Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
mp3-jplayer	mp3-jplayer	N/A	MP3-jPlayer <= 1.8.11 - Cross-Site Scripting	LOW	*-1.8.11	1.8.12	June 29, 2026
simpleflickr	simpleflickr	N/A	SimpleFlickr <= 3.0.3 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-3.0.3		June 29, 2026
seo-image	seo-image	N/A	SEO Friendly Images <= 3.0.4 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-3.0.4	3.0.5	June 29, 2026
relevanssi	relevanssi	N/A	Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting	LOW	[*, 3.3.8)	3.3.8	June 29, 2026
banner-effect-header	banner-effect-header	93	Banner Effect Header <= 1.2.7 - Cross-Site Request Forgery	LOW	[*, 1.2.8)	1.2.8	June 29, 2026
cart66-lite	cart66-lite	93	Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure	LOW	[*, 1.5.4)	1.5.4	June 29, 2026
sell-downloads	sell-downloads	N/A	Sell Downloads <= 1.0.1 - Arbitrary File Read	LOW	*-1.0.1	1.0.2	June 29, 2026
cforms2	cforms2	93	cformsII < 14.8 - Arbitrary File Upload	LOW	[*, 14.8)	14.8	June 29, 2026
frontend-uploader	frontend-uploader	91	Frontend Uploader < 0.9.4 - Cross-Site Scripting	LOW	[*, 0.9.4)	0.9.4	June 29, 2026
dewplayer-flash-mp3-player	dewplayer-flash-mp3-player	89	Dewplayer <= 1.2 - Cross-Site Scripting	LOW	*-1.2		June 29, 2026
wordpress-backup-to-dropbox	wordpress-backup-to-dropbox	N/A	WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting	LOW	[*, 4.1)	4.1	June 29, 2026
cart66-lite	cart66-lite	93	Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection	LOW	[*, 1.5.4)	1.5.4	June 29, 2026
wp-unique-article-header-image	wp-unique-article-header-image	N/A	WP Unique Article Header Image <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.0		June 29, 2026
wp-limit-posts-automatically	wp-limit-posts-automatically	N/A	WP Limit Posts Automatically <= 0.7 - Cross-Site Request Forgery leading to Cross-Site Scripting	LOW	*-0.7		June 29, 2026
pwgrandom	pwgrandom	N/A	PWGRandom <= 1.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.11		June 29, 2026
post-to-twitter	post-to-twitter	N/A	Post to Twitter <= 0.7 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-0.7		June 29, 2026
pictobrowser-gallery	pictobrowser-gallery	N/A	PictoBrowser Gallery <= 0.3.1 - Cross-Site Request Forgery	LOW	*-0.3.1		June 29, 2026
gslideshow	gslideshow	91	gSlideShow <= 0.1 - Cross-Site Request Forgery	LOW	*-0.1		June 29, 2026
revslider	revslider	N/A	Slider Revolution <= 4.2.2 - Cross-Site Scripting	LOW	*-4.2.2	4.2.3	June 29, 2026
revslider	revslider	N/A	Slider Revolution <= 4.1.4 - Directory Traversal	LOW	*-4.1.4	4.2	June 29, 2026
nextgen-gallery-voting	nextgen-gallery-voting	N/A	NextGEN Gallery Voting <= 2.7.5 - Authenticated (Admin+) SQL Injection	LOW	[*, 2.7.6)	2.7.6	June 29, 2026
wp-rss-aggregator	wp-rss-aggregator	N/A	WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More <= 4.6.3 - Authorization Bypass	LOW	*-4.6.3	4.6.4	June 29, 2026
W3 Total Cache	w3-total-cache	69	W3 Total Cache <= 0.9.4 - Cross-Site Scripting	LOW	*-0.9.4	0.9.4.1	June 29, 2026
db-backup	db-backup	91	DB Backup < 5.0 - Directory Traversal	LOW	[*, 5.0)	5.0	June 29, 2026
better-search	better-search	93	Better Search <= 1.3.4 - Reflected Cross-Site Scripting	LOW	*-1.3.4	1.3.5	June 29, 2026
wp-construction-mode	wp-construction-mode	N/A	WP Construction Mode <= 1.91 - Reflected Cross-Site Scripting	LOW	*-1.91	1.92	June 29, 2026
sliding-social-icons	sliding-social-icons	N/A	Sliding Social Icons <= 1.61 - Cross-Site Request Forgery and Stored Cross-Site Scripting	LOW	*-1.61		June 29, 2026
itwitter	itwitter	91	iTwitter <= 0.04 - Cross-Site Scripting	LOW	*-0.04		June 29, 2026
Download Manager	download-manager	63	WordPress Download Manager <= 2.7.4 - Remote Code Execution	LOW	[*, 2.7.5)	2.7.5	June 29, 2026
wpcommenttwit	wpcommenttwit	N/A	wpCommentTwit Plugin <= 0.5 - Cross-Site Scripting	LOW	*-0.5		June 29, 2026
wp-timed-popup	wp-timed-popup	N/A	WP Timed Popout <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.3	1.4	June 29, 2026
wp-fb-autoconnect	wp-fb-autoconnect	N/A	WP-FB-AutoConnect <= 4.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-4.0.5	4.0.6	June 29, 2026
spnbabble	spnbabble	N/A	Spnbabble <= 1.4.1 - Multiple Cross-Site Request Forgery	LOW	*-1.4.1		June 29, 2026
mikiurl-wordpress-eklentisi	mikiurl-wordpress-eklentisi	N/A	Mikiurl Wordpress Eklentisi <= 2.0 - Cross-Site Scripting	LOW	*-2.0		June 29, 2026
dandyid-services	dandyid-services	91	DandyID Services <= 1.5.9 - Cross-Site Request Forgery	LOW	*-1.5.9		June 29, 2026
wp-vipergb	wp-vipergb	N/A	WP-ViperGB <= 1.3.10 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.3.10	1.3.11	June 29, 2026
wp-timed-popup	wp-timed-popup	N/A	Timed Popup WordPress Plugin <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 29, 2026
simple-visitor-stat	simple-visitor-stat	N/A	Simple visitor stat <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 29, 2026
simple-ip-ban	simple-ip-ban	N/A	IP Ban <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.2.3	1.2.4	June 29, 2026
our-team-enhanced	our-team-enhanced	N/A	Our Team Showcase < 1.3 - Cross-Site Scripting	LOW	[*, 1.3)	1.3	June 29, 2026
lightbox-photo-gallery	lightbox-photo-gallery	91	Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
cardoza-facebook-like-box	cardoza-facebook-like-box	93	Easy Social Like Box – Popup – Sidebar Widget < 2.8.3 - Cross-Site Scripting	LOW	[*, 2.8.3)	2.8.3	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium <= 14.11 - Arbitrary File Upload	LOW	*-14.11	15.1	June 29, 2026
W3 Total Cache	w3-total-cache	69	W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery	LOW	*-0.9.4	0.9.4.1	June 29, 2026
yurl-retwitt	yurl-retwitt	N/A	yURL ReTwitt <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 29, 2026
twitterdash	twitterdash	N/A	twitterDash <= 2.1 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-2.1		June 29, 2026
twitter-liveblog	twitter-liveblog	N/A	Twitter LiveBlog <= 1.1.2 - Cross-Site Request Forgery	LOW	*-1.1.2		June 29, 2026
twimp-wp	twimp-wp	N/A	Twimp WP <= 0.1 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-0.1		June 29, 2026
tweetscribe	tweetscribe	N/A	TweetScribe <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 29, 2026
simplelife	simplelife	N/A	Simplelife Plugin <= 1.2 - Cross-Site Scripting	LOW	*-1.2		June 29, 2026
bird-feeder	bird-feeder	91	Bird Feeder <= 1.2.3 - Cross-Site Request Forgery	LOW	*-1.2.3		June 29, 2026
another-wordpress-classifieds-plugin	another-wordpress-classifieds-plugin	97	WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds <= 3.3.1 - Cross-Site Scripting	LOW	*-3.3.1	3.3.2	June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security	wordfence	70	Wordfence <= 5.1.4 - Reflected Cross-Site Scripting	LOW	[*, 5.1.5)	5.1.5	June 29, 2026
feedweb	feedweb	93	Feedweb <= 3.0.7 - SQL Injection	LOW	*-3.0.7	3.0.8	June 29, 2026
ajax-store-locator	ajax-store-locator	95	Ajax Store Locator <= 1.2 - Arbitrary File Download	LOW	*-1.2		June 29, 2026
shariff-sharing	shariff-sharing	N/A	Shariff Sharing < 1.0.8 - Stored Cross-Site Scripting	LOW	[*, 1.0.8)	1.0.8	June 29, 2026
captcha-bws	captcha-bws	93	BestWebSoft Captcha <= 4.0.6 - CAPTCHA Bypass	LOW	[*, 4.0.7)	4.0.7	June 29, 2026
Broken Link Checker	broken-link-checker	68	Broken Link Checker < 1.10.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 1.10.2)	1.10.2	June 29, 2026
wp-backitup	wp-backitup	N/A	Backup and Restore WordPress – Backup Plugin <= 1.9 - Authorization Bypass	LOW	*-1.9	1.9.1	June 29, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative	wp-statistics	90	WP Statistics <= 8.4 - Stored Cross-Site Scripting	LOW	*-8.4	8.5	June 29, 2026
cart66-lite	cart66-lite	93	Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection	LOW	[*, 1.5.2)	1.5.2	June 29, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting	LOW	[*, 2.8.10)	2.8.10	June 29, 2026
iwp-client	iwp-client	93	InfiniteWP Client <= 1.3.7 - Privilege Escalation	LOW	*-1.3.7	1.3.8	June 29, 2026
iwp-client	iwp-client	93	InfiniteWP Client <= 1.3.7 - PHP Object Injection	LOW	*-1.3.7	1.3.8	June 29, 2026
cm-download-manager	cm-download-manager	93	CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-2.0.6	2.0.7	June 29, 2026
rich-counter	rich-counter	N/A	Rich Counter < 1.2.0 - JavaScript Injection	LOW	[*, 1.2.0)	1.2.0	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium < 14.11 - Authenticated SQL Injection	LOW	[*, 14.11)	14.11	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium <= 14.10 - Cross-Site Scripting	LOW	*-14.10	14.11	June 29, 2026
wordpress-admanager	wordpress-admanager	N/A	Ad Manager <= 1.1.2 - Open Redirection	LOW	*-1.1.2		June 29, 2026
instasqueeze	instasqueeze	91	InstaSqueeze Sexy Squeeze Pages (All Known Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
html5-mp3-player-with-playlist	html5-mp3-player-with-playlist	91	HTML5 MP3 Player with Playlist <= 2.7.0 - Full Path Disclosure	LOW	*-2.7.0	2.8.0	June 29, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)	google-analytics-for-wordpress	72	MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting	LOW	*-5.1.2	5.1.3	June 29, 2026
contact-form-7-to-database-extension	contact-form-7-to-database-extension	93	Contact Form DB <= 2.8.17 - Reflected Cross-Site Scripting	LOW	[*, 2.8.18)	2.8.18	June 29, 2026
wpdatatables	wpdatatables	N/A	wpDataTables <= 1.5.3 - Arbitrary File Upload	LOW	[*, 1.5.4)	1.5.4	June 29, 2026
showbizpro	showbizpro	N/A	Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload	LOW	[*, 1.7.1)	1.7.1	June 29, 2026
showbizpro	showbizpro	N/A	Showbiz Pro Responsive Teaser WordPress Plugin <= 1.7.1 - Arbitrary File Upload	LOW	*-1.7.1		June 29, 2026
revslider	revslider	N/A	Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload	LOW	[*, 3.0.96)	3.0.96	June 29, 2026
gallery-bank	gallery-bank	89	Gallery Bank – WordPress Photo Gallery Plugin < 3.0.61 - Arbitrary File Upload	LOW	[*, 3.0.61)	3.0.61	June 29, 2026
Download Manager	download-manager	63	WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update	LOW	[*, 2.7.3)	2.7.3	June 29, 2026
buddypress-media	buddypress-media	93	rtMedia for WordPress, BuddyPress and bbPress <= 3.9.5 - Local File Inclusion	LOW	*-3.9.5	3.10	June 29, 2026
wpdatatables	wpdatatables	N/A	wpDataTables (Premium) <= 1.5.3 - SQL Injection	LOW	*-1.5.3	1.5.4	June 29, 2026
cp-polls	cp-polls	93	Polls CP <= 1.0.1 - Authenticated SQL Injection	LOW	*-1.0.1	1.0.2	June 29, 2026
contact-form-to-email	contact-form-to-email	93	Contact Form Email < 1.0.1 - Cross-Site Scripting	LOW	[*, 1.0.1)	1.0.1	June 29, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative	wp-statistics	90	WP Statistics < 8.3.1 - Multiple Cross-Site Scripting	LOW	[*, 8.3.1)	8.3.1	June 29, 2026
sp-client-document-manager	sp-client-document-manager	87	SP Project & Document Manager < 2.4.4 - Multiple SQL Injection	LOW	[*, 2.4.4)	2.4.4	June 29, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting	LOW	[*, 2.8.9)	2.8.9	June 29, 2026
fancy-gallery	fancy-gallery	91	Gallery Manager <= 1.5.12 - Cross-Site Scripting	LOW	*-1.5.12	1.5.13	June 29, 2026
cp-polls	cp-polls	93	Polls CP < 1.0.1 - Cross-Site Scripting	LOW	[*, 1.0.1)	1.0.1	June 29, 2026
watu	watu	N/A	Watu Quiz <= 2.5.0.1 - Stored Cross-Site Scripting	LOW	*-2.5.0.1	2.5.0.2	June 29, 2026
wp-support-plus-responsive-ticket-system	wp-support-plus-responsive-ticket-system	N/A	WP Support Plus Responsive Ticket System <= 4.1 - Improper Authentication	LOW	*-4.1	4.2	June 29, 2026
wp-support-plus-responsive-ticket-system	wp-support-plus-responsive-ticket-system	N/A	WP Support Plus Responsive Ticket System <= 4.1 - Directory Traversal	LOW	[*, 4.2)	4.2	June 29, 2026
paid-memberships-pro	paid-memberships-pro	N/A	Paid Memberships Pro < 1.7.15 - Directory Traversal	LOW	[*, 1.7.15)	1.7.15	June 29, 2026
supportezzy	supportezzy	N/A	SupportEzzy Ticket System Plugin <= 1.2.5 - Cross-Site Scripting	LOW	*-1.2.5	1.2.6	June 29, 2026
dukapress	dukapress	91	DukaPress < 2.5.4 - Directory Traversal	LOW	[*, 2.5.4)	2.5.4	June 29, 2026
player	player	N/A	SpiderVPlayer <= 1.5.1 - Cross-Site Scripting	LOW	*-1.5.1	1.5.2	June 29, 2026
cm-download-manager	cm-download-manager	93	CM Download Manager <= 2.0.3 - Code Injection	LOW	*-2.0.3	2.0.4	June 29, 2026
another-wordpress-classifieds-plugin	another-wordpress-classifieds-plugin	97	WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - SQL Injection	LOW	[*, 3.0)	3.0	June 29, 2026
contact-form-maker	contact-form-maker	91	Contact Form by WD – responsive drag & drop contact form builder tool <= 1.7.18 - Authorization Bypass	LOW	*-1.7.18	1.7.19	June 29, 2026
theme-blvd-widget-areas	theme-blvd-widget-areas	N/A	ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks	LOW	*-1.2.2	1.2.3	June 29, 2026
theme-blvd-sliders	theme-blvd-sliders	N/A	ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks	LOW	*-1.2.3	1.2.4	June 29, 2026

LOW

mp3-jplayer

Score: N/A MP3-jPlayer <= 1.8.11 - Cross-Site Scripting Affected: *-1.8.11 Patched: 1.8.12 Updated: June 29, 2026

LOW

simpleflickr

Score: N/A SimpleFlickr <= 3.0.3 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-3.0.3 Patched: Updated: June 29, 2026

LOW

seo-image

Score: N/A SEO Friendly Images <= 3.0.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: June 29, 2026

LOW

relevanssi

Score: N/A Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting Affected: [*, 3.3.8) Patched: 3.3.8 Updated: June 29, 2026

LOW

banner-effect-header

Score: 93/100 Banner Effect Header <= 1.2.7 - Cross-Site Request Forgery Affected: [*, 1.2.8) Patched: 1.2.8 Updated: June 29, 2026

LOW

cart66-lite

Score: 93/100 Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure Affected: [*, 1.5.4) Patched: 1.5.4 Updated: June 29, 2026

LOW

sell-downloads

Score: N/A Sell Downloads <= 1.0.1 - Arbitrary File Read Affected: *-1.0.1 Patched: 1.0.2 Updated: June 29, 2026

LOW

cforms2

Score: 93/100 cformsII < 14.8 - Arbitrary File Upload Affected: [*, 14.8) Patched: 14.8 Updated: June 29, 2026

LOW

frontend-uploader

Score: 91/100 Frontend Uploader < 0.9.4 - Cross-Site Scripting Affected: [*, 0.9.4) Patched: 0.9.4 Updated: June 29, 2026

LOW

dewplayer-flash-mp3-player

Score: 89/100 Dewplayer <= 1.2 - Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

wordpress-backup-to-dropbox

Score: N/A WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting Affected: [*, 4.1) Patched: 4.1 Updated: June 29, 2026

LOW

cart66-lite

Score: 93/100 Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection Affected: [*, 1.5.4) Patched: 1.5.4 Updated: June 29, 2026

LOW

wp-unique-article-header-image

Score: N/A WP Unique Article Header Image <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

wp-limit-posts-automatically

Score: N/A WP Limit Posts Automatically <= 0.7 - Cross-Site Request Forgery leading to Cross-Site Scripting Affected: *-0.7 Patched: Updated: June 29, 2026

LOW

pwgrandom

Score: N/A PWGRandom <= 1.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.11 Patched: Updated: June 29, 2026

LOW

post-to-twitter

Score: N/A Post to Twitter <= 0.7 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-0.7 Patched: Updated: June 29, 2026

LOW

pictobrowser-gallery

Score: N/A PictoBrowser Gallery <= 0.3.1 - Cross-Site Request Forgery Affected: *-0.3.1 Patched: Updated: June 29, 2026

LOW

gslideshow

Score: 91/100 gSlideShow <= 0.1 - Cross-Site Request Forgery Affected: *-0.1 Patched: Updated: June 29, 2026

LOW

revslider

Score: N/A Slider Revolution <= 4.2.2 - Cross-Site Scripting Affected: *-4.2.2 Patched: 4.2.3 Updated: June 29, 2026

LOW

revslider

Score: N/A Slider Revolution <= 4.1.4 - Directory Traversal Affected: *-4.1.4 Patched: 4.2 Updated: June 29, 2026

LOW

nextgen-gallery-voting

Score: N/A NextGEN Gallery Voting <= 2.7.5 - Authenticated (Admin+) SQL Injection Affected: [*, 2.7.6) Patched: 2.7.6 Updated: June 29, 2026

LOW

wp-rss-aggregator

Score: N/A WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More <= 4.6.3 - Authorization Bypass Affected: *-4.6.3 Patched: 4.6.4 Updated: June 29, 2026

LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 0.9.4 - Cross-Site Scripting Affected: *-0.9.4 Patched: 0.9.4.1 Updated: June 29, 2026

LOW

db-backup

Score: 91/100 DB Backup < 5.0 - Directory Traversal Affected: [*, 5.0) Patched: 5.0 Updated: June 29, 2026

LOW

better-search

Score: 93/100 Better Search <= 1.3.4 - Reflected Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: June 29, 2026

LOW

wp-construction-mode

Score: N/A WP Construction Mode <= 1.91 - Reflected Cross-Site Scripting Affected: *-1.91 Patched: 1.92 Updated: June 29, 2026

LOW

sliding-social-icons

Score: N/A Sliding Social Icons <= 1.61 - Cross-Site Request Forgery and Stored Cross-Site Scripting Affected: *-1.61 Patched: Updated: June 29, 2026

LOW

itwitter

Score: 91/100 iTwitter <= 0.04 - Cross-Site Scripting Affected: *-0.04 Patched: Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 WordPress Download Manager <= 2.7.4 - Remote Code Execution Affected: [*, 2.7.5) Patched: 2.7.5 Updated: June 29, 2026

LOW

wpcommenttwit

Score: N/A wpCommentTwit Plugin <= 0.5 - Cross-Site Scripting Affected: *-0.5 Patched: Updated: June 29, 2026

LOW

wp-timed-popup

Score: N/A WP Timed Popout <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: 1.4 Updated: June 29, 2026

LOW

wp-fb-autoconnect

Score: N/A WP-FB-AutoConnect <= 4.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.5 Patched: 4.0.6 Updated: June 29, 2026

LOW

spnbabble

Score: N/A Spnbabble <= 1.4.1 - Multiple Cross-Site Request Forgery Affected: *-1.4.1 Patched: Updated: June 29, 2026

LOW

mikiurl-wordpress-eklentisi

Score: N/A Mikiurl Wordpress Eklentisi <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

dandyid-services

Score: 91/100 DandyID Services <= 1.5.9 - Cross-Site Request Forgery Affected: *-1.5.9 Patched: Updated: June 29, 2026

LOW

wp-vipergb

Score: N/A WP-ViperGB <= 1.3.10 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.3.10 Patched: 1.3.11 Updated: June 29, 2026

LOW

wp-timed-popup

Score: N/A Timed Popup WordPress Plugin <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

simple-visitor-stat

Score: N/A Simple visitor stat <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

simple-ip-ban

Score: N/A IP Ban <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: June 29, 2026

LOW

our-team-enhanced

Score: N/A Our Team Showcase < 1.3 - Cross-Site Scripting Affected: [*, 1.3) Patched: 1.3 Updated: June 29, 2026

LOW

lightbox-photo-gallery

Score: 91/100 Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

cardoza-facebook-like-box

Score: 93/100 Easy Social Like Box – Popup – Sidebar Widget < 2.8.3 - Cross-Site Scripting Affected: [*, 2.8.3) Patched: 2.8.3 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium <= 14.11 - Arbitrary File Upload Affected: *-14.11 Patched: 15.1 Updated: June 29, 2026

LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery Affected: *-0.9.4 Patched: 0.9.4.1 Updated: June 29, 2026

LOW

yurl-retwitt

Score: N/A yURL ReTwitt <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

twitterdash

Score: N/A twitterDash <= 2.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

twitter-liveblog

Score: N/A Twitter LiveBlog <= 1.1.2 - Cross-Site Request Forgery Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

twimp-wp

Score: N/A Twimp WP <= 0.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 29, 2026

LOW

tweetscribe

Score: N/A TweetScribe <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

simplelife

Score: N/A Simplelife Plugin <= 1.2 - Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

bird-feeder

Score: 91/100 Bird Feeder <= 1.2.3 - Cross-Site Request Forgery Affected: *-1.2.3 Patched: Updated: June 29, 2026

LOW

another-wordpress-classifieds-plugin

Score: 97/100 WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds <= 3.3.1 - Cross-Site Scripting Affected: *-3.3.1 Patched: 3.3.2 Updated: June 29, 2026

LOW

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Score: 70/100 Wordfence <= 5.1.4 - Reflected Cross-Site Scripting Affected: [*, 5.1.5) Patched: 5.1.5 Updated: June 29, 2026

LOW

feedweb

Score: 93/100 Feedweb <= 3.0.7 - SQL Injection Affected: *-3.0.7 Patched: 3.0.8 Updated: June 29, 2026

LOW

ajax-store-locator

Score: 95/100 Ajax Store Locator <= 1.2 - Arbitrary File Download Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

shariff-sharing

Score: N/A Shariff Sharing < 1.0.8 - Stored Cross-Site Scripting Affected: [*, 1.0.8) Patched: 1.0.8 Updated: June 29, 2026

LOW

captcha-bws

Score: 93/100 BestWebSoft Captcha <= 4.0.6 - CAPTCHA Bypass Affected: [*, 4.0.7) Patched: 4.0.7 Updated: June 29, 2026

LOW

Broken Link Checker

broken-link-checker

Score: 68/100 Broken Link Checker < 1.10.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.10.2) Patched: 1.10.2 Updated: June 29, 2026

LOW

wp-backitup

Score: N/A Backup and Restore WordPress – Backup Plugin <= 1.9 - Authorization Bypass Affected: *-1.9 Patched: 1.9.1 Updated: June 29, 2026

LOW

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Score: 90/100 WP Statistics <= 8.4 - Stored Cross-Site Scripting Affected: *-8.4 Patched: 8.5 Updated: June 29, 2026

LOW

cart66-lite

Score: 93/100 Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection Affected: [*, 1.5.2) Patched: 1.5.2 Updated: June 29, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting Affected: [*, 2.8.10) Patched: 2.8.10 Updated: June 29, 2026

LOW

iwp-client

Score: 93/100 InfiniteWP Client <= 1.3.7 - Privilege Escalation Affected: *-1.3.7 Patched: 1.3.8 Updated: June 29, 2026

LOW

iwp-client

Score: 93/100 InfiniteWP Client <= 1.3.7 - PHP Object Injection Affected: *-1.3.7 Patched: 1.3.8 Updated: June 29, 2026

LOW

cm-download-manager

Score: 93/100 CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: June 29, 2026

LOW

rich-counter

Score: N/A Rich Counter < 1.2.0 - JavaScript Injection Affected: [*, 1.2.0) Patched: 1.2.0 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium < 14.11 - Authenticated SQL Injection Affected: [*, 14.11) Patched: 14.11 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium <= 14.10 - Cross-Site Scripting Affected: *-14.10 Patched: 14.11 Updated: June 29, 2026

LOW

wordpress-admanager

Score: N/A Ad Manager <= 1.1.2 - Open Redirection Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

instasqueeze

Score: 91/100 InstaSqueeze Sexy Squeeze Pages (All Known Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

html5-mp3-player-with-playlist

Score: 91/100 HTML5 MP3 Player with Playlist <= 2.7.0 - Full Path Disclosure Affected: *-2.7.0 Patched: 2.8.0 Updated: June 29, 2026

LOW

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

Score: 72/100 MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting Affected: *-5.1.2 Patched: 5.1.3 Updated: June 29, 2026

LOW

contact-form-7-to-database-extension

Score: 93/100 Contact Form DB <= 2.8.17 - Reflected Cross-Site Scripting Affected: [*, 2.8.18) Patched: 2.8.18 Updated: June 29, 2026

LOW

wpdatatables

Score: N/A wpDataTables <= 1.5.3 - Arbitrary File Upload Affected: [*, 1.5.4) Patched: 1.5.4 Updated: June 29, 2026

LOW

showbizpro

Score: N/A Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload Affected: [*, 1.7.1) Patched: 1.7.1 Updated: June 29, 2026

LOW

showbizpro

Score: N/A Showbiz Pro Responsive Teaser WordPress Plugin <= 1.7.1 - Arbitrary File Upload Affected: *-1.7.1 Patched: Updated: June 29, 2026

LOW

revslider

Score: N/A Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload Affected: [*, 3.0.96) Patched: 3.0.96 Updated: June 29, 2026

LOW

gallery-bank

Score: 89/100 Gallery Bank – WordPress Photo Gallery Plugin < 3.0.61 - Arbitrary File Upload Affected: [*, 3.0.61) Patched: 3.0.61 Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update Affected: [*, 2.7.3) Patched: 2.7.3 Updated: June 29, 2026

LOW

buddypress-media

Score: 93/100 rtMedia for WordPress, BuddyPress and bbPress <= 3.9.5 - Local File Inclusion Affected: *-3.9.5 Patched: 3.10 Updated: June 29, 2026

LOW

wpdatatables

Score: N/A wpDataTables (Premium) <= 1.5.3 - SQL Injection Affected: *-1.5.3 Patched: 1.5.4 Updated: June 29, 2026

LOW

cp-polls

Score: 93/100 Polls CP <= 1.0.1 - Authenticated SQL Injection Affected: *-1.0.1 Patched: 1.0.2 Updated: June 29, 2026

LOW

contact-form-to-email

Score: 93/100 Contact Form Email < 1.0.1 - Cross-Site Scripting Affected: [*, 1.0.1) Patched: 1.0.1 Updated: June 29, 2026

LOW

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Score: 90/100 WP Statistics < 8.3.1 - Multiple Cross-Site Scripting Affected: [*, 8.3.1) Patched: 8.3.1 Updated: June 29, 2026

LOW

sp-client-document-manager

Score: 87/100 SP Project & Document Manager < 2.4.4 - Multiple SQL Injection Affected: [*, 2.4.4) Patched: 2.4.4 Updated: June 29, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting Affected: [*, 2.8.9) Patched: 2.8.9 Updated: June 29, 2026

LOW

fancy-gallery

Score: 91/100 Gallery Manager <= 1.5.12 - Cross-Site Scripting Affected: *-1.5.12 Patched: 1.5.13 Updated: June 29, 2026

LOW

cp-polls

Score: 93/100 Polls CP < 1.0.1 - Cross-Site Scripting Affected: [*, 1.0.1) Patched: 1.0.1 Updated: June 29, 2026

LOW

watu

Score: N/A Watu Quiz <= 2.5.0.1 - Stored Cross-Site Scripting Affected: *-2.5.0.1 Patched: 2.5.0.2 Updated: June 29, 2026

LOW

wp-support-plus-responsive-ticket-system

Score: N/A WP Support Plus Responsive Ticket System <= 4.1 - Improper Authentication Affected: *-4.1 Patched: 4.2 Updated: June 29, 2026

LOW

wp-support-plus-responsive-ticket-system

Score: N/A WP Support Plus Responsive Ticket System <= 4.1 - Directory Traversal Affected: [*, 4.2) Patched: 4.2 Updated: June 29, 2026

LOW

paid-memberships-pro

Score: N/A Paid Memberships Pro < 1.7.15 - Directory Traversal Affected: [*, 1.7.15) Patched: 1.7.15 Updated: June 29, 2026

LOW

supportezzy

Score: N/A SupportEzzy Ticket System Plugin <= 1.2.5 - Cross-Site Scripting Affected: *-1.2.5 Patched: 1.2.6 Updated: June 29, 2026

LOW

dukapress

Score: 91/100 DukaPress < 2.5.4 - Directory Traversal Affected: [*, 2.5.4) Patched: 2.5.4 Updated: June 29, 2026

LOW

player

Score: N/A SpiderVPlayer <= 1.5.1 - Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: June 29, 2026

LOW

cm-download-manager

Score: 93/100 CM Download Manager <= 2.0.3 - Code Injection Affected: *-2.0.3 Patched: 2.0.4 Updated: June 29, 2026

LOW

another-wordpress-classifieds-plugin

Score: 97/100 WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - SQL Injection Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026

LOW

contact-form-maker

Score: 91/100 Contact Form by WD – responsive drag & drop contact form builder tool <= 1.7.18 - Authorization Bypass Affected: *-1.7.18 Patched: 1.7.19 Updated: June 29, 2026

LOW

theme-blvd-widget-areas

Score: N/A ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks Affected: *-1.2.2 Patched: 1.2.3 Updated: June 29, 2026

LOW

theme-blvd-sliders

Score: N/A ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks Affected: *-1.2.3 Patched: 1.2.4 Updated: June 29, 2026

Showing 34901 to 35000 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 10:32 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List