Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

8176

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
comments-on-feed	comments-on-feed	91	Comments On Feed <= 1.2.1 - Reflected Cross-Site Scripting	LOW	*-1.2.1		June 30, 2026
ck-and-syntaxhighlighter	ck-and-syntaxhighlighter	91	CK and SyntaxHighlighter <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.4.2		June 30, 2026
bet-sport-free	bet-sport-free	91	Bet sport Free <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.8.4.4	2.8.5.3	June 30, 2026
banner-system	banner-system	87	Banner System <= 1.0.0 - Missing Authorization	LOW	*-1.0.0		June 30, 2026
arabic-webfonts	arabic-webfonts	95	Arabic Webfonts <= 1.4.6 - Missing Authorization	LOW	*-1.4.6		June 30, 2026
appmaps	appmaps	95	AppMaps <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
aphorismus	aphorismus	95	Aphorismus <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.2.0		June 30, 2026
ahathat	ahathat	92	AHAthat <= 1.6 - Reflected Cross-Site Scripting	LOW	*-1.6		June 30, 2026
advanced-fancybox	advanced-fancybox	95	Advanced Fancybox <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.1.1		June 30, 2026
add-image-to-post	add-image-to-post	95	Add image to Post <= 0.6 - Cross-Site Request Forgery	LOW	*-0.6		June 30, 2026
3d-avatar-user-profile	3d-avatar-user-profile	95	3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
cognito-forms	cognito-forms	93	Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter	LOW	*-2.0.7	2.0.8	June 30, 2026
country-blocker	country-blocker	89	Country Blocker <= 3.2 - Reflected Cross-Site Scripting	LOW	*-3.2		June 30, 2026
arena-liveblog-and-chat-tool	arena-liveblog-and-chat-tool	95	Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update	LOW	*-0.4.1		June 30, 2026
arena-liveblog-and-chat-tool	arena-liveblog-and-chat-tool	95	Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode	LOW	*-0.4.1		June 30, 2026
arena-liveblog-and-chat-tool	arena-liveblog-and-chat-tool	95	Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.3.0	0.4.0	June 30, 2026
ai-post-generator	ai-post-generator	95	AI Post Generator \| AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion	LOW	*-3.5		June 30, 2026
debranding	debranding	89	de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update	LOW	*-1.0.2		June 30, 2026
attire-blocks	attire-blocks	93	Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.5	1.9.6	June 30, 2026
custom-skins-contact-form-7	custom-skins-contact-form-7	91	Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation	LOW	*-1.0		June 30, 2026
custom-wp-rest-api	custom-wp-rest-api	91	Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting	LOW	*-2.2.2		June 30, 2026
dejureorg-vernetzungsfunktion	dejureorg-vernetzungsfunktion	93	dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.97.5	1.98.0	June 30, 2026
catch-popup	catch-popup	91	Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.4		June 30, 2026
devrix-dark-site	devrix-dark-site	93	DX Dark Site <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.1	1.1.1	June 30, 2026
depay-payments-for-woocommerce	depay-payments-for-woocommerce	93	Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure	LOW	*-2.12.17	2.12.18	June 30, 2026
currency-converter-widget-pro	currency-converter-widget-pro	93	Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.6	1.0.7	June 30, 2026
csv-to-html	csv-to-html	93	CSV to html <= 3.08 - Reflected Cross-Site Scripting	LOW	*-3.08	3.15	June 30, 2026
cryptocurrency-price-widget	cryptocurrency-price-widget	93	Cryptocurrency Price Widget <= 1.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.2.3	1.2.4	June 30, 2026
coschool	coschool	87	CoSchool LMS <= 1.4- Missing Authorization to Privilege Escalation	LOW	*-1.4		June 30, 2026
connect-contact-form-7-to-constant-contact-v3	connect-contact-form-7-to-constant-contact-v3	93	Connect Contact Form 7 to Constant Contact <= 1.4 - Reflected Cross-Site Scripting	LOW	*-1.4	1.5	June 30, 2026
clevernode-related-content	clevernode-related-content	93	CleverNode Related Content <= 1.1.5 - Reflected Cross-Site Scripting	LOW	*-1.1.5	1.1.6	June 30, 2026
check-pincode-for-woocommerce	check-pincode-for-woocommerce	93	Check Pincode For Woocommerce <= 1.1 - Reflected Cross-Site Scripting	LOW	*-1.1	1.2	June 30, 2026
ce21-suite	ce21-suite	86	CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation	LOW	*-2.2.0	2.2.1	June 30, 2026
cardealerpress	cardealerpress	93	CarDealerPress <= 6.6.2410.02 - Reflected Cross-Site Scripting	LOW	*-6.6.2410.02	6.7.2411.00	June 30, 2026
cardealer	cardealer	93	Car Dealer <= 4.46 - Missing Authorization	LOW	*-4.46	4.48	June 30, 2026
bp-email-assign-templates	bp-email-assign-templates	93	BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting	LOW	*-1.5	1.6	June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.1.5 - Authenticated (Editor+) Path Traversal	LOW	*-5.1.5	5.1.6	June 30, 2026
bakkbone-florist-companion	bakkbone-florist-companion	93	FloristPress <= 7.2.0 - Reflected Cross-Site Scripting	LOW	*-7.2.0	7.3.0	June 30, 2026
axeptio-sdk-integration	axeptio-sdk-integration	93	Axeptio <= 2.5.4 - Unauthenticated Local File Inclusion	LOW	*-2.5.4	2.5.5	June 30, 2026
awesome-support	awesome-support	93	Awesome Support <= 6.3.1 - Missing Authorization	LOW	*-6.3.1	6.3.2	June 30, 2026
autowp-ai-content-writer-rewriter	autowp-ai-content-writer-rewriter	91	AutoWP <= 2.0.8 - Cross-Site Request Forgery	LOW	*-2.0.8	2.0.9	June 30, 2026
authentication-via-otp-using-firebase	authentication-via-otp-using-firebase	91	Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation	LOW	*-1.0.1		June 30, 2026
appsplate	appsplate	95	Appsplate <= 2.1.3 - Unauthenticated SQL Injection	LOW	*-2.1.3		June 30, 2026
analytics-cat	analytics-cat	97	Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting	LOW	*-1.1.2	1.1.3	June 30, 2026
amazon-product-price	amazon-product-price	95	Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.1		June 30, 2026
aicomments	aicomments	97	AIcomments <= 1.4.1 - Cross-Site Request Forgery	LOW	*-1.4.1	1.4.2	June 30, 2026
ai-site-builder	ai-site-builder	95	Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation	LOW	*-1.0.2		June 30, 2026
ai-seo-translator	ai-seo-translator	97	AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot <= 1.6.2 - Cross-Site Request Forgery via update_integration_option	LOW	*-1.6.2	1.6.3	June 30, 2026
advanced-blog-post-block	advanced-blog-post-block	95	Advanced Blog Post Block <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
advance-menu-manager	advance-menu-manager	95	Advance Menu Manager <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change	LOW	*-3.1.1	3.1.2	June 30, 2026
add-infos-to-the-events-calendar	add-infos-to-the-events-calendar	97	Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.1	1.5.0	June 30, 2026
accept-stripe-payments-using-contact-form-7	accept-stripe-payments-using-contact-form-7	97	Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure	LOW	*-2.5	2.6	June 30, 2026
360deg-javascript-viewer	360deg-javascript-viewer	97	360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7.29	1.7.30	June 30, 2026
cm-answers	cm-answers	93	CM Answers <= 3.2.6 - Missing Authorization	LOW	*-3.2.6	3.2.7	June 30, 2026
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders	barcode-scanner-lite-pos-to-manage-products-inventory-and-orders	93	Barcode Scanner with Inventory & Order Manager <= 1.6.6 - Reflected Cross-Site Scripting	LOW	*-1.6.6	1.6.7	June 30, 2026
beautiful-taxonomy-filters	beautiful-taxonomy-filters	93	Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection	LOW	*-2.4.3	2.4.4	June 30, 2026
Message Filter for Contact Form 7	cf7-message-filter	89	Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation	LOW	*-1.6.3	1.6.3.1	June 30, 2026
cf7-mollie	cf7-mollie	89	Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting	LOW	*-5.0.0		June 30, 2026
comfino-payment-gateway	comfino-payment-gateway	93	Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting	LOW	*-4.1.1	4.1.2	June 30, 2026
clicksend-lead-capture-form	clicksend-lead-capture-form	91	SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion	LOW	*-1.1.0		June 30, 2026
dn-shipping-by-weight	dn-shipping-by-weight	93	DN Shipping by Weight for WooCommerce <= 1.1.1 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-1.1.1	1.2	June 30, 2026
clients	clients	89	Clients <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.1.4		June 30, 2026
cardgate	cardgate	93	CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting	LOW	*-3.2.1	3.2.2	June 30, 2026
blaze-online-eparcel-for-woocommerce	blaze-online-eparcel-for-woocommerce	91	Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting	LOW	*-1.3.3		June 30, 2026
Message Filter for Contact Form 7	cf7-message-filter	89	Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions	LOW	*-1.6.3	1.6.3.1	June 30, 2026
cookielay	cookielay	91	Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode	LOW	*-1.2.0		June 30, 2026
cluevo-lms	cluevo-lms	93	CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion	LOW	*-1.13.2	1.13.3	June 30, 2026
ai-quiz	ai-quiz	95	AI Quiz \| Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	LOW	*-1.1		June 30, 2026
designer	designer	91	Designer <= 1.4.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.4.1	1.5.0	June 30, 2026
Depicter — Popup & Slider Builder	depicter	95	Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.2.1	3.2.2	June 30, 2026
delucks-seo	delucks-seo	89	DELUCKS SEO <= 2.5.8 - Authenticated (Subscriber+) Arbitrary File Read	LOW	*-2.5.8		June 30, 2026
country-blocker	country-blocker	89	Country Blocker <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.2		June 30, 2026
clickbank-storefront	clickbank-storefront	91	Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.7		June 30, 2026
Message Filter for Contact Form 7	cf7-message-filter	89	Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization	LOW	*-1.6.3	1.6.3.1	June 30, 2026
Broken Link Checker	broken-link-checker	68	Broken Link Checker <= 2.4.1 - Authenticated (Admin+) Server-Side Request Forgery	LOW	*-2.4.1	2.4.2	June 30, 2026
booking-system	booking-system	91	Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.7 - Missing Authorization	LOW	*-2.9.9.5.7	2.9.9.5.8	June 30, 2026
board-document-manager-from-chuhpl	board-document-manager-from-chuhpl	91	Board Document Manager from CHUHPL <= 1.9.1 - Reflected Cross-Site Scripting	LOW	*-1.9.1		June 30, 2026
armember-membership	armember-membership	95	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	*-4.0.51	4.0.52	June 30, 2026
arforms-form-builder	arforms-form-builder	95	ARForms Form Builder <= 1.7.1 - HTML Injection	LOW	*-1.7.1	1.7.2	June 30, 2026
advanced-control-manager	advanced-control-manager	95	Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Reflected Cross-Site Scripting	LOW	*-2.16.0		June 30, 2026
abcbiz-addons	abcbiz-addons	95	ABCBiz Addons for Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.2		June 30, 2026
contact-form-with-a-meeting-scheduler-by-vcita	contact-form-with-a-meeting-scheduler-by-vcita	93	Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode	LOW	*-4.10.4	4.10.5	June 30, 2026
anywhere-elementor	anywhere-elementor	97	AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure	LOW	*-1.2.11	1.2.12	June 30, 2026
accounting-for-woocommerce	accounting-for-woocommerce	97	Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting	LOW	*-1.6.6	1.6.7	June 30, 2026
authors-list	authors-list	91	Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax	LOW	*-2.0.4	2.0.5	June 30, 2026
Pulsating Chat Button	amin-chat-button	96	Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.4.1	1.4.2	June 30, 2026
dp-intro-tours	dp-intro-tours	93	Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting	LOW	*-6.5.2	6.5.3	June 30, 2026
dollie	dollie	93	Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure	LOW	*-6.2.0	6.2.1	June 30, 2026
colibri-page-builder	colibri-page-builder	93	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library	LOW	*-1.0.286	1.0.288	June 30, 2026
classic-addons-wpbakery-page-builder-addons	classic-addons-wpbakery-page-builder-addons	93	Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion	LOW	*-3.0	3.1	June 30, 2026
basepress	basepress	93	Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update	LOW	*-2.16.3.3	2.16.3.4	June 30, 2026
b-testimonial	b-testimonial	93	B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.2	1.2.3	June 30, 2026
allaccessible	allaccessible	97	Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update	LOW	*-1.3.4	1.3.5	June 30, 2026
accordion-slider	accordion-slider	97	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library	LOW	*-1.9.12	1.9.13	June 30, 2026
campaign-monitor-wp	campaign-monitor-wp	93	Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting	LOW	*-2.5.7	2.5.8	June 30, 2026
aweber-wp	aweber-wp	93	AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting	LOW	*-2.5.7	2.5.8	June 30, 2026
charity-addon-for-elementor	charity-addon-for-elementor	91	Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure	LOW	*-1.3.3		June 30, 2026
bp-profile-shortcodes-extra	bp-profile-shortcodes-extra	89	BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter	LOW	*-2.6.0		June 30, 2026
cs-element-bucket	cs-element-bucket	91	Advanced Element Bucket Addons for Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 30, 2026

LOW

comments-on-feed

Score: 91/100 Comments On Feed <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

ck-and-syntaxhighlighter

Score: 91/100 CK and SyntaxHighlighter <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.4.2 Patched: Updated: June 30, 2026

LOW

bet-sport-free

Score: 91/100 Bet sport Free <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.4.4 Patched: 2.8.5.3 Updated: June 30, 2026

LOW

banner-system

Score: 87/100 Banner System <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

arabic-webfonts

Score: 95/100 Arabic Webfonts <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: Updated: June 30, 2026

LOW

appmaps

Score: 95/100 AppMaps <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

aphorismus

Score: 95/100 Aphorismus <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

ahathat

Score: 92/100 AHAthat <= 1.6 - Reflected Cross-Site Scripting Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

advanced-fancybox

Score: 95/100 Advanced Fancybox <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

add-image-to-post

Score: 95/100 Add image to Post <= 0.6 - Cross-Site Request Forgery Affected: *-0.6 Patched: Updated: June 30, 2026

LOW

3d-avatar-user-profile

Score: 95/100 3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

cognito-forms

Score: 93/100 Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-2.0.7 Patched: 2.0.8 Updated: June 30, 2026

LOW

country-blocker

Score: 89/100 Country Blocker <= 3.2 - Reflected Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 30, 2026

LOW

arena-liveblog-and-chat-tool

Score: 95/100 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update Affected: *-0.4.1 Patched: Updated: June 30, 2026

LOW

Score: 95/100 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode Affected: *-0.4.1 Patched: Updated: June 30, 2026

LOW

arena-liveblog-and-chat-tool

Score: 95/100 Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.0 Patched: 0.4.0 Updated: June 30, 2026

LOW

ai-post-generator

Score: 95/100 AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion Affected: *-3.5 Patched: Updated: June 30, 2026

LOW

debranding

Score: 89/100 de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

attire-blocks

Score: 93/100 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.5 Patched: 1.9.6 Updated: June 30, 2026

LOW

custom-skins-contact-form-7

Score: 91/100 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

custom-wp-rest-api

Score: 91/100 Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting Affected: *-2.2.2 Patched: Updated: June 30, 2026

LOW

dejureorg-vernetzungsfunktion

Score: 93/100 dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.97.5 Patched: 1.98.0 Updated: June 30, 2026

LOW

catch-popup

Score: 91/100 Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: June 30, 2026

LOW

devrix-dark-site

Score: 93/100 DX Dark Site <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.1.1 Updated: June 30, 2026

LOW

depay-payments-for-woocommerce

Score: 93/100 Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure Affected: *-2.12.17 Patched: 2.12.18 Updated: June 30, 2026

LOW

currency-converter-widget-pro

Score: 93/100 Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

csv-to-html

Score: 93/100 CSV to html <= 3.08 - Reflected Cross-Site Scripting Affected: *-3.08 Patched: 3.15 Updated: June 30, 2026

LOW

cryptocurrency-price-widget

Score: 93/100 Cryptocurrency Price Widget <= 1.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

coschool

Score: 87/100 CoSchool LMS <= 1.4- Missing Authorization to Privilege Escalation Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

connect-contact-form-7-to-constant-contact-v3

Score: 93/100 Connect Contact Form 7 to Constant Contact <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

clevernode-related-content

Score: 93/100 CleverNode Related Content <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026

LOW

check-pincode-for-woocommerce

Score: 93/100 Check Pincode For Woocommerce <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: June 30, 2026

LOW

ce21-suite

Score: 86/100 CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation Affected: *-2.2.0 Patched: 2.2.1 Updated: June 30, 2026

LOW

cardealerpress

Score: 93/100 CarDealerPress <= 6.6.2410.02 - Reflected Cross-Site Scripting Affected: *-6.6.2410.02 Patched: 6.7.2411.00 Updated: June 30, 2026

LOW

cardealer

Score: 93/100 Car Dealer <= 4.46 - Missing Authorization Affected: *-4.46 Patched: 4.48 Updated: June 30, 2026

LOW

bp-email-assign-templates

Score: 93/100 BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.1.5 - Authenticated (Editor+) Path Traversal Affected: *-5.1.5 Patched: 5.1.6 Updated: June 30, 2026

LOW

bakkbone-florist-companion

Score: 93/100 FloristPress <= 7.2.0 - Reflected Cross-Site Scripting Affected: *-7.2.0 Patched: 7.3.0 Updated: June 30, 2026

LOW

axeptio-sdk-integration

Score: 93/100 Axeptio <= 2.5.4 - Unauthenticated Local File Inclusion Affected: *-2.5.4 Patched: 2.5.5 Updated: June 30, 2026

LOW

awesome-support

Score: 93/100 Awesome Support <= 6.3.1 - Missing Authorization Affected: *-6.3.1 Patched: 6.3.2 Updated: June 30, 2026

LOW

autowp-ai-content-writer-rewriter

Score: 91/100 AutoWP <= 2.0.8 - Cross-Site Request Forgery Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

authentication-via-otp-using-firebase

Score: 91/100 Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

appsplate

Score: 95/100 Appsplate <= 2.1.3 - Unauthenticated SQL Injection Affected: *-2.1.3 Patched: Updated: June 30, 2026

LOW

analytics-cat

Score: 97/100 Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: June 30, 2026

LOW

amazon-product-price

Score: 95/100 Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

aicomments

Score: 97/100 AIcomments <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026

LOW

ai-site-builder

Score: 95/100 Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

ai-seo-translator

Score: 97/100 AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot <= 1.6.2 - Cross-Site Request Forgery via update_integration_option Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

advanced-blog-post-block

Score: 95/100 Advanced Blog Post Block <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

advance-menu-manager

Score: 95/100 Advance Menu Manager <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change Affected: *-3.1.1 Patched: 3.1.2 Updated: June 30, 2026

LOW

add-infos-to-the-events-calendar

Score: 97/100 Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.5.0 Updated: June 30, 2026

LOW

accept-stripe-payments-using-contact-form-7

Score: 97/100 Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026

LOW

360deg-javascript-viewer

Score: 97/100 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.29 Patched: 1.7.30 Updated: June 30, 2026

LOW

cm-answers

Score: 93/100 CM Answers <= 3.2.6 - Missing Authorization Affected: *-3.2.6 Patched: 3.2.7 Updated: June 30, 2026

LOW

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Score: 93/100 Barcode Scanner with Inventory & Order Manager <= 1.6.6 - Reflected Cross-Site Scripting Affected: *-1.6.6 Patched: 1.6.7 Updated: June 30, 2026

LOW

beautiful-taxonomy-filters

Score: 93/100 Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection Affected: *-2.4.3 Patched: 2.4.4 Updated: June 30, 2026

LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation Affected: *-1.6.3 Patched: 1.6.3.1 Updated: June 30, 2026

LOW

cf7-mollie

Score: 89/100 Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting Affected: *-5.0.0 Patched: Updated: June 30, 2026

LOW

comfino-payment-gateway

Score: 93/100 Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026

LOW

clicksend-lead-capture-form

Score: 91/100 SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

dn-shipping-by-weight

Score: 93/100 DN Shipping by Weight for WooCommerce <= 1.1.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.1.1 Patched: 1.2 Updated: June 30, 2026

LOW

clients

Score: 89/100 Clients <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: June 30, 2026

LOW

cardgate

Score: 93/100 CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026

LOW

blaze-online-eparcel-for-woocommerce

Score: 91/100 Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: June 30, 2026

LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions Affected: *-1.6.3 Patched: 1.6.3.1 Updated: June 30, 2026

LOW

cookielay

Score: 91/100 Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

cluevo-lms

Score: 93/100 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion Affected: *-1.13.2 Patched: 1.13.3 Updated: June 30, 2026

LOW

ai-quiz

Score: 95/100 AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

designer

Score: 91/100 Designer <= 1.4.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.1 Patched: 1.5.0 Updated: June 30, 2026

LOW

Depicter — Popup & Slider Builder

depicter

Score: 95/100 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026

LOW

delucks-seo

Score: 89/100 DELUCKS SEO <= 2.5.8 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-2.5.8 Patched: Updated: June 30, 2026

LOW

country-blocker

Score: 89/100 Country Blocker <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 30, 2026

LOW

clickbank-storefront

Score: 91/100 Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization Affected: *-1.6.3 Patched: 1.6.3.1 Updated: June 30, 2026

LOW

Broken Link Checker

broken-link-checker

Score: 68/100 Broken Link Checker <= 2.4.1 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-2.4.1 Patched: 2.4.2 Updated: June 30, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.7 - Missing Authorization Affected: *-2.9.9.5.7 Patched: 2.9.9.5.8 Updated: June 30, 2026

LOW

board-document-manager-from-chuhpl

Score: 91/100 Board Document Manager from CHUHPL <= 1.9.1 - Reflected Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-4.0.51 Patched: 4.0.52 Updated: June 30, 2026

LOW

arforms-form-builder

Score: 95/100 ARForms Form Builder <= 1.7.1 - HTML Injection Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

advanced-control-manager

Score: 95/100 Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Reflected Cross-Site Scripting Affected: *-2.16.0 Patched: Updated: June 30, 2026

LOW

abcbiz-addons

Score: 95/100 ABCBiz Addons for Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

contact-form-with-a-meeting-scheduler-by-vcita

Score: 93/100 Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode Affected: *-4.10.4 Patched: 4.10.5 Updated: June 30, 2026

LOW

anywhere-elementor

Score: 97/100 AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure Affected: *-1.2.11 Patched: 1.2.12 Updated: June 30, 2026

LOW

accounting-for-woocommerce

Score: 97/100 Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting Affected: *-1.6.6 Patched: 1.6.7 Updated: June 30, 2026

LOW

authors-list

Score: 91/100 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax Affected: *-2.0.4 Patched: 2.0.5 Updated: June 30, 2026

LOW

Pulsating Chat Button

amin-chat-button

Score: 96/100 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026

LOW

dp-intro-tours

Score: 93/100 Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting Affected: *-6.5.2 Patched: 6.5.3 Updated: June 30, 2026

LOW

dollie

Score: 93/100 Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure Affected: *-6.2.0 Patched: 6.2.1 Updated: June 30, 2026

LOW

colibri-page-builder

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-1.0.286 Patched: 1.0.288 Updated: June 30, 2026

LOW

classic-addons-wpbakery-page-builder-addons

Score: 93/100 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

basepress

Score: 93/100 Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update Affected: *-2.16.3.3 Patched: 2.16.3.4 Updated: June 30, 2026

LOW

b-testimonial

Score: 93/100 B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026

LOW

allaccessible

Score: 97/100 Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

accordion-slider

Score: 97/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-1.9.12 Patched: 1.9.13 Updated: June 30, 2026

LOW

campaign-monitor-wp

Score: 93/100 Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting Affected: *-2.5.7 Patched: 2.5.8 Updated: June 30, 2026

LOW

aweber-wp

Score: 93/100 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting Affected: *-2.5.7 Patched: 2.5.8 Updated: June 30, 2026

LOW

charity-addon-for-elementor

Score: 91/100 Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure Affected: *-1.3.3 Patched: Updated: June 30, 2026

LOW

bp-profile-shortcodes-extra

Score: 89/100 BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter Affected: *-2.6.0 Patched: Updated: June 30, 2026

LOW

cs-element-bucket

Score: 91/100 Advanced Element Bucket Addons for Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 30, 2026

Showing 3201 to 3300 of 8176 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 13:46 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List