Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
salon-booking-system	salon-booking-system	N/A	Salon booking system <= 10.30.3 - Authenticated (Subscriber+) Information Exposure	LOW	*-10.30.3	10.30.4	June 30, 2026
realhomes-crm	realhomes-crm	N/A	Real Homes CRM <= 1.0.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.0.0	1.0.1	June 30, 2026
paid-downloads	paid-downloads	N/A	Paid Downloads <= 3.15 - Unauthenticated SQL Injection	LOW	*-3.15		June 30, 2026
nelio-content	nelio-content	N/A	Nelio Content <= 4.2.0 - Authenticated (Contributor+) SQL Injection	LOW	*-4.2.0	4.2.1	June 30, 2026
myhome-core	myhome-core	N/A	MyHome Core <= 4.1.0 - Unauthenticated Local File Inclusion	LOW	*-4.1.0	4.1.1	June 30, 2026
movie-booking	movie-booking	N/A	Movie Booking <= 1.1.5 - Unauthenticated Arbitrary File Deletion	LOW	*-1.1.5	1.1.6	June 30, 2026
Media Library File Size	media-library-file-size	93	Media Library File Size <= 1.6.7 - Missing Authorization	LOW	*-1.6.7	1.6.8	June 30, 2026
listivo-core	listivo-core	93	Listivo Core <= 2.3.77 - Unauthenticated Local File Inclusion	LOW	*-2.3.77	2.3.78	June 30, 2026
lawyer-directory	lawyer-directory	89	Lawyer Directory <= 1.3.3 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.3.3	1.3.4	June 30, 2026
jobwp	jobwp	93	JobWP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.4.5	2.4.6	June 30, 2026
inet-webkit	inet-webkit	91	iNET Webkit <= 1.2.4 - Missing Authorization	LOW	*-1.2.4		June 30, 2026
hydra-booking	hydra-booking	93	Hydra Booking <= 1.1.32 - Unauthenticated Privilege Escalation	LOW	*-1.1.32	1.1.33	June 30, 2026
extend-link	extend-link	93	Extend Link <= 2.0.0 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-2.0.0	2.0.1	June 30, 2026
edwiser-bridge	edwiser-bridge	93	Edwiser Bridge <= 4.3.2 - Missing Authorization	LOW	*-4.3.2	4.3.3	June 30, 2026
dinatur	dinatur	91	Dinatur <= 1.18 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.18		June 30, 2026
box-now-delivery	box-now-delivery	93	BOX NOW Delivery <= 3.0.2 - Missing Authorization	LOW	*-3.0.2	3.2.0	June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder <= 2.9.4.1 - Authenticated (Contributor+) Remote Code Execution	LOW	*-2.9.4.1	2.9.4.2	June 30, 2026
b-accordion	b-accordion	93	B Accordion <= 2.0.2 - Authenticated (Contributor+) Information Exposure	LOW	*-2.0.2	2.0.3	June 30, 2026
anything-order-by-terms	anything-order-by-terms	95	Anything Order by Terms <= 1.4.0 - Missing Authorization	LOW	*-1.4.0		June 30, 2026
academy	academy	97	Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover	LOW	*-3.5.0	3.5.1	June 30, 2026
flatpm-wp	flatpm-wp	93	FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta	LOW	*-3.2.2	3.2.3	June 30, 2026
head-meta-data	head-meta-data	93	Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta	LOW	*-20251118	20260105	June 30, 2026
nexter-extension	nexter-extension	N/A	Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'	LOW	*-4.4.6	4.4.7	June 30, 2026
notificationx	notificationx	N/A	NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset	LOW	*-3.1.11	3.2.1	June 30, 2026
notificationx	notificationx	N/A	NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'	LOW	*-3.2.0	3.2.1	June 30, 2026
creatorlms	creatorlms	93	Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update	LOW	*-1.1.12	1.1.13	June 30, 2026
tutor	tutor	N/A	Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion	LOW	*-3.9.4	3.9.5	June 30, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control	LOW	*-6.15.13	6.15.13.1	June 30, 2026
wpcas	wpcas	N/A	wpCAS <= 1.07 - Reflected Cross-Site Scripting	LOW	*-1.07		June 30, 2026
woo-mailerlite	woo-mailerlite	N/A	MailerLite – WooCommerce integration <= 3.1.2 - Unauthenticated SQL Injection	LOW	*-3.1.2	3.1.3	June 30, 2026
wishlist-member-x	wishlist-member-x	92	WishList Member X <= 3.29.0 - Missing Authorization	LOW	*-3.29.0		June 30, 2026
ux-flat	ux-flat	N/A	UX Flat <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.0		June 30, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin	simply-schedule-appointments	N/A	Simply Schedule Appointments <= 1.6.9.15 - Missing Authorization	LOW	*-1.6.9.15	1.6.9.17	June 30, 2026
simple-membership-wp-user-import	simple-membership-wp-user-import	N/A	Simple Membership WP user Import <= 1.9.1 - Cross-Site Request Forgery	LOW	*-1.9.1	1.9.2	June 30, 2026
scalenut	scalenut	N/A	Scalenut <= 1.1.3 - Missing Authorization	LOW	*-1.1.3		June 30, 2026
ravpage	ravpage	N/A	Ravpage <= 2.40 - Reflected Cross-Site Scripting	LOW	*-2.40	2.41	June 30, 2026
posts-table-filterable	posts-table-filterable	N/A	TableOn <= 1.0.4.2 - Reflected Cross-Site Scripting	LOW	*-1.0.4.2	1.0.4.3	June 30, 2026
pie-register	pie-register	N/A	Pie Register <= 3.8.4.8 - Missing Authorization	LOW	*-3.8.4.8	3.8.4.9	June 30, 2026
notifier	notifier	N/A	WANotifier <= 2.7.13 - Missing Authorization	LOW	*-2.7.13	3.0.0	June 30, 2026
Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization	nelio-ab-testing	81	Nelio AB Testing <= 8.1.8 - Authenticated (Editor+) Remote Code Execution	LOW	*-8.1.8	8.2.0	June 30, 2026
lead-form-builder	lead-form-builder	93	Contact Form & Lead Form Elementor Builder <= 2.0.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.0.1	2.0.2	June 30, 2026
Koko Analytics – Privacy-Friendly WordPress Analytics	koko-analytics	72	Koko Analytics <= 2.1.2 - Unauthenticated SQL Injection	LOW	*-2.1.2	2.1.3	June 30, 2026
irobotstxt-seo	irobotstxt-seo	91	iRobots.txt SEO <= 1.1.2 - Reflected Cross-Site Scripting	LOW	*-1.1.2		June 30, 2026
frontis-blocks	frontis-blocks	93	Frontis Blocks <= 1.1.5 - Unauthenticated Server-Side Request Forgery	LOW	*-1.1.5	1.1.6	June 30, 2026
expresstechsoftwares-memberpress-discord-add-on	expresstechsoftwares-memberpress-discord-add-on	93	MemberPress Discord Addon <= 1.1.4 - Reflected Cross-Site Scripting	LOW	*-1.1.4	1.1.5	June 30, 2026
easy-theme-options	easy-theme-options	89	Easy Theme Options <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
directorist-social-login	directorist-social-login	91	Directorist Social Login <= 2.1.1 - Unauthenticated Privilege Escalation	LOW	*-2.1.1		June 30, 2026
directorist-booking	directorist-booking	91	Directorist Booking <= 2.4.1 - Unauthenticated SQL Injection	LOW	*-2.4.1		June 30, 2026
bookingor	bookingor	91	Bookingor <= 1.0.12 - Missing Authorization	LOW	*-1.0.12		June 30, 2026
Booking Activities	booking-activities	74	Booking Activities <= 1.16.44 - Unauthenticated Privilege Escalation	LOW	*-1.16.44	1.16.45	June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.6.9	5.7.0	June 30, 2026
ai-image-alt-text-generator-for-wp	ai-image-alt-text-generator-for-wp	95	Ai Image Alt Text Generator for WP <= 1.1.9 - Missing Authorization	LOW	*-1.1.9		June 30, 2026
admin-site-enhancements	admin-site-enhancements	97	Admin and Site Enhancements (ASE) <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-7.6.2.1	7.6.3	June 30, 2026
admin-login-url-change	admin-login-url-change	97	Admin login URL Change <= 1.1.5 - Missing Authorization	LOW	*-1.1.5	1.1.6	June 30, 2026
adforest-elementor	adforest-elementor	97	AdForest Elementor <= 3.0.11 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.0.11	3.0.12	June 30, 2026
acf-extended	acf-extended	97	Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action	LOW	*-0.9.2.1	0.9.2.2	June 30, 2026
wp-hello-bar	wp-hello-bar	N/A	WP Hello Bar <= 1.02 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters	LOW	*-1.02		June 30, 2026
viet-contact	viet-contact	N/A	Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters	LOW	*-1.3.2		June 30, 2026
wemail	wemail	N/A	weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure	LOW	*-2.0.7	2.0.8	June 30, 2026
dokan-lite	dokan-lite	93	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 4.2.4 - Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure	LOW	*-4.2.4	4.2.5	June 30, 2026
Custom Fonts – Host Your Fonts Locally	custom-fonts	97	Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion	LOW	*-2.1.16	2.1.17	June 30, 2026
learnpress	learnpress	93	LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API	LOW	*-4.3.2.4	4.3.2.5	June 30, 2026
peachpay-for-woocommerce	peachpay-for-woocommerce	N/A	PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification	LOW	*-1.119.8	1.119.9	June 30, 2026
newsletter	newsletter	N/A	Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription	LOW	*-9.1.0	9.1.1	June 30, 2026
final-tiles-grid-gallery-lite	final-tiles-grid-gallery-lite	93	Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management	LOW	*-3.6.9	3.6.10	June 30, 2026
xpro-elementor-addons	xpro-elementor-addons	N/A	Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Author+) Arbitrary File Upload	LOW	*-1.4.19.1	1.4.20	June 30, 2026
wp-forms-signature-contract-add-on	wp-forms-signature-contract-add-on	N/A	WP Forms Signature Contract Add-On <= 1.8.2 - Missing Authorization to Authenticated (Subscriber+) Notice Dimissal	LOW	*-1.8.2	1.8.3	June 30, 2026
woc-order-alert	woc-order-alert	N/A	Order Listener for WooCommerce <= 3.6.1 - Missing Authorization	LOW	*-3.6.1	3.6.2	June 30, 2026
ultimate-post	ultimate-post	N/A	PostX <= 5.0.3 - Missing Authorization	LOW	*-5.0.3	5.0.4	June 30, 2026
tutor-lms-bunnynet-integration	tutor-lms-bunnynet-integration	N/A	Tutor LMS BunnyNet Integration <= 1.0.0 - Authenticated (Tutor instructor+) Stored Cross-Site Scripting	LOW	*-1.0.0	1.0.1	June 30, 2026
table-of-contents-creator	table-of-contents-creator	N/A	Table of Contents Creator <= 1.6.4.1 - Reflected Cross-Site Scripting	LOW	*-1.6.4.1		June 30, 2026
sumup-payment-gateway-for-woocommerce	sumup-payment-gateway-for-woocommerce	N/A	SumUp Payment Gateway For WooCommerce <= 2.7.9 - Missing Authorization	LOW	*-2.7.9	2.7.10	June 30, 2026
social-polls-by-opinionstage	social-polls-by-opinionstage	N/A	Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 19.6.25)	19.6.25	June 30, 2026
social-polls-by-opinionstage	social-polls-by-opinionstage	N/A	Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 19.6.25)	19.6.25	June 30, 2026
simple-membership	simple-membership	N/A	Simple Membership <= 4.6.9 - Missing Authorization	LOW	*-4.6.9	4.7.0	June 30, 2026
shoutout	shoutout	N/A	ShoutOut <= 4.0.2 - Reflected Cross-Site Scripting	LOW	*-4.0.2		June 30, 2026
seo-booster	seo-booster	N/A	SEO Booster <= 6.1.8 - Missing Authorization	LOW	*-6.1.8		June 30, 2026
points-and-rewards-for-woocommerce	points-and-rewards-for-woocommerce	N/A	Points and Rewards for WooCommerce <= 2.9.5 - Missing Authorization	LOW	*-2.9.5	2.9.6	June 30, 2026
ninja-gdpr-compliance	ninja-gdpr-compliance	N/A	GDPR CCPA Compliance Support <= 2.7.4 - Missing Authorization	LOW	*-2.7.4	2.7.5	June 30, 2026
my-posts-order	my-posts-order	N/A	My Post Order <= 1.2.1.1 - Reflected Cross-Site Scripting	LOW	*-1.2.1.1		June 30, 2026
my-auctions-allegro-free-edition	my-auctions-allegro-free-edition	N/A	My auctions allegro <= 3.6.32 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.6.32	3.6.33	June 30, 2026
et-core-plugin	et-core-plugin	93	XStore Core < 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 5.7)	5.7	June 30, 2026
ecwid-shopping-cart	ecwid-shopping-cart	93	Ecwid Shopping Cart <= 7.0.5 - Missing Authorization	LOW	*-7.0.5	7.0.6	June 30, 2026
broadstreet	broadstreet	93	Broadstreet Ads <= 1.52.1 - Missing Authorization	LOW	*-1.52.1	1.52.2	June 30, 2026
advanced-iframe	advanced-iframe	97	Advanced iFrame <= 2025.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2025.10	2026.0	June 30, 2026
woo-poly-integration	woo-poly-integration	N/A	Hyyan WooCommerce Polylang Integration <= 1.5.0 - Missing Authorization	LOW	*-1.5.0		June 30, 2026
visual-link-preview	visual-link-preview	N/A	Visual Link Preview <= 2.2.9 - Missing Authorization	LOW	*-2.2.9	2.3.0	June 30, 2026
smart-product-viewer	smart-product-viewer	N/A	Smart Product Viewer <= 1.5.4 - Missing Authorization	LOW	*-1.5.4		June 30, 2026
ninja-tables	ninja-tables	N/A	Ninja Tables – Easy Data Table Builder <= 5.2.5 - Authenticated (Contributor+) Information Exposure	LOW	*-5.2.5	5.2.6	June 30, 2026
ajax-hits-counter	ajax-hits-counter	95	AJAX Hits Counter + Popular Posts Widget <= 0.10.210305 - Missing Authorization	LOW	*-0.10.210305		June 30, 2026
wpresidence-core	wpresidence-core	N/A	Wpresidence Core <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.0		June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra <= 2.19.17 - Missing Authorization	LOW	*-2.19.17	2.19.18	June 30, 2026
premium-addons-for-elementor	premium-addons-for-elementor	N/A	Premium Addons for Elementor <= 4.11.63 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-4.11.63	4.11.64	June 30, 2026
houzez-theme-functionality	houzez-theme-functionality	93	Houzez Theme - Functionality <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2.6	4.2.7	June 30, 2026
cargus	cargus	93	Cargus <= 1.5.8 - Unauthenticated Information Exposure	LOW	*-1.5.8	1.5.9	June 30, 2026
woocommerce-for-paygent-payment-main	woocommerce-for-paygent-payment-main	N/A	PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation	LOW	*-2.4.6	2.4.7	June 30, 2026
integrate-dynamics-365-crm	integrate-dynamics-365-crm	93	Integrate Dynamics 365 CRM <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configuration	LOW	*-1.1.1	1.1.2	June 30, 2026
CubeWP Framework	cubewp-framework	74	CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode	LOW	*-1.1.26	1.1.27	June 30, 2026
CubeWP Framework	cubewp-framework	74	CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure	LOW	*-1.1.27	1.1.28	June 30, 2026
spin-wheel	spin-wheel	N/A	Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter	LOW	*-2.1.0	2.1.1	June 30, 2026

LOW

salon-booking-system

Score: N/A Salon booking system <= 10.30.3 - Authenticated (Subscriber+) Information Exposure Affected: *-10.30.3 Patched: 10.30.4 Updated: June 30, 2026

LOW

realhomes-crm

Score: N/A Real Homes CRM <= 1.0.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

paid-downloads

Score: N/A Paid Downloads <= 3.15 - Unauthenticated SQL Injection Affected: *-3.15 Patched: Updated: June 30, 2026

LOW

nelio-content

Score: N/A Nelio Content <= 4.2.0 - Authenticated (Contributor+) SQL Injection Affected: *-4.2.0 Patched: 4.2.1 Updated: June 30, 2026

LOW

myhome-core

Score: N/A MyHome Core <= 4.1.0 - Unauthenticated Local File Inclusion Affected: *-4.1.0 Patched: 4.1.1 Updated: June 30, 2026

LOW

movie-booking

Score: N/A Movie Booking <= 1.1.5 - Unauthenticated Arbitrary File Deletion Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026

LOW

Media Library File Size

media-library-file-size

Score: 93/100 Media Library File Size <= 1.6.7 - Missing Authorization Affected: *-1.6.7 Patched: 1.6.8 Updated: June 30, 2026

LOW

listivo-core

Score: 93/100 Listivo Core <= 2.3.77 - Unauthenticated Local File Inclusion Affected: *-2.3.77 Patched: 2.3.78 Updated: June 30, 2026

LOW

lawyer-directory

Score: 89/100 Lawyer Directory <= 1.3.3 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

jobwp

Score: 93/100 JobWP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.4.5 Patched: 2.4.6 Updated: June 30, 2026

LOW

inet-webkit

Score: 91/100 iNET Webkit <= 1.2.4 - Missing Authorization Affected: *-1.2.4 Patched: Updated: June 30, 2026

LOW

hydra-booking

Score: 93/100 Hydra Booking <= 1.1.32 - Unauthenticated Privilege Escalation Affected: *-1.1.32 Patched: 1.1.33 Updated: June 30, 2026

LOW

extend-link

Score: 93/100 Extend Link <= 2.0.0 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

edwiser-bridge

Score: 93/100 Edwiser Bridge <= 4.3.2 - Missing Authorization Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

dinatur

Score: 91/100 Dinatur <= 1.18 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.18 Patched: Updated: June 30, 2026

LOW

box-now-delivery

Score: 93/100 BOX NOW Delivery <= 3.0.2 - Missing Authorization Affected: *-3.0.2 Patched: 3.2.0 Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder <= 2.9.4.1 - Authenticated (Contributor+) Remote Code Execution Affected: *-2.9.4.1 Patched: 2.9.4.2 Updated: June 30, 2026

LOW

b-accordion

Score: 93/100 B Accordion <= 2.0.2 - Authenticated (Contributor+) Information Exposure Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

anything-order-by-terms

Score: 95/100 Anything Order by Terms <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: Updated: June 30, 2026

LOW

Score: 97/100 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-3.5.0 Patched: 3.5.1 Updated: June 30, 2026

LOW

flatpm-wp

Score: 93/100 FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta Affected: *-3.2.2 Patched: 3.2.3 Updated: June 30, 2026

LOW

head-meta-data

Score: 93/100 Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Affected: *-20251118 Patched: 20260105 Updated: June 30, 2026

LOW

nexter-extension

Score: N/A Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' Affected: *-4.4.6 Patched: 4.4.7 Updated: June 30, 2026

LOW

notificationx

Score: N/A NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset Affected: *-3.1.11 Patched: 3.2.1 Updated: June 30, 2026

LOW

notificationx

Score: N/A NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' Affected: *-3.2.0 Patched: 3.2.1 Updated: June 30, 2026

LOW

creatorlms

Score: 93/100 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update Affected: *-1.1.12 Patched: 1.1.13 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion Affected: *-3.9.4 Patched: 3.9.5 Updated: June 30, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control Affected: *-6.15.13 Patched: 6.15.13.1 Updated: June 30, 2026

LOW

wpcas

Score: N/A wpCAS <= 1.07 - Reflected Cross-Site Scripting Affected: *-1.07 Patched: Updated: June 30, 2026

LOW

woo-mailerlite

Score: N/A MailerLite – WooCommerce integration <= 3.1.2 - Unauthenticated SQL Injection Affected: *-3.1.2 Patched: 3.1.3 Updated: June 30, 2026

LOW

wishlist-member-x

Score: 92/100 WishList Member X <= 3.29.0 - Missing Authorization Affected: *-3.29.0 Patched: Updated: June 30, 2026

LOW

ux-flat

Score: N/A UX Flat <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.0 Patched: Updated: June 30, 2026

LOW

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

Score: N/A Simply Schedule Appointments <= 1.6.9.15 - Missing Authorization Affected: *-1.6.9.15 Patched: 1.6.9.17 Updated: June 30, 2026

LOW

simple-membership-wp-user-import

Score: N/A Simple Membership WP user Import <= 1.9.1 - Cross-Site Request Forgery Affected: *-1.9.1 Patched: 1.9.2 Updated: June 30, 2026

LOW

scalenut

Score: N/A Scalenut <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

ravpage

Score: N/A Ravpage <= 2.40 - Reflected Cross-Site Scripting Affected: *-2.40 Patched: 2.41 Updated: June 30, 2026

LOW

posts-table-filterable

Score: N/A TableOn <= 1.0.4.2 - Reflected Cross-Site Scripting Affected: *-1.0.4.2 Patched: 1.0.4.3 Updated: June 30, 2026

LOW

pie-register

Score: N/A Pie Register <= 3.8.4.8 - Missing Authorization Affected: *-3.8.4.8 Patched: 3.8.4.9 Updated: June 30, 2026

LOW

notifier

Score: N/A WANotifier <= 2.7.13 - Missing Authorization Affected: *-2.7.13 Patched: 3.0.0 Updated: June 30, 2026

LOW

Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization

nelio-ab-testing

Score: 81/100 Nelio AB Testing <= 8.1.8 - Authenticated (Editor+) Remote Code Execution Affected: *-8.1.8 Patched: 8.2.0 Updated: June 30, 2026

LOW

lead-form-builder

Score: 93/100 Contact Form & Lead Form Elementor Builder <= 2.0.1 - Authenticated (Subscriber+) Information Exposure Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

Koko Analytics – Privacy-Friendly WordPress Analytics

koko-analytics

Score: 72/100 Koko Analytics <= 2.1.2 - Unauthenticated SQL Injection Affected: *-2.1.2 Patched: 2.1.3 Updated: June 30, 2026

LOW

irobotstxt-seo

Score: 91/100 iRobots.txt SEO <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 30, 2026

LOW

frontis-blocks

Score: 93/100 Frontis Blocks <= 1.1.5 - Unauthenticated Server-Side Request Forgery Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026

LOW

expresstechsoftwares-memberpress-discord-add-on

Score: 93/100 MemberPress Discord Addon <= 1.1.4 - Reflected Cross-Site Scripting Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

easy-theme-options

Score: 89/100 Easy Theme Options <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

directorist-social-login

Score: 91/100 Directorist Social Login <= 2.1.1 - Unauthenticated Privilege Escalation Affected: *-2.1.1 Patched: Updated: June 30, 2026

LOW

directorist-booking

Score: 91/100 Directorist Booking <= 2.4.1 - Unauthenticated SQL Injection Affected: *-2.4.1 Patched: Updated: June 30, 2026

LOW

bookingor

Score: 91/100 Bookingor <= 1.0.12 - Missing Authorization Affected: *-1.0.12 Patched: Updated: June 30, 2026

LOW

Booking Activities

booking-activities

Score: 74/100 Booking Activities <= 1.16.44 - Unauthenticated Privilege Escalation Affected: *-1.16.44 Patched: 1.16.45 Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.6.9 Patched: 5.7.0 Updated: June 30, 2026

LOW

ai-image-alt-text-generator-for-wp

Score: 95/100 Ai Image Alt Text Generator for WP <= 1.1.9 - Missing Authorization Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

admin-site-enhancements

Score: 97/100 Admin and Site Enhancements (ASE) <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation Affected: *-7.6.2.1 Patched: 7.6.3 Updated: June 30, 2026

LOW

admin-login-url-change

Score: 97/100 Admin login URL Change <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026

LOW

adforest-elementor

Score: 97/100 AdForest Elementor <= 3.0.11 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.0.11 Patched: 3.0.12 Updated: June 30, 2026

LOW

acf-extended

Score: 97/100 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action Affected: *-0.9.2.1 Patched: 0.9.2.2 Updated: June 30, 2026

LOW

wp-hello-bar

Score: N/A WP Hello Bar <= 1.02 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters Affected: *-1.02 Patched: Updated: June 30, 2026

LOW

viet-contact

Score: N/A Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

wemail

Score: N/A weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure Affected: *-2.0.7 Patched: 2.0.8 Updated: June 30, 2026

LOW

dokan-lite

Score: 93/100 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 4.2.4 - Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure Affected: *-4.2.4 Patched: 4.2.5 Updated: June 30, 2026

LOW

Custom Fonts – Host Your Fonts Locally

custom-fonts

Score: 97/100 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion Affected: *-2.1.16 Patched: 2.1.17 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API Affected: *-4.3.2.4 Patched: 4.3.2.5 Updated: June 30, 2026

LOW

peachpay-for-woocommerce

Score: N/A PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification Affected: *-1.119.8 Patched: 1.119.9 Updated: June 30, 2026

LOW

newsletter

Score: N/A Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription Affected: *-9.1.0 Patched: 9.1.1 Updated: June 30, 2026

LOW

final-tiles-grid-gallery-lite

Score: 93/100 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management Affected: *-3.6.9 Patched: 3.6.10 Updated: June 30, 2026

LOW

xpro-elementor-addons

Score: N/A Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Author+) Arbitrary File Upload Affected: *-1.4.19.1 Patched: 1.4.20 Updated: June 30, 2026

LOW

wp-forms-signature-contract-add-on

Score: N/A WP Forms Signature Contract Add-On <= 1.8.2 - Missing Authorization to Authenticated (Subscriber+) Notice Dimissal Affected: *-1.8.2 Patched: 1.8.3 Updated: June 30, 2026

LOW

woc-order-alert

Score: N/A Order Listener for WooCommerce <= 3.6.1 - Missing Authorization Affected: *-3.6.1 Patched: 3.6.2 Updated: June 30, 2026

LOW

ultimate-post

Score: N/A PostX <= 5.0.3 - Missing Authorization Affected: *-5.0.3 Patched: 5.0.4 Updated: June 30, 2026

LOW

tutor-lms-bunnynet-integration

Score: N/A Tutor LMS BunnyNet Integration <= 1.0.0 - Authenticated (Tutor instructor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

table-of-contents-creator

Score: N/A Table of Contents Creator <= 1.6.4.1 - Reflected Cross-Site Scripting Affected: *-1.6.4.1 Patched: Updated: June 30, 2026

LOW

sumup-payment-gateway-for-woocommerce

Score: N/A SumUp Payment Gateway For WooCommerce <= 2.7.9 - Missing Authorization Affected: *-2.7.9 Patched: 2.7.10 Updated: June 30, 2026

LOW

social-polls-by-opinionstage

Score: N/A Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 19.6.25) Patched: 19.6.25 Updated: June 30, 2026

LOW

social-polls-by-opinionstage

Score: N/A Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 19.6.25) Patched: 19.6.25 Updated: June 30, 2026

LOW

simple-membership

Score: N/A Simple Membership <= 4.6.9 - Missing Authorization Affected: *-4.6.9 Patched: 4.7.0 Updated: June 30, 2026

LOW

shoutout

Score: N/A ShoutOut <= 4.0.2 - Reflected Cross-Site Scripting Affected: *-4.0.2 Patched: Updated: June 30, 2026

LOW

seo-booster

Score: N/A SEO Booster <= 6.1.8 - Missing Authorization Affected: *-6.1.8 Patched: Updated: June 30, 2026

LOW

points-and-rewards-for-woocommerce

Score: N/A Points and Rewards for WooCommerce <= 2.9.5 - Missing Authorization Affected: *-2.9.5 Patched: 2.9.6 Updated: June 30, 2026

LOW

ninja-gdpr-compliance

Score: N/A GDPR CCPA Compliance Support <= 2.7.4 - Missing Authorization Affected: *-2.7.4 Patched: 2.7.5 Updated: June 30, 2026

LOW

my-posts-order

Score: N/A My Post Order <= 1.2.1.1 - Reflected Cross-Site Scripting Affected: *-1.2.1.1 Patched: Updated: June 30, 2026

LOW

my-auctions-allegro-free-edition

Score: N/A My auctions allegro <= 3.6.32 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.6.32 Patched: 3.6.33 Updated: June 30, 2026

LOW

et-core-plugin

Score: 93/100 XStore Core < 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 5.7) Patched: 5.7 Updated: June 30, 2026

LOW

ecwid-shopping-cart

Score: 93/100 Ecwid Shopping Cart <= 7.0.5 - Missing Authorization Affected: *-7.0.5 Patched: 7.0.6 Updated: June 30, 2026

LOW

broadstreet

Score: 93/100 Broadstreet Ads <= 1.52.1 - Missing Authorization Affected: *-1.52.1 Patched: 1.52.2 Updated: June 30, 2026

LOW

advanced-iframe

Score: 97/100 Advanced iFrame <= 2025.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2025.10 Patched: 2026.0 Updated: June 30, 2026

LOW

woo-poly-integration

Score: N/A Hyyan WooCommerce Polylang Integration <= 1.5.0 - Missing Authorization Affected: *-1.5.0 Patched: Updated: June 30, 2026

LOW

visual-link-preview

Score: N/A Visual Link Preview <= 2.2.9 - Missing Authorization Affected: *-2.2.9 Patched: 2.3.0 Updated: June 30, 2026

LOW

smart-product-viewer

Score: N/A Smart Product Viewer <= 1.5.4 - Missing Authorization Affected: *-1.5.4 Patched: Updated: June 30, 2026

LOW

ninja-tables

Score: N/A Ninja Tables – Easy Data Table Builder <= 5.2.5 - Authenticated (Contributor+) Information Exposure Affected: *-5.2.5 Patched: 5.2.6 Updated: June 30, 2026

LOW

ajax-hits-counter

Score: 95/100 AJAX Hits Counter + Popular Posts Widget <= 0.10.210305 - Missing Authorization Affected: *-0.10.210305 Patched: Updated: June 30, 2026

LOW

wpresidence-core

Score: N/A Wpresidence Core <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.0 Patched: Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra <= 2.19.17 - Missing Authorization Affected: *-2.19.17 Patched: 2.19.18 Updated: June 30, 2026

LOW

premium-addons-for-elementor

Score: N/A Premium Addons for Elementor <= 4.11.63 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-4.11.63 Patched: 4.11.64 Updated: June 30, 2026

LOW

houzez-theme-functionality

Score: 93/100 Houzez Theme - Functionality <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.6 Patched: 4.2.7 Updated: June 30, 2026

LOW

cargus

Score: 93/100 Cargus <= 1.5.8 - Unauthenticated Information Exposure Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

woocommerce-for-paygent-payment-main

Score: N/A PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026

LOW

integrate-dynamics-365-crm

Score: 93/100 Integrate Dynamics 365 CRM <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configuration Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode Affected: *-1.1.26 Patched: 1.1.27 Updated: June 30, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure Affected: *-1.1.27 Patched: 1.1.28 Updated: June 30, 2026

LOW

spin-wheel

Score: N/A Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter Affected: *-2.1.0 Patched: 2.1.1 Updated: June 30, 2026

Showing 3301 to 3400 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 15:06 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List