Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
Polylang	polylang	80	Polylang <= 1.5.1 - Cross-Site Scripting	LOW	[*, 1.5.2)	1.5.2	June 29, 2026
polldaddy	polldaddy	N/A	Polldaddy Polls & Rating < 2.0.24 - Reflected Cross-Site Scripting	LOW	[*, 2.0.24)	2.0.24	June 29, 2026
polldaddy	polldaddy	N/A	Crowdsignal Dashboard <= 2.0.24 - Cross-Site Scripting	LOW	*-2.0.24	2.0.25	June 29, 2026
platinum-seo-pack	platinum-seo-pack	N/A	Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting	LOW	*-1.3.7	1.3.8	June 29, 2026
pie-register	pie-register	N/A	Pie Register <= 1.30 - Multiple Cross-Site Scripting	LOW	*-1.30	1.31	June 29, 2026
onclick-show-popup	onclick-show-popup	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 6.6)	6.6	June 29, 2026
mytreasures	mytreasures	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
myftp-ftp-like-plugin-for-wordpress	myftp-ftp-like-plugin-for-wordpress	N/A	MyFTP <= 1.1 - SQL Injection	LOW	*-1.1		June 29, 2026
myblogu	myblogu	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 0.0.8)	0.0.8	June 29, 2026
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider	ml-slider	88	Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting	LOW	*-2.5	2.6	June 29, 2026
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider	ml-slider	88	Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.1.6 - Full Path Disclosure	LOW	*-2.1.6	2.2	June 29, 2026
mklasens-photobox	mklasens-photobox	N/A	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum < 1.0.34 - Unauthenticated SQL Injection	LOW	[*, 1.0.34)	1.0.34	June 29, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum <= 1.0.32.1 - SQL Injection	LOW	*-1.0.32.1	1.0.33	June 29, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum <= 1.0.32.1 - SQL Injection	LOW	[*, 1.0.33)	1.0.33	June 29, 2026
meenews	meenews	93	Newsletter Meenews <= 5.1.0 - Cross-Site Scripting	LOW	*-5.1.0	5.2.0	June 29, 2026
media-library-categories	media-library-categories	91	Media Library Categories <= 1.1.1 - Unauthenticated Multiple Cross-Site Scripting	LOW	*-1.1.1		June 29, 2026
matrix-image-gallery	matrix-image-gallery	91	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
mail-subscribe-list	mail-subscribe-list	91	Mail Subscribe List <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.0.9	2.1	June 29, 2026
lb-tube-video	lb-tube-video	91	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
layerslider	layerslider	93	LayerSlider <= 4.6.1 - Cross-Site Request Forgery	LOW	*-4.6.1	5.2.0	June 29, 2026
layerslider	layerslider	93	LayerSlider <= 4.6.1 - Path Traversal	LOW	*-4.6.1	5.2.0	June 29, 2026
knr-author-list-widget	knr-author-list-widget	91	Axact Author List Widget < 3.0.0 - SQL Injection	LOW	[*, 3.0.0)	3.0.0	June 29, 2026
jcwp-youtube-channel-embed	jcwp-youtube-channel-embed	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 2.0.0)	2.0.0	June 29, 2026
izeechat	izeechat	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 1.1)	1.1	June 29, 2026
images-lazyload-and-slideshow	images-lazyload-and-slideshow	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 3.3)	3.3	June 29, 2026
image-slider-widget	image-slider-widget	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 1.1.7)	1.1.7	June 29, 2026
hk-exif-tags	hk-exif-tags	93	HK Exif Tags <= 1.11 - Cross-Site Scripting	LOW	*-1.11	1.12	June 29, 2026
gravity-file-ajax-upload-free	gravity-file-ajax-upload-free	91	Gravity Upload Ajax <= 1.1 - Unrestricted File Upload	LOW	*-1.1		June 29, 2026
global-flash-galleries	global-flash-galleries	93	Global Flash Gallery <= 0.15.1 - SQL Injection	LOW	*-0.15.1	0.15.2	June 29, 2026
gallery-bank	gallery-bank	89	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 3.0.229)	3.0.229	June 29, 2026
g-lock-double-opt-in-manager	g-lock-double-opt-in-manager	91	G-Lock Double Opt-in Manager <= 2.6.5 - SQL Injection	LOW	*-2.6.5		June 29, 2026
foxyshop	foxyshop	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 4.6.1)	4.6.1	June 29, 2026
font-uploader	font-uploader	93	Font Uploader <= 1.3 - Arbitrary File Upload	LOW	*-1.3	1.3.1	June 29, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting	LOW	*-2.71	2.72	June 29, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 0.59 - SQL Injection	LOW	*-0.59	0.60	June 29, 2026
fancyflickr	fancyflickr	91	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
ezpz-one-click-backup	ezpz-one-click-backup	89	EZPZ One Click Backup <= 12.03.10 - Unauthenticated Command Injection	LOW	*-12.03.10		June 29, 2026
events-manager-pro	events-manager-pro	93	Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting	LOW	[*, 2.2.9)	2.2.9	June 29, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting	LOW	[*, 5.3.5)	5.3.5	June 29, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager < 5.3.9 - Cross-Site Scripting	LOW	[*, 5.3.9)	5.3.9	June 29, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager <= 5.5.1 - Multiple Cross-Site Scripting	LOW	*-5.5.1	5.5.2	June 29, 2026
embedplus-for-wordpress	embedplus-for-wordpress	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 5.4)	5.4	June 29, 2026
email-newsletter	email-newsletter	91	Email Newsletter <= 8.0 - Sensitive Information Disclosure	LOW	*-8.0	9.0	June 29, 2026
ehive-object-details	ehive-object-details	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 2.1.7)	2.1.7	June 29, 2026
ehive-account-details	ehive-account-details	93	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 2.1.3)	2.1.3	June 29, 2026
dzs-videogallery	dzs-videogallery	91	DZS Video Gallery < 7.95 - Reflected Cross-Site Scripting	LOW	[*, 7.95)	7.95	June 29, 2026
dzs-videogallery	dzs-videogallery	91	DZS Video Gallery <= 9.63 - Reflected Cross-Site Scripting	LOW	*-9.63	9.64	June 29, 2026
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	duplicator	91	Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting	LOW	*-0.4.4	0.4.5	June 29, 2026
duplicate-post	duplicate-post	97	Yoast Duplicate Post <= 2.5 - SQL Injection	LOW	*-2.5	2.6	June 29, 2026
duplicate-post	duplicate-post	97	Yoast Duplicate Post <= 2.6 - Cross-Site Scripting	LOW	*-2.6	3.0	June 29, 2026
dropdown-menu-widget	dropdown-menu-widget	87	Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.9.7		June 29, 2026
dp-maintenance-mode-lite	dp-maintenance-mode-lite	91	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	*		June 29, 2026
Download Manager	download-manager	63	Download Manager <= 2.2.2 - Cross-Site Scripting	LOW	*-2.2.2	2.2.3	June 29, 2026
disable-comments	disable-comments	97	Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery	LOW	[*, 1.0.4)	1.0.4	June 29, 2026
count-per-day	count-per-day	93	Count per Day <= 3.1 - Cross-Site Scripting	LOW	*-3.1	3.1.1	June 29, 2026
count-per-day	count-per-day	93	Count per Day < 3.2.6 - Reflected Cross-Site Scripting	LOW	[*, 3.2.6)	3.2.6	June 29, 2026
count-per-day	count-per-day	93	Count Per Day <= 3.2.3 - Path Disclosure and Denial of Service	LOW	*-3.2.3	3.2.4	June 29, 2026
count-per-day	count-per-day	93	Count Per Day <= 3.1.1 - Cross-Site Scripting	LOW	*-3.1.1	3.2	June 29, 2026
contextual-related-posts	contextual-related-posts	93	Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.8.6	1.8.7	June 29, 2026
content-slide	content-slide	89	Content Slide <= 1.4.2 - Cross-Site Request Forgery	LOW	*-1.4.2		June 29, 2026
Contact Form 7	contact-form-7	97	Contact Form 7 <= 3.5.2 - Arbitrary File Upload	LOW	*-3.5.2	3.5.3	June 29, 2026
contact-bank	contact-bank	91	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 2.0.227)	2.0.227	June 29, 2026
codestyling-localization	codestyling-localization	91	Code Styling Localization <= 1.99.19 - Reflected Cross Site Scripting	LOW	*-1.99.19	1.99.20	June 29, 2026
cart66-lite	cart66-lite	93	Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery	LOW	[*, 1.5.1.15)	1.5.1.15	June 29, 2026
captcha	captcha	93	Captcha <= 3.8.1 - Captcha Bypass	LOW	*-3.8.1	3.8.2	June 29, 2026
calendar	calendar	93	Calendar <= 1.3.2 - Cross-Site Request Forgery	LOW	*-1.3.2	1.3.3	June 29, 2026
BulletProof Security	bulletproof-security	68	BulletProof Security <= .48.9 - Cross-Site Scripting	LOW	*-.48.9	.49	June 29, 2026
buddypress	buddypress	93	BuddyPress <= 1.9.1 - Stored Cross-Site Scripting	LOW	*-1.9.1	1.9.2	June 29, 2026
bsk-pdf-manager	bsk-pdf-manager	91	BSK PDF Manager <= 1.4 - Authenticated SQL Injection	LOW	[*, 1.5)	1.5	June 29, 2026
bsk-pdf-manager	bsk-pdf-manager	91	BSK PDF Manager 1.3 - 2.9 - Authenticated Stored Cross-Site Scripting	LOW	1.3-2.9	2.9.1	June 29, 2026
Booking Calendar	booking	71	Booking Calendar < 4.1.6 - Cross-Site Request Forgery	LOW	[*, 4.1.6)	4.1.6	June 29, 2026
bib2html	bib2html	91	bib2html <= 0.9.3 - Cross-Site Scripting	LOW	*-0.9.3		June 29, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	Better WP Security <= 3.5.3 - Stored Cross-Site Scripting	LOW	*-3.5.3	3.5.4	June 29, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	iThemes Security < 3.6.4 - Stored Cross-Site Scripting	LOW	[*, 3.6.4)	3.6.4	June 29, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	Better WP Security <= 3.6.3 - Stored Cross-Site Scripting	LOW	*-3.6.3	3.6.4	June 29, 2026
amazon-affiliate-link-localizer	amazon-affiliate-link-localizer	97	Amazon Affiliate Link Localizer <= 1.8.2 - Cross-Site Scripting	LOW	*-1.8.2	1.8.3	June 29, 2026
alpine-photo-tile-for-instagram	alpine-photo-tile-for-instagram	97	Alpine PhotoTile For Instagram < 1.2.9 - Cross-Site Scripting	LOW	[*, 1.2.9)	1.2.9	June 29, 2026
alpine-photo-tile-for-instagram	alpine-photo-tile-for-instagram	97	PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting	LOW	[*, 1.2.7.5)	1.2.7.5	June 29, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter	LOW	*-2.0.3	2.0.3.1	June 29, 2026
adminimize	adminimize	97	Adminimize <= 1.7.21 - Cross-Site Scripting	LOW	*-1.7.21	1.7.22	June 29, 2026
adminimize	adminimize	97	Adminimize < 1.7.22 - Cross-Site Scripting	LOW	[*, 1.7.22)	1.7.22	June 29, 2026
1-flash-gallery	1-flash-gallery	95	1 Flash Gallery <= 1.9.0 - Cross-Site Scripting	LOW	*-1.9.0		June 29, 2026
Wordfence Security – Firewall, Malware Scan, and Login Security	wordfence	70	Wordfence Security – Firewall & Malware Scan <= 5.1.3 - Cross-Site Scripting	LOW	*-5.1.3	5.1.4	June 29, 2026
whydowork-adsense	whydowork-adsense	N/A	WhyDoWork AdSense <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 29, 2026
whydowork-adsense	whydowork-adsense	N/A	WhyDoWork AdSense <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2		June 29, 2026
lead-octopus-power	lead-octopus-power	93	Lead Octopus Power < 1.1.1 - SQL Injection	LOW	[*, 1.1.1)	1.1.1	June 29, 2026
fbgorilla	fbgorilla	91	FBGorilla (All Versions) - SQL Injection	LOW	*		June 29, 2026
wordpress-mobile-pack	wordpress-mobile-pack	N/A	WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.0.2 - Information Disclosure	LOW	[*, 2.0.2)	2.0.2	June 29, 2026
contus-video-gallery	contus-video-gallery	91	WORDPRESS VIDEO GALLERY <= 2.5 - Cross-Site Scripting	LOW	*-2.5	2.6	June 29, 2026
contus-video-gallery	contus-video-gallery	91	WORDPRESS VIDEO GALLERY < 2.6 - SQL Injection	LOW	[*, 2.6)	2.6	June 29, 2026
3CX Free Live Chat, Calls & Messaging	wp-live-chat-support	N/A	WP Live Chat Support < 4.1.0 - JavaScript Code Injection	LOW	[*, 4.1.0)	4.1.0	June 29, 2026
wordpress-flash-uploader	wordpress-flash-uploader	N/A	Flash Uploader <= 3.1.2 - Arbitrary Command Execution	LOW	[*, 3.1.3)	3.1.3	June 29, 2026
wp-backitup	wp-backitup	N/A	Backup and Restore WordPress – Backup Plugin <= 1.9 - Sensitive Information Disclosure	LOW	*-1.9	1.9.1	June 29, 2026
profile-builder	profile-builder	N/A	Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting	LOW	[*, 1.1.66)	1.1.66	June 29, 2026
json-rest-api	json-rest-api	93	JSON REST API <= 1.1 - Potential Cross-Site Request Forgery Bypass	LOW	*-1.1	1.1.1	June 29, 2026
compfight	compfight	93	Compfight < 1.5 - Cross-Site Scrpting	LOW	[*, 1.5)	1.5	June 29, 2026
compfight	compfight	93	Compfight < 1.5 - Reflected Cross-Site Scripting	LOW	*-1.4	1.5	June 29, 2026
wpsnapapp	wpsnapapp	N/A	WP Snap App <= 1.5 - Cross-Site Scripting	LOW	*-1.5		June 29, 2026
mywebcounter	mywebcounter	N/A	mywebcounter <= 1.1 - Reflected Cross-Site Scripting	LOW	*-1.1		June 29, 2026

LOW

Polylang

polylang

Score: 80/100 Polylang <= 1.5.1 - Cross-Site Scripting Affected: [*, 1.5.2) Patched: 1.5.2 Updated: June 29, 2026

LOW

polldaddy

Score: N/A Polldaddy Polls & Rating < 2.0.24 - Reflected Cross-Site Scripting Affected: [*, 2.0.24) Patched: 2.0.24 Updated: June 29, 2026

LOW

polldaddy

Score: N/A Crowdsignal Dashboard <= 2.0.24 - Cross-Site Scripting Affected: *-2.0.24 Patched: 2.0.25 Updated: June 29, 2026

LOW

platinum-seo-pack

Score: N/A Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting Affected: *-1.3.7 Patched: 1.3.8 Updated: June 29, 2026

LOW

pie-register

Score: N/A Pie Register <= 1.30 - Multiple Cross-Site Scripting Affected: *-1.30 Patched: 1.31 Updated: June 29, 2026

LOW

onclick-show-popup

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 6.6) Patched: 6.6 Updated: June 29, 2026

LOW

mytreasures

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

myftp-ftp-like-plugin-for-wordpress

Score: N/A MyFTP <= 1.1 - SQL Injection Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

myblogu

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 0.0.8) Patched: 0.0.8 Updated: June 29, 2026

LOW

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

Score: 88/100 Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting Affected: *-2.5 Patched: 2.6 Updated: June 29, 2026

LOW

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

Score: 88/100 Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.1.6 - Full Path Disclosure Affected: *-2.1.6 Patched: 2.2 Updated: June 29, 2026

LOW

mklasens-photobox

Score: N/A PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

mingle-forum

Score: N/A Mingle Forum < 1.0.34 - Unauthenticated SQL Injection Affected: [*, 1.0.34) Patched: 1.0.34 Updated: June 29, 2026

LOW

mingle-forum

Score: N/A Mingle Forum <= 1.0.32.1 - SQL Injection Affected: *-1.0.32.1 Patched: 1.0.33 Updated: June 29, 2026

LOW

mingle-forum

Score: N/A Mingle Forum <= 1.0.32.1 - SQL Injection Affected: [*, 1.0.33) Patched: 1.0.33 Updated: June 29, 2026

LOW

meenews

Score: 93/100 Newsletter Meenews <= 5.1.0 - Cross-Site Scripting Affected: *-5.1.0 Patched: 5.2.0 Updated: June 29, 2026

LOW

media-library-categories

Score: 91/100 Media Library Categories <= 1.1.1 - Unauthenticated Multiple Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

matrix-image-gallery

Score: 91/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

mail-subscribe-list

Score: 91/100 Mail Subscribe List <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.9 Patched: 2.1 Updated: June 29, 2026

LOW

lb-tube-video

Score: 91/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

layerslider

Score: 93/100 LayerSlider <= 4.6.1 - Cross-Site Request Forgery Affected: *-4.6.1 Patched: 5.2.0 Updated: June 29, 2026

LOW

layerslider

Score: 93/100 LayerSlider <= 4.6.1 - Path Traversal Affected: *-4.6.1 Patched: 5.2.0 Updated: June 29, 2026

LOW

knr-author-list-widget

Score: 91/100 Axact Author List Widget < 3.0.0 - SQL Injection Affected: [*, 3.0.0) Patched: 3.0.0 Updated: June 29, 2026

LOW

jcwp-youtube-channel-embed

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 2.0.0) Patched: 2.0.0 Updated: June 29, 2026

LOW

izeechat

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 1.1) Patched: 1.1 Updated: June 29, 2026

LOW

images-lazyload-and-slideshow

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 3.3) Patched: 3.3 Updated: June 29, 2026

LOW

image-slider-widget

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 1.1.7) Patched: 1.1.7 Updated: June 29, 2026

LOW

hk-exif-tags

Score: 93/100 HK Exif Tags <= 1.11 - Cross-Site Scripting Affected: *-1.11 Patched: 1.12 Updated: June 29, 2026

LOW

gravity-file-ajax-upload-free

Score: 91/100 Gravity Upload Ajax <= 1.1 - Unrestricted File Upload Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

global-flash-galleries

Score: 93/100 Global Flash Gallery <= 0.15.1 - SQL Injection Affected: *-0.15.1 Patched: 0.15.2 Updated: June 29, 2026

LOW

gallery-bank

Score: 89/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 3.0.229) Patched: 3.0.229 Updated: June 29, 2026

LOW

g-lock-double-opt-in-manager

Score: 91/100 G-Lock Double Opt-in Manager <= 2.6.5 - SQL Injection Affected: *-2.6.5 Patched: Updated: June 29, 2026

LOW

foxyshop

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 4.6.1) Patched: 4.6.1 Updated: June 29, 2026

LOW

font-uploader

Score: 93/100 Font Uploader <= 1.3 - Arbitrary File Upload Affected: *-1.3 Patched: 1.3.1 Updated: June 29, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting Affected: *-2.71 Patched: 2.72 Updated: June 29, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 0.59 - SQL Injection Affected: *-0.59 Patched: 0.60 Updated: June 29, 2026

LOW

fancyflickr

Score: 91/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

ezpz-one-click-backup

Score: 89/100 EZPZ One Click Backup <= 12.03.10 - Unauthenticated Command Injection Affected: *-12.03.10 Patched: Updated: June 29, 2026

LOW

events-manager-pro

Score: 93/100 Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting Affected: [*, 2.2.9) Patched: 2.2.9 Updated: June 29, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting Affected: [*, 5.3.5) Patched: 5.3.5 Updated: June 29, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager < 5.3.9 - Cross-Site Scripting Affected: [*, 5.3.9) Patched: 5.3.9 Updated: June 29, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager <= 5.5.1 - Multiple Cross-Site Scripting Affected: *-5.5.1 Patched: 5.5.2 Updated: June 29, 2026

LOW

embedplus-for-wordpress

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 5.4) Patched: 5.4 Updated: June 29, 2026

LOW

email-newsletter

Score: 91/100 Email Newsletter <= 8.0 - Sensitive Information Disclosure Affected: *-8.0 Patched: 9.0 Updated: June 29, 2026

LOW

ehive-object-details

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 2.1.7) Patched: 2.1.7 Updated: June 29, 2026

LOW

ehive-account-details

Score: 93/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 2.1.3) Patched: 2.1.3 Updated: June 29, 2026

LOW

dzs-videogallery

Score: 91/100 DZS Video Gallery < 7.95 - Reflected Cross-Site Scripting Affected: [*, 7.95) Patched: 7.95 Updated: June 29, 2026

LOW

dzs-videogallery

Score: 91/100 DZS Video Gallery <= 9.63 - Reflected Cross-Site Scripting Affected: *-9.63 Patched: 9.64 Updated: June 29, 2026

LOW

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

Score: 91/100 Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting Affected: *-0.4.4 Patched: 0.4.5 Updated: June 29, 2026

LOW

duplicate-post

Score: 97/100 Yoast Duplicate Post <= 2.5 - SQL Injection Affected: *-2.5 Patched: 2.6 Updated: June 29, 2026

LOW

duplicate-post

Score: 97/100 Yoast Duplicate Post <= 2.6 - Cross-Site Scripting Affected: *-2.6 Patched: 3.0 Updated: June 29, 2026

LOW

dropdown-menu-widget

Score: 87/100 Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.9.7 Patched: Updated: June 29, 2026

LOW

dp-maintenance-mode-lite

Score: 91/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 2.2.2 - Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: June 29, 2026

LOW

disable-comments

Score: 97/100 Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery Affected: [*, 1.0.4) Patched: 1.0.4 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count per Day <= 3.1 - Cross-Site Scripting Affected: *-3.1 Patched: 3.1.1 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count per Day < 3.2.6 - Reflected Cross-Site Scripting Affected: [*, 3.2.6) Patched: 3.2.6 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count Per Day <= 3.2.3 - Path Disclosure and Denial of Service Affected: *-3.2.3 Patched: 3.2.4 Updated: June 29, 2026

LOW

count-per-day

Score: 93/100 Count Per Day <= 3.1.1 - Cross-Site Scripting Affected: *-3.1.1 Patched: 3.2 Updated: June 29, 2026

LOW

contextual-related-posts

Score: 93/100 Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.8.6 Patched: 1.8.7 Updated: June 29, 2026

LOW

content-slide

Score: 89/100 Content Slide <= 1.4.2 - Cross-Site Request Forgery Affected: *-1.4.2 Patched: Updated: June 29, 2026

LOW

Contact Form 7

contact-form-7

Score: 97/100 Contact Form 7 <= 3.5.2 - Arbitrary File Upload Affected: *-3.5.2 Patched: 3.5.3 Updated: June 29, 2026

LOW

contact-bank

Score: 91/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 2.0.227) Patched: 2.0.227 Updated: June 29, 2026

LOW

codestyling-localization

Score: 91/100 Code Styling Localization <= 1.99.19 - Reflected Cross Site Scripting Affected: *-1.99.19 Patched: 1.99.20 Updated: June 29, 2026

LOW

cart66-lite

Score: 93/100 Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery Affected: [*, 1.5.1.15) Patched: 1.5.1.15 Updated: June 29, 2026

LOW

captcha

Score: 93/100 Captcha <= 3.8.1 - Captcha Bypass Affected: *-3.8.1 Patched: 3.8.2 Updated: June 29, 2026

LOW

calendar

Score: 93/100 Calendar <= 1.3.2 - Cross-Site Request Forgery Affected: *-1.3.2 Patched: 1.3.3 Updated: June 29, 2026

LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security <= .48.9 - Cross-Site Scripting Affected: *-.48.9 Patched: .49 Updated: June 29, 2026

LOW

buddypress

Score: 93/100 BuddyPress <= 1.9.1 - Stored Cross-Site Scripting Affected: *-1.9.1 Patched: 1.9.2 Updated: June 29, 2026

LOW

bsk-pdf-manager

Score: 91/100 BSK PDF Manager <= 1.4 - Authenticated SQL Injection Affected: [*, 1.5) Patched: 1.5 Updated: June 29, 2026

LOW

bsk-pdf-manager

Score: 91/100 BSK PDF Manager 1.3 - 2.9 - Authenticated Stored Cross-Site Scripting Affected: 1.3-2.9 Patched: 2.9.1 Updated: June 29, 2026

LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar < 4.1.6 - Cross-Site Request Forgery Affected: [*, 4.1.6) Patched: 4.1.6 Updated: June 29, 2026

LOW

bib2html

Score: 91/100 bib2html <= 0.9.3 - Cross-Site Scripting Affected: *-0.9.3 Patched: Updated: June 29, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 Better WP Security <= 3.5.3 - Stored Cross-Site Scripting Affected: *-3.5.3 Patched: 3.5.4 Updated: June 29, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 iThemes Security < 3.6.4 - Stored Cross-Site Scripting Affected: [*, 3.6.4) Patched: 3.6.4 Updated: June 29, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 Better WP Security <= 3.6.3 - Stored Cross-Site Scripting Affected: *-3.6.3 Patched: 3.6.4 Updated: June 29, 2026

LOW

amazon-affiliate-link-localizer

Score: 97/100 Amazon Affiliate Link Localizer <= 1.8.2 - Cross-Site Scripting Affected: *-1.8.2 Patched: 1.8.3 Updated: June 29, 2026

LOW

alpine-photo-tile-for-instagram

Score: 97/100 Alpine PhotoTile For Instagram < 1.2.9 - Cross-Site Scripting Affected: [*, 1.2.9) Patched: 1.2.9 Updated: June 29, 2026

LOW

alpine-photo-tile-for-instagram

Score: 97/100 PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting Affected: [*, 1.2.7.5) Patched: 1.2.7.5 Updated: June 29, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter Affected: *-2.0.3 Patched: 2.0.3.1 Updated: June 29, 2026

LOW

adminimize

Score: 97/100 Adminimize <= 1.7.21 - Cross-Site Scripting Affected: *-1.7.21 Patched: 1.7.22 Updated: June 29, 2026

LOW

adminimize

Score: 97/100 Adminimize < 1.7.22 - Cross-Site Scripting Affected: [*, 1.7.22) Patched: 1.7.22 Updated: June 29, 2026

LOW

1-flash-gallery

Score: 95/100 1 Flash Gallery <= 1.9.0 - Cross-Site Scripting Affected: *-1.9.0 Patched: Updated: June 29, 2026

LOW

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Score: 70/100 Wordfence Security – Firewall & Malware Scan <= 5.1.3 - Cross-Site Scripting Affected: *-5.1.3 Patched: 5.1.4 Updated: June 29, 2026

LOW

whydowork-adsense

Score: N/A WhyDoWork AdSense <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

whydowork-adsense

Score: N/A WhyDoWork AdSense <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

lead-octopus-power

Score: 93/100 Lead Octopus Power < 1.1.1 - SQL Injection Affected: [*, 1.1.1) Patched: 1.1.1 Updated: June 29, 2026

LOW

fbgorilla

Score: 91/100 FBGorilla (All Versions) - SQL Injection Affected: * Patched: Updated: June 29, 2026

LOW

wordpress-mobile-pack

Score: N/A WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.0.2 - Information Disclosure Affected: [*, 2.0.2) Patched: 2.0.2 Updated: June 29, 2026

LOW

contus-video-gallery

Score: 91/100 WORDPRESS VIDEO GALLERY <= 2.5 - Cross-Site Scripting Affected: *-2.5 Patched: 2.6 Updated: June 29, 2026

LOW

contus-video-gallery

Score: 91/100 WORDPRESS VIDEO GALLERY < 2.6 - SQL Injection Affected: [*, 2.6) Patched: 2.6 Updated: June 29, 2026

LOW

3CX Free Live Chat, Calls & Messaging

wp-live-chat-support

Score: N/A WP Live Chat Support < 4.1.0 - JavaScript Code Injection Affected: [*, 4.1.0) Patched: 4.1.0 Updated: June 29, 2026

LOW

wordpress-flash-uploader

Score: N/A Flash Uploader <= 3.1.2 - Arbitrary Command Execution Affected: [*, 3.1.3) Patched: 3.1.3 Updated: June 29, 2026

LOW

wp-backitup

Score: N/A Backup and Restore WordPress – Backup Plugin <= 1.9 - Sensitive Information Disclosure Affected: *-1.9 Patched: 1.9.1 Updated: June 29, 2026

LOW

profile-builder

Score: N/A Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting Affected: [*, 1.1.66) Patched: 1.1.66 Updated: June 29, 2026

LOW

json-rest-api

Score: 93/100 JSON REST API <= 1.1 - Potential Cross-Site Request Forgery Bypass Affected: *-1.1 Patched: 1.1.1 Updated: June 29, 2026

LOW

compfight

Score: 93/100 Compfight < 1.5 - Cross-Site Scrpting Affected: [*, 1.5) Patched: 1.5 Updated: June 29, 2026

LOW

compfight

Score: 93/100 Compfight < 1.5 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: June 29, 2026

LOW

wpsnapapp

Score: N/A WP Snap App <= 1.5 - Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

mywebcounter

Score: N/A mywebcounter <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

Showing 35201 to 35300 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 05:56 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List