Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

76

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
theme-blvd-shortcodes theme-blvd-shortcodes N/A ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks LOW *-1.5.2 1.5.3 June 29, 2026
theme-blvd-layout-builder theme-blvd-layout-builder N/A ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks LOW *-2.0.1 2.0.2 June 29, 2026
link-library link-library
93
 Link Library <= 5.8.10.6 - Reflected Cross-Site Scripting LOW *-5.8.10.6 5.8.11 June 29, 2026
another-wordpress-classifieds-plugin another-wordpress-classifieds-plugin
97
 WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - Cross-Site Scripting LOW [*, 3.0) 3.0 June 29, 2026
clean-and-simple-contact-form-by-meg-nicholas clean-and-simple-contact-form-by-meg-nicholas
93
 Contact Form Clean and Simple < 4.4.1 - Cross-Site Scripting LOW [*, 4.4.1) 4.4.1 June 29, 2026
wp-photo-album-plus wp-photo-album-plus N/A WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting LOW *-5.4.17 5.4.18 June 29, 2026
smart-forms smart-forms N/A Smart Forms – when you need more than just a contact form <= 2.1.0 - Missing Authorization LOW *-2.1.0 2.1.1 June 29, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting LOW *-2.8.6 2.8.7 June 29, 2026
store-locator store-locator N/A Store Locator 2.3 - 3.11 - SQL Injection LOW [*, 3.12) 3.12 June 29, 2026
contact-bank contact-bank
91
 Contact Bank – Contact Form Builder for WordPress <= 2.0.69 - Stored Cross-Site Scripting LOW *-2.0.69 2.0.70 June 29, 2026
BulletProof Security bulletproof-security
68
 BulletProof Security < .51.1 - Cross-Site Scripting LOW [*, .51.1) .51.1 June 29, 2026
BulletProof Security bulletproof-security
68
 BulletProof Security < .51.1 - Server-Side Request Forgery LOW *-.51 .51.1 June 29, 2026
All-in-One WP Migration and Backup all-in-one-wp-migration
94
 All-in-One WP Migration <= 2.0.2 - Authorization Bypass to Arbitrary File Upload LOW *-2.0.2 2.0.3 June 29, 2026
wp-support-plus-responsive-ticket-system wp-support-plus-responsive-ticket-system N/A WP Support Plus Responsive Ticket System <= 4.0 - JavaScript Injection LOW *-4.0 4.1 June 29, 2026
post-highlights post-highlights N/A post highlights 2.0 - 2.6 - Cross-Site Scripting LOW 2.0-2.6 2.6.1 June 29, 2026
wp-db-backup wp-db-backup N/A Database Backup for WordPress <= 2.2.4 - Missing Authorization LOW *-2.2.4 2.3.0 June 29, 2026
wp-e-commerce wp-e-commerce N/A WP eCommerce <= 3.8.14.3 - Missing Authorization LOW *-3.8.14.3 3.8.14.4 June 29, 2026
profile-builder profile-builder N/A Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 2.0.3 June 29, 2026
flash-album-gallery flash-album-gallery
91
 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure LOW [*, 4.25) 4.25 June 29, 2026
sexy-contact-form sexy-contact-form N/A Creative Contact Form < 1.0.0 - Arbitrary File Upload LOW [*, 1.0.0) 1.0.0 June 29, 2026
cp-multi-view-calendar cp-multi-view-calendar
91
 Calendar Event Multi View < 1.0.2 - SQL Injection LOW [*, 1.0.2) 1.0.2 June 29, 2026
users-ultra users-ultra N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection LOW *-1.3.58 1.3.59 June 29, 2026
users-ultra users-ultra N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection LOW *-1.3.58 1.3.59 June 29, 2026
x-forms-express x-forms-express N/A NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting LOW [*, 3.4) 3.4 June 29, 2026
feature-comments feature-comments
93
 Featured Comments < 1.2.5 - Cross-Site Request Forgery LOW [*, 1.2.5) 1.2.5 June 29, 2026
gallery-bank gallery-bank
89
 Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting LOW [*, 3.0.70) 3.0.70 June 29, 2026
contact-form-integrated-with-google-maps contact-form-integrated-with-google-maps
93
 Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting LOW 1.0-2.4 2.5 June 29, 2026
xcloner-backup-and-restore xcloner-backup-and-restore N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure LOW [*, 3.1.2) 3.1.2 June 29, 2026
xcloner-backup-and-restore xcloner-backup-and-restore N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Improper Access Control to Information Disclosure LOW *-3.1.1 3.1.2 June 29, 2026
xcloner-backup-and-restore xcloner-backup-and-restore N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Directory Traversal LOW [*, 3.1.2) 3.1.2 June 29, 2026
xcloner-backup-and-restore xcloner-backup-and-restore N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution LOW [*, 3.1.2) 3.1.2 June 29, 2026
xcloner-backup-and-restore xcloner-backup-and-restore N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure LOW [*, 3.1.2) 3.1.2 June 29, 2026
easy-contact-form-solution easy-contact-form-solution
93
 Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting LOW [*, 1.7) 1.7 June 29, 2026
cforms2 cforms2
93
 cformsII <= 13.1 - Cross-Site Scripting LOW *-13.1 13.2 June 29, 2026
WP Go Maps (formerly WP Google Maps) wp-google-maps
66
 WP Google Maps <= 6.0.26 - Reflected Cross-Site Scripting LOW [*, 6.0.27) 6.0.27 June 29, 2026
o2tweet o2tweet N/A O2tweet <= 0.0.4 - Cross-Site Request Forgery LOW *-0.0.4 June 29, 2026
cforms cforms
93
 cformsII <= 10.4 - Cross-Site Scripting LOW [*, 10.5) 10.5 June 29, 2026
cforms cforms
93
 Cforms <= 10.1 - Cross-Site Scripting LOW *-10.1 10.2 June 29, 2026
yourmembers yourmembers N/A YourMembers <= 3.0 - SQL Injection LOW *-3.0 June 29, 2026
wp-dbmanager wp-dbmanager N/A WP DB Manager < 2.7.2 - Arbitrary File Read LOW [*, 2.7.2) 2.7.2 June 29, 2026
wp-dbmanager wp-dbmanager N/A WP-DBManager < 2.72 - Command Injection LOW [*, 2.72) 2.72 June 29, 2026
wp-dbmanager wp-dbmanager N/A WP-DBManager < 2.72 - OS Command Injection LOW [*, 2.72) 2.72 June 29, 2026
work-the-flow-file-upload work-the-flow-file-upload N/A Work The Flow <= 2.3.1 - Arbitrary File Upload LOW *-2.3.1 2.3.2 June 29, 2026
simple-sticky-footer simple-sticky-footer N/A Simple Sticky Footer <= 1.3.2 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.3.2 1.3.3 June 29, 2026
contact-form-7-to-database-extension contact-form-7-to-database-extension
93
 Contact Form DB <= 2.8.19 - Cross-Site Scripting LOW *-2.8.19 2.8.20 June 29, 2026
EWWW Image Optimizer ewww-image-optimizer
69
 EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.1 2.0.2 June 29, 2026
google-calendar-events google-calendar-events
93
 Simple Calendar – Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting LOW [*, 2.0.4) 2.0.4 June 29, 2026
titan-framework titan-framework N/A Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting LOW [*, 1.6) 1.6 June 29, 2026
BulletProof Security bulletproof-security
68
 BulletProof Security < .51.1 - SQL Injection LOW [*, .51.1) .51.1 June 29, 2026
infusionsoft infusionsoft
93
 Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload LOW 1.5.3-1.5.10 1.5.11 June 29, 2026
contact-form-7-integrations contact-form-7-integrations
93
 Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting LOW 1.0-1.3.10 1.3.11 June 29, 2026
wp-e-commerce wp-e-commerce N/A WP eCommerce < 3.8.7.6 - SQL Injection LOW [*, 3.8.7.6) 3.8.7.6 June 29, 2026
subscribe2 subscribe2 N/A Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting LOW [*, 10.16) 10.16 June 29, 2026
photo-gallery photo-gallery N/A Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting LOW *-1.1.30 1.1.31 June 29, 2026
content-audit content-audit
93
 Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection LOW [*, 1.6.1) 1.6.1 June 29, 2026
BulletProof Security bulletproof-security
68
 BulletProof Security < .52.5 - Cross-Site Scripting LOW [*, .52.5) .52.5 June 29, 2026
users-ultra users-ultra N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - SQL Injection LOW *-3.1.0 June 29, 2026
category-page-icons category-page-icons
93
 Category and Page Icons <= 0.9.1 - Arbitrary File Upload and Deletion LOW *-0.9.1 0.9.2 June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security wordfence
70
 Wordfence Security <= 5.2.3 - Stored Cross-Site Scripting via HTTP_HOST LOW *-5.2.3 5.2.4 June 29, 2026
tom-m8te tom-m8te N/A Tom M8te <= 1.5.3 - Directory Traversal LOW * June 29, 2026
dzs-videogallery dzs-videogallery
91
 DZS Video Gallery < 7.95 - Limited Local File Inclusion LOW [*, 7.95) 7.95 June 29, 2026
dzs-videogallery dzs-videogallery
91
 DZS Video Gallery < 7.95 - Multiple Cross-Site Scripting LOW [*, 7.95) 7.95 June 29, 2026
bsuite bsuite
93
 bSuite <= 5 alpha 2 - Multiple Cross-Site Scripting LOW * - 5 alpha 2 5 alpha 3 June 29, 2026
yikes-inc-easy-mailchimp-extender yikes-inc-easy-mailchimp-extender N/A Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting LOW 3.0-5.0.6 5.0.7 June 29, 2026
Frontend File Manager Plugin nmedia-user-file-uploader
86
 Frontend File Manager Plugin < 3.6 - Arbitrary File Upload LOW [*, 3.6) 3.6 June 29, 2026
maxbuttons maxbuttons
93
 MaxButtons < 1.26.1 - Reflected Cross-Site Scripting LOW [*, 1.26.1) 1.26.1 June 29, 2026
i-recommend-this i-recommend-this
93
 I Recommend This < 3.7.3 - SQL Injection LOW [*, 3.7.3) 3.7.3 June 29, 2026
i-recommend-this i-recommend-this
93
 I Recommend This <= 3.7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode LOW *-3.7.2 3.7.3 June 29, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
 All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters LOW [*, 3.8.3) 3.8.3 June 29, 2026
wysija-newsletters wysija-newsletters N/A MailPoet Newsletters <= 2.6.7 - Authorization Bypass LOW *-2.6.7 2.6.8 June 29, 2026
wysija-newsletters wysija-newsletters N/A MailPoet Newsletters (Previous) <= 2.6.10 - Cross-Site Request Forgery LOW [*, 2.6.11) 2.6.11 June 29, 2026
gallery-objects gallery-objects
91
 Gallery Objects <= 0.4 - SQL Injection LOW *-0.4 June 29, 2026
wp-rss-multi-importer wp-rss-multi-importer N/A WP RSS Multi Importer < 3.14 - Cross-Site Request Forgery LOW [*, 3.14) 3.14 June 29, 2026
wp-photo-album-plus wp-photo-album-plus N/A WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting LOW *-5.4.7 5.4.8 June 29, 2026
wp-ban wp-ban N/A WP-Ban < 1.64 - Improper Input Validation LOW [*, 1.64) 1.64 June 29, 2026
WooCommerce woocommerce
80
 WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting LOW [*, 2.2.3) 2.2.3 June 29, 2026
webcam-2way-videochat webcam-2way-videochat N/A Webcam 2Way Videochat <= 4.41 - Cross-Site Scripting LOW *-4.41 4.41.2 June 29, 2026
ready-ecommerce ready-ecommerce N/A Ready! Ecommerce Shopping Cart < 0.5.1 - Cross-Site Request Forgery and Cross-Site Scripting LOW [*, 0.5.1) 0.5.1 June 29, 2026
login-sidebar-widget login-sidebar-widget
91
 Login Widget With Shortcode < 3.2.1 - Cross-Site Scripting LOW [*, 3.2.1) 3.2.1 June 29, 2026
google-maps-ready google-maps-ready
93
 Ready! Google Maps <= 1.1.5 - Cross-Site Scripting LOW *-1.1.5 1.1.6 June 29, 2026
formcraft formcraft
91
 Formcraft (Unknown Versions) - Arbitrary File Deletion LOW *-2.0.5 June 29, 2026
disqus-comment-system disqus-comment-system
93
 Disqus Comment System < 2.79 - Multiple Cross-Site Request Forgery LOW [*, 2.79) 2.79 June 29, 2026
custom-contact-forms custom-contact-forms
93
 Custom Contact Forms <= 5.1.0.3 - Missing Authorization LOW [*, 5.1.0.4) 5.1.0.4 June 29, 2026
WooCommerce woocommerce
80
 WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter LOW [*, 2.2.3) 2.2.3 June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security wordfence
70
 Wordfence <= 5.2.3 - Multiple Protection Mechanism Bypasses LOW [*, 5.2.4) 5.2.4 June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security wordfence
70
 Wordfence <= 5.2.3 - Stored Cross-Site Scripting via REQUEST_URI LOW *-5.2.3 5.2.4 June 29, 2026
wp-support-plus-responsive-ticket-system wp-support-plus-responsive-ticket-system N/A Support Plus Responsive Ticket System <= 4.1 - SQL Injection LOW [*, 4.2) 4.2 June 29, 2026
wp-support-plus-responsive-ticket-system wp-support-plus-responsive-ticket-system N/A Support Plus Responsive Ticket System <= 4.1 - Full Path Disclosure LOW [*, 4.2) 4.2 June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security wordfence
70
 Wordfence <= 5.2.2 - Stored Cross-Site Scripting LOW [*, 5.2.3) 5.2.3 June 29, 2026
W3 Total Cache w3-total-cache
69
 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting LOW *-0.9.4 0.9.4.1 June 29, 2026
tinymce-advanced tinymce-advanced
97
 TinyMCE Advanced <= 4.1.9 - Cross-Site Request Forgery LOW [*, 4.2.3) 4.2.3 June 29, 2026
spider-facebook spider-facebook N/A Spider Facebook <= 1.0.8 - SQL Injection LOW *-1.0.8 1.0.9 June 29, 2026
gallery-images gallery-images
93
 Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection LOW *-1.0.7 1.0.8 June 29, 2026
easy-media-gallery-pro easy-media-gallery-pro
93
 Easy Media Gallery Pro <= 1.2.59 - Cross-Site Request Forgery and Cross-Site Scripting LOW *-1.2.59 1.3.0 June 29, 2026
easy-media-gallery easy-media-gallery
91
 Gallery – Photo Albums Plugin < 1.3.03 - Multiple Cross-Site Request Forgery LOW [*, 1.3.03) 1.3.03 June 29, 2026
coming-soon-maintenance-mode-ready coming-soon-maintenance-mode-ready
93
 Ready! Coming Soon <= 0.5.0 Stored Cross-Site Scripting and Cross-Site Request Forgery LOW [*, 0.5.1) 0.5.1 June 29, 2026
slideshow-gallery slideshow-gallery N/A Slideshow Gallery < 1.4.7 - Arbitrary File Upload LOW [*, 1.4.7) 1.4.7 June 29, 2026
woocommerce-exporter woocommerce-exporter N/A WooCommerce Store Exporter <= 1.7.5 - Reflected Cross-Site Scripting LOW *-1.7.5 1.7.6 June 29, 2026
woocommerce-exporter woocommerce-exporter N/A WooCommerce – Store Exporter <= 1.7.5 - Stored Cross-Site Scripting LOW *-1.7.5 1.7.6 June 29, 2026
Jetpack – WP Security, Backup, Speed, & Growth jetpack
69
 Jetpack < 2.9.3 - Security Bypass LOW *-1.8, 1.9-1.9.3, 2.0-2.0.8, 2.1-2.1.3, 2.2-2.2.6, 2.3-2.3.6 1.9.4 June 29, 2026
LOW

theme-blvd-shortcodes

theme-blvd-shortcodes

Score: N/A ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks Affected: *-1.5.2 Patched: 1.5.3 Updated: June 29, 2026
LOW

theme-blvd-layout-builder

theme-blvd-layout-builder

Score: N/A ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 5.8.10.6 - Reflected Cross-Site Scripting Affected: *-5.8.10.6 Patched: 5.8.11 Updated: June 29, 2026
LOW

another-wordpress-classifieds-plugin

another-wordpress-classifieds-plugin

Score: 97/100 WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - Cross-Site Scripting Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026
LOW

clean-and-simple-contact-form-by-meg-nicholas

clean-and-simple-contact-form-by-meg-nicholas

Score: 93/100 Contact Form Clean and Simple < 4.4.1 - Cross-Site Scripting Affected: [*, 4.4.1) Patched: 4.4.1 Updated: June 29, 2026
LOW

wp-photo-album-plus

wp-photo-album-plus

Score: N/A WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting Affected: *-5.4.17 Patched: 5.4.18 Updated: June 29, 2026
LOW

smart-forms

smart-forms

Score: N/A Smart Forms – when you need more than just a contact form <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: 2.1.1 Updated: June 29, 2026
LOW

store-locator

store-locator

Score: N/A Store Locator 2.3 - 3.11 - SQL Injection Affected: [*, 3.12) Patched: 3.12 Updated: June 29, 2026
LOW

contact-bank

contact-bank

Score: 91/100 Contact Bank – Contact Form Builder for WordPress <= 2.0.69 - Stored Cross-Site Scripting Affected: *-2.0.69 Patched: 2.0.70 Updated: June 29, 2026
LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security < .51.1 - Cross-Site Scripting Affected: [*, .51.1) Patched: .51.1 Updated: June 29, 2026
LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security < .51.1 - Server-Side Request Forgery Affected: *-.51 Patched: .51.1 Updated: June 29, 2026
LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration <= 2.0.2 - Authorization Bypass to Arbitrary File Upload Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026
LOW

wp-support-plus-responsive-ticket-system

wp-support-plus-responsive-ticket-system

Score: N/A WP Support Plus Responsive Ticket System <= 4.0 - JavaScript Injection Affected: *-4.0 Patched: 4.1 Updated: June 29, 2026
LOW

post-highlights

post-highlights

Score: N/A post highlights 2.0 - 2.6 - Cross-Site Scripting Affected: 2.0-2.6 Patched: 2.6.1 Updated: June 29, 2026
LOW

wp-db-backup

wp-db-backup

Score: N/A Database Backup for WordPress <= 2.2.4 - Missing Authorization Affected: *-2.2.4 Patched: 2.3.0 Updated: June 29, 2026
LOW

wp-e-commerce

wp-e-commerce

Score: N/A WP eCommerce <= 3.8.14.3 - Missing Authorization Affected: *-3.8.14.3 Patched: 3.8.14.4 Updated: June 29, 2026
LOW

profile-builder

profile-builder

Score: N/A Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026
LOW

flash-album-gallery

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure Affected: [*, 4.25) Patched: 4.25 Updated: June 29, 2026
LOW

sexy-contact-form

sexy-contact-form

Score: N/A Creative Contact Form < 1.0.0 - Arbitrary File Upload Affected: [*, 1.0.0) Patched: 1.0.0 Updated: June 29, 2026
LOW

cp-multi-view-calendar

cp-multi-view-calendar

Score: 91/100 Calendar Event Multi View < 1.0.2 - SQL Injection Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 29, 2026
LOW

users-ultra

users-ultra

Score: N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection Affected: *-1.3.58 Patched: 1.3.59 Updated: June 29, 2026
LOW

users-ultra

users-ultra

Score: N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection Affected: *-1.3.58 Patched: 1.3.59 Updated: June 29, 2026
LOW

x-forms-express

x-forms-express

Score: N/A NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting Affected: [*, 3.4) Patched: 3.4 Updated: June 29, 2026
LOW

feature-comments

feature-comments

Score: 93/100 Featured Comments < 1.2.5 - Cross-Site Request Forgery Affected: [*, 1.2.5) Patched: 1.2.5 Updated: June 29, 2026
LOW

gallery-bank

gallery-bank

Score: 89/100 Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting Affected: [*, 3.0.70) Patched: 3.0.70 Updated: June 29, 2026
LOW

contact-form-integrated-with-google-maps

contact-form-integrated-with-google-maps

Score: 93/100 Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting Affected: 1.0-2.4 Patched: 2.5 Updated: June 29, 2026
LOW

xcloner-backup-and-restore

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure Affected: [*, 3.1.2) Patched: 3.1.2 Updated: June 29, 2026
LOW

xcloner-backup-and-restore

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Improper Access Control to Information Disclosure Affected: *-3.1.1 Patched: 3.1.2 Updated: June 29, 2026
LOW

xcloner-backup-and-restore

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Directory Traversal Affected: [*, 3.1.2) Patched: 3.1.2 Updated: June 29, 2026
LOW

xcloner-backup-and-restore

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution Affected: [*, 3.1.2) Patched: 3.1.2 Updated: June 29, 2026
LOW

xcloner-backup-and-restore

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure Affected: [*, 3.1.2) Patched: 3.1.2 Updated: June 29, 2026
LOW

easy-contact-form-solution

easy-contact-form-solution

Score: 93/100 Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting Affected: [*, 1.7) Patched: 1.7 Updated: June 29, 2026
LOW

cforms2

cforms2

Score: 93/100 cformsII <= 13.1 - Cross-Site Scripting Affected: *-13.1 Patched: 13.2 Updated: June 29, 2026
LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Google Maps <= 6.0.26 - Reflected Cross-Site Scripting Affected: [*, 6.0.27) Patched: 6.0.27 Updated: June 29, 2026
LOW

o2tweet

o2tweet

Score: N/A O2tweet <= 0.0.4 - Cross-Site Request Forgery Affected: *-0.0.4 Patched: Updated: June 29, 2026
LOW

cforms

cforms

Score: 93/100 cformsII <= 10.4 - Cross-Site Scripting Affected: [*, 10.5) Patched: 10.5 Updated: June 29, 2026
LOW

cforms

cforms

Score: 93/100 Cforms <= 10.1 - Cross-Site Scripting Affected: *-10.1 Patched: 10.2 Updated: June 29, 2026
LOW

yourmembers

yourmembers

Score: N/A YourMembers <= 3.0 - SQL Injection Affected: *-3.0 Patched: Updated: June 29, 2026
LOW

wp-dbmanager

wp-dbmanager

Score: N/A WP DB Manager < 2.7.2 - Arbitrary File Read Affected: [*, 2.7.2) Patched: 2.7.2 Updated: June 29, 2026
LOW

wp-dbmanager

wp-dbmanager

Score: N/A WP-DBManager < 2.72 - Command Injection Affected: [*, 2.72) Patched: 2.72 Updated: June 29, 2026
LOW

wp-dbmanager

wp-dbmanager

Score: N/A WP-DBManager < 2.72 - OS Command Injection Affected: [*, 2.72) Patched: 2.72 Updated: June 29, 2026
LOW

work-the-flow-file-upload

work-the-flow-file-upload

Score: N/A Work The Flow <= 2.3.1 - Arbitrary File Upload Affected: *-2.3.1 Patched: 2.3.2 Updated: June 29, 2026
LOW

simple-sticky-footer

simple-sticky-footer

Score: N/A Simple Sticky Footer <= 1.3.2 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: June 29, 2026
LOW

contact-form-7-to-database-extension

contact-form-7-to-database-extension

Score: 93/100 Contact Form DB <= 2.8.19 - Cross-Site Scripting Affected: *-2.8.19 Patched: 2.8.20 Updated: June 29, 2026
LOW

EWWW Image Optimizer

ewww-image-optimizer

Score: 69/100 EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026
LOW

google-calendar-events

google-calendar-events

Score: 93/100 Simple Calendar – Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting Affected: [*, 2.0.4) Patched: 2.0.4 Updated: June 29, 2026
LOW

titan-framework

titan-framework

Score: N/A Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting Affected: [*, 1.6) Patched: 1.6 Updated: June 29, 2026
LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security < .51.1 - SQL Injection Affected: [*, .51.1) Patched: .51.1 Updated: June 29, 2026
LOW

infusionsoft

infusionsoft

Score: 93/100 Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload Affected: 1.5.3-1.5.10 Patched: 1.5.11 Updated: June 29, 2026
LOW

contact-form-7-integrations

contact-form-7-integrations

Score: 93/100 Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting Affected: 1.0-1.3.10 Patched: 1.3.11 Updated: June 29, 2026
LOW

wp-e-commerce

wp-e-commerce

Score: N/A WP eCommerce < 3.8.7.6 - SQL Injection Affected: [*, 3.8.7.6) Patched: 3.8.7.6 Updated: June 29, 2026
LOW

subscribe2

subscribe2

Score: N/A Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting Affected: [*, 10.16) Patched: 10.16 Updated: June 29, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting Affected: *-1.1.30 Patched: 1.1.31 Updated: June 29, 2026
LOW

content-audit

content-audit

Score: 93/100 Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection Affected: [*, 1.6.1) Patched: 1.6.1 Updated: June 29, 2026
LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security < .52.5 - Cross-Site Scripting Affected: [*, .52.5) Patched: .52.5 Updated: June 29, 2026
LOW

users-ultra

users-ultra

Score: N/A Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - SQL Injection Affected: *-3.1.0 Patched: Updated: June 29, 2026
LOW

category-page-icons

category-page-icons

Score: 93/100 Category and Page Icons <= 0.9.1 - Arbitrary File Upload and Deletion Affected: *-0.9.1 Patched: 0.9.2 Updated: June 29, 2026
LOW

tom-m8te

tom-m8te

Score: N/A Tom M8te <= 1.5.3 - Directory Traversal Affected: * Patched: Updated: June 29, 2026
LOW

dzs-videogallery

dzs-videogallery

Score: 91/100 DZS Video Gallery < 7.95 - Limited Local File Inclusion Affected: [*, 7.95) Patched: 7.95 Updated: June 29, 2026
LOW

dzs-videogallery

dzs-videogallery

Score: 91/100 DZS Video Gallery < 7.95 - Multiple Cross-Site Scripting Affected: [*, 7.95) Patched: 7.95 Updated: June 29, 2026
LOW

bsuite

bsuite

Score: 93/100 bSuite <= 5 alpha 2 - Multiple Cross-Site Scripting Affected: * - 5 alpha 2 Patched: 5 alpha 3 Updated: June 29, 2026
LOW

yikes-inc-easy-mailchimp-extender

yikes-inc-easy-mailchimp-extender

Score: N/A Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting Affected: 3.0-5.0.6 Patched: 5.0.7 Updated: June 29, 2026
LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager Plugin < 3.6 - Arbitrary File Upload Affected: [*, 3.6) Patched: 3.6 Updated: June 29, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 MaxButtons < 1.26.1 - Reflected Cross-Site Scripting Affected: [*, 1.26.1) Patched: 1.26.1 Updated: June 29, 2026
LOW

i-recommend-this

i-recommend-this

Score: 93/100 I Recommend This < 3.7.3 - SQL Injection Affected: [*, 3.7.3) Patched: 3.7.3 Updated: June 29, 2026
LOW

i-recommend-this

i-recommend-this

Score: 93/100 I Recommend This <= 3.7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode Affected: *-3.7.2 Patched: 3.7.3 Updated: June 29, 2026
LOW

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Score: 72/100 All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters Affected: [*, 3.8.3) Patched: 3.8.3 Updated: June 29, 2026
LOW

wysija-newsletters

wysija-newsletters

Score: N/A MailPoet Newsletters <= 2.6.7 - Authorization Bypass Affected: *-2.6.7 Patched: 2.6.8 Updated: June 29, 2026
LOW

wysija-newsletters

wysija-newsletters

Score: N/A MailPoet Newsletters (Previous) <= 2.6.10 - Cross-Site Request Forgery Affected: [*, 2.6.11) Patched: 2.6.11 Updated: June 29, 2026
LOW

gallery-objects

gallery-objects

Score: 91/100 Gallery Objects <= 0.4 - SQL Injection Affected: *-0.4 Patched: Updated: June 29, 2026
LOW

wp-rss-multi-importer

wp-rss-multi-importer

Score: N/A WP RSS Multi Importer < 3.14 - Cross-Site Request Forgery Affected: [*, 3.14) Patched: 3.14 Updated: June 29, 2026
LOW

wp-photo-album-plus

wp-photo-album-plus

Score: N/A WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting Affected: *-5.4.7 Patched: 5.4.8 Updated: June 29, 2026
LOW

wp-ban

wp-ban

Score: N/A WP-Ban < 1.64 - Improper Input Validation Affected: [*, 1.64) Patched: 1.64 Updated: June 29, 2026
LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting Affected: [*, 2.2.3) Patched: 2.2.3 Updated: June 29, 2026
LOW

webcam-2way-videochat

webcam-2way-videochat

Score: N/A Webcam 2Way Videochat <= 4.41 - Cross-Site Scripting Affected: *-4.41 Patched: 4.41.2 Updated: June 29, 2026
LOW

ready-ecommerce

ready-ecommerce

Score: N/A Ready! Ecommerce Shopping Cart < 0.5.1 - Cross-Site Request Forgery and Cross-Site Scripting Affected: [*, 0.5.1) Patched: 0.5.1 Updated: June 29, 2026
LOW

login-sidebar-widget

login-sidebar-widget

Score: 91/100 Login Widget With Shortcode < 3.2.1 - Cross-Site Scripting Affected: [*, 3.2.1) Patched: 3.2.1 Updated: June 29, 2026
LOW

google-maps-ready

google-maps-ready

Score: 93/100 Ready! Google Maps <= 1.1.5 - Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026
LOW

formcraft

formcraft

Score: 91/100 Formcraft (Unknown Versions) - Arbitrary File Deletion Affected: *-2.0.5 Patched: Updated: June 29, 2026
LOW

disqus-comment-system

disqus-comment-system

Score: 93/100 Disqus Comment System < 2.79 - Multiple Cross-Site Request Forgery Affected: [*, 2.79) Patched: 2.79 Updated: June 29, 2026
LOW

custom-contact-forms

custom-contact-forms

Score: 93/100 Custom Contact Forms <= 5.1.0.3 - Missing Authorization Affected: [*, 5.1.0.4) Patched: 5.1.0.4 Updated: June 29, 2026
LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter Affected: [*, 2.2.3) Patched: 2.2.3 Updated: June 29, 2026
LOW

wp-support-plus-responsive-ticket-system

wp-support-plus-responsive-ticket-system

Score: N/A Support Plus Responsive Ticket System <= 4.1 - SQL Injection Affected: [*, 4.2) Patched: 4.2 Updated: June 29, 2026
LOW

wp-support-plus-responsive-ticket-system

wp-support-plus-responsive-ticket-system

Score: N/A Support Plus Responsive Ticket System <= 4.1 - Full Path Disclosure Affected: [*, 4.2) Patched: 4.2 Updated: June 29, 2026
LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting Affected: *-0.9.4 Patched: 0.9.4.1 Updated: June 29, 2026
LOW

tinymce-advanced

tinymce-advanced

Score: 97/100 TinyMCE Advanced <= 4.1.9 - Cross-Site Request Forgery Affected: [*, 4.2.3) Patched: 4.2.3 Updated: June 29, 2026
LOW

spider-facebook

spider-facebook

Score: N/A Spider Facebook <= 1.0.8 - SQL Injection Affected: *-1.0.8 Patched: 1.0.9 Updated: June 29, 2026
LOW

gallery-images

gallery-images

Score: 93/100 Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection Affected: *-1.0.7 Patched: 1.0.8 Updated: June 29, 2026
LOW

easy-media-gallery-pro

easy-media-gallery-pro

Score: 93/100 Easy Media Gallery Pro <= 1.2.59 - Cross-Site Request Forgery and Cross-Site Scripting Affected: *-1.2.59 Patched: 1.3.0 Updated: June 29, 2026
LOW

easy-media-gallery

easy-media-gallery

Score: 91/100 Gallery – Photo Albums Plugin < 1.3.03 - Multiple Cross-Site Request Forgery Affected: [*, 1.3.03) Patched: 1.3.03 Updated: June 29, 2026
LOW

coming-soon-maintenance-mode-ready

coming-soon-maintenance-mode-ready

Score: 93/100 Ready! Coming Soon <= 0.5.0 Stored Cross-Site Scripting and Cross-Site Request Forgery Affected: [*, 0.5.1) Patched: 0.5.1 Updated: June 29, 2026
LOW

slideshow-gallery

slideshow-gallery

Score: N/A Slideshow Gallery < 1.4.7 - Arbitrary File Upload Affected: [*, 1.4.7) Patched: 1.4.7 Updated: June 29, 2026
LOW

woocommerce-exporter

woocommerce-exporter

Score: N/A WooCommerce Store Exporter <= 1.7.5 - Reflected Cross-Site Scripting Affected: *-1.7.5 Patched: 1.7.6 Updated: June 29, 2026
LOW

woocommerce-exporter

woocommerce-exporter

Score: N/A WooCommerce – Store Exporter <= 1.7.5 - Stored Cross-Site Scripting Affected: *-1.7.5 Patched: 1.7.6 Updated: June 29, 2026

Showing 35001 to 35100 of 36189 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 09:01 UTC.