

Score: 95/100 ark-commenteditor <= 2.15.6 - iframe Injection Affected: *-2.15.6 Patched: Updated: July 4, 2026
LOW

ag-custom-admin

ag-custom-admin

Score: 97/100 Absolutely Glamorous Custom Admin <= 6.8 - Authenticated Stored Cross-Site Scripting Affected: *-6.8 Patched: 6.9 Updated: July 4, 2026
LOW

3dprint-lite

3dprint-lite

Score: 97/100 3DPrint Lite < 1.9.1.5 - Arbitrary File Upload Affected: [*, 1.9.1.5) Patched: 1.9.1.5 Updated: July 4, 2026
LOW

iq-block-country

iq-block-country

Score: 93/100 WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting Affected: *-1.2.11 Patched: 1.2.12 Updated: July 4, 2026
LOW

yt-player

yt-player

Score: N/A Video Player for YouTube <= 1.3 - Cross-Site Scripting Affected: [*, 1.4) Patched: 1.4 Updated: July 4, 2026
LOW

easy-media-download

easy-media-download

Score: 93/100 Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.7 Updated: July 4, 2026
LOW

cookie-bar

cookie-bar

Score: 93/100 Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting Affected: *-1.8.8 Patched: 1.8.9 Updated: July 4, 2026
LOW

telefication

telefication

Score: N/A Telefication <= 1.8.0 - Open Relay and Server-Side Request Forgery Affected: *-1.8.0 Patched: Updated: July 4, 2026
LOW

wp-special-textboxes

wp-special-textboxes

Score: N/A Special Text Boxes <= 5.9.109 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.9.109 Patched: 5.9.110 Updated: July 4, 2026
LOW

wp-html-author-bio-by-ahmad-awais

wp-html-author-bio-by-ahmad-awais

Score: N/A WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 4, 2026
LOW

st-daily-tip

st-daily-tip

Score: N/A St Daily Tip <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.7 Patched: Updated: July 4, 2026
LOW

smart-grid-gallery

smart-grid-gallery

Score: N/A Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Stored Cross-Site Scripting Affected: [*, 1.1.5) Patched: 1.1.5 Updated: July 4, 2026
LOW

shapepress-dsgvo

shapepress-dsgvo

Score: N/A WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion Affected: *-3.1.23 Patched: 3.1.24 Updated: July 4, 2026
LOW

request-a-quote

request-a-quote

Score: N/A Request a Quote <= 2.3.4 - Stored Cross-Site Scripting Affected: [*, 2.3.5) Patched: 2.3.5 Updated: July 4, 2026
LOW

motopress-slider-lite

motopress-slider-lite

Score: 91/100 Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: July 4, 2026
LOW

jquery-reply-to-comment

jquery-reply-to-comment

Score: 91/100 jQuery Reply to Comment <= 1.31 - Cross-Site Request Forgery Affected: *-1.31 Patched: Updated: July 4, 2026
LOW

game-server-status

game-server-status

Score: 91/100 Game Server Status <= 1.0 - Authenticated (Admin+) SQL Injection Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

frontend-uploader

frontend-uploader

Score: 91/100 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: July 4, 2026
LOW

yith-easy-login-register-popup-for-woocommerce

yith-easy-login-register-popup-for-woocommerce

Score: N/A YITH Easy Login & Register Popup for WooCommerce <= 1.8.0 - Authentication Bypass via Password Reset Affected: *-1.8.0 Patched: 1.8.1 Updated: July 4, 2026
LOW

wp-ticket

wp-ticket

Score: N/A Customer Service Software & Support Ticket System < 5.10.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 5.10.4) Patched: 5.10.4 Updated: July 4, 2026
LOW

wp-cookiechoise

wp-cookiechoise

Score: N/A Wp Cookie Choice <= 1.1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

wechat-reward

wechat-reward

Score: N/A Wechat Reward <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 4, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting Affected: [*, 1.9.9) Patched: 1.9.9 Updated: July 4, 2026
LOW

to-top

to-top

Score: N/A CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 2.3) Patched: 2.3 Updated: July 4, 2026
LOW

streamcast

streamcast

Score: N/A StreamCast – Radio Player for WordPress <= 2.1.0 - Cross-Site Scripting Affected: [*, 2.1.1) Patched: 2.1.1 Updated: July 4, 2026
LOW

sociable

sociable

Score: N/A Sociable <= 4.3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.3.4.1 Patched: Updated: July 4, 2026
LOW

scroll-baner

scroll-baner

Score: N/A Scroll Baner <= 1.0 - Cross-Site Request Forgery to Remote Code Execution and/or Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

polo-video-gallery

polo-video-gallery

Score: 91/100 Polo Video Gallery – Best wordpress video gallery plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

pdf-viewer-block

pdf-viewer-block

Score: 93/100 Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting Affected: [*, 1.0.1) Patched: 1.0.1 Updated: July 4, 2026
LOW

one-user-avatar

one-user-avatar

Score: 93/100 One User Avatar <= 2.3.6 - Cross-Site Request Forgery Affected: [*, 2.3.7) Patched: 2.3.7 Updated: July 4, 2026
LOW

one-user-avatar

one-user-avatar

Score: 93/100 One User Avatar <= 2.3.6 - Stored Cross-Site Scripting Affected: [*, 2.3.7) Patched: 2.3.7 Updated: July 4, 2026
LOW

mainwp-child-reports

mainwp-child-reports

Score: 93/100 MainWP Child Reports <= 2.0.7 - Admin+ SQL Injection Affected: *-2.0.7 Patched: 2.0.8 Updated: July 4, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting Affected: *-4.1.3 Patched: 4.1.3.1 Updated: July 4, 2026
LOW

html5-audio-player

html5-audio-player

Score: 93/100 Html5 Audio Player <= 2.1.2 - Contributor+ Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 4, 2026
LOW

header-enhancement

header-enhancement

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.5) Patched: 1.5 Updated: July 4, 2026
LOW

generate-child-theme

generate-child-theme

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.6) Patched: 1.6 Updated: July 4, 2026
LOW

gamepress

gamepress

Score: 91/100 GamePress – The Game Database Plugin <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

essential-widgets

essential-widgets

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.9) Patched: 1.9 Updated: July 4, 2026
LOW

essential-content-types

essential-content-types

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.9) Patched: 1.9 Updated: July 4, 2026
LOW

easy-twitter-feeds

easy-twitter-feeds

Score: 93/100 Easy Twitter Feed < 1.2 - Cross-Site Scripting Affected: [*, 1.2) Patched: 1.2 Updated: July 4, 2026
LOW

catch-web-tools

catch-web-tools

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 2.7) Patched: 2.7 Updated: July 4, 2026
LOW

catch-under-construction

catch-under-construction

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.4) Patched: 1.4 Updated: July 4, 2026
LOW

catch-themes-demo-import

catch-themes-demo-import

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.6) Patched: 1.6 Updated: July 4, 2026
LOW

catch-sticky-menu

catch-sticky-menu

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.7) Patched: 1.7 Updated: July 4, 2026
LOW

catch-scroll-progress-bar

catch-scroll-progress-bar

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.6) Patched: 1.6 Updated: July 4, 2026
LOW

catch-instagram-feed-gallery-widget

catch-instagram-feed-gallery-widget

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 2.3) Patched: 2.3 Updated: July 4, 2026
LOW

catch-infinite-scroll

catch-infinite-scroll

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.9) Patched: 1.9 Updated: July 4, 2026
LOW

catch-import-export

catch-import-export

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 1.9) Patched: 1.9 Updated: July 4, 2026
LOW

catch-ids

catch-ids

Score: 93/100 CatchThemes Plugins (Various Versions) - Missing Authorization Affected: [*, 2.4) Patched: 2.4 Updated: July 4, 2026

Showing 30901 to 31000 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 22:24 UTC.