Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

28542

Across tracked plugins

Affected Plugins

50

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
cdnvote cdnvote
93
CDN Vote < 0.4.2 - SQL Injection LOW [*, 0.4.2) 0.4.2 July 5, 2026
rss-feed-reader rss-feed-reader N/A RSS Feed Reader <= 0.1 - Cross-Site Scripting LOW *-0.1 July 5, 2026
statpresscn statpresscn N/A StatPressCN <= 1.9.0 - Cross-Site Scripting LOW *-1.9.0 1.9.1 July 5, 2026
embedded-video-with-link embedded-video-with-link
91
Embedded Video <= 4.1 - Cross-Site Scripting LOW *-4.1 July 5, 2026
cforms2 cforms2
93
CformsII <= 14.10.1 - CAPTCHA Bypass LOW *-14.10.1 14.11 July 5, 2026
register-plus register-plus N/A Register Plus <= 3.5.11 - Stored Cross-Site Scripting LOW *-3.5.11 July 5, 2026
register-plus register-plus N/A Register Plus <= 3.5.11 - Sensitive Information Disclosure LOW *-3.5.11 July 5, 2026
event-registration event-registration
93
Event Registration < 6.00.03 - SQL Injection LOW [*, 6.00.03) 6.00.03 July 5, 2026
feedlist feedlist
93
FeedList <= 2.61.03 - Reflected Cross-Site Scripting LOW *-2.61.03 2.70.00 July 5, 2026
cforms2 cforms2
93
CformsII <=11.5 - Cross-Site Scripting LOW *-11.5 11.6.1 July 5, 2026
mylinksdump mylinksdump
87
myLinksDump <= 1.2 - SQL Injection LOW *-1.2 July 5, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
66
WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting LOW [*, 1.5.2) 1.5.2 July 5, 2026
cpl cpl
91
Copperleaf Photolog <= 0.16- SQL injection LOW *-0.16 July 5, 2026
piwik-pro piwik-pro
93
Various Affected Software (Various Versions) - Arbitrary File Upload LOW 0.2.35-0.4.3 0.4.4 July 5, 2026
google-analyticator google-analyticator
93
Google Analyticator <= 5.2 - Cross-Site Scripting LOW [*, 5.2.1) 5.2.1 July 5, 2026
my-category-order my-category-order
93
my-category-order <= 2.8.7 - SQL Injection LOW *-2.8.7 3.0.1 July 5, 2026
related-sites related-sites N/A Related Sites <= 2.2 - SQL Injection LOW *-2.2 2.2.1 July 5, 2026
dm-albums dm-albums
91
DM Albums <= 1.9.2 - Remote File Inclusion LOW *-1.9.2 1.9.3 July 5, 2026
firestats firestats
93
FireStats <1.6.2 - SQL Injection LOW [*, 1.6.2) 1.6.2 July 5, 2026
photoracer photoracer
91
Photoracer Plugin <= 1.0 - SQL Injection LOW *-1.0 July 5, 2026
firestats firestats
93
FireStats < 1.6.2 - Remote File Inclusion LOW [*, 1.6.2) 1.6.2 July 5, 2026
fmoblog fmoblog
91
fMoblog <= 2.1 - SQL Injection LOW *-2.1 July 5, 2026
page-flip-image-gallery page-flip-image-gallery
91
Page Flip Image Gallery <= 0.2.2 - Directory Traversal LOW *-0.2.2 July 5, 2026
st_newsletter st_newsletter N/A ShiftThis Newsletter <= 2.3.1 - SQL Injection LOW *-2.3.1 July 5, 2026
php-shell php-shell
91
PHP Shell (All Versions) - Backdoor LOW * July 5, 2026
downloads-manager downloads-manager
91
Downloads Manager <= 0.2 - Arbitrary File Upload LOW *-0.2 July 5, 2026
tubepress tubepress N/A TubePress < 1.6.5 - Cross-Site Scripting LOW *-1.5.7 1.6.5 July 5, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
66
NextGEN Gallery Plugin <= 1.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.9.0 1.9.1 July 5, 2026
download-monitor download-monitor
93
Download Monitor <= 2.0.6 - Unauthenticated SQL Injection LOW *-2.0.6 2.0.9 July 5, 2026
sniplets sniplets N/A Sniplets < 1.2.3 - Cross-Site Scripting LOW [*, 1.2.3) 1.2.3 July 5, 2026
sniplets sniplets N/A Sniplets < 1.2.3 - Remote Code Execution LOW [*, 1.2.3) 1.2.3 July 5, 2026
sniplets sniplets N/A Sniplets < 1.2.3 - Remote File Inclusion LOW [*, 1.2.3) 1.2.3 July 5, 2026
simple-forum simple-forum N/A Yellow Swordfish Simple Forum <= 1.11 - SQL Injection LOW *-1.11 July 5, 2026
search-unleashed search-unleashed N/A Search Unleashed <= 0.2.10 - Cross-Site Scripting LOW *-0.2.10 0.2.11 July 5, 2026
st_newsletter st_newsletter N/A ShiftThis (Unspecified Version) - SQL Injection LOW * July 5, 2026
dmsguestbook dmsguestbook
91
DMSGuestbook < 1.9.0 - Cross-Site Scripting LOW [*, 1.9.0) 1.9.0 July 5, 2026
dmsguestbook dmsguestbook
91
DMSGuestbook <= 1.8.0 - Directory Traversal LOW *-1.8.0 1.8.1 July 5, 2026
dmsguestbook dmsguestbook
91
DMSGuestbook < 1.9.0 - Cross-Site Scripting LOW [*, 1.9.0) 1.9.0 July 5, 2026
dmsguestbook dmsguestbook
91
DMSGuestbook <= 1.7.0 - SQL Injection LOW * July 5, 2026
fgallery fgallery
93
fGallery 2.4.1 - SQL injection LOW *-2.4.1 2.4.2 July 5, 2026
adserve adserve
97
AdServe < 0.3 - SQL Injection LOW *-0.2 0.3 July 5, 2026
permalinks-migration-plugin-for-wordpress permalinks-migration-plugin-for-wordpress
91
Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0 July 5, 2026
spambam spambam N/A Spambam <= 2.1 - Authorization Bypass LOW *-2.1 July 5, 2026
peters-math-anti-spam peters-math-anti-spam
93
Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass LOW *-0.1.6 1.0.0 July 5, 2026
math-comment-spam-protection math-comment-spam-protection
93
Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting LOW *-2.1 2.2 July 5, 2026
pictpress pictpress
93
PictPress <= 0.91 - Directory Traversal LOW *-0.91 0.99 July 5, 2026
cryptographp cryptographp
91
Cryptographp <= 1.2 - Cross-Site Scripting LOW *-1.2 July 5, 2026
captcha-offrepo captcha-offrepo
93
Captcha! <= 2.5d - Cross-Site Scripting LOW * - 2.5d 2.6 July 5, 2026
math-comment-spam-protection math-comment-spam-protection
93
Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery LOW *-2.1 2.2 July 5, 2026
peters-random-anti-spam-image peters-random-anti-spam-image
91
Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting LOW *-1.0.6 July 5, 2026
backupwordpress backupwordpress
93
BackUpWordPress <= 0.4.2b - Remote File Inclusion LOW [*, 0.4.3) 0.4.3 July 5, 2026
feedburner-feedsmith feedburner-feedsmith
93
FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery LOW *-2.2 2.3 July 5, 2026
stats stats N/A stats <= 1.1 - SQL Injection LOW *-1.1 1.1.1 July 5, 2026
feedstats-de feedstats-de
93
FeedStats < 2.4 - Cross-Site Scripting LOW [*, 2.4) 2.4 July 5, 2026
stats stats N/A stats <= 1.0 - Stored Cross-Site Scripting LOW *-1.0 1.1 July 5, 2026
adsense-deluxe adsense-deluxe
95
AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery LOW *-0.8 July 5, 2026
Akismet Anti-spam: Spam Protection akismet
92
Akismet Spam Protection < 2.0.2 - Cross-Site Scripting LOW *-2.0.1 2.0.2 July 5, 2026
myflash myflash
93
Myflash < 1.11 - Remote File Inclusion LOW *-1.00 1.11 July 5, 2026
the-hackers-diet the-hackers-diet N/A The Hacker's Diet <= 0.9.6b - SQL Injection LOW * - 0.9.6b 0.9.7b July 5, 2026
mygallery mygallery
93
MySliderGallery <= 1.2.1 - Remote File Inclusion LOW *-1.2.1 1.4b5 July 5, 2026
subscribe-to-comments subscribe-to-comments N/A Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting LOW *-2.0.7 2.0.8 July 5, 2026
secure-files secure-files N/A secure-files <= 1.1 - Directory Traversal LOW *-1.1 1.2 July 5, 2026
LOW

cdnvote

cdnvote

Score: 93/100 CDN Vote < 0.4.2 - SQL Injection Affected: [*, 0.4.2) Patched: 0.4.2 Updated: July 5, 2026
LOW

rss-feed-reader

rss-feed-reader

Score: N/A RSS Feed Reader <= 0.1 - Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

statpresscn

statpresscn

Score: N/A StatPressCN <= 1.9.0 - Cross-Site Scripting Affected: *-1.9.0 Patched: 1.9.1 Updated: July 5, 2026
LOW

embedded-video-with-link

embedded-video-with-link

Score: 91/100 Embedded Video <= 4.1 - Cross-Site Scripting Affected: *-4.1 Patched: Updated: July 5, 2026
LOW

cforms2

cforms2

Score: 93/100 CformsII <= 14.10.1 - CAPTCHA Bypass Affected: *-14.10.1 Patched: 14.11 Updated: July 5, 2026
LOW

register-plus

register-plus

Score: N/A Register Plus <= 3.5.11 - Stored Cross-Site Scripting Affected: *-3.5.11 Patched: Updated: July 5, 2026
LOW

register-plus

register-plus

Score: N/A Register Plus <= 3.5.11 - Sensitive Information Disclosure Affected: *-3.5.11 Patched: Updated: July 5, 2026
LOW

event-registration

event-registration

Score: 93/100 Event Registration < 6.00.03 - SQL Injection Affected: [*, 6.00.03) Patched: 6.00.03 Updated: July 5, 2026
LOW

feedlist

feedlist

Score: 93/100 FeedList <= 2.61.03 - Reflected Cross-Site Scripting Affected: *-2.61.03 Patched: 2.70.00 Updated: July 5, 2026
LOW

cforms2

cforms2

Score: 93/100 CformsII <=11.5 - Cross-Site Scripting Affected: *-11.5 Patched: 11.6.1 Updated: July 5, 2026
LOW

mylinksdump

mylinksdump

Score: 87/100 myLinksDump <= 1.2 - SQL Injection Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

cpl

cpl

Score: 91/100 Copperleaf Photolog <= 0.16- SQL injection Affected: *-0.16 Patched: Updated: July 5, 2026
LOW

piwik-pro

piwik-pro

Score: 93/100 Various Affected Software (Various Versions) - Arbitrary File Upload Affected: 0.2.35-0.4.3 Patched: 0.4.4 Updated: July 5, 2026
LOW

google-analyticator

google-analyticator

Score: 93/100 Google Analyticator <= 5.2 - Cross-Site Scripting Affected: [*, 5.2.1) Patched: 5.2.1 Updated: July 5, 2026
LOW

my-category-order

my-category-order

Score: 93/100 my-category-order <= 2.8.7 - SQL Injection Affected: *-2.8.7 Patched: 3.0.1 Updated: July 5, 2026
LOW

related-sites

related-sites

Score: N/A Related Sites <= 2.2 - SQL Injection Affected: *-2.2 Patched: 2.2.1 Updated: July 5, 2026
LOW

dm-albums

dm-albums

Score: 91/100 DM Albums <= 1.9.2 - Remote File Inclusion Affected: *-1.9.2 Patched: 1.9.3 Updated: July 5, 2026
LOW

firestats

firestats

Score: 93/100 FireStats <1.6.2 - SQL Injection Affected: [*, 1.6.2) Patched: 1.6.2 Updated: July 5, 2026
LOW

photoracer

photoracer

Score: 91/100 Photoracer Plugin <= 1.0 - SQL Injection Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

firestats

firestats

Score: 93/100 FireStats < 1.6.2 - Remote File Inclusion Affected: [*, 1.6.2) Patched: 1.6.2 Updated: July 5, 2026
LOW

fmoblog

fmoblog

Score: 91/100 fMoblog <= 2.1 - SQL Injection Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

page-flip-image-gallery

page-flip-image-gallery

Score: 91/100 Page Flip Image Gallery <= 0.2.2 - Directory Traversal Affected: *-0.2.2 Patched: Updated: July 5, 2026
LOW

st_newsletter

st_newsletter

Score: N/A ShiftThis Newsletter <= 2.3.1 - SQL Injection Affected: *-2.3.1 Patched: Updated: July 5, 2026
LOW

php-shell

php-shell

Score: 91/100 PHP Shell (All Versions) - Backdoor Affected: * Patched: Updated: July 5, 2026
LOW

downloads-manager

downloads-manager

Score: 91/100 Downloads Manager <= 0.2 - Arbitrary File Upload Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

tubepress

tubepress

Score: N/A TubePress < 1.6.5 - Cross-Site Scripting Affected: *-1.5.7 Patched: 1.6.5 Updated: July 5, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 2.0.6 - Unauthenticated SQL Injection Affected: *-2.0.6 Patched: 2.0.9 Updated: July 5, 2026
LOW

sniplets

sniplets

Score: N/A Sniplets < 1.2.3 - Cross-Site Scripting Affected: [*, 1.2.3) Patched: 1.2.3 Updated: July 5, 2026
LOW

sniplets

sniplets

Score: N/A Sniplets < 1.2.3 - Remote Code Execution Affected: [*, 1.2.3) Patched: 1.2.3 Updated: July 5, 2026
LOW

sniplets

sniplets

Score: N/A Sniplets < 1.2.3 - Remote File Inclusion Affected: [*, 1.2.3) Patched: 1.2.3 Updated: July 5, 2026
LOW

simple-forum

simple-forum

Score: N/A Yellow Swordfish Simple Forum <= 1.11 - SQL Injection Affected: *-1.11 Patched: Updated: July 5, 2026
LOW

search-unleashed

search-unleashed

Score: N/A Search Unleashed <= 0.2.10 - Cross-Site Scripting Affected: *-0.2.10 Patched: 0.2.11 Updated: July 5, 2026
LOW

st_newsletter

st_newsletter

Score: N/A ShiftThis (Unspecified Version) - SQL Injection Affected: * Patched: Updated: July 5, 2026
LOW

dmsguestbook

dmsguestbook

Score: 91/100 DMSGuestbook < 1.9.0 - Cross-Site Scripting Affected: [*, 1.9.0) Patched: 1.9.0 Updated: July 5, 2026
LOW

dmsguestbook

dmsguestbook

Score: 91/100 DMSGuestbook <= 1.8.0 - Directory Traversal Affected: *-1.8.0 Patched: 1.8.1 Updated: July 5, 2026
LOW

dmsguestbook

dmsguestbook

Score: 91/100 DMSGuestbook < 1.9.0 - Cross-Site Scripting Affected: [*, 1.9.0) Patched: 1.9.0 Updated: July 5, 2026
LOW

dmsguestbook

dmsguestbook

Score: 91/100 DMSGuestbook <= 1.7.0 - SQL Injection Affected: * Patched: Updated: July 5, 2026
LOW

fgallery

fgallery

Score: 93/100 fGallery 2.4.1 - SQL injection Affected: *-2.4.1 Patched: 2.4.2 Updated: July 5, 2026
LOW

adserve

adserve

Score: 97/100 AdServe < 0.3 - SQL Injection Affected: *-0.2 Patched: 0.3 Updated: July 5, 2026
LOW

permalinks-migration-plugin-for-wordpress

permalinks-migration-plugin-for-wordpress

Score: 91/100 Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

spambam

spambam

Score: N/A Spambam <= 2.1 - Authorization Bypass Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

peters-math-anti-spam

peters-math-anti-spam

Score: 93/100 Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass Affected: *-0.1.6 Patched: 1.0.0 Updated: July 5, 2026
LOW

math-comment-spam-protection

math-comment-spam-protection

Score: 93/100 Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 5, 2026
LOW

pictpress

pictpress

Score: 93/100 PictPress <= 0.91 - Directory Traversal Affected: *-0.91 Patched: 0.99 Updated: July 5, 2026
LOW

cryptographp

cryptographp

Score: 91/100 Cryptographp <= 1.2 - Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

captcha-offrepo

captcha-offrepo

Score: 93/100 Captcha! <= 2.5d - Cross-Site Scripting Affected: * - 2.5d Patched: 2.6 Updated: July 5, 2026
LOW

math-comment-spam-protection

math-comment-spam-protection

Score: 93/100 Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: 2.2 Updated: July 5, 2026
LOW

peters-random-anti-spam-image

peters-random-anti-spam-image

Score: 91/100 Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

backupwordpress

backupwordpress

Score: 93/100 BackUpWordPress <= 0.4.2b - Remote File Inclusion Affected: [*, 0.4.3) Patched: 0.4.3 Updated: July 5, 2026
LOW

feedburner-feedsmith

feedburner-feedsmith

Score: 93/100 FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery Affected: *-2.2 Patched: 2.3 Updated: July 5, 2026
LOW

stats

stats

Score: N/A stats <= 1.1 - SQL Injection Affected: *-1.1 Patched: 1.1.1 Updated: July 5, 2026
LOW

feedstats-de

feedstats-de

Score: 93/100 FeedStats < 2.4 - Cross-Site Scripting Affected: [*, 2.4) Patched: 2.4 Updated: July 5, 2026
LOW

stats

stats

Score: N/A stats <= 1.0 - Stored Cross-Site Scripting Affected: *-1.0 Patched: 1.1 Updated: July 5, 2026
LOW

adsense-deluxe

adsense-deluxe

Score: 95/100 AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery Affected: *-0.8 Patched: Updated: July 5, 2026
LOW

Akismet Anti-spam: Spam Protection

akismet

Score: 92/100 Akismet Spam Protection < 2.0.2 - Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: July 5, 2026
LOW

myflash

myflash

Score: 93/100 Myflash < 1.11 - Remote File Inclusion Affected: *-1.00 Patched: 1.11 Updated: July 5, 2026
LOW

the-hackers-diet

the-hackers-diet

Score: N/A The Hacker's Diet <= 0.9.6b - SQL Injection Affected: * - 0.9.6b Patched: 0.9.7b Updated: July 5, 2026
LOW

mygallery

mygallery

Score: 93/100 MySliderGallery <= 1.2.1 - Remote File Inclusion Affected: *-1.2.1 Patched: 1.4b5 Updated: July 5, 2026
LOW

subscribe-to-comments

subscribe-to-comments

Score: N/A Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting Affected: *-2.0.7 Patched: 2.0.8 Updated: July 5, 2026
LOW

secure-files

secure-files

Score: N/A secure-files <= 1.1 - Directory Traversal Affected: *-1.1 Patched: 1.2 Updated: July 5, 2026

Showing 28501 to 28562 of 28542 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 01:45 UTC.