Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
memphis-documents-library	memphis-documents-library	N/A	Memphis Documents Library <= 2.6.16 - Cross-Site Scripting	LOW	[*, 3.0)	3.0	June 29, 2026
kbslider	kbslider	91	KenBurner Slider (All Versions) - Path Traversal	LOW	*		June 29, 2026
Iptanus File Upload	wp-file-upload	76	WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting	LOW	*-2.4.3	2.4.4	June 29, 2026
advanced-access-manager	advanced-access-manager	97	Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite	LOW	[*, 2.8.3)	2.8.3	June 29, 2026
wp-source-control	wp-source-control	N/A	WP Source Control < 3.1.1 - Directory Traversal	LOW	[*, 3.1.1)	3.1.1	June 29, 2026
improved-user-search-in-backend	improved-user-search-in-backend	93	Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.2.5	1.2.6	June 29, 2026
disqus-comment-system	disqus-comment-system	93	Disqus Comment System < 2.76 - Cross-Site Request Forgery	LOW	[*, 2.76)	2.76	June 29, 2026
mobiloud-mobile-app-plugin	mobiloud-mobile-app-plugin	N/A	MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting	LOW	[*, 2.3.8)	2.3.8	June 29, 2026
gb-gallery-slideshow	gb-gallery-slideshow	89	GB Gallery Slideshow <= 1.5 - SQL Injection	LOW	[*, 1.6)	1.6	June 29, 2026
Iptanus File Upload	wp-file-upload	76	WordPress File Upload < 2.4.2 - Cross-Site Request Forgery	LOW	[*, 2.4.2)	2.4.2	June 29, 2026
job-board	job-board	93	Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.0.0	1.0.1	June 29, 2026
wordpress-feed-statistics	wordpress-feed-statistics	N/A	Feed Statistics < 4.0 - Open Redirect	LOW	[*, 4.0)	4.0	June 29, 2026
twitter-plugin	twitter-plugin	N/A	BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.3.2	1.3.7	June 29, 2026
si-captcha-for-wordpress	si-captcha-for-wordpress	N/A	SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting	LOW	[*, 2.7.6)	2.7.6	June 29, 2026
pdf-print	pdf-print	N/A	PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin < 1.7.5 - Cross-Site Scripting	LOW	[*, 1.7.5)	1.7.5	June 29, 2026
contact-form-plugin	contact-form-plugin	93	Contact Form Plugin <= 3.81 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.81	3.82	June 29, 2026
wpss	wpss	N/A	WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting	LOW	*-0.62		June 29, 2026
wpss	wpss	N/A	WordPress Spreadsheet <= 0.62 - SQL Injection	LOW	*-0.62		June 29, 2026
grand-media	grand-media	91	Gmedia Photo Gallery < 1.2.2 - Arbitrary File Upload	LOW	[*, 1.2.2)	1.2.2	June 29, 2026
xhanch-my-twitter	xhanch-my-twitter	N/A	Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery	LOW	*-2.7.6	2.7.7	June 29, 2026
xen-carousel	xen-carousel	N/A	XEN Carousel <= 0.12.2 - Cross-Site Scripting	LOW	*-0.12.2		June 29, 2026
wysija-newsletters	wysija-newsletters	N/A	MailPoet Newsletters <= 2.6.6 - Arbitrary File Upload	LOW	*-2.6.6	2.6.7	June 29, 2026
wptouch	wptouch	N/A	WPtouch < 1.9.30 - Open Redirect	LOW	[*, 1.9.30)	1.9.30	June 29, 2026
wptouch	wptouch	N/A	WPtouch <= 3.4.2 - Arbitrary File Upload	LOW	*-3.4.2	3.4.3	June 29, 2026
wppizza	wppizza	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 2.11.8.18)	2.11.8.18	June 29, 2026
wphotfiles	wphotfiles	N/A	Hot Files: File Sharing and Download Manager Plugin <= 1.0.0 - Cross-Site scripting	LOW	*-1.0.0		June 29, 2026
wpcb	wpcb	N/A	WPCB <= 2.4.8 - Reflected Cross-Site Scripting	LOW	*-2.4.8		June 29, 2026
wp-video-lightbox	wp-video-lightbox	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 1.7.5)	1.7.5	June 29, 2026
wp-table-reloaded	wp-table-reloaded	N/A	WP-Table Reloaded <= 1.9.3 - Cross-Site Scripting	LOW	*-1.9.3	1.9.4	June 29, 2026
wp-table	wp-table	N/A	wp-Table <= 1.43 - Remote File Inclusion	LOW	*-1.43	1.44	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium < 13.04 - Cross-Site Scripting	LOW	[*, 13.04)	13.04	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium <= 11.11.26 - Cross-Site Scripting	LOW	*-11.11.26	11.12.08	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium <= 12.11 - SQL Injections	LOW	*-12.11	12.12	June 29, 2026
wp-symposium	wp-symposium	N/A	WP Symposium <= 13.04 - Open Redirection	LOW	*-13.04	13.05	June 29, 2026
WP Super Cache	wp-super-cache	82	WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting	LOW	*-1.3	1.3.1	June 29, 2026
WP Super Cache	wp-super-cache	82	WP Super Cache < 1.3.2 - Remote Code Execution	LOW	[*, 1.3.2)	1.3.2	June 29, 2026
WP Super Cache	wp-super-cache	82	WP Super Cache <= 1.2 - Remote Code Execution	LOW	*-1.2	1.3	June 29, 2026
WP Activity Log	wp-security-audit-log	N/A	WP Activity Log <= 1.2.4 - Cross-Site Request Forgery	LOW	[*, 1.2.5)	1.2.5	June 29, 2026
wp-recaptcha	wp-recaptcha	N/A	WordPress Google reCAPTCHA <= 3.1.3 - Reflected Cross-Site Scripting	LOW	*-3.1.3	3.1.4	June 29, 2026
wp-post-to-pdf	wp-post-to-pdf	N/A	WP Post to PDF <= 2.3.1 - Cross-Site Scripting	LOW	*-2.3.1		June 29, 2026
wp-portfolio-gallery	wp-portfolio-gallery	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 1.2.0)	1.2.0	June 29, 2026
wp-php-widget	wp-php-widget	N/A	WP PHP Widget <= 1.0.2 - Full Path Disclosure	LOW	*-1.0.2		June 29, 2026
wp-media-player	wp-media-player	N/A	WP Silverlight Media Player <= 0.8 - Cross-Site Scripting	LOW	*-0.8		June 29, 2026
wp-instagram-bank	wp-instagram-bank	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
wp-image-news-slider	wp-image-news-slider	N/A	Image News Slider <= 3.2 - Unspecified Vulnerability	LOW	*-3.2	3.3	June 29, 2026
wp-html-sitemap	wp-html-sitemap	N/A	WP HTML Sitemap <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2		June 29, 2026
wp-filebase	wp-filebase	N/A	WP-Filebase Download Manager <= 0.3.0.03 - Remote Code Execution	LOW	*-0.3.0.03	0.3.0.04	June 29, 2026
wp-easy-gallery	wp-easy-gallery	N/A	WP Easy Gallery <= 2.7 - SQL Injection	LOW	*-2.7	2.7.1	June 29, 2026
wp-easy-gallery	wp-easy-gallery	N/A	WP Easy Gallery <= 1.7 - Cross-Site Scripting	LOW	*-1.7	1.8	June 29, 2026
wp-easy-gallery	wp-easy-gallery	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 4.1.1)	4.1.1	June 29, 2026
wp-easy-gallery	wp-easy-gallery	N/A	WP Easy Gallery <= 2.7 - Cross-Site Request Forgery	LOW	*-2.7	2.7.1	June 29, 2026
wp-easy-gallery	wp-easy-gallery	N/A	WP Easy Gallery <= 2.7 - SQL Injection	LOW	*-2.7	2.7.1	June 29, 2026
wp-e-commerce	wp-e-commerce	N/A	WP eCommerce <= 3.8.9 - Cross-Site Scripting	LOW	*-3.8.9	3.8.9.1	June 29, 2026
wp-e-commerce	wp-e-commerce	N/A	WP eCommerce <= 3.8.9 - SQL Injection	LOW	*-3.8.9	3.8.9.1	June 29, 2026
wp-construction-mode	wp-construction-mode	N/A	WP Construction Mode <= 1.8 - Cross-Site Scripting	LOW	*-1.8	1.9	June 29, 2026
wp-business-directory	wp-business-directory	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
wp-banners-lite	wp-banners-lite	N/A	WP-Banners-Lite 1.29, 1.31, 1.40 - Cross-Site Scripting	LOW	1.29, 1.31, 1.40		June 29, 2026
wp-automatic	wp-automatic	N/A	WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection	LOW	*-2.0.3	2.0.4	June 29, 2026
wp-app-maker	wp-app-maker	N/A	WP App Maker <= 1.0.16.4 - Reflected Cross-Site Scripting	LOW	*-1.0.16.4		June 29, 2026
wp-amasin-the-amazon-affiliate-shop	wp-amasin-the-amazon-affiliate-shop	N/A	WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion	LOW	*-0.9.6	0.9.7	June 29, 2026
wordpress-whois-search	wordpress-whois-search	N/A	WHOIS <= 1.4.2.2 - Reflected Cross Site Scripting	LOW	*-1.4.2.2	1.4.2.3	June 29, 2026
wordpress-simple-paypal-shopping-cart	wordpress-simple-paypal-shopping-cart	N/A	WordPress Simple PayPal Shopping Cart < 3.6 - Cross-Site Request Forgery	LOW	[*, 3.6)	3.6	June 29, 2026
Yoast SEO – Advanced SEO with real-time guidance and built-in AI	wordpress-seo	89	Yoast SEO <= 1.4.6 - Missing Authorization	LOW	*-1.4.6	1.4.7	June 29, 2026
wordpress-23-related-posts-plugin	wordpress-23-related-posts-plugin	N/A	Related Posts < 2.7.2 - Cross-Site Request Forgery	LOW	[*, 2.7.2)	2.7.2	June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security	wordfence	70	Wordfence Security <= 3.8.1 - Stored Cross-Site Scripting	LOW	*-3.8.1	3.8.3	June 29, 2026
webrotate-360-product-viewer	webrotate-360-product-viewer	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 2.5.2)	2.5.2	June 29, 2026
W3 Total Cache	w3-total-cache	69	W3 Total Cache <= 0.9.2.8 - Remote Code Execution	LOW	*-0.9.2.8	0.9.2.9	June 29, 2026
verification-code-for-comments	verification-code-for-comments	N/A	Verification Code for Comments <= 2.1.0 - Reflected Cross-Site Scripting	LOW	*-2.1.0		June 29, 2026
user-meta	user-meta	N/A	User Meta – User Profile Builder and User management plugin 1.1.1 - Arbitrary File Upload	LOW	1.1.1	1.1.2	June 29, 2026
uploader	uploader	N/A	Uploader <= 1.0.4 - Arbitrary File Upload	LOW	*-1.0.4		June 29, 2026
uploader	uploader	N/A	Uploader <= 1.0.4 - Multiple Cross-Site Scripting	LOW	*-1.0.4		June 29, 2026
underconstruction	underconstruction	N/A	underConstruction < 1.09 - Cross-Site Request Forgery	LOW	[*, 1.09)	1.09	June 29, 2026
ultimate-tinymce	ultimate-tinymce	N/A	Ultimate TinyMCE < 3.6 - Cross-Site Scripting	LOW	[*, 3.6)	3.6	June 29, 2026
tweet-blender	tweet-blender	N/A	Tweet Blender <= 4.0.1 - Cross-Site Scripting	LOW	*-4.0.1	4.0.2	June 29, 2026
trexanh-property	trexanh-property	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*-0.1	0.2	June 29, 2026
tinymce-thumbnail-gallery	tinymce-thumbnail-gallery	N/A	Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion	LOW	*-1.0.7	1.1.0	June 29, 2026
ticket-manager	ticket-manager	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
tallykit	tallykit	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 5.5)	5.5	June 29, 2026
syntaxhighlighter	syntaxhighlighter	N/A	SyntaxHighlighter Evolved <= 3.1.9 - Cross-Site Scripting	LOW	*-3.1.9	3.1.10	June 29, 2026
subscribe2	subscribe2	N/A	Subscribe2 – Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting	LOW	[*, 8.1)	8.1	June 29, 2026
stream-video-player	stream-video-player	N/A	Stream Video Player <= 1.4.1 - Cross-Site Request Forgery	LOW	*-1.4.1		June 29, 2026
ssquiz	ssquiz	N/A	SS Quiz <= 1.12.2 - Unspecified Vulnerabilities	LOW	*-1.12.2	2.0	June 29, 2026
slidedeck2	slidedeck2	N/A	SlideDeck 2 <= 2.3.3 - Local/Remote File Inclusion	LOW	*-2.3.3	2.3.5	June 29, 2026
simply-poll	simply-poll	N/A	Simply Poll <= 1.4.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting	LOW	*-1.4.1		June 29, 2026
Simple History – Track, Log, and Audit WordPress Changes	simple-history	77	Simple History <= 1.0.7 - Sensitive Information Disclosure	LOW	*-1.0.7	1.0.8	June 29, 2026
simple-flash-video	simple-flash-video	N/A	Simple Flash Video <= 1.7 - Cross-Site Scripting	LOW	*-1.7		June 29, 2026
sexybookmarks	sexybookmarks	N/A	SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery	LOW	*-6.1.4.0	6.1.5.0	June 29, 2026
s2member-secure-file-browser	s2member-secure-file-browser	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 0.4.17)	0.4.17	June 29, 2026
responsive-lightbox	responsive-lightbox	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 1.4.12)	1.4.12	June 29, 2026
responsive-category-slider	responsive-category-slider	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
reflex-gallery	reflex-gallery	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 3.1.5)	3.1.5	June 29, 2026
Redirection	redirection	71	Redirection <= 2.2.8 - Reflected Cross-Site Scripting	LOW	[*, 2.2.9)	2.2.9	June 29, 2026
Redirection	redirection	71	Redirection <= 2.2.9 - Cross-Site Scripting	LOW	[*, 2.2.10)	2.2.10	June 29, 2026
really-simple-facebook-twitter-share-buttons	really-simple-facebook-twitter-share-buttons	N/A	Really Simple Facebook Twitter Share Buttons < 2.10.5 - Cross-Site Request Forgery	LOW	[*, 2.10.5)	2.10.5	June 29, 2026
random-image-gallery-with-pretty-photo-zoom	random-image-gallery-with-pretty-photo-zoom	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 7.5)	7.5	June 29, 2026
quick-pagepost-redirect-plugin	quick-pagepost-redirect-plugin	N/A	Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	[*, 5.0.5)	5.0.5	June 29, 2026
q-and-a	q-and-a	N/A	Q and A <= 1.0.6.2 Cross-Site Request Forgery	LOW	*-1.0.6.2		June 29, 2026
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin	pretty-link	N/A	Pretty Links Lite < 1.6.3 - Stored Cross-Site Scripting	LOW	[*, 1.6.3)	1.6.3	June 29, 2026
portable-phpmyadmin	portable-phpmyadmin	N/A	Portable phpMyAdmin <= 1.3.0 - Authentication Bypass	LOW	*-1.3.0	1.3.1	June 29, 2026
portable-phpmyadmin	portable-phpmyadmin	N/A	Portable phpMyAdmin <= 1.4.1 - Information Disclosure	LOW	*-1.4.1		June 29, 2026

LOW

memphis-documents-library

Score: N/A Memphis Documents Library <= 2.6.16 - Cross-Site Scripting Affected: [*, 3.0) Patched: 3.0 Updated: June 29, 2026

LOW

kbslider

Score: 91/100 KenBurner Slider (All Versions) - Path Traversal Affected: * Patched: Updated: June 29, 2026

LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting Affected: *-2.4.3 Patched: 2.4.4 Updated: June 29, 2026

LOW

advanced-access-manager

Score: 97/100 Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite Affected: [*, 2.8.3) Patched: 2.8.3 Updated: June 29, 2026

LOW

wp-source-control

Score: N/A WP Source Control < 3.1.1 - Directory Traversal Affected: [*, 3.1.1) Patched: 3.1.1 Updated: June 29, 2026

LOW

improved-user-search-in-backend

Score: 93/100 Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.2.5 Patched: 1.2.6 Updated: June 29, 2026

LOW

disqus-comment-system

Score: 93/100 Disqus Comment System < 2.76 - Cross-Site Request Forgery Affected: [*, 2.76) Patched: 2.76 Updated: June 29, 2026

LOW

mobiloud-mobile-app-plugin

Score: N/A MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting Affected: [*, 2.3.8) Patched: 2.3.8 Updated: June 29, 2026

LOW

gb-gallery-slideshow

Score: 89/100 GB Gallery Slideshow <= 1.5 - SQL Injection Affected: [*, 1.6) Patched: 1.6 Updated: June 29, 2026

LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload < 2.4.2 - Cross-Site Request Forgery Affected: [*, 2.4.2) Patched: 2.4.2 Updated: June 29, 2026

LOW

job-board

Score: 93/100 Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: June 29, 2026

LOW

wordpress-feed-statistics

Score: N/A Feed Statistics < 4.0 - Open Redirect Affected: [*, 4.0) Patched: 4.0 Updated: June 29, 2026

LOW

twitter-plugin

Score: N/A BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.7 Updated: June 29, 2026

LOW

si-captcha-for-wordpress

Score: N/A SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting Affected: [*, 2.7.6) Patched: 2.7.6 Updated: June 29, 2026

LOW

pdf-print

Score: N/A PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin < 1.7.5 - Cross-Site Scripting Affected: [*, 1.7.5) Patched: 1.7.5 Updated: June 29, 2026

LOW

contact-form-plugin

Score: 93/100 Contact Form Plugin <= 3.81 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.81 Patched: 3.82 Updated: June 29, 2026

LOW

wpss

Score: N/A WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting Affected: *-0.62 Patched: Updated: June 29, 2026

LOW

wpss

Score: N/A WordPress Spreadsheet <= 0.62 - SQL Injection Affected: *-0.62 Patched: Updated: June 29, 2026

LOW

grand-media

Score: 91/100 Gmedia Photo Gallery < 1.2.2 - Arbitrary File Upload Affected: [*, 1.2.2) Patched: 1.2.2 Updated: June 29, 2026

LOW

xhanch-my-twitter

Score: N/A Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery Affected: *-2.7.6 Patched: 2.7.7 Updated: June 29, 2026

LOW

xen-carousel

Score: N/A XEN Carousel <= 0.12.2 - Cross-Site Scripting Affected: *-0.12.2 Patched: Updated: June 29, 2026

LOW

wysija-newsletters

Score: N/A MailPoet Newsletters <= 2.6.6 - Arbitrary File Upload Affected: *-2.6.6 Patched: 2.6.7 Updated: June 29, 2026

LOW

wptouch

Score: N/A WPtouch < 1.9.30 - Open Redirect Affected: [*, 1.9.30) Patched: 1.9.30 Updated: June 29, 2026

LOW

wptouch

Score: N/A WPtouch <= 3.4.2 - Arbitrary File Upload Affected: *-3.4.2 Patched: 3.4.3 Updated: June 29, 2026

LOW

wppizza

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 2.11.8.18) Patched: 2.11.8.18 Updated: June 29, 2026

LOW

wphotfiles

Score: N/A Hot Files: File Sharing and Download Manager Plugin <= 1.0.0 - Cross-Site scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

wpcb

Score: N/A WPCB <= 2.4.8 - Reflected Cross-Site Scripting Affected: *-2.4.8 Patched: Updated: June 29, 2026

LOW

wp-video-lightbox

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 1.7.5) Patched: 1.7.5 Updated: June 29, 2026

LOW

wp-table-reloaded

Score: N/A WP-Table Reloaded <= 1.9.3 - Cross-Site Scripting Affected: *-1.9.3 Patched: 1.9.4 Updated: June 29, 2026

LOW

wp-table

Score: N/A wp-Table <= 1.43 - Remote File Inclusion Affected: *-1.43 Patched: 1.44 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium < 13.04 - Cross-Site Scripting Affected: [*, 13.04) Patched: 13.04 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium <= 11.11.26 - Cross-Site Scripting Affected: *-11.11.26 Patched: 11.12.08 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium <= 12.11 - SQL Injections Affected: *-12.11 Patched: 12.12 Updated: June 29, 2026

LOW

wp-symposium

Score: N/A WP Symposium <= 13.04 - Open Redirection Affected: *-13.04 Patched: 13.05 Updated: June 29, 2026

LOW

WP Super Cache

wp-super-cache

Score: 82/100 WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting Affected: *-1.3 Patched: 1.3.1 Updated: June 29, 2026

LOW

WP Super Cache

wp-super-cache

Score: 82/100 WP Super Cache < 1.3.2 - Remote Code Execution Affected: [*, 1.3.2) Patched: 1.3.2 Updated: June 29, 2026

LOW

WP Super Cache

wp-super-cache

Score: 82/100 WP Super Cache <= 1.2 - Remote Code Execution Affected: *-1.2 Patched: 1.3 Updated: June 29, 2026

LOW

WP Activity Log

wp-security-audit-log

Score: N/A WP Activity Log <= 1.2.4 - Cross-Site Request Forgery Affected: [*, 1.2.5) Patched: 1.2.5 Updated: June 29, 2026

LOW

wp-recaptcha

Score: N/A WordPress Google reCAPTCHA <= 3.1.3 - Reflected Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: June 29, 2026

LOW

wp-post-to-pdf

Score: N/A WP Post to PDF <= 2.3.1 - Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: June 29, 2026

LOW

wp-portfolio-gallery

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 1.2.0) Patched: 1.2.0 Updated: June 29, 2026

LOW

wp-php-widget

Score: N/A WP PHP Widget <= 1.0.2 - Full Path Disclosure Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

wp-media-player

Score: N/A WP Silverlight Media Player <= 0.8 - Cross-Site Scripting Affected: *-0.8 Patched: Updated: June 29, 2026

LOW

wp-instagram-bank

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

wp-image-news-slider

Score: N/A Image News Slider <= 3.2 - Unspecified Vulnerability Affected: *-3.2 Patched: 3.3 Updated: June 29, 2026

LOW

wp-html-sitemap

Score: N/A WP HTML Sitemap <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

wp-filebase

Score: N/A WP-Filebase Download Manager <= 0.3.0.03 - Remote Code Execution Affected: *-0.3.0.03 Patched: 0.3.0.04 Updated: June 29, 2026

LOW

wp-easy-gallery

Score: N/A WP Easy Gallery <= 2.7 - SQL Injection Affected: *-2.7 Patched: 2.7.1 Updated: June 29, 2026

LOW

wp-easy-gallery

Score: N/A WP Easy Gallery <= 1.7 - Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: June 29, 2026

LOW

wp-easy-gallery

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 4.1.1) Patched: 4.1.1 Updated: June 29, 2026

LOW

wp-easy-gallery

Score: N/A WP Easy Gallery <= 2.7 - Cross-Site Request Forgery Affected: *-2.7 Patched: 2.7.1 Updated: June 29, 2026

LOW

wp-easy-gallery

Score: N/A WP Easy Gallery <= 2.7 - SQL Injection Affected: *-2.7 Patched: 2.7.1 Updated: June 29, 2026

LOW

wp-e-commerce

Score: N/A WP eCommerce <= 3.8.9 - Cross-Site Scripting Affected: *-3.8.9 Patched: 3.8.9.1 Updated: June 29, 2026

LOW

wp-e-commerce

Score: N/A WP eCommerce <= 3.8.9 - SQL Injection Affected: *-3.8.9 Patched: 3.8.9.1 Updated: June 29, 2026

LOW

wp-construction-mode

Score: N/A WP Construction Mode <= 1.8 - Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

wp-business-directory

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

wp-banners-lite

Score: N/A WP-Banners-Lite 1.29, 1.31, 1.40 - Cross-Site Scripting Affected: 1.29, 1.31, 1.40 Patched: Updated: June 29, 2026

LOW

wp-automatic

Score: N/A WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection Affected: *-2.0.3 Patched: 2.0.4 Updated: June 29, 2026

LOW

wp-app-maker

Score: N/A WP App Maker <= 1.0.16.4 - Reflected Cross-Site Scripting Affected: *-1.0.16.4 Patched: Updated: June 29, 2026

LOW

wp-amasin-the-amazon-affiliate-shop

Score: N/A WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion Affected: *-0.9.6 Patched: 0.9.7 Updated: June 29, 2026

LOW

wordpress-whois-search

Score: N/A WHOIS <= 1.4.2.2 - Reflected Cross Site Scripting Affected: *-1.4.2.2 Patched: 1.4.2.3 Updated: June 29, 2026

LOW

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart < 3.6 - Cross-Site Request Forgery Affected: [*, 3.6) Patched: 3.6 Updated: June 29, 2026

LOW

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Score: 89/100 Yoast SEO <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: 1.4.7 Updated: June 29, 2026

LOW

wordpress-23-related-posts-plugin

Score: N/A Related Posts < 2.7.2 - Cross-Site Request Forgery Affected: [*, 2.7.2) Patched: 2.7.2 Updated: June 29, 2026

LOW

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Score: 70/100 Wordfence Security <= 3.8.1 - Stored Cross-Site Scripting Affected: *-3.8.1 Patched: 3.8.3 Updated: June 29, 2026

LOW

webrotate-360-product-viewer

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 2.5.2) Patched: 2.5.2 Updated: June 29, 2026

LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 0.9.2.8 - Remote Code Execution Affected: *-0.9.2.8 Patched: 0.9.2.9 Updated: June 29, 2026

LOW

verification-code-for-comments

Score: N/A Verification Code for Comments <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: June 29, 2026

LOW

user-meta

Score: N/A User Meta – User Profile Builder and User management plugin 1.1.1 - Arbitrary File Upload Affected: 1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

uploader

Score: N/A Uploader <= 1.0.4 - Arbitrary File Upload Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

uploader

Score: N/A Uploader <= 1.0.4 - Multiple Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

underconstruction

Score: N/A underConstruction < 1.09 - Cross-Site Request Forgery Affected: [*, 1.09) Patched: 1.09 Updated: June 29, 2026

LOW

ultimate-tinymce

Score: N/A Ultimate TinyMCE < 3.6 - Cross-Site Scripting Affected: [*, 3.6) Patched: 3.6 Updated: June 29, 2026

LOW

tweet-blender

Score: N/A Tweet Blender <= 4.0.1 - Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: June 29, 2026

LOW

trexanh-property

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: *-0.1 Patched: 0.2 Updated: June 29, 2026

LOW

tinymce-thumbnail-gallery

Score: N/A Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion Affected: *-1.0.7 Patched: 1.1.0 Updated: June 29, 2026

LOW

ticket-manager

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

tallykit

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 5.5) Patched: 5.5 Updated: June 29, 2026

LOW

syntaxhighlighter

Score: N/A SyntaxHighlighter Evolved <= 3.1.9 - Cross-Site Scripting Affected: *-3.1.9 Patched: 3.1.10 Updated: June 29, 2026

LOW

subscribe2

Score: N/A Subscribe2 – Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting Affected: [*, 8.1) Patched: 8.1 Updated: June 29, 2026

LOW

stream-video-player

Score: N/A Stream Video Player <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: Updated: June 29, 2026

LOW

ssquiz

Score: N/A SS Quiz <= 1.12.2 - Unspecified Vulnerabilities Affected: *-1.12.2 Patched: 2.0 Updated: June 29, 2026

LOW

slidedeck2

Score: N/A SlideDeck 2 <= 2.3.3 - Local/Remote File Inclusion Affected: *-2.3.3 Patched: 2.3.5 Updated: June 29, 2026

LOW

simply-poll

Score: N/A Simply Poll <= 1.4.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: June 29, 2026

LOW

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Score: 77/100 Simple History <= 1.0.7 - Sensitive Information Disclosure Affected: *-1.0.7 Patched: 1.0.8 Updated: June 29, 2026

LOW

simple-flash-video

Score: N/A Simple Flash Video <= 1.7 - Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

sexybookmarks

Score: N/A SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery Affected: *-6.1.4.0 Patched: 6.1.5.0 Updated: June 29, 2026

LOW

s2member-secure-file-browser

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 0.4.17) Patched: 0.4.17 Updated: June 29, 2026

LOW

responsive-lightbox

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 1.4.12) Patched: 1.4.12 Updated: June 29, 2026

LOW

responsive-category-slider

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

reflex-gallery

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 3.1.5) Patched: 3.1.5 Updated: June 29, 2026

LOW

Redirection

redirection

Score: 71/100 Redirection <= 2.2.8 - Reflected Cross-Site Scripting Affected: [*, 2.2.9) Patched: 2.2.9 Updated: June 29, 2026

LOW

Redirection

redirection

Score: 71/100 Redirection <= 2.2.9 - Cross-Site Scripting Affected: [*, 2.2.10) Patched: 2.2.10 Updated: June 29, 2026

LOW

really-simple-facebook-twitter-share-buttons

Score: N/A Really Simple Facebook Twitter Share Buttons < 2.10.5 - Cross-Site Request Forgery Affected: [*, 2.10.5) Patched: 2.10.5 Updated: June 29, 2026

LOW

random-image-gallery-with-pretty-photo-zoom

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 7.5) Patched: 7.5 Updated: June 29, 2026

LOW

quick-pagepost-redirect-plugin

Score: N/A Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: [*, 5.0.5) Patched: 5.0.5 Updated: June 29, 2026

LOW

q-and-a

Score: N/A Q and A <= 1.0.6.2 Cross-Site Request Forgery Affected: *-1.0.6.2 Patched: Updated: June 29, 2026

LOW

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

Score: N/A Pretty Links Lite < 1.6.3 - Stored Cross-Site Scripting Affected: [*, 1.6.3) Patched: 1.6.3 Updated: June 29, 2026

LOW

portable-phpmyadmin

Score: N/A Portable phpMyAdmin <= 1.3.0 - Authentication Bypass Affected: *-1.3.0 Patched: 1.3.1 Updated: June 29, 2026

LOW

portable-phpmyadmin

Score: N/A Portable phpMyAdmin <= 1.4.1 - Information Disclosure Affected: *-1.4.1 Patched: Updated: June 29, 2026

Showing 35101 to 35200 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 07:34 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List