Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
forms-bridge	forms-bridge	93	Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-4.2.5	4.3.0	June 30, 2026
tablemaster-for-elementor	tablemaster-for-elementor	N/A	TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter	LOW	*-1.3.6	1.3.7	June 30, 2026
Appointment Hour Booking – Booking Calendar	appointment-hour-booking	97	Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration	LOW	*-1.5.60	1.5.61	June 30, 2026
brid-video-easy-publish	brid-video-easy-publish	91	Target Video Easy Publish <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter	LOW	*-3.8.8	3.8.9	June 30, 2026
easy-replace-image	easy-replace-image	93	Easy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement	LOW	*-3.5.2	3.5.3	June 30, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress	ai-engine	82	AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-3.3.2	3.3.3	June 30, 2026
wplegalpages	wplegalpages	N/A	WPLegalPages <= 3.5.4 - Missing Authorization	LOW	*-3.5.4	3.5.5	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.3.2 - Reflected Cross-Site Scripting	LOW	*-5.3.2	5.3.3	June 30, 2026
woo-thank-you-page-nextmove-lite	woo-thank-you-page-nextmove-lite	N/A	NextMove Lite <= 2.23.0 - Missing Authorization	LOW	*-2.23.0	2.24.0	June 30, 2026
widget-logic-visual	widget-logic-visual	N/A	Widget Logic Visual <= 1.52 - Reflected Cross-Site Scripting	LOW	*-1.52		June 30, 2026
vidshop-for-woocommerce	vidshop-for-woocommerce	N/A	VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'	LOW	*-1.1.4	1.1.5	June 30, 2026
sunshine-photo-cart	sunshine-photo-cart	N/A	Sunshine Photo Cart <= 3.5.6.2 - Missing Authorization	LOW	*-3.5.6.2	3.5.7.1	June 30, 2026
stop-spammer-registrations-plugin	stop-spammer-registrations-plugin	N/A	Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist	LOW	*-2026.1	2026.2	June 30, 2026
snow-monkey-forms	snow-monkey-forms	N/A	Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal	LOW	*-12.0.3	12.0.4	June 30, 2026
simple-folio	simple-folio	N/A	Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields	LOW	*-1.1.1	1.1.2	June 30, 2026
simple-archive-generator	simple-archive-generator	N/A	Simple Archive Generator <= 5.2 - Reflected Cross-Site Scripting	LOW	*-5.2		June 30, 2026
recipe-card-blocks-by-wpzoom	recipe-card-blocks-by-wpzoom	N/A	Recipe Card Blocks for Gutenberg & Elementor < 3.4.13 - Authenticated (Contributor+) SQL Injection	LOW	[*, 3.4.13)	3.4.13	June 30, 2026
prague-plugins	prague-plugins	N/A	Prague <= 2.2.8 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.2.8	2.2.9	June 30, 2026
poll-wp	poll-wp	N/A	TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.5.5 - Authenticated (Editor+) Server-Side Request Forgery	LOW	*-2.5.5	2.6.0	June 30, 2026
mopinion-feedback-form	mopinion-feedback-form	91	Mopinion Feedback Form <= 1.1.1 - Reflected Cross-Site Scripting	LOW	*-1.1.1		June 30, 2026
modeltheme-addons-for-wpbakery	modeltheme-addons-for-wpbakery	93	ModelTheme Addons for WPBakery and Elementor < 1.5.6 - Authenticated (Contributor+) PHP Object Injection	LOW	[*, 1.5.6)	1.5.6	June 30, 2026
membees-member-login-widget	membees-member-login-widget	93	Membee Login <= 2.3.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.3.6	2.3.7	June 30, 2026
leadpages	leadpages	93	Leadpages <= 1.1.3 - Missing Authorization	LOW	*-1.1.3	1.1.4	June 30, 2026
job-board-light	job-board-light	87	JobBoard Job listing <= 1.2.8 - Unauthenticated Information Exposure	LOW	*-1.2.8		June 30, 2026
isape	isape	91	iSape <= 0.72 - Reflected Cross-Site Scripting	LOW	*-0.72		June 30, 2026
happy-helpdesk-support-ticket-system	happy-helpdesk-support-ticket-system	93	HAPPY <= 1.0.8 - Missing Authorization	LOW	*-1.0.8	1.0.9	June 30, 2026
fluent-cart	fluent-cart	93	FluentCart < 1.3.0 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 1.3.0)	1.3.0	June 30, 2026
farazsms	farazsms	91	افزونه پیامک حرفه ای فراز اس ام اس <= 2.7.3 - Reflected Cross-Site Scripting	LOW	*-2.7.3		June 30, 2026
faf	faf	91	FeedWordPress Advanced Filters <= 0.6.2 - Reflected Cross-Site Scripting	LOW	*-0.6.2		June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization	LOW	*-3.3.5	3.3.6	June 30, 2026
eds-responsive-menu	eds-responsive-menu	87	eDS Responsive Menu <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 30, 2026
directorist	directorist	93	Directorist <= 8.6.6 - Missing Authorization	LOW	*-8.6.6	8.6.7	June 30, 2026
designthemes-core-features	designthemes-core-features	89	DesignThemes Core Features <= 2.3 - Reflected Cross-Site Scripting	LOW	*-2.3		June 30, 2026
crete-core	crete-core	91	Crete Core <= 1.4.3 - Unauthenticated SQL Injection	LOW	*-1.4.3		June 30, 2026
Translate WordPress with ConveyThis – AI Multilingual Plugin	conveythis-translate	86	ConveyThis <= 270.4 - Missing Authorization	LOW	*-270.4	270.5	June 30, 2026
content-protector	content-protector	93	Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.2.24	4.2.25	June 30, 2026
buy-now-plus	buy-now-plus	93	Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.2	1.0.3	June 30, 2026
asynchronous-javascript	asynchronous-javascript	91	Asynchronous Javascript <= 1.3.5 - Reflected Cross-Site Scripting	LOW	*-1.3.5		June 30, 2026
allmart-core	allmart-core	95	Allmart <= 1.1 - Unauthenticated SQL Injection	LOW	*-1.1		June 30, 2026
ahachat-messenger-marketing	ahachat-messenger-marketing	95	AhaChat Messenger Marketing <= 1.1 - Authentication Bypass	LOW	*-1.1		June 30, 2026
ahachat-messenger-marketing	ahachat-messenger-marketing	95	AhaChat Messenger Marketing <= 1.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
adminify	adminify	97	WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API	LOW	*-4.0.7.7	4.0.7.8	June 30, 2026
adirectory	adirectory	97	aDirectory <= 3.0.3 - Missing Authorization	LOW	*-3.0.3	3.0.4	June 30, 2026
aardvark-plugin	aardvark-plugin	95	Aardvark <= 2.19 - Missing Authorization	LOW	*-2.19		June 30, 2026
invoice-payment-for-woocommerce	invoice-payment-for-woocommerce	93	Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation	LOW	*-2.8.0	2.8.1	June 30, 2026
wp-subscribe	wp-subscribe	N/A	Subscribe <= 1.2.16 - Missing Authorization	LOW	*-1.2.16		June 30, 2026
wp-fullcalendar	wp-fullcalendar	N/A	FullCalendar <= 1.6 - Unauthenticated Information Exposure	LOW	*-1.6		June 30, 2026
woocommerce-email-inquiry-cart-options	woocommerce-email-inquiry-cart-options	N/A	Email Inquiry & Cart Options for WooCommerce <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.3		June 30, 2026
wiser-review	wiser-review	N/A	WiserReview Product Reviews for WooCommerce <= 2.9 - Missing Authorization	LOW	*-2.9	3.0	June 30, 2026
webp-conversion	webp-conversion	N/A	WebP Conversion <= 2.1 - Missing Authorization	LOW	*-2.1		June 30, 2026
the-plus-addons-for-block-editor	the-plus-addons-for-block-editor	N/A	Nexter Blocks <= 4.6.3 - Authenticated (Subscriber+) Information Exposure	LOW	*-4.6.3	4.6.4	June 30, 2026
tablesome	tablesome	N/A	Tablesome <= 1.2.8 - Missing Authorization	LOW	*-1.2.8	1.2.9	June 30, 2026
schedula-smart-appointment-booking	schedula-smart-appointment-booking	N/A	Schedula <= 1.0 - Missing Authorization	LOW	*-1.0	1.1	June 30, 2026
quick-restaurant-reservations	quick-restaurant-reservations	N/A	Quick Restaurant Reservations <= 1.6.7 - Missing Authorization	LOW	*-1.6.7		June 30, 2026
photoblocks-grid-gallery	photoblocks-grid-gallery	N/A	Gallery PhotoBlocks <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.2	1.3.3	June 30, 2026
nova-blocks	nova-blocks	N/A	Nova Blocks <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.9	2.1.10	June 30, 2026
kama-thumbnail	kama-thumbnail	91	Kama Thumbnail <= 3.5.1 - Cross-Site Request Forgery	LOW	*-3.5.1		June 30, 2026
hCaptcha for WP	hcaptcha-for-forms-and-more	73	hCaptcha for WP <= 4.22.0 - Missing Authorization	LOW	*-4.22.0	4.23.0	June 30, 2026
CLP Varnish Cache	clp-varnish-cache	97	CLP Varnish Cache <= 1.0.2 - Missing Authorization	LOW	*-1.0.2	1.0.3	June 30, 2026
cartflows	cartflows	93	CartFlows – Checkout & Funnel Builder for WooCommerce <= 2.1.19 - Authenticated (Administrator+) PHP Object Injection	LOW	*-2.1.19	2.2.0	June 30, 2026
wp-custom-admin-interface	wp-custom-admin-interface	N/A	Custom Admin Interface <= 7.41 - Missing Authorization	LOW	*-7.41	7.42	June 30, 2026
wp-bannerize-pro	wp-bannerize-pro	N/A	Bannerize Pro <= 1.11.0 - Missing Authorization	LOW	*-1.11.0	1.11.1	June 30, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups	wordpress-popup	91	Hustle <= 7.8.9.2 - Unauthenticated Information Exposure	LOW	*-7.8.9.2	7.8.9.3	June 30, 2026
webpushr-web-push-notifications	webpushr-web-push-notifications	N/A	Webpushr <= 4.38.0 - Unauthenticated Information Exposure	LOW	*-4.38.0	4.39.0	June 30, 2026
TOP Table Of Contents	top-table-of-contents	N/A	TOP Table Of Contents <= 1.3.31 - Missing Authorization	LOW	*-1.3.31	1.4.0	June 30, 2026
sitelock	sitelock	N/A	SiteLock Security <= 5.0.2 - Missing Authorization	LOW	*-5.0.2	5.0.3	June 30, 2026
share-this-image	share-this-image	N/A	Share This Image <= 2.09 - Missing Authorization	LOW	*-2.09	2.10	June 30, 2026
omnipress	omnipress	N/A	Omnipress <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.7		June 30, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.14 - Missing Authorization	LOW	*-6.1.14	6.1.15	June 30, 2026
booter-bots-crawlers-manager	booter-bots-crawlers-manager	93	Booter <= 1.5.7 - Missing Authorization	LOW	*-1.5.7	1.5.8	June 30, 2026
automatic-featured-images-from-videos	automatic-featured-images-from-videos	93	Automatic Featured Images from Videos <= 1.2.7 - Missing Authorization	LOW	*-1.2.7	1.2.8	June 30, 2026
CubeWP Framework	cubewp-framework	74	CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php	LOW	*-1.1.27	1.1.28	June 30, 2026
WP Go Maps (formerly WP Google Maps)	wp-google-maps	66	WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification	LOW	*-10.0.04	10.0.05	June 30, 2026
save-as-pdf-by-pdfcrowd	save-as-pdf-by-pdfcrowd	N/A	Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options	LOW	*-4.5.5	4.5.6	June 30, 2026
wpelemento-importer	wpelemento-importer	N/A	WPElemento Importer <= 0.6.4 - Missing Authorization	LOW	*-0.6.4	0.6.5	June 30, 2026
wp-term-order	wp-term-order	N/A	Term Order <= 2.1.0 - Cross-Site Request Forgery	LOW	*-2.1.0	2.2.0	June 30, 2026
wp-job-portal	wp-job-portal	N/A	Job Portal <= 2.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-2.4.3	2.4.4	June 30, 2026
wired-impact-volunteer-management	wired-impact-volunteer-management	N/A	Wired Impact Volunteer Management <= 2.8 - Missing Authorization	LOW	*-2.8	2.8.1	June 30, 2026
proteccion-datos-rgpd	proteccion-datos-rgpd	N/A	Protección de datos – RGPD <= 0.68 - Missing Authorization	LOW	*-0.68	0.69	June 30, 2026
omnipress	omnipress	N/A	Omnipress <= 1.6.7 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.6.7		June 30, 2026
materialis-companion	materialis-companion	93	Materialis Companion <= 1.3.52 - Missing Authorization	LOW	*-1.3.52	1.3.53	June 30, 2026
latest-post-shortcode	latest-post-shortcode	93	Latest Post Shortcode <= 14.2.0 - Missing Authorization	LOW	*-14.2.0	14.2.1	June 30, 2026
kentha-elementor	kentha-elementor	93	Kentha Elementor Widgets < 3.1 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 3.1)	3.1	June 30, 2026
integrate-google-drive	integrate-google-drive	91	Integrate Google Drive <= 1.5.6 - Missing Authorization	LOW	*-1.5.6		June 30, 2026
hd-quiz	hd-quiz	93	HD Quiz <= 2.0.9 - Missing Authorization	LOW	*-2.0.9	2.0.10	June 30, 2026
download-after-email	download-after-email	93	Download After Email <= 2.1.9 - Missing Authorization	LOW	*-2.1.9	2.1.10	June 30, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups	wordpress-popup	91	Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import	LOW	*-7.8.9.2	7.8.9.3	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action	LOW	*-1.4.9	1.5.0	June 30, 2026
responsive-header	responsive-header	N/A	Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters	LOW	*-1.0		June 30, 2026
surveyjs	surveyjs	N/A	SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Cloning	LOW	*-2.5.2	2.5.3	June 30, 2026
surveyjs	surveyjs	N/A	SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming	LOW	*-2.5.2	2.5.3	June 30, 2026
surveyjs	surveyjs	N/A	SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation	LOW	*-2.5.2	2.5.3	June 30, 2026
leadbi	leadbi	89	LeadBI Plugin for WordPress <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_id' Shortcode Attribute	LOW	*-1.7		June 30, 2026
friendly-functions-for-welcart	friendly-functions-for-welcart	93	Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update	LOW	*-1.2.5	1.2.6	June 30, 2026
timeline-event-history	timeline-event-history	N/A	Timeline Event History <= 3.2 - Reflected Cross-Site Scripting	LOW	*-3.2		June 30, 2026
javascript-notifier	javascript-notifier	93	JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-1.2.8	1.2.9	June 30, 2026
postalicious	postalicious	N/A	Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-3.0.1		June 30, 2026
meta-box-gallerymeta	meta-box-gallerymeta	93	Meta-box GalleryMeta <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption	LOW	*-3.0.1	3.1	June 30, 2026
meta-box-gallerymeta	meta-box-gallerymeta	93	Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management	LOW	*-3.0.1	3.1	June 30, 2026
user-submitted-posts	user-submitted-posts	N/A	User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field	LOW	*-20251210	20260110	June 30, 2026

LOW

forms-bridge

Score: 93/100 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-4.2.5 Patched: 4.3.0 Updated: June 30, 2026

LOW

tablemaster-for-elementor

Score: N/A TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

Appointment Hour Booking – Booking Calendar

appointment-hour-booking

Score: 97/100 Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration Affected: *-1.5.60 Patched: 1.5.61 Updated: June 30, 2026

LOW

brid-video-easy-publish

Score: 91/100 Target Video Easy Publish <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter Affected: *-3.8.8 Patched: 3.8.9 Updated: June 30, 2026

LOW

easy-replace-image

Score: 93/100 Easy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement Affected: *-3.5.2 Patched: 3.5.3 Updated: June 30, 2026

LOW

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

Score: 82/100 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-3.3.2 Patched: 3.3.3 Updated: June 30, 2026

LOW

wplegalpages

Score: N/A WPLegalPages <= 3.5.4 - Missing Authorization Affected: *-3.5.4 Patched: 3.5.5 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.3.2 - Reflected Cross-Site Scripting Affected: *-5.3.2 Patched: 5.3.3 Updated: June 30, 2026

LOW

woo-thank-you-page-nextmove-lite

Score: N/A NextMove Lite <= 2.23.0 - Missing Authorization Affected: *-2.23.0 Patched: 2.24.0 Updated: June 30, 2026

LOW

widget-logic-visual

Score: N/A Widget Logic Visual <= 1.52 - Reflected Cross-Site Scripting Affected: *-1.52 Patched: Updated: June 30, 2026

LOW

vidshop-for-woocommerce

Score: N/A VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields' Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

sunshine-photo-cart

Score: N/A Sunshine Photo Cart <= 3.5.6.2 - Missing Authorization Affected: *-3.5.6.2 Patched: 3.5.7.1 Updated: June 30, 2026

LOW

stop-spammer-registrations-plugin

Score: N/A Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist Affected: *-2026.1 Patched: 2026.2 Updated: June 30, 2026

LOW

snow-monkey-forms

Score: N/A Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal Affected: *-12.0.3 Patched: 12.0.4 Updated: June 30, 2026

LOW

simple-folio

Score: N/A Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026

LOW

simple-archive-generator

Score: N/A Simple Archive Generator <= 5.2 - Reflected Cross-Site Scripting Affected: *-5.2 Patched: Updated: June 30, 2026

LOW

recipe-card-blocks-by-wpzoom

Score: N/A Recipe Card Blocks for Gutenberg & Elementor < 3.4.13 - Authenticated (Contributor+) SQL Injection Affected: [*, 3.4.13) Patched: 3.4.13 Updated: June 30, 2026

LOW

prague-plugins

Score: N/A Prague <= 2.2.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.2.8 Patched: 2.2.9 Updated: June 30, 2026

LOW

poll-wp

Score: N/A TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.5.5 - Authenticated (Editor+) Server-Side Request Forgery Affected: *-2.5.5 Patched: 2.6.0 Updated: June 30, 2026

LOW

mopinion-feedback-form

Score: 91/100 Mopinion Feedback Form <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

modeltheme-addons-for-wpbakery

Score: 93/100 ModelTheme Addons for WPBakery and Elementor < 1.5.6 - Authenticated (Contributor+) PHP Object Injection Affected: [*, 1.5.6) Patched: 1.5.6 Updated: June 30, 2026

LOW

membees-member-login-widget

Score: 93/100 Membee Login <= 2.3.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.3.6 Patched: 2.3.7 Updated: June 30, 2026

LOW

leadpages

Score: 93/100 Leadpages <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

job-board-light

Score: 87/100 JobBoard Job listing <= 1.2.8 - Unauthenticated Information Exposure Affected: *-1.2.8 Patched: Updated: June 30, 2026

LOW

isape

Score: 91/100 iSape <= 0.72 - Reflected Cross-Site Scripting Affected: *-0.72 Patched: Updated: June 30, 2026

LOW

happy-helpdesk-support-ticket-system

Score: 93/100 HAPPY <= 1.0.8 - Missing Authorization Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

LOW

fluent-cart

Score: 93/100 FluentCart < 1.3.0 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 1.3.0) Patched: 1.3.0 Updated: June 30, 2026

LOW

farazsms

Score: 91/100 افزونه پیامک حرفه ای فراز اس ام اس <= 2.7.3 - Reflected Cross-Site Scripting Affected: *-2.7.3 Patched: Updated: June 30, 2026

LOW

faf

Score: 91/100 FeedWordPress Advanced Filters <= 0.6.2 - Reflected Cross-Site Scripting Affected: *-0.6.2 Patched: Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization Affected: *-3.3.5 Patched: 3.3.6 Updated: June 30, 2026

LOW

eds-responsive-menu

Score: 87/100 eDS Responsive Menu <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

directorist

Score: 93/100 Directorist <= 8.6.6 - Missing Authorization Affected: *-8.6.6 Patched: 8.6.7 Updated: June 30, 2026

LOW

designthemes-core-features

Score: 89/100 DesignThemes Core Features <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

crete-core

Score: 91/100 Crete Core <= 1.4.3 - Unauthenticated SQL Injection Affected: *-1.4.3 Patched: Updated: June 30, 2026

LOW

Translate WordPress with ConveyThis – AI Multilingual Plugin

conveythis-translate

Score: 86/100 ConveyThis <= 270.4 - Missing Authorization Affected: *-270.4 Patched: 270.5 Updated: June 30, 2026

LOW

content-protector

Score: 93/100 Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.2.24 Patched: 4.2.25 Updated: June 30, 2026

LOW

buy-now-plus

Score: 93/100 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

asynchronous-javascript

Score: 91/100 Asynchronous Javascript <= 1.3.5 - Reflected Cross-Site Scripting Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

allmart-core

Score: 95/100 Allmart <= 1.1 - Unauthenticated SQL Injection Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

ahachat-messenger-marketing

Score: 95/100 AhaChat Messenger Marketing <= 1.1 - Authentication Bypass Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

ahachat-messenger-marketing

Score: 95/100 AhaChat Messenger Marketing <= 1.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

adminify

Score: 97/100 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API Affected: *-4.0.7.7 Patched: 4.0.7.8 Updated: June 30, 2026

LOW

adirectory

Score: 97/100 aDirectory <= 3.0.3 - Missing Authorization Affected: *-3.0.3 Patched: 3.0.4 Updated: June 30, 2026

LOW

aardvark-plugin

Score: 95/100 Aardvark <= 2.19 - Missing Authorization Affected: *-2.19 Patched: Updated: June 30, 2026

LOW

invoice-payment-for-woocommerce

Score: 93/100 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation Affected: *-2.8.0 Patched: 2.8.1 Updated: June 30, 2026

LOW

wp-subscribe

Score: N/A Subscribe <= 1.2.16 - Missing Authorization Affected: *-1.2.16 Patched: Updated: June 30, 2026

LOW

wp-fullcalendar

Score: N/A FullCalendar <= 1.6 - Unauthenticated Information Exposure Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

woocommerce-email-inquiry-cart-options

Score: N/A Email Inquiry & Cart Options for WooCommerce <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.3 Patched: Updated: June 30, 2026

LOW

wiser-review

Score: N/A WiserReview Product Reviews for WooCommerce <= 2.9 - Missing Authorization Affected: *-2.9 Patched: 3.0 Updated: June 30, 2026

LOW

webp-conversion

Score: N/A WebP Conversion <= 2.1 - Missing Authorization Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

the-plus-addons-for-block-editor

Score: N/A Nexter Blocks <= 4.6.3 - Authenticated (Subscriber+) Information Exposure Affected: *-4.6.3 Patched: 4.6.4 Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome <= 1.2.8 - Missing Authorization Affected: *-1.2.8 Patched: 1.2.9 Updated: June 30, 2026

LOW

schedula-smart-appointment-booking

Score: N/A Schedula <= 1.0 - Missing Authorization Affected: *-1.0 Patched: 1.1 Updated: June 30, 2026

LOW

quick-restaurant-reservations

Score: N/A Quick Restaurant Reservations <= 1.6.7 - Missing Authorization Affected: *-1.6.7 Patched: Updated: June 30, 2026

LOW

photoblocks-grid-gallery

Score: N/A Gallery PhotoBlocks <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: June 30, 2026

LOW

nova-blocks

Score: N/A Nova Blocks <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.9 Patched: 2.1.10 Updated: June 30, 2026

LOW

kama-thumbnail

Score: 91/100 Kama Thumbnail <= 3.5.1 - Cross-Site Request Forgery Affected: *-3.5.1 Patched: Updated: June 30, 2026

LOW

hCaptcha for WP

hcaptcha-for-forms-and-more

Score: 73/100 hCaptcha for WP <= 4.22.0 - Missing Authorization Affected: *-4.22.0 Patched: 4.23.0 Updated: June 30, 2026

LOW

CLP Varnish Cache

clp-varnish-cache

Score: 97/100 CLP Varnish Cache <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

cartflows

Score: 93/100 CartFlows – Checkout & Funnel Builder for WooCommerce <= 2.1.19 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.1.19 Patched: 2.2.0 Updated: June 30, 2026

LOW

wp-custom-admin-interface

Score: N/A Custom Admin Interface <= 7.41 - Missing Authorization Affected: *-7.41 Patched: 7.42 Updated: June 30, 2026

LOW

wp-bannerize-pro

Score: N/A Bannerize Pro <= 1.11.0 - Missing Authorization Affected: *-1.11.0 Patched: 1.11.1 Updated: June 30, 2026

LOW

Hustle – Email Marketing, Lead Generation, Optins, Popups

wordpress-popup

Score: 91/100 Hustle <= 7.8.9.2 - Unauthenticated Information Exposure Affected: *-7.8.9.2 Patched: 7.8.9.3 Updated: June 30, 2026

LOW

webpushr-web-push-notifications

Score: N/A Webpushr <= 4.38.0 - Unauthenticated Information Exposure Affected: *-4.38.0 Patched: 4.39.0 Updated: June 30, 2026

LOW

sitelock

Score: N/A SiteLock Security <= 5.0.2 - Missing Authorization Affected: *-5.0.2 Patched: 5.0.3 Updated: June 30, 2026

LOW

share-this-image

Score: N/A Share This Image <= 2.09 - Missing Authorization Affected: *-2.09 Patched: 2.10 Updated: June 30, 2026

LOW

omnipress

Score: N/A Omnipress <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.7 Patched: Updated: June 30, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.14 - Missing Authorization Affected: *-6.1.14 Patched: 6.1.15 Updated: June 30, 2026

LOW

booter-bots-crawlers-manager

Score: 93/100 Booter <= 1.5.7 - Missing Authorization Affected: *-1.5.7 Patched: 1.5.8 Updated: June 30, 2026

LOW

automatic-featured-images-from-videos

Score: 93/100 Automatic Featured Images from Videos <= 1.2.7 - Missing Authorization Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php Affected: *-1.1.27 Patched: 1.1.28 Updated: June 30, 2026

LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification Affected: *-10.0.04 Patched: 10.0.05 Updated: June 30, 2026

LOW

save-as-pdf-by-pdfcrowd

Score: N/A Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options Affected: *-4.5.5 Patched: 4.5.6 Updated: June 30, 2026

LOW

wpelemento-importer

Score: N/A WPElemento Importer <= 0.6.4 - Missing Authorization Affected: *-0.6.4 Patched: 0.6.5 Updated: June 30, 2026

LOW

wp-term-order

Score: N/A Term Order <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: 2.2.0 Updated: June 30, 2026

LOW

wp-job-portal

Score: N/A Job Portal <= 2.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.4.3 Patched: 2.4.4 Updated: June 30, 2026

LOW

wired-impact-volunteer-management

Score: N/A Wired Impact Volunteer Management <= 2.8 - Missing Authorization Affected: *-2.8 Patched: 2.8.1 Updated: June 30, 2026

LOW

proteccion-datos-rgpd

Score: N/A Protección de datos – RGPD <= 0.68 - Missing Authorization Affected: *-0.68 Patched: 0.69 Updated: June 30, 2026

LOW

omnipress

Score: N/A Omnipress <= 1.6.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.6.7 Patched: Updated: June 30, 2026

LOW

materialis-companion

Score: 93/100 Materialis Companion <= 1.3.52 - Missing Authorization Affected: *-1.3.52 Patched: 1.3.53 Updated: June 30, 2026

LOW

latest-post-shortcode

Score: 93/100 Latest Post Shortcode <= 14.2.0 - Missing Authorization Affected: *-14.2.0 Patched: 14.2.1 Updated: June 30, 2026

LOW

kentha-elementor

Score: 93/100 Kentha Elementor Widgets < 3.1 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 3.1) Patched: 3.1 Updated: June 30, 2026

LOW

integrate-google-drive

Score: 91/100 Integrate Google Drive <= 1.5.6 - Missing Authorization Affected: *-1.5.6 Patched: Updated: June 30, 2026

LOW

hd-quiz

Score: 93/100 HD Quiz <= 2.0.9 - Missing Authorization Affected: *-2.0.9 Patched: 2.0.10 Updated: June 30, 2026

LOW

download-after-email

Score: 93/100 Download After Email <= 2.1.9 - Missing Authorization Affected: *-2.1.9 Patched: 2.1.10 Updated: June 30, 2026

LOW

Hustle – Email Marketing, Lead Generation, Optins, Popups

wordpress-popup

Score: 91/100 Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import Affected: *-7.8.9.2 Patched: 7.8.9.3 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action Affected: *-1.4.9 Patched: 1.5.0 Updated: June 30, 2026

LOW

responsive-header

Score: N/A Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

surveyjs

Score: N/A SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Cloning Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

surveyjs

Score: N/A SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

surveyjs

Score: N/A SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

leadbi

Score: 89/100 LeadBI Plugin for WordPress <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_id' Shortcode Attribute Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

friendly-functions-for-welcart

Score: 93/100 Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

timeline-event-history

Score: N/A Timeline Event History <= 3.2 - Reflected Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 30, 2026

LOW

javascript-notifier

Score: 93/100 JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-1.2.8 Patched: 1.2.9 Updated: June 30, 2026

LOW

postalicious

Score: N/A Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

meta-box-gallerymeta

Score: 93/100 Meta-box GalleryMeta <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption Affected: *-3.0.1 Patched: 3.1 Updated: June 30, 2026

LOW

meta-box-gallerymeta

Score: 93/100 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management Affected: *-3.0.1 Patched: 3.1 Updated: June 30, 2026

LOW

user-submitted-posts

Score: N/A User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field Affected: *-20251210 Patched: 20260110 Updated: June 30, 2026

Showing 3101 to 3200 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 12:34 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List