Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

6699

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
contextual-related-posts	contextual-related-posts	93	Contextual Related Posts < 1.8.10.2 - SQL Injection	LOW	[*, 1.8.10.2)	1.8.10.2	June 29, 2026
barclaycart	barclaycart	91	Barclaycart (All Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
clickdesk-live-support-chat-plugin	clickdesk-live-support-chat-plugin	91	Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 4.3 - Cross-Site Scripting	LOW	*-4.3		June 29, 2026
aryo-activity-log	aryo-activity-log	97	Activity Log Plugin < 2.0.4 - Fulle Path Disclosure	LOW	[*, 2.0.4)	2.0.4	June 29, 2026
Contact Form 7	contact-form-7	97	Contact Form 7 < 3.7.2 - CAPTCHA Bypass	LOW	[*, 3.7.2)	3.7.2	June 29, 2026
AdRotate Banner Manager	adrotate	74	AdRotate – Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection	LOW	3.9-3.9.4	3.9.5	June 29, 2026
connections	connections	91	Connections Business Directory < 0.7.9.4 - Cross-Site Scripting	LOW	[*, 0.7.9.4)	0.7.9.4	June 29, 2026
all_in_one_carousel	all_in_one_carousel	97	All In One Slider <= 1.2.20 - Reflected Cross-Site Scripting	LOW	*-1.2.20	1.2.21	June 29, 2026
buddypress	buddypress	93	BuddyPress <= 1.9.1 - Authorization Bypass	LOW	[*, 1.9.2)	1.9.2	June 29, 2026
amerisale-re	amerisale-re	95	amerisale-re (All Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
aprils-super-functions-pack	aprils-super-functions-pack	97	April's Super Functions Pack <= 1.4.7 - Reflected Cross-Site Scripting	LOW	*-1.4.7	1.4.8	June 29, 2026
advanced-dewplayer	advanced-dewplayer	95	Advanced Dewplayer < 1.3 - Directory Traversal	LOW	*-1.2	1.3	June 29, 2026
askapache-firefox-adsense	askapache-firefox-adsense	95	AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery	LOW	*-3.0		June 29, 2026
advanced-dewplayer	advanced-dewplayer	95	Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing/Injection	LOW	[*, 1.5)	1.5	June 29, 2026
ad-minister	ad-minister	95	Ad-minister <= 0.6 - Cross-Site Scripting	LOW	*-0.6		June 29, 2026
amerisale-re	amerisale-re	95	Amerisale-Re (All Versions) - Reflected Cross-Site Scripting	LOW	*		June 29, 2026
all-in-one-event-calendar	all-in-one-event-calendar	97	Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting	LOW	[*, 1.10)	1.10	June 29, 2026
blue-wrench-videos-widget	blue-wrench-videos-widget	91	Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting	LOW	*-1.0.5	2.0.0	June 29, 2026
cart66-lite	cart66-lite	93	Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting	LOW	[*, 1.5.1.15)	1.5.1.15	June 29, 2026
blogger-importer	blogger-importer	93	Blogger Importer <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5	0.6	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2.1 - Path Traversal	LOW	*-1.2.1	1.2.2	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2.1 - Cross-Site Request Forgery	LOW	*-1.2.1	1.2.2	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting	LOW	*-1.2.1	1.2.2	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2 - Stored Cross-Site Scripting	LOW	*-1.2	1.2.2	June 29, 2026
bradesco-gateway	bradesco-gateway	91	Bradesco Gateway <= 2.0 - Cross-Site Scripting	LOW	*-2.0		June 29, 2026
comment-attachment	comment-attachment	91	Comment Attachment <= 1.5.5 - Cross-Site Scripting	LOW	*-1.5.5		June 29, 2026
complete-gallery-manager	complete-gallery-manager	93	Complete Gallery Manager <= 3.3.3 - Arbitrary File Upload	LOW	[*, 3.3.4)	3.3.4	June 29, 2026
contact-form-plugin	contact-form-plugin	93	Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting	LOW	*-3.34	3.35	June 29, 2026
BackWPup – WordPress Backup & Restore Plugin	backwpup	96	BackWPup < 3.0.13 - Cross-Site Scripting	LOW	[*, 3.0.13)	3.0.13	June 29, 2026
a-forms	a-forms	97	A Forms <= 1.4.2 - Reflected Cross-Site Scripting	LOW	*-1.4.2	1.4.3	June 29, 2026
contact-form-plugin	contact-form-plugin	93	Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting	LOW	*-3.51	3.52	June 29, 2026
comment-extra-field	comment-extra-field	89	Comment Extra Fields <= 1.7 - Reflected Cross-Site Scripting	LOW	*-1.7		June 29, 2026
category-grid-view-gallery	category-grid-view-gallery	93	Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting	LOW	*-2.3.1	2.3.2	June 29, 2026
booking-system	booking-system	91	Pinpoint Booking System – #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting	LOW	*-1.3.1	1.4	June 29, 2026
buddypress-extended-friendship-request	buddypress-extended-friendship-request	93	BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting	LOW	[*, 1.0.2)	1.0.2	June 29, 2026
antivirus	antivirus	97	AntiVirus < 1.1 - Full Path Disclosure	LOW	[*, 1.1)	1.1	June 29, 2026
adif-log-search-widget	adif-log-search-widget	95	ADIF Log Search Widget <= 1.0f - Cross-Site Scripting	LOW	* - 1.0f		June 29, 2026
contus-video-gallery	contus-video-gallery	91	WordPress Video Gallery < 2.1 - SQL Injection	LOW	[*, 2.1)	2.1	June 29, 2026
advanced-xml-reader	advanced-xml-reader	95	Advanced XML Reader <= 0.3.4 - External Entity Injection	LOW	*-0.3.4		June 29, 2026
advanced-xml-reader	advanced-xml-reader	95	Advanced XML Reader Plugin <= 0.3.4 - XML External Entity Injection	LOW	*-0.3.4		June 29, 2026
all-in-one-webmaster	all-in-one-webmaster	97	WP Webmaster < 8.2.4 - Cross-Site Request Forgery	LOW	[*, 8.2.4)	8.2.4	June 29, 2026
backupbuddy	backupbuddy	93	BackupBuddy <= 2.2.28 - Sensitive Information Disclosure	LOW	[*, 3.0)	3.0	June 29, 2026
backupbuddy	backupbuddy	93	BackupBuddy < 3.0 - Authentication Bypass	LOW	[*, 3.0)	3.0	June 29, 2026
backupbuddy	backupbuddy	93	BackupBuddy < 3.0 - Authentication Bypass	LOW	[*, 3.0)	3.0	June 29, 2026
backupbuddy	backupbuddy	93	BackupBuddy < 3.0 - Authentication Bypass	LOW	[*, 3.0)	3.0	June 29, 2026
all-in-one-event-calendar	all-in-one-event-calendar	97	All-in-One Events Calendar < 1.10 - SQL Injection	LOW	[*, 1.10)	1.10	June 29, 2026
count-per-day	count-per-day	93	Count per Day < 3.2.6 - Cross-Site Scripting	LOW	[*, 3.2.6)	3.2.6	June 29, 2026
comment-rating	comment-rating	91	Comment Rating <= 2.9.32 - SQL Injection	LOW	*-2.9.32		June 29, 2026
commentluv	commentluv	91	CommentLuv < 2.92.4 - Reflected Cross-Site Scripting	LOW	[*, 2.92.4)	2.92.4	June 29, 2026
audio-player	audio-player	93	Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter	LOW	[*, 2.0.4.6)	2.0.4.6	June 29, 2026
accordion	accordion	95	Accordion (All Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
cardoza-wordpress-poll	cardoza-wordpress-poll	91	WordPress Poll <= 34.05 - SQL Injection	LOW	*-34.05	34.06	June 29, 2026
cardoza-wordpress-poll	cardoza-wordpress-poll	91	WordPress Poll < 34.06 - SQL Injection	LOW	*-34.05	34.06	June 29, 2026
advanced-custom-fields	advanced-custom-fields	97	Advanced Custom Fields <= 3.5.1 - Remote Code Execution via Remote File Inclusion	LOW	*-3.5.1	3.5.2	June 29, 2026
buddystream	buddystream	93	BuddyStream <= 3.6.2 - Reflected Cross-Site Scripting	LOW	*-3.6.2	3.6.3	June 29, 2026
ads-box	ads-box	95	Ads Box <= 1.0 - SQL Injection	LOW	*-1.0		June 29, 2026
advanced-text-widget	advanced-text-widget	95	Advanced Text Widget <= 2.0.1 - Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 29, 2026
comment-extra-field	comment-extra-field	89	SWFUpload <= 2.2.0.1 - Cross-Site Scripting	LOW	*-1.7		June 29, 2026
blaze-slide-show-for-wordpress	blaze-slide-show-for-wordpress	91	SWFUpload <= 2.2.0.1 - Cross-Site Scripting	LOW	*-2.4	2.6	June 29, 2026
apptha-slider-gallery	apptha-slider-gallery	95	SWFUpload <= 2.2.0.1 - Cross-Site Scripting	LOW	*		June 29, 2026
apptha-banner	apptha-banner	95	SWFUpload <= 2.2.0.1 - Cross-Site Scripting	LOW	*		June 29, 2026
cardoza-ajax-search	cardoza-ajax-search	93	Cardoza AJAX Search < 1.3 - Unauthenticated SQL Injection	LOW	[*, 1.3)	1.3	June 29, 2026
answer-my-question	answer-my-question	95	Answer My Question < 1.2 - Cross-Site Scripting	LOW	[*, 1.2)	1.2	June 29, 2026
all-video-gallery	all-video-gallery	95	All Video Gallery <= 1.1 - SQL Injection	LOW	[*, 1.2)	1.2	June 29, 2026
cimy-user-manager	cimy-user-manager	93	Cimy User Manager < 1.4.4 - Arbitrary File Read	LOW	[*, 1.4.4)	1.4.4	June 29, 2026
crayon-syntax-highlighter	crayon-syntax-highlighter	89	Crayon Syntax Highlighter Plugin <= 1.13 - Remote File Inclusion	LOW	*-1.13	1.14	June 29, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	iThemes Security < 3.4.4 - Cross-Site Scripting	LOW	[*, 3.4.4)	3.4.4	June 29, 2026
count-per-day	count-per-day	93	Count per Day Plugin < 3.2.3 - Cross-Site Scripting	LOW	[*, 3.2.3)	3.2.3	June 29, 2026
ajax_multi_upload	ajax_multi_upload	97	AJAX Multi Upload <= 1.1 - Arbitrary File Upload	LOW	*-1.1	2.0	June 29, 2026
annonces	annonces	97	Annonces <= 1.2.0.1 - Arbitrary File Upload	LOW	*-1.2.0.1	1.2.0.2	June 29, 2026
contus-video-galleryversion-10	contus-video-galleryversion-10	91	Contus Video Gallery <= 1.3 - Arbitrary File Upload	LOW	*-1.3		June 29, 2026
contus-hd-flv-player	contus-hd-flv-player	93	HD FLV Player <= 1.7 - Arbitrary File Upload	LOW	*-1.7	1.8	June 29, 2026
auctionplugin	auctionplugin	93	Woocommerce Wordpress Auctions <= 2.0.1.3 - Arbitrary File Upload	LOW	*-2.0.1.3	2.0.2	June 29, 2026
asset-manager	asset-manager	95	Asset Manager <= 0.3 - Arbitrary File Upload	LOW	*-0.3		June 29, 2026
catablog	catablog	89	CataBlog < 1.6.3 - Reflected Cross-Site Scripting	LOW	[*, 1.6.3)	1.6.3	June 29, 2026
BulletProof Security	bulletproof-security	68	BulletProof Security < .47.1 - Reflected Cross-Site Scripting	LOW	[*, .47.1)	.47.1	June 29, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	iThemes Security < 3.2.5 - Cross-Site Scripting	LOW	[*, 3.2.5)	3.2.5	June 29, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting	LOW	*-3.2.4	3.2.5	June 29, 2026
bad-behavior	bad-behavior	93	Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting	LOW	[*, 2.0.47), [2.2.0, 2.2.5)	2.0.47	June 29, 2026
2-click-socialmedia-buttons	2-click-socialmedia-buttons	97	2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting	LOW	*-0.33	0.34	June 29, 2026
2-click-socialmedia-buttons	2-click-socialmedia-buttons	97	2 Click Social Media Buttons < 0.34 - Cross-Site Scripting	LOW	[*, 0.34)	0.34	June 29, 2026
all-in-one-event-calendar	all-in-one-event-calendar	97	Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting	LOW	[*, 1.6)	1.6	June 29, 2026
another-wordpress-classifieds-plugin	another-wordpress-classifieds-plugin	97	WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload	LOW	[*, 2.0)	2.0	June 29, 2026
buddypress	buddypress	93	BuddyPress - 1.5-1.5.4 - SQL Injection	LOW	1.5-1.5.4	1.5.5	June 29, 2026
cms-tree-page-view	cms-tree-page-view	93	CMS Tree Page View < 0.8.9 - Cross-Site Scripting	LOW	[*, 0.8.9)	0.8.9	June 29, 2026
404like	404like	97	404like <= 1.0 - SQL Injection	LOW	*-1.0	1.0.2	June 29, 2026
allwebmenus-wordpress-menu-plugin	allwebmenus-wordpress-menu-plugin	97	AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload	LOW	*-1.1.8	1.1.9	June 29, 2026
allwebmenus-wordpress-menu-plugin	allwebmenus-wordpress-menu-plugin	97	AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload	LOW	[*, 1.1.9)	1.1.9	June 29, 2026
count-per-day	count-per-day	93	Count per Day <= 3.1 - Arbitrary File Download	LOW	*-3.1	3.1.1	June 29, 2026
age-verification	age-verification	97	Age Verification <= 0.4 - Open Redirect	LOW	*-0.4	0.5	June 29, 2026
blaze-slide-show-for-wordpress	blaze-slide-show-for-wordpress	91	Blaze Slideshow <= 2.4 - Arbitrary File Upload	LOW	*-2.4	2.6	June 29, 2026
connections	connections	91	Connections Business Directory < 0.7.1.6 - Authorization Bypass	LOW	*-0.7.1.5	0.7.1.6	June 29, 2026
absolute-privacy	absolute-privacy	95	Absolute Privacy <= 2.0.5 - Authentication Bypass	LOW	*-2.0.5	2.0.6	June 29, 2026
1-jquery-photo-gallery-slideshow-flash	1-jquery-photo-gallery-slideshow-flash	95	ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting	LOW	*-1.11		June 29, 2026
clickdesk-live-support-chat-plugin	clickdesk-live-support-chat-plugin	91	Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting	LOW	*-2.0	3.0	June 29, 2026
alert-before-your-post	alert-before-your-post	95	Alert Before Your Post <= 0.1.1 - Cross-Site Scripting	LOW	*-0.1.1		June 29, 2026
AdRotate Banner Manager	adrotate	74	AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection	LOW	[*, 3.6.8)	3.6.8	June 29, 2026
allwebmenus-wordpress-menu-plugin	allwebmenus-wordpress-menu-plugin	97	AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion	LOW	*-1.1.3	1.1.4	June 29, 2026
category-list-portfolio-page	category-list-portfolio-page	91	TimThumb <= 1.33 - Remote File Download	LOW	*		June 29, 2026
addthis	addthis	97	WordPress Share Buttons Plugin – AddThis < 2.2.0 - Code Injection	LOW	[*, 2.2.0)	2.2.0	June 29, 2026

LOW

contextual-related-posts

Score: 93/100 Contextual Related Posts < 1.8.10.2 - SQL Injection Affected: [*, 1.8.10.2) Patched: 1.8.10.2 Updated: June 29, 2026

LOW

barclaycart

Score: 91/100 Barclaycart (All Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

clickdesk-live-support-chat-plugin

Score: 91/100 Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 4.3 - Cross-Site Scripting Affected: *-4.3 Patched: Updated: June 29, 2026

LOW

aryo-activity-log

Score: 97/100 Activity Log Plugin < 2.0.4 - Fulle Path Disclosure Affected: [*, 2.0.4) Patched: 2.0.4 Updated: June 29, 2026

LOW

Contact Form 7

contact-form-7

Score: 97/100 Contact Form 7 < 3.7.2 - CAPTCHA Bypass Affected: [*, 3.7.2) Patched: 3.7.2 Updated: June 29, 2026

LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection Affected: 3.9-3.9.4 Patched: 3.9.5 Updated: June 29, 2026

LOW

connections

Score: 91/100 Connections Business Directory < 0.7.9.4 - Cross-Site Scripting Affected: [*, 0.7.9.4) Patched: 0.7.9.4 Updated: June 29, 2026

LOW

all_in_one_carousel

Score: 97/100 All In One Slider <= 1.2.20 - Reflected Cross-Site Scripting Affected: *-1.2.20 Patched: 1.2.21 Updated: June 29, 2026

LOW

buddypress

Score: 93/100 BuddyPress <= 1.9.1 - Authorization Bypass Affected: [*, 1.9.2) Patched: 1.9.2 Updated: June 29, 2026

LOW

amerisale-re

Score: 95/100 amerisale-re (All Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

aprils-super-functions-pack

Score: 97/100 April's Super Functions Pack <= 1.4.7 - Reflected Cross-Site Scripting Affected: *-1.4.7 Patched: 1.4.8 Updated: June 29, 2026

LOW

advanced-dewplayer

Score: 95/100 Advanced Dewplayer < 1.3 - Directory Traversal Affected: *-1.2 Patched: 1.3 Updated: June 29, 2026

LOW

askapache-firefox-adsense

Score: 95/100 AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery Affected: *-3.0 Patched: Updated: June 29, 2026

LOW

advanced-dewplayer

Score: 95/100 Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing/Injection Affected: [*, 1.5) Patched: 1.5 Updated: June 29, 2026

LOW

ad-minister

Score: 95/100 Ad-minister <= 0.6 - Cross-Site Scripting Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

amerisale-re

Score: 95/100 Amerisale-Re (All Versions) - Reflected Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

all-in-one-event-calendar

Score: 97/100 Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting Affected: [*, 1.10) Patched: 1.10 Updated: June 29, 2026

LOW

blue-wrench-videos-widget

Score: 91/100 Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting Affected: *-1.0.5 Patched: 2.0.0 Updated: June 29, 2026

LOW

cart66-lite

Score: 93/100 Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting Affected: [*, 1.5.1.15) Patched: 1.5.1.15 Updated: June 29, 2026

LOW

blogger-importer

Score: 93/100 Blogger Importer <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: 0.6 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2.1 - Path Traversal Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2 - Stored Cross-Site Scripting Affected: *-1.2 Patched: 1.2.2 Updated: June 29, 2026

LOW

bradesco-gateway

Score: 91/100 Bradesco Gateway <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

comment-attachment

Score: 91/100 Comment Attachment <= 1.5.5 - Cross-Site Scripting Affected: *-1.5.5 Patched: Updated: June 29, 2026

LOW

complete-gallery-manager

Score: 93/100 Complete Gallery Manager <= 3.3.3 - Arbitrary File Upload Affected: [*, 3.3.4) Patched: 3.3.4 Updated: June 29, 2026

LOW

contact-form-plugin

Score: 93/100 Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting Affected: *-3.34 Patched: 3.35 Updated: June 29, 2026

LOW

BackWPup – WordPress Backup & Restore Plugin

backwpup

Score: 96/100 BackWPup < 3.0.13 - Cross-Site Scripting Affected: [*, 3.0.13) Patched: 3.0.13 Updated: June 29, 2026

LOW

a-forms

Score: 97/100 A Forms <= 1.4.2 - Reflected Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

contact-form-plugin

Score: 93/100 Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting Affected: *-3.51 Patched: 3.52 Updated: June 29, 2026

LOW

comment-extra-field

Score: 89/100 Comment Extra Fields <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

category-grid-view-gallery

Score: 93/100 Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: 2.3.2 Updated: June 29, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System – #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting Affected: *-1.3.1 Patched: 1.4 Updated: June 29, 2026

LOW

buddypress-extended-friendship-request

Score: 93/100 BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 29, 2026

LOW

antivirus

Score: 97/100 AntiVirus < 1.1 - Full Path Disclosure Affected: [*, 1.1) Patched: 1.1 Updated: June 29, 2026

LOW

adif-log-search-widget

Score: 95/100 ADIF Log Search Widget <= 1.0f - Cross-Site Scripting Affected: * - 1.0f Patched: Updated: June 29, 2026

LOW

contus-video-gallery

Score: 91/100 WordPress Video Gallery < 2.1 - SQL Injection Affected: [*, 2.1) Patched: 2.1 Updated: June 29, 2026

LOW

advanced-xml-reader

Score: 95/100 Advanced XML Reader <= 0.3.4 - External Entity Injection Affected: *-0.3.4 Patched: Updated: June 29, 2026

LOW

advanced-xml-reader

Score: 95/100 Advanced XML Reader Plugin <= 0.3.4 - XML External Entity Injection Affected: *-0.3.4 Patched: Updated: June 29, 2026

LOW

all-in-one-webmaster

Score: 97/100 WP Webmaster < 8.2.4 - Cross-Site Request Forgery Affected: [*, 8.2.4) Patched: 8.2.4 Updated: June 29, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy <= 2.2.28 - Sensitive Information Disclosure Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy < 3.0 - Authentication Bypass Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy < 3.0 - Authentication Bypass Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy < 3.0 - Authentication Bypass Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026

LOW

all-in-one-event-calendar

Score: 97/100 All-in-One Events Calendar < 1.10 - SQL Injection Affected: [*, 1.10) Patched: 1.10 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count per Day < 3.2.6 - Cross-Site Scripting Affected: [*, 3.2.6) Patched: 3.2.6 Updated: June 29, 2026

LOW

comment-rating

Score: 91/100 Comment Rating <= 2.9.32 - SQL Injection Affected: *-2.9.32 Patched: Updated: June 29, 2026

LOW

commentluv

Score: 91/100 CommentLuv < 2.92.4 - Reflected Cross-Site Scripting Affected: [*, 2.92.4) Patched: 2.92.4 Updated: June 29, 2026

LOW

audio-player

Score: 93/100 Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter Affected: [*, 2.0.4.6) Patched: 2.0.4.6 Updated: June 29, 2026

LOW

accordion

Score: 95/100 Accordion (All Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

cardoza-wordpress-poll

Score: 91/100 WordPress Poll <= 34.05 - SQL Injection Affected: *-34.05 Patched: 34.06 Updated: June 29, 2026

LOW

cardoza-wordpress-poll

Score: 91/100 WordPress Poll < 34.06 - SQL Injection Affected: *-34.05 Patched: 34.06 Updated: June 29, 2026

LOW

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 3.5.1 - Remote Code Execution via Remote File Inclusion Affected: *-3.5.1 Patched: 3.5.2 Updated: June 29, 2026

LOW

buddystream

Score: 93/100 BuddyStream <= 3.6.2 - Reflected Cross-Site Scripting Affected: *-3.6.2 Patched: 3.6.3 Updated: June 29, 2026

LOW

ads-box

Score: 95/100 Ads Box <= 1.0 - SQL Injection Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

advanced-text-widget

Score: 95/100 Advanced Text Widget <= 2.0.1 - Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

comment-extra-field

Score: 89/100 SWFUpload <= 2.2.0.1 - Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

blaze-slide-show-for-wordpress

Score: 91/100 SWFUpload <= 2.2.0.1 - Cross-Site Scripting Affected: *-2.4 Patched: 2.6 Updated: June 29, 2026

LOW

apptha-slider-gallery

Score: 95/100 SWFUpload <= 2.2.0.1 - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

apptha-banner

Score: 95/100 SWFUpload <= 2.2.0.1 - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

cardoza-ajax-search

Score: 93/100 Cardoza AJAX Search < 1.3 - Unauthenticated SQL Injection Affected: [*, 1.3) Patched: 1.3 Updated: June 29, 2026

LOW

answer-my-question

Score: 95/100 Answer My Question < 1.2 - Cross-Site Scripting Affected: [*, 1.2) Patched: 1.2 Updated: June 29, 2026

LOW

all-video-gallery

Score: 95/100 All Video Gallery <= 1.1 - SQL Injection Affected: [*, 1.2) Patched: 1.2 Updated: June 29, 2026

LOW

cimy-user-manager

Score: 93/100 Cimy User Manager < 1.4.4 - Arbitrary File Read Affected: [*, 1.4.4) Patched: 1.4.4 Updated: June 29, 2026

LOW

crayon-syntax-highlighter

Score: 89/100 Crayon Syntax Highlighter Plugin <= 1.13 - Remote File Inclusion Affected: *-1.13 Patched: 1.14 Updated: June 29, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 iThemes Security < 3.4.4 - Cross-Site Scripting Affected: [*, 3.4.4) Patched: 3.4.4 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count per Day Plugin < 3.2.3 - Cross-Site Scripting Affected: [*, 3.2.3) Patched: 3.2.3 Updated: June 29, 2026

LOW

ajax_multi_upload

Score: 97/100 AJAX Multi Upload <= 1.1 - Arbitrary File Upload Affected: *-1.1 Patched: 2.0 Updated: June 29, 2026

LOW

annonces

Score: 97/100 Annonces <= 1.2.0.1 - Arbitrary File Upload Affected: *-1.2.0.1 Patched: 1.2.0.2 Updated: June 29, 2026

LOW

contus-video-galleryversion-10

Score: 91/100 Contus Video Gallery <= 1.3 - Arbitrary File Upload Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

contus-hd-flv-player

Score: 93/100 HD FLV Player <= 1.7 - Arbitrary File Upload Affected: *-1.7 Patched: 1.8 Updated: June 29, 2026

LOW

auctionplugin

Score: 93/100 Woocommerce Wordpress Auctions <= 2.0.1.3 - Arbitrary File Upload Affected: *-2.0.1.3 Patched: 2.0.2 Updated: June 29, 2026

LOW

asset-manager

Score: 95/100 Asset Manager <= 0.3 - Arbitrary File Upload Affected: *-0.3 Patched: Updated: June 29, 2026

LOW

catablog

Score: 89/100 CataBlog < 1.6.3 - Reflected Cross-Site Scripting Affected: [*, 1.6.3) Patched: 1.6.3 Updated: June 29, 2026

LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security < .47.1 - Reflected Cross-Site Scripting Affected: [*, .47.1) Patched: .47.1 Updated: June 29, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 iThemes Security < 3.2.5 - Cross-Site Scripting Affected: [*, 3.2.5) Patched: 3.2.5 Updated: June 29, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting Affected: *-3.2.4 Patched: 3.2.5 Updated: June 29, 2026

LOW

bad-behavior

Score: 93/100 Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting Affected: [*, 2.0.47), [2.2.0, 2.2.5) Patched: 2.0.47 Updated: June 29, 2026

LOW

2-click-socialmedia-buttons

Score: 97/100 2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting Affected: *-0.33 Patched: 0.34 Updated: June 29, 2026

LOW

2-click-socialmedia-buttons

Score: 97/100 2 Click Social Media Buttons < 0.34 - Cross-Site Scripting Affected: [*, 0.34) Patched: 0.34 Updated: June 29, 2026

LOW

all-in-one-event-calendar

Score: 97/100 Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting Affected: [*, 1.6) Patched: 1.6 Updated: June 29, 2026

LOW

another-wordpress-classifieds-plugin

Score: 97/100 WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload Affected: [*, 2.0) Patched: 2.0 Updated: June 29, 2026

LOW

buddypress

Score: 93/100 BuddyPress - 1.5-1.5.4 - SQL Injection Affected: 1.5-1.5.4 Patched: 1.5.5 Updated: June 29, 2026

LOW

cms-tree-page-view

Score: 93/100 CMS Tree Page View < 0.8.9 - Cross-Site Scripting Affected: [*, 0.8.9) Patched: 0.8.9 Updated: June 29, 2026

LOW

404like

Score: 97/100 404like <= 1.0 - SQL Injection Affected: *-1.0 Patched: 1.0.2 Updated: June 29, 2026

LOW

allwebmenus-wordpress-menu-plugin

Score: 97/100 AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload Affected: *-1.1.8 Patched: 1.1.9 Updated: June 29, 2026

LOW

allwebmenus-wordpress-menu-plugin

Score: 97/100 AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload Affected: [*, 1.1.9) Patched: 1.1.9 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count per Day <= 3.1 - Arbitrary File Download Affected: *-3.1 Patched: 3.1.1 Updated: June 29, 2026

LOW

age-verification

Score: 97/100 Age Verification <= 0.4 - Open Redirect Affected: *-0.4 Patched: 0.5 Updated: June 29, 2026

LOW

blaze-slide-show-for-wordpress

Score: 91/100 Blaze Slideshow <= 2.4 - Arbitrary File Upload Affected: *-2.4 Patched: 2.6 Updated: June 29, 2026

LOW

connections

Score: 91/100 Connections Business Directory < 0.7.1.6 - Authorization Bypass Affected: *-0.7.1.5 Patched: 0.7.1.6 Updated: June 29, 2026

LOW

absolute-privacy

Score: 95/100 Absolute Privacy <= 2.0.5 - Authentication Bypass Affected: *-2.0.5 Patched: 2.0.6 Updated: June 29, 2026

LOW

1-jquery-photo-gallery-slideshow-flash

Score: 95/100 ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting Affected: *-1.11 Patched: Updated: June 29, 2026

LOW

clickdesk-live-support-chat-plugin

Score: 91/100 Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: 3.0 Updated: June 29, 2026

LOW

alert-before-your-post

Score: 95/100 Alert Before Your Post <= 0.1.1 - Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 29, 2026

LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection Affected: [*, 3.6.8) Patched: 3.6.8 Updated: June 29, 2026

LOW

allwebmenus-wordpress-menu-plugin

Score: 97/100 AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026

LOW

category-list-portfolio-page

Score: 91/100 TimThumb <= 1.33 - Remote File Download Affected: * Patched: Updated: June 29, 2026

LOW

addthis

Score: 97/100 WordPress Share Buttons Plugin – AddThis < 2.2.0 - Code Injection Affected: [*, 2.2.0) Patched: 2.2.0 Updated: June 29, 2026

Showing 6601 to 6700 of 6699 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 11:50 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List