Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
dmca-watermarker	dmca-watermarker	93	DMCA WaterMarker < 1.1 - Cross-Site Scripting	LOW	[*, 1.1)	1.1	June 29, 2026
conversador	conversador	91	Conversador <= 2.61 - Reflected Cross-Site Scripting	LOW	*-2.61		June 29, 2026
bookx	bookx	91	BookX <= 1.7 - Path Traversal	LOW	*-1.7		June 29, 2026
bic-media	bic-media	91	BIC Media Widget <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 29, 2026
all-video-gallery	all-video-gallery	95	All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection	LOW	*-1.2		June 29, 2026
all-in-one-social-lite	all-in-one-social-lite	95	All in One Social Lite <= 1.0 - Server-Side Request Forgery	LOW	*-1.0		June 29, 2026
alipay	alipay	95	WordPress支付宝Alipay\|财付通Tenpay\|贝宝PayPal集成插件 < 3.7.0 - Cross-Site Scripting	LOW	[*, 3.7.0)	3.7.0	June 29, 2026
activehelper-livehelp	activehelper-livehelp	97	ActiveHelper LiveHelp Live Chat < 3.1.5 - Reflected Cross-Site Scripting	LOW	[*, 3.1.5)	3.1.5	June 29, 2026
zeenshare	zeenshare	N/A	Zeenshare <= 1.0.1 - Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
youtubefreedown	youtubefreedown	N/A	Youtube Freedown <= 1.0 - Remote Media File Inclusion	LOW	*-1.0		June 29, 2026
wp-ultimate-email-marketer	wp-ultimate-email-marketer	N/A	WP Ultimate Email Marketer <= 1.1.0 - Stored Cross-Site Scripting	LOW	*-1.1.0		June 29, 2026
wp-ttisbdir	wp-ttisbdir	N/A	WP-Business Directory <= 1.0.2 - Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
wp-planet	wp-planet	N/A	WP-Planet <= 0.1 - Reflected Cross-Site Scripting	LOW	*-0.1		June 29, 2026
wp-lightpop	wp-lightpop	N/A	WP-lightpop <= 0.8.5.6 - Remote Media File Inclusion	LOW	*-0.8.5.6		June 29, 2026
wp-contact-sidebar-widget	wp-contact-sidebar-widget	N/A	WP-Contact <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 29, 2026
wordpress-social-login	wordpress-social-login	N/A	WordPress Social Login <= 2.1.5 - Cross-Site Scripting	LOW	*-2.1.5	2.1.6	June 29, 2026
votecount-for-balatarin	votecount-for-balatarin	N/A	Votecount For Balatarin <= 0.1.1 - Reflected Cross-Site Scripting	LOW	*-0.1.1		June 29, 2026
verweise-wordpress-twitter	verweise-wordpress-twitter	N/A	verwei.se – WordPress – Twitter <= 1.0 2 - Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
ultimate-weather-plugin	ultimate-weather-plugin	N/A	Local Weather <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 29, 2026
toolpage	toolpage	N/A	Toolpage <= 1.6.1 - Cross-Site Scripting	LOW	*-1.6.1		June 29, 2026
swipehq-payment-gateway-wp-e-commerce	swipehq-payment-gateway-wp-e-commerce	N/A	WP e-Commerce Swipe plugin <= 3.1.0 - Multiple Cross-Site Scripting	LOW	*-3.1.0		June 29, 2026
swipe-hq-checkout-for-eshop	swipe-hq-checkout-for-eshop	N/A	eShop Swipe plugin <= 3.7.0 - Cross-Site Scripting	LOW	*-3.7.0		June 29, 2026
style-it	style-it	N/A	Style It <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 29, 2026
spreadshirt-rss-3d-cube-flash-gallery	spreadshirt-rss-3d-cube-flash-gallery	N/A	WP-RSS-Spreadshirt-3DCube-Gallery <= 1.3 - Cross-Site Scripting	LOW	*-1.3		June 29, 2026
spotlightyour	spotlightyour	N/A	Spotlight <= 4.7 - Cross-Site Scripting	LOW	*-4.7		June 29, 2026
soundslides	soundslides	N/A	Soundslides < 2.5.0 - Reflected Cross-Site Scripting	LOW	*-2.1.0	2.5.0	June 29, 2026
social-connect	social-connect	N/A	Social Connect <= 0.10.1 - Cross-Site Scripting	LOW	*-0.10.1	0.10.2	June 29, 2026
so-audible	so-audible	N/A	So Audible Cloud Music Player <= 0.9 - Cross-Site Scripting	LOW	*-0.9		June 29, 2026
shortcode-ninja	shortcode-ninja	N/A	Shortcode Ninja <= 1.4 - Cross-Site Scripting	LOW	*-1.4		June 29, 2026
secure-html5-video-player	secure-html5-video-player	N/A	Secure HTML5 Video Player < 3.4 - Reflected Cross-Site Scripting	LOW	*-3.3	3.4	June 29, 2026
sagepay-direct-for-woocommerce-payment-gateway	sagepay-direct-for-woocommerce-payment-gateway	N/A	WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting	LOW	[*, 0.1.6.7)	0.1.6.7	June 29, 2026
s3audible-amazon-s3-music-player	s3audible-amazon-s3-music-player	N/A	S3bubble Amazon S3 Media Streaming <= 3.5.4 - Cross-Site Scripting	LOW	*-3.5.4		June 29, 2026
qiniu-uploader	qiniu-uploader	N/A	Qiniu Uploader <= 0.1 - Cross-Site Scripting	LOW	*-0.1		June 29, 2026
proquoter	proquoter	N/A	Pro Quoter Plugin <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 29, 2026
podcasting	podcasting	N/A	Podcasting Plugin by TSG < 3.0.5 - Remote File Inclusion	LOW	*-3.0.4.1	3.0.5	June 29, 2026
pb-embedflash	pb-embedflash	N/A	pb-embedFlash <= 1.5.1 - Remote File Inclusion	LOW	*-1.5.1		June 29, 2026
pay-per-media-player	pay-per-media-player	N/A	Pay Per Media Player <= 1.24 - Cross-Site Scripting	LOW	*-1.24		June 29, 2026
ooorl	ooorl	N/A	Ooorl <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
movies	movies	N/A	Movies <= 0.6 - Reflected Cross-Site Scripting	LOW	*-0.6		June 29, 2026
microaudio	microaudio	N/A	µAudio Player <= 0.6.2 - Remote File Inclusion	LOW	*-0.6.2		June 29, 2026
link2player	link2player	91	Link2Player <= 0.2 - Cross-Site Scripting	LOW	*-0.2		June 29, 2026
kindeditor-for-wordpress	kindeditor-for-wordpress	93	Kindeditor For WordPress < 1.4 - Reflected Cross-Site Scripting	LOW	*-1.3.7	1.4	June 29, 2026
infusionsoft	infusionsoft	93	Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting	LOW	[*, 1.5.7)	1.5.7	June 29, 2026
import-legacy-media	import-legacy-media	91	Import Legacy Media <= 0.1 - Cross-Site Scripting	LOW	*-0.1		June 29, 2026
html5-video-player-with-playlist	html5-video-player-with-playlist	89	HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting	LOW	*-2.4.0		June 29, 2026
html5-lyrics-karaoke-player	html5-lyrics-karaoke-player	89	HTML5 Lyrics Karaoke Player <= 2.4 - Cross-Site Scripting	LOW	*-2.4		June 29, 2026
html5-jquery-audio-player	html5-jquery-audio-player	91	HTML5 jQuery Audio Player <= 2.6.2 - Cross-Site Scripting	LOW	*-2.6.2		June 29, 2026
grand-media	grand-media	91	Gmedia Photo Gallery < 0.9.4 - Reflected Cross-Site Scripting	LOW	*-0.9.3	0.9.4	June 29, 2026
global-flash-galleries	global-flash-galleries	93	Global Flash Gallery < 0.13.4 - Cross-Site Scripting	LOW	*-0.13.3	0.13.4	June 29, 2026
geo-redirector	geo-redirector	91	GEO Redirector <= 1.0.1 - Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
gdeslon-affiliate-shop	gdeslon-affiliate-shop	93	GdeSlon Affiliate Shop <= 1.5.5 - Open Redirect	LOW	*-1.5.5	2.0	June 29, 2026
garagesale	garagesale	93	GarageSale < 1.2.3 - Cross-Site Scripting	LOW	[*, 1.2.3)	1.2.3	June 29, 2026
foliopress-wysiwyg	foliopress-wysiwyg	93	Foliopress WYSIWYG < 2.6.16 - Cross-Site Scripting	LOW	*-2.6.15	2.6.16	June 29, 2026
emc2-custom-help-videos	emc2-custom-help-videos	91	EMC2 Custom Help Videos <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 29, 2026
dssearchagent-wordpress-edition	dssearchagent-wordpress-edition	91	dsSearchAgent: WordPress Edition <= 1.0-beta10 - Reflected Cross-Site Scripting	LOW	[*, 1.0-beta10)		June 29, 2026
dsidxpress	dsidxpress	93	dsIDXpress < 2.1.1 - Cross-Site Scripting	LOW	[*, 2.1.1)	2.1.1	June 29, 2026
cbi-referral-manager	cbi-referral-manager	91	CBI Referral Manager <= 1.2.1 Cross-Site Scripting	LOW	*-1.2.1		June 29, 2026
bookshelf	bookshelf	89	Bookshelf <= 2.0.4 - Cross-Site Scripting	LOW	*-2.0.4		June 29, 2026
audio	audio	91	Audio <= 0.6.1 - Reflected Cross-Site Scripting	LOW	*-0.6.1		June 29, 2026
1g-music-share	1g-music-share	95	1g-music-share <= 1.5.1 - Cross-Site Scripting	LOW	*-1.5.1		June 29, 2026
conversionninja	conversionninja	91	Conversion Ninja (Unspecified Version) - Cross-Site Scripting	LOW	*		June 29, 2026
booking-system	booking-system	91	Pinpoint Booking System – #1 WordPress Booking Plugin < 1.3 - SQL Injection	LOW	[*, 1.3)	1.3	June 29, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	NextGen Gallery <= 2.0.65 - Arbitrary File Upload	LOW	*-2.0.65	2.0.66	June 29, 2026
login-rebuilder	login-rebuilder	93	Login rebuilder < 1.2.0 - Cross-Site Request Forgery	LOW	[*, 1.2.0)	1.2.0	June 29, 2026
imember360	imember360	93	iMember360is 3.8.012 - 3.9.001 - Cross-Site Scripting	LOW	[3.8.012, 3.9.002)	3.9.002	June 29, 2026
bonuspressx	bonuspressx	91	Bonuspressx (All Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
wp-property	wp-property	N/A	WP-Property – WordPress Powered Real Estate and Property Management < 1.38.4 - Information Disclosure	LOW	[*, 1.38.4)	1.38.4	June 29, 2026
photo-gallery	photo-gallery	N/A	Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery	LOW	[*, 1.2.42)	1.2.42	June 29, 2026
search-everything	search-everything	N/A	Search Everything <= 8.1 - Cross-Site Request Forgery	LOW	[*, 8.1.1)	8.1.1	June 29, 2026
profile-builder	profile-builder	N/A	Profile Builder – User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass	LOW	[*, 1.1.60)	1.1.60	June 29, 2026
wp-affiliate-platform	wp-affiliate-platform	N/A	WP Affiliate Platform <= 6.3.8 - Reflected Cross-Site Scripting	LOW	*-6.3.8	6.3.9	June 29, 2026
tinymce-colorpicker	tinymce-colorpicker	N/A	TinyMCE Color Picker < 1.2 - Cross-Site Request Forgery	LOW	[*, 1.2)	1.2	June 29, 2026
acumbamail-signup-forms	acumbamail-signup-forms	97	Acumbamail < 1.0.4.1 - Sensitive Information Disclosure	LOW	[*, 1.0.4.1)	1.0.4.1	June 29, 2026
nextcellent-gallery-nextgen-legacy	nextcellent-gallery-nextgen-legacy	N/A	NextCellent Gallery < 1.9.18 - Stored Cross-Site Scripting	LOW	[*, 1.9.18)	1.9.18	June 29, 2026
tinymce-colorpicker	tinymce-colorpicker	N/A	TinyMCE Color Picker <= 1.1 - Missing Authorization	LOW	*-1.1	1.2	June 29, 2026
keyword-strategy-internal-links	keyword-strategy-internal-links	91	Keyword Strategy Internal Links <= 2.0 - Reflected Cross-Site Scripting	LOW	*-2.0		June 29, 2026
imember360	imember360	93	iMember360 3.8.012 - 3.9.001 - Missing Authorization	LOW	[3.8.012, 3.9.001)	3.9.001	June 29, 2026
imember360	imember360	93	iMember360 < 3.9.001 - Missing Authorization and Sensitive Data Exposure	LOW	[*, 3.9.001)	3.9.001	June 29, 2026
contact-bank	contact-bank	91	Contact Bank – Contact Form Builder for WordPress <= 2.0.19 - Cross-Site Scripting	LOW	*-2.0.19	2.0.20	June 29, 2026
wp-easybooking	wp-easybooking	N/A	WP Easybooking <= 1.0.3 - Cross-Site Scripting	LOW	*-1.0.3		June 29, 2026
game-tabs	game-tabs	91	Game Tabs <= 0.4.0 - Cross-Site Scripting	LOW	*-0.4.0		June 29, 2026
flog	flog	91	Flog <= 0.1 - Cross-Site Scripting	LOW	*-0.1		June 29, 2026
flash-photo-gallery	flash-photo-gallery	91	Flash Photo Gallery <= 0.7 - Cross-Site Scripting	LOW	*-0.7		June 29, 2026
ebay-feeds-for-wordpress	ebay-feeds-for-wordpress	93	WP eBay Product Feeds < 1.1 - Cross-Site Scripting	LOW	[*, 1.1)	1.1	June 29, 2026
imember360	imember360	93	iMember360 3.8.012 - 3.9.001 - Remote Code Execution	LOW	3.8.012-3.9.001	3.9.002	June 29, 2026
imember360	imember360	93	iMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery	LOW	[3.8.012, 3.9.001)	3.9.001	June 29, 2026
file-gallery	file-gallery	91	File Gallery < 1.7.9.2 - Remote Code Execution	LOW	[*, 1.7.9.2)	1.7.9.2	June 29, 2026
ad-blocking-detector	ad-blocking-detector	95	Ad Blocking Detector <= 1.2.1 - Full Path Disclosure	LOW	*-1.2.1	1.2.2	June 29, 2026
wp-js-external-link-info	wp-js-external-link-info	N/A	WP Js External Link Info <= 1.21 - Cross-Site Scripting	LOW	*-1.21		June 29, 2026
liveoptim	liveoptim	93	SEO Plugin LiveOptim <= 1.1.3 - Cross-Site Request Forgery	LOW	*-1.1.3	1.1.4	June 29, 2026
unconfirmed	unconfirmed	N/A	Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting	LOW	[*, 1.2.5)	1.2.5	June 29, 2026
twitget	twitget	N/A	Twitget <= 3.3.2 - Stored Cross-Site Scripting	LOW	*-3.3.2	3.3.3	June 29, 2026
funcaptcha	funcaptcha	93	FunCaptcha – Anti-Spam CAPTCHA < 0.3.3 - Cross-Site Request Forgery	LOW	[*, 0.3.3)	0.3.3	June 29, 2026
lazyest-gallery	lazyest-gallery	93	Lazyest Gallery < 1.1.21 - Stored Cross-Site Scripting	LOW	[*, 1.1.21)	1.1.21	June 29, 2026
xcloner-backup-and-restore	xcloner-backup-and-restore	N/A	Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery	LOW	[*, 3.1.1)	3.1.1	June 29, 2026
twitget	twitget	N/A	Twitget < 3.3.3 - Cross-Site Request Forgery	LOW	[*, 3.3.3)	3.3.3	June 29, 2026
wp-customer-reviews	wp-customer-reviews	N/A	WP Customer Reviews <= 3.0.8 - Cross-Site Request Forgery	LOW	[*, 3.0.9)	3.0.9	June 29, 2026
xcloner-backup-and-restore	xcloner-backup-and-restore	N/A	Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Cross-Site Request Forgery	LOW	[*, 3.1.1)	3.1.1	June 29, 2026
js-multihotel	js-multihotel	86	JS Multi Hotel <= 2.2.1 - Full Path Disclosure	LOW	*-2.2.1		June 29, 2026
js-multihotel	js-multihotel	86	JS Multi Hotel <= 2.2.1 - Cross-Site Scripting	LOW	*-2.2.1		June 29, 2026

LOW

dmca-watermarker

Score: 93/100 DMCA WaterMarker < 1.1 - Cross-Site Scripting Affected: [*, 1.1) Patched: 1.1 Updated: June 29, 2026

LOW

conversador

Score: 91/100 Conversador <= 2.61 - Reflected Cross-Site Scripting Affected: *-2.61 Patched: Updated: June 29, 2026

LOW

bookx

Score: 91/100 BookX <= 1.7 - Path Traversal Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

bic-media

Score: 91/100 BIC Media Widget <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

all-video-gallery

Score: 95/100 All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

all-in-one-social-lite

Score: 95/100 All in One Social Lite <= 1.0 - Server-Side Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

alipay

Score: 95/100 WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 < 3.7.0 - Cross-Site Scripting Affected: [*, 3.7.0) Patched: 3.7.0 Updated: June 29, 2026

LOW

activehelper-livehelp

Score: 97/100 ActiveHelper LiveHelp Live Chat < 3.1.5 - Reflected Cross-Site Scripting Affected: [*, 3.1.5) Patched: 3.1.5 Updated: June 29, 2026

LOW

zeenshare

Score: N/A Zeenshare <= 1.0.1 - Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

youtubefreedown

Score: N/A Youtube Freedown <= 1.0 - Remote Media File Inclusion Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

wp-ultimate-email-marketer

Score: N/A WP Ultimate Email Marketer <= 1.1.0 - Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 29, 2026

LOW

wp-ttisbdir

Score: N/A WP-Business Directory <= 1.0.2 - Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

wp-planet

Score: N/A WP-Planet <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 29, 2026

LOW

wp-lightpop

Score: N/A WP-lightpop <= 0.8.5.6 - Remote Media File Inclusion Affected: *-0.8.5.6 Patched: Updated: June 29, 2026

LOW

wp-contact-sidebar-widget

Score: N/A WP-Contact <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

wordpress-social-login

Score: N/A WordPress Social Login <= 2.1.5 - Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: June 29, 2026

LOW

votecount-for-balatarin

Score: N/A Votecount For Balatarin <= 0.1.1 - Reflected Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 29, 2026

LOW

verweise-wordpress-twitter

Score: N/A verwei.se – WordPress – Twitter <= 1.0 2 - Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

ultimate-weather-plugin

Score: N/A Local Weather <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

toolpage

Score: N/A Toolpage <= 1.6.1 - Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: June 29, 2026

LOW

swipehq-payment-gateway-wp-e-commerce

Score: N/A WP e-Commerce Swipe plugin <= 3.1.0 - Multiple Cross-Site Scripting Affected: *-3.1.0 Patched: Updated: June 29, 2026

LOW

swipe-hq-checkout-for-eshop

Score: N/A eShop Swipe plugin <= 3.7.0 - Cross-Site Scripting Affected: *-3.7.0 Patched: Updated: June 29, 2026

LOW

style-it

Score: N/A Style It <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

spreadshirt-rss-3d-cube-flash-gallery

Score: N/A WP-RSS-Spreadshirt-3DCube-Gallery <= 1.3 - Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

spotlightyour

Score: N/A Spotlight <= 4.7 - Cross-Site Scripting Affected: *-4.7 Patched: Updated: June 29, 2026

LOW

soundslides

Score: N/A Soundslides < 2.5.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: 2.5.0 Updated: June 29, 2026

LOW

social-connect

Score: N/A Social Connect <= 0.10.1 - Cross-Site Scripting Affected: *-0.10.1 Patched: 0.10.2 Updated: June 29, 2026

LOW

so-audible

Score: N/A So Audible Cloud Music Player <= 0.9 - Cross-Site Scripting Affected: *-0.9 Patched: Updated: June 29, 2026

LOW

shortcode-ninja

Score: N/A Shortcode Ninja <= 1.4 - Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

secure-html5-video-player

Score: N/A Secure HTML5 Video Player < 3.4 - Reflected Cross-Site Scripting Affected: *-3.3 Patched: 3.4 Updated: June 29, 2026

LOW

sagepay-direct-for-woocommerce-payment-gateway

Score: N/A WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting Affected: [*, 0.1.6.7) Patched: 0.1.6.7 Updated: June 29, 2026

LOW

s3audible-amazon-s3-music-player

Score: N/A S3bubble Amazon S3 Media Streaming <= 3.5.4 - Cross-Site Scripting Affected: *-3.5.4 Patched: Updated: June 29, 2026

LOW

qiniu-uploader

Score: N/A Qiniu Uploader <= 0.1 - Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 29, 2026

LOW

proquoter

Score: N/A Pro Quoter Plugin <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

podcasting

Score: N/A Podcasting Plugin by TSG < 3.0.5 - Remote File Inclusion Affected: *-3.0.4.1 Patched: 3.0.5 Updated: June 29, 2026

LOW

pb-embedflash

Score: N/A pb-embedFlash <= 1.5.1 - Remote File Inclusion Affected: *-1.5.1 Patched: Updated: June 29, 2026

LOW

pay-per-media-player

Score: N/A Pay Per Media Player <= 1.24 - Cross-Site Scripting Affected: *-1.24 Patched: Updated: June 29, 2026

LOW

ooorl

Score: N/A Ooorl <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

movies

Score: N/A Movies <= 0.6 - Reflected Cross-Site Scripting Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

microaudio

Score: N/A µAudio Player <= 0.6.2 - Remote File Inclusion Affected: *-0.6.2 Patched: Updated: June 29, 2026

LOW

link2player

Score: 91/100 Link2Player <= 0.2 - Cross-Site Scripting Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

kindeditor-for-wordpress

Score: 93/100 Kindeditor For WordPress < 1.4 - Reflected Cross-Site Scripting Affected: *-1.3.7 Patched: 1.4 Updated: June 29, 2026

LOW

infusionsoft

Score: 93/100 Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting Affected: [*, 1.5.7) Patched: 1.5.7 Updated: June 29, 2026

LOW

import-legacy-media

Score: 91/100 Import Legacy Media <= 0.1 - Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 29, 2026

LOW

html5-video-player-with-playlist

Score: 89/100 HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting Affected: *-2.4.0 Patched: Updated: June 29, 2026

LOW

html5-lyrics-karaoke-player

Score: 89/100 HTML5 Lyrics Karaoke Player <= 2.4 - Cross-Site Scripting Affected: *-2.4 Patched: Updated: June 29, 2026

LOW

html5-jquery-audio-player

Score: 91/100 HTML5 jQuery Audio Player <= 2.6.2 - Cross-Site Scripting Affected: *-2.6.2 Patched: Updated: June 29, 2026

LOW

grand-media

Score: 91/100 Gmedia Photo Gallery < 0.9.4 - Reflected Cross-Site Scripting Affected: *-0.9.3 Patched: 0.9.4 Updated: June 29, 2026

LOW

global-flash-galleries

Score: 93/100 Global Flash Gallery < 0.13.4 - Cross-Site Scripting Affected: *-0.13.3 Patched: 0.13.4 Updated: June 29, 2026

LOW

geo-redirector

Score: 91/100 GEO Redirector <= 1.0.1 - Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

gdeslon-affiliate-shop

Score: 93/100 GdeSlon Affiliate Shop <= 1.5.5 - Open Redirect Affected: *-1.5.5 Patched: 2.0 Updated: June 29, 2026

LOW

garagesale

Score: 93/100 GarageSale < 1.2.3 - Cross-Site Scripting Affected: [*, 1.2.3) Patched: 1.2.3 Updated: June 29, 2026

LOW

foliopress-wysiwyg

Score: 93/100 Foliopress WYSIWYG < 2.6.16 - Cross-Site Scripting Affected: *-2.6.15 Patched: 2.6.16 Updated: June 29, 2026

LOW

emc2-custom-help-videos

Score: 91/100 EMC2 Custom Help Videos <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

dssearchagent-wordpress-edition

Score: 91/100 dsSearchAgent: WordPress Edition <= 1.0-beta10 - Reflected Cross-Site Scripting Affected: [*, 1.0-beta10) Patched: Updated: June 29, 2026

LOW

dsidxpress

Score: 93/100 dsIDXpress < 2.1.1 - Cross-Site Scripting Affected: [*, 2.1.1) Patched: 2.1.1 Updated: June 29, 2026

LOW

cbi-referral-manager

Score: 91/100 CBI Referral Manager <= 1.2.1 Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

bookshelf

Score: 89/100 Bookshelf <= 2.0.4 - Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: June 29, 2026

LOW

audio

Score: 91/100 Audio <= 0.6.1 - Reflected Cross-Site Scripting Affected: *-0.6.1 Patched: Updated: June 29, 2026

LOW

1g-music-share

Score: 95/100 1g-music-share <= 1.5.1 - Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: June 29, 2026

LOW

conversionninja

Score: 91/100 Conversion Ninja (Unspecified Version) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System – #1 WordPress Booking Plugin < 1.3 - SQL Injection Affected: [*, 1.3) Patched: 1.3 Updated: June 29, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 NextGen Gallery <= 2.0.65 - Arbitrary File Upload Affected: *-2.0.65 Patched: 2.0.66 Updated: June 29, 2026

LOW

login-rebuilder

Score: 93/100 Login rebuilder < 1.2.0 - Cross-Site Request Forgery Affected: [*, 1.2.0) Patched: 1.2.0 Updated: June 29, 2026

LOW

imember360

Score: 93/100 iMember360is 3.8.012 - 3.9.001 - Cross-Site Scripting Affected: [3.8.012, 3.9.002) Patched: 3.9.002 Updated: June 29, 2026

LOW

bonuspressx

Score: 91/100 Bonuspressx (All Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

wp-property

Score: N/A WP-Property – WordPress Powered Real Estate and Property Management < 1.38.4 - Information Disclosure Affected: [*, 1.38.4) Patched: 1.38.4 Updated: June 29, 2026

LOW

photo-gallery

Score: N/A Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery Affected: [*, 1.2.42) Patched: 1.2.42 Updated: June 29, 2026

LOW

search-everything

Score: N/A Search Everything <= 8.1 - Cross-Site Request Forgery Affected: [*, 8.1.1) Patched: 8.1.1 Updated: June 29, 2026

LOW

profile-builder

Score: N/A Profile Builder – User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass Affected: [*, 1.1.60) Patched: 1.1.60 Updated: June 29, 2026

LOW

wp-affiliate-platform

Score: N/A WP Affiliate Platform <= 6.3.8 - Reflected Cross-Site Scripting Affected: *-6.3.8 Patched: 6.3.9 Updated: June 29, 2026

LOW

tinymce-colorpicker

Score: N/A TinyMCE Color Picker < 1.2 - Cross-Site Request Forgery Affected: [*, 1.2) Patched: 1.2 Updated: June 29, 2026

LOW

acumbamail-signup-forms

Score: 97/100 Acumbamail < 1.0.4.1 - Sensitive Information Disclosure Affected: [*, 1.0.4.1) Patched: 1.0.4.1 Updated: June 29, 2026

LOW

nextcellent-gallery-nextgen-legacy

Score: N/A NextCellent Gallery < 1.9.18 - Stored Cross-Site Scripting Affected: [*, 1.9.18) Patched: 1.9.18 Updated: June 29, 2026

LOW

tinymce-colorpicker

Score: N/A TinyMCE Color Picker <= 1.1 - Missing Authorization Affected: *-1.1 Patched: 1.2 Updated: June 29, 2026

LOW

keyword-strategy-internal-links

Score: 91/100 Keyword Strategy Internal Links <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

imember360

Score: 93/100 iMember360 3.8.012 - 3.9.001 - Missing Authorization Affected: [3.8.012, 3.9.001) Patched: 3.9.001 Updated: June 29, 2026

LOW

imember360

Score: 93/100 iMember360 < 3.9.001 - Missing Authorization and Sensitive Data Exposure Affected: [*, 3.9.001) Patched: 3.9.001 Updated: June 29, 2026

LOW

contact-bank

Score: 91/100 Contact Bank – Contact Form Builder for WordPress <= 2.0.19 - Cross-Site Scripting Affected: *-2.0.19 Patched: 2.0.20 Updated: June 29, 2026

LOW

wp-easybooking

Score: N/A WP Easybooking <= 1.0.3 - Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

game-tabs

Score: 91/100 Game Tabs <= 0.4.0 - Cross-Site Scripting Affected: *-0.4.0 Patched: Updated: June 29, 2026

LOW

flog

Score: 91/100 Flog <= 0.1 - Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 29, 2026

LOW

flash-photo-gallery

Score: 91/100 Flash Photo Gallery <= 0.7 - Cross-Site Scripting Affected: *-0.7 Patched: Updated: June 29, 2026

LOW

ebay-feeds-for-wordpress

Score: 93/100 WP eBay Product Feeds < 1.1 - Cross-Site Scripting Affected: [*, 1.1) Patched: 1.1 Updated: June 29, 2026

LOW

imember360

Score: 93/100 iMember360 3.8.012 - 3.9.001 - Remote Code Execution Affected: 3.8.012-3.9.001 Patched: 3.9.002 Updated: June 29, 2026

LOW

imember360

Score: 93/100 iMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery Affected: [3.8.012, 3.9.001) Patched: 3.9.001 Updated: June 29, 2026

LOW

file-gallery

Score: 91/100 File Gallery < 1.7.9.2 - Remote Code Execution Affected: [*, 1.7.9.2) Patched: 1.7.9.2 Updated: June 29, 2026

LOW

ad-blocking-detector

Score: 95/100 Ad Blocking Detector <= 1.2.1 - Full Path Disclosure Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

wp-js-external-link-info

Score: N/A WP Js External Link Info <= 1.21 - Cross-Site Scripting Affected: *-1.21 Patched: Updated: June 29, 2026

LOW

liveoptim

Score: 93/100 SEO Plugin LiveOptim <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026

LOW

unconfirmed

Score: N/A Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting Affected: [*, 1.2.5) Patched: 1.2.5 Updated: June 29, 2026

LOW

twitget

Score: N/A Twitget <= 3.3.2 - Stored Cross-Site Scripting Affected: *-3.3.2 Patched: 3.3.3 Updated: June 29, 2026

LOW

funcaptcha

Score: 93/100 FunCaptcha – Anti-Spam CAPTCHA < 0.3.3 - Cross-Site Request Forgery Affected: [*, 0.3.3) Patched: 0.3.3 Updated: June 29, 2026

LOW

lazyest-gallery

Score: 93/100 Lazyest Gallery < 1.1.21 - Stored Cross-Site Scripting Affected: [*, 1.1.21) Patched: 1.1.21 Updated: June 29, 2026

LOW

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery Affected: [*, 3.1.1) Patched: 3.1.1 Updated: June 29, 2026

LOW

twitget

Score: N/A Twitget < 3.3.3 - Cross-Site Request Forgery Affected: [*, 3.3.3) Patched: 3.3.3 Updated: June 29, 2026

LOW

wp-customer-reviews

Score: N/A WP Customer Reviews <= 3.0.8 - Cross-Site Request Forgery Affected: [*, 3.0.9) Patched: 3.0.9 Updated: June 29, 2026

LOW

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Cross-Site Request Forgery Affected: [*, 3.1.1) Patched: 3.1.1 Updated: June 29, 2026

LOW

js-multihotel

Score: 86/100 JS Multi Hotel <= 2.2.1 - Full Path Disclosure Affected: *-2.2.1 Patched: Updated: June 29, 2026

LOW

js-multihotel

Score: 86/100 JS Multi Hotel <= 2.2.1 - Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: June 29, 2026

Showing 35401 to 35500 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 02:57 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List