Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
28542Across tracked plugins
Affected Plugins
50With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| cdnvote | cdnvote |
93
|
CDN Vote < 0.4.2 - SQL Injection | LOW | [*, 0.4.2) | 0.4.2 | July 5, 2026 | |
| rss-feed-reader | rss-feed-reader | N/A | RSS Feed Reader <= 0.1 - Cross-Site Scripting | LOW | *-0.1 | July 5, 2026 | ||
| statpresscn | statpresscn | N/A | StatPressCN <= 1.9.0 - Cross-Site Scripting | LOW | *-1.9.0 | 1.9.1 | July 5, 2026 | |
| embedded-video-with-link | embedded-video-with-link |
91
|
Embedded Video <= 4.1 - Cross-Site Scripting | LOW | *-4.1 | July 5, 2026 | ||
| cforms2 | cforms2 |
93
|
CformsII <= 14.10.1 - CAPTCHA Bypass | LOW | *-14.10.1 | 14.11 | July 5, 2026 | |
| register-plus | register-plus | N/A | Register Plus <= 3.5.11 - Stored Cross-Site Scripting | LOW | *-3.5.11 | July 5, 2026 | ||
| register-plus | register-plus | N/A | Register Plus <= 3.5.11 - Sensitive Information Disclosure | LOW | *-3.5.11 | July 5, 2026 | ||
| event-registration | event-registration |
93
|
Event Registration < 6.00.03 - SQL Injection | LOW | [*, 6.00.03) | 6.00.03 | July 5, 2026 | |
| feedlist | feedlist |
93
|
FeedList <= 2.61.03 - Reflected Cross-Site Scripting | LOW | *-2.61.03 | 2.70.00 | July 5, 2026 | |
| cforms2 | cforms2 |
93
|
CformsII <=11.5 - Cross-Site Scripting | LOW | *-11.5 | 11.6.1 | July 5, 2026 | |
| mylinksdump | mylinksdump |
87
|
myLinksDump <= 1.2 - SQL Injection | LOW | *-1.2 | July 5, 2026 | ||
| Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | nextgen-gallery |
66
|
WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting | LOW | [*, 1.5.2) | 1.5.2 | July 5, 2026 | |
| cpl | cpl |
91
|
Copperleaf Photolog <= 0.16- SQL injection | LOW | *-0.16 | July 5, 2026 | ||
| piwik-pro | piwik-pro |
93
|
Various Affected Software (Various Versions) - Arbitrary File Upload | LOW | 0.2.35-0.4.3 | 0.4.4 | July 5, 2026 | |
| google-analyticator | google-analyticator |
93
|
Google Analyticator <= 5.2 - Cross-Site Scripting | LOW | [*, 5.2.1) | 5.2.1 | July 5, 2026 | |
| my-category-order | my-category-order |
93
|
my-category-order <= 2.8.7 - SQL Injection | LOW | *-2.8.7 | 3.0.1 | July 5, 2026 | |
| related-sites | related-sites | N/A | Related Sites <= 2.2 - SQL Injection | LOW | *-2.2 | 2.2.1 | July 5, 2026 | |
| dm-albums | dm-albums |
91
|
DM Albums <= 1.9.2 - Remote File Inclusion | LOW | *-1.9.2 | 1.9.3 | July 5, 2026 | |
| firestats | firestats |
93
|
FireStats <1.6.2 - SQL Injection | LOW | [*, 1.6.2) | 1.6.2 | July 5, 2026 | |
| photoracer | photoracer |
91
|
Photoracer Plugin <= 1.0 - SQL Injection | LOW | *-1.0 | July 5, 2026 | ||
| firestats | firestats |
93
|
FireStats < 1.6.2 - Remote File Inclusion | LOW | [*, 1.6.2) | 1.6.2 | July 5, 2026 | |
| fmoblog | fmoblog |
91
|
fMoblog <= 2.1 - SQL Injection | LOW | *-2.1 | July 5, 2026 | ||
| page-flip-image-gallery | page-flip-image-gallery |
91
|
Page Flip Image Gallery <= 0.2.2 - Directory Traversal | LOW | *-0.2.2 | July 5, 2026 | ||
| st_newsletter | st_newsletter | N/A | ShiftThis Newsletter <= 2.3.1 - SQL Injection | LOW | *-2.3.1 | July 5, 2026 | ||
| php-shell | php-shell |
91
|
PHP Shell (All Versions) - Backdoor | LOW | * | July 5, 2026 | ||
| downloads-manager | downloads-manager |
91
|
Downloads Manager <= 0.2 - Arbitrary File Upload | LOW | *-0.2 | July 5, 2026 | ||
| tubepress | tubepress | N/A | TubePress < 1.6.5 - Cross-Site Scripting | LOW | *-1.5.7 | 1.6.5 | July 5, 2026 | |
| Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | nextgen-gallery |
66
|
NextGEN Gallery Plugin <= 1.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.9.0 | 1.9.1 | July 5, 2026 | |
| download-monitor | download-monitor |
93
|
Download Monitor <= 2.0.6 - Unauthenticated SQL Injection | LOW | *-2.0.6 | 2.0.9 | July 5, 2026 | |
| sniplets | sniplets | N/A | Sniplets < 1.2.3 - Cross-Site Scripting | LOW | [*, 1.2.3) | 1.2.3 | July 5, 2026 | |
| sniplets | sniplets | N/A | Sniplets < 1.2.3 - Remote Code Execution | LOW | [*, 1.2.3) | 1.2.3 | July 5, 2026 | |
| sniplets | sniplets | N/A | Sniplets < 1.2.3 - Remote File Inclusion | LOW | [*, 1.2.3) | 1.2.3 | July 5, 2026 | |
| simple-forum | simple-forum | N/A | Yellow Swordfish Simple Forum <= 1.11 - SQL Injection | LOW | *-1.11 | July 5, 2026 | ||
| search-unleashed | search-unleashed | N/A | Search Unleashed <= 0.2.10 - Cross-Site Scripting | LOW | *-0.2.10 | 0.2.11 | July 5, 2026 | |
| st_newsletter | st_newsletter | N/A | ShiftThis (Unspecified Version) - SQL Injection | LOW | * | July 5, 2026 | ||
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook < 1.9.0 - Cross-Site Scripting | LOW | [*, 1.9.0) | 1.9.0 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook <= 1.8.0 - Directory Traversal | LOW | *-1.8.0 | 1.8.1 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook < 1.9.0 - Cross-Site Scripting | LOW | [*, 1.9.0) | 1.9.0 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook <= 1.7.0 - SQL Injection | LOW | * | July 5, 2026 | ||
| fgallery | fgallery |
93
|
fGallery 2.4.1 - SQL injection | LOW | *-2.4.1 | 2.4.2 | July 5, 2026 | |
| adserve | adserve |
97
|
AdServe < 0.3 - SQL Injection | LOW | *-0.2 | 0.3 | July 5, 2026 | |
| permalinks-migration-plugin-for-wordpress | permalinks-migration-plugin-for-wordpress |
91
|
Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting | LOW | *-1.0 | July 5, 2026 | ||
| spambam | spambam | N/A | Spambam <= 2.1 - Authorization Bypass | LOW | *-2.1 | July 5, 2026 | ||
| peters-math-anti-spam | peters-math-anti-spam |
93
|
Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass | LOW | *-0.1.6 | 1.0.0 | July 5, 2026 | |
| math-comment-spam-protection | math-comment-spam-protection |
93
|
Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting | LOW | *-2.1 | 2.2 | July 5, 2026 | |
| pictpress | pictpress |
93
|
PictPress <= 0.91 - Directory Traversal | LOW | *-0.91 | 0.99 | July 5, 2026 | |
| cryptographp | cryptographp |
91
|
Cryptographp <= 1.2 - Cross-Site Scripting | LOW | *-1.2 | July 5, 2026 | ||
| captcha-offrepo | captcha-offrepo |
93
|
Captcha! <= 2.5d - Cross-Site Scripting | LOW | * - 2.5d | 2.6 | July 5, 2026 | |
| math-comment-spam-protection | math-comment-spam-protection |
93
|
Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery | LOW | *-2.1 | 2.2 | July 5, 2026 | |
| peters-random-anti-spam-image | peters-random-anti-spam-image |
91
|
Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting | LOW | *-1.0.6 | July 5, 2026 | ||
| backupwordpress | backupwordpress |
93
|
BackUpWordPress <= 0.4.2b - Remote File Inclusion | LOW | [*, 0.4.3) | 0.4.3 | July 5, 2026 | |
| feedburner-feedsmith | feedburner-feedsmith |
93
|
FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery | LOW | *-2.2 | 2.3 | July 5, 2026 | |
| stats | stats | N/A | stats <= 1.1 - SQL Injection | LOW | *-1.1 | 1.1.1 | July 5, 2026 | |
| feedstats-de | feedstats-de |
93
|
FeedStats < 2.4 - Cross-Site Scripting | LOW | [*, 2.4) | 2.4 | July 5, 2026 | |
| stats | stats | N/A | stats <= 1.0 - Stored Cross-Site Scripting | LOW | *-1.0 | 1.1 | July 5, 2026 | |
| adsense-deluxe | adsense-deluxe |
95
|
AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery | LOW | *-0.8 | July 5, 2026 | ||
| Akismet Anti-spam: Spam Protection | akismet |
92
|
Akismet Spam Protection < 2.0.2 - Cross-Site Scripting | LOW | *-2.0.1 | 2.0.2 | July 5, 2026 | |
| myflash | myflash |
93
|
Myflash < 1.11 - Remote File Inclusion | LOW | *-1.00 | 1.11 | July 5, 2026 | |
| the-hackers-diet | the-hackers-diet | N/A | The Hacker's Diet <= 0.9.6b - SQL Injection | LOW | * - 0.9.6b | 0.9.7b | July 5, 2026 | |
| mygallery | mygallery |
93
|
MySliderGallery <= 1.2.1 - Remote File Inclusion | LOW | *-1.2.1 | 1.4b5 | July 5, 2026 | |
| subscribe-to-comments | subscribe-to-comments | N/A | Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting | LOW | *-2.0.7 | 2.0.8 | July 5, 2026 | |
| secure-files | secure-files | N/A | secure-files <= 1.1 - Directory Traversal | LOW | *-1.1 | 1.2 | July 5, 2026 |
cdnvote
cdnvote
rss-feed-reader
rss-feed-reader
statpresscn
statpresscn
embedded-video-with-link
embedded-video-with-link
cforms2
cforms2
register-plus
register-plus
register-plus
register-plus
event-registration
event-registration
feedlist
feedlist
cforms2
cforms2
mylinksdump
mylinksdump
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
nextgen-gallery
cpl
cpl
piwik-pro
piwik-pro
google-analyticator
google-analyticator
my-category-order
my-category-order
related-sites
related-sites
dm-albums
dm-albums
firestats
firestats
photoracer
photoracer
firestats
firestats
fmoblog
fmoblog
page-flip-image-gallery
page-flip-image-gallery
st_newsletter
st_newsletter
php-shell
php-shell
downloads-manager
downloads-manager
tubepress
tubepress
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
nextgen-gallery
download-monitor
download-monitor
sniplets
sniplets
sniplets
sniplets
sniplets
sniplets
simple-forum
simple-forum
search-unleashed
search-unleashed
st_newsletter
st_newsletter
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
fgallery
fgallery
adserve
adserve
permalinks-migration-plugin-for-wordpress
permalinks-migration-plugin-for-wordpress
spambam
spambam
peters-math-anti-spam
peters-math-anti-spam
math-comment-spam-protection
math-comment-spam-protection
pictpress
pictpress
cryptographp
cryptographp
captcha-offrepo
captcha-offrepo
math-comment-spam-protection
math-comment-spam-protection
peters-random-anti-spam-image
peters-random-anti-spam-image
backupwordpress
backupwordpress
feedburner-feedsmith
feedburner-feedsmith
stats
stats
feedstats-de
feedstats-de
stats
stats
adsense-deluxe
adsense-deluxe
Akismet Anti-spam: Spam Protection
akismet
myflash
myflash
the-hackers-diet
the-hackers-diet
mygallery
mygallery
subscribe-to-comments
subscribe-to-comments
secure-files
secure-files
Showing 28501 to 28562 of 28542 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 5, 2026 at 01:45 UTC.