Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
js-multihotel	js-multihotel	86	JS Multi Hotel <= 2.2.1 - Reflected Cross-Site Scripting	LOW	*-2.2.1		June 29, 2026
wp-business-intelligence-lite	wp-business-intelligence-lite	N/A	WP Business intelligence lite < 1.3 - Arbitrary File Upload	LOW	[*, 1.3)	1.3	June 29, 2026
gd-star-rating	gd-star-rating	87	GD Star Rating <= 1.9.22 - Cross-Site Request Forgery	LOW	*-1.9.22		June 29, 2026
gd-star-rating	gd-star-rating	87	GD Star Rating <= 1.9.22 - Blind SQL Injection	LOW	*-1.9.22		June 29, 2026
ajax-pagination	ajax-pagination	95	Ajax Pagination (twitter Style) <= 1.1 - Local File Inclusion	LOW	*-1.1		June 29, 2026
leaflet-maps-marker-pro	leaflet-maps-marker-pro	93	Leaflet Maps Marker Pro < 1.5.8 - SQL Injection	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
leaflet-maps-marker-pro	leaflet-maps-marker-pro	93	Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
leaflet-maps-marker-pro	leaflet-maps-marker-pro	93	Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Deletion	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
leaflet-maps-marker-pro	leaflet-maps-marker-pro	93	Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Upload	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
mapsmarker	mapsmarker	93	Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
mapsmarker	mapsmarker	93	Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Upload	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
mapsmarker	mapsmarker	93	Leaflet Maps Marker Pro < 1.5.8 - Path Traversal	LOW	[*, 1.5.8)	1.5.8	June 29, 2026
custom-background	custom-background	91	Custom Background <= 3.2.2.67929 - Arbitrary File Upload	LOW	*-3.2.2.67929		June 29, 2026
world-of-warcraft-armory-table	world-of-warcraft-armory-table	N/A	World of Warcraft – Armory Table < 0.2.6 - Cross-Site Scripting	LOW	[*, 0.2.6)	0.2.6	June 29, 2026
facebook-page-photo-gallery	facebook-page-photo-gallery	91	Facebook Page Photo Gallery <= 2.0.9 - Cross-Site Scripting	LOW	*-2.0.9		June 29, 2026
premium_gallery_manager	premium_gallery_manager	N/A	Premium Gallery Manager (Unknown Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
contextual-related-posts	contextual-related-posts	93	Contextual Related Posts < 1.8.10.2 - SQL Injection	LOW	[*, 1.8.10.2)	1.8.10.2	June 29, 2026
barclaycart	barclaycart	91	Barclaycart (All Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.9.1 - SQL Injection	LOW	*-2.9.1	2.9.2	June 29, 2026
clickdesk-live-support-chat-plugin	clickdesk-live-support-chat-plugin	91	Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 4.3 - Cross-Site Scripting	LOW	*-4.3		June 29, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting	LOW	*-1.3.12		June 29, 2026
google-analytics-mu	google-analytics-mu	93	Google Analytics MU < 2.4 - Cross-Site Request Forgery	LOW	*-2.3.1	2.4	June 29, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Broadcast Live Video – Live Streaming < 4.29.5 - Full Path Disclosure	LOW	[*, 4.29.5)	4.29.5	June 29, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion	LOW	[*, 4.29.5)	4.29.5	June 29, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload	LOW	*-4.27.4	4.29.5	June 29, 2026
aryo-activity-log	aryo-activity-log	97	Activity Log Plugin < 2.0.4 - Fulle Path Disclosure	LOW	[*, 2.0.4)	2.0.4	June 29, 2026
zedity	zedity	N/A	Zedity – The Layout-Free Content Editor < 2.5.1 - Reflected Cross-Site Scripting	LOW	[*, 2.5.1)	2.5.1	June 29, 2026
widget-control-powered-by-everyblock	widget-control-powered-by-everyblock	N/A	Widget Control Powered By Everyblock <= 1.0.1 - Reflected Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.29.6 - Cross-Site Scripting	LOW	*-4.29.6	4.29.9	June 29, 2026
mtouch-quiz	mtouch-quiz	N/A	mTouch Quiz < 3.0.7 - Cross-Site Scripting	LOW	[*, 3.0.7)	3.0.7	June 29, 2026
mtouch-quiz	mtouch-quiz	N/A	mTouch Quiz < 3.0.7 - SQL Injection	LOW	[*, 3.0.7)	3.0.7	June 29, 2026
Contact Form 7	contact-form-7	97	Contact Form 7 < 3.7.2 - CAPTCHA Bypass	LOW	[*, 3.7.2)	3.7.2	June 29, 2026
thanks-you-counter-button	thanks-you-counter-button	N/A	Thank You Counter Button <= 1.9.3 - Cross-Site Scripting	LOW	*-1.9.3		June 29, 2026
relevanssi	relevanssi	N/A	Relevanssi <= 3.3 - SQL Injection	LOW	*-3.3	3.3.1	June 29, 2026
mp3-jplayer	mp3-jplayer	N/A	MP3-jPlayer < 1.8.8 - Cross-Site Scripting	LOW	[*, 1.8.8)	1.8.8	June 29, 2026
user-domain-whitelist	user-domain-whitelist	N/A	User Domain Whitelist <= 1.4 - Cross-Site Request Forgery	LOW	[*, 1.5)	1.5	June 29, 2026
AdRotate Banner Manager	adrotate	74	AdRotate – Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection	LOW	3.9-3.9.4	3.9.5	June 29, 2026
connections	connections	91	Connections Business Directory < 0.7.9.4 - Cross-Site Scripting	LOW	[*, 0.7.9.4)	0.7.9.4	June 29, 2026
subscribe-to-comments-reloaded	subscribe-to-comments-reloaded	N/A	Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-140129	140219	June 29, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	NextGen Gallery <= 2.0 - Path Traversal	LOW	*-2.0	2.0.7	June 29, 2026
nextend-facebook-connect	nextend-facebook-connect	N/A	Nextend Social Login and Register <= 1.5.0 - Cross-Site Scripting	LOW	[*, 1.5.1)	1.5.1	June 29, 2026
wp-security-scan	wp-security-scan	N/A	Acunetix WP Security <= 4.0.4 - Cross-Site Request Forgery	LOW	[*, 4.0.5)	4.0.5	June 29, 2026
search-everything	search-everything	N/A	Search Everything <= 7.0.2 - SQL Injection	LOW	[*, 7.0.3)	7.0.3	June 29, 2026
all_in_one_carousel	all_in_one_carousel	97	All In One Slider <= 1.2.20 - Reflected Cross-Site Scripting	LOW	*-1.2.20	1.2.21	June 29, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Cross-Site Scripting	LOW	[*, 4.29.5)	4.29.5	June 29, 2026
buddypress	buddypress	93	BuddyPress <= 1.9.1 - Authorization Bypass	LOW	[*, 1.9.2)	1.9.2	June 29, 2026
stop-user-enumeration	stop-user-enumeration	N/A	Stop User Enumeration <= 1.2.4 - Security Bypass	LOW	*-1.2.4	1.2.5	June 29, 2026
Media File Renamer: Rename for better SEO (AI-Powered)	media-file-renamer	88	Media File Renamer < 1.9.4 - Stored Cross-Site Scripting	LOW	[*, 1.9.4)	1.9.4	June 29, 2026
amerisale-re	amerisale-re	95	amerisale-re (All Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
seolinkrotator	seolinkrotator	N/A	SEO Link Rotator <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 29, 2026
media-downloader	media-downloader	93	Media Downloader <= 0.1.992 - Reflected Cross-Site Scripting	LOW	*-0.1.992	0.1.993	June 29, 2026
nokia-mapsplaces	nokia-mapsplaces	N/A	Nokia Maps & Places < 1.6.7 - Open Redirect	LOW	[*, 1.6.7)	1.6.7	June 29, 2026
wordpress-social-ring	wordpress-social-ring	N/A	Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) <= 1.1.9 - Cross-Site Scripting	LOW	[*, 1.2.0)	1.2.0	June 29, 2026
newsletter-manager	newsletter-manager	N/A	Newsletter Manager < 1.4 - Cross-Site Request Forgery	LOW	[*, 1.4)	1.4	June 29, 2026
wp-members	wp-members	N/A	WP-Members Membership Plugin <= 2.8.9 - Reflected Cross-Site Scripting	LOW	[*, 2.8.10)	2.8.10	June 29, 2026
aprils-super-functions-pack	aprils-super-functions-pack	97	April's Super Functions Pack <= 1.4.7 - Reflected Cross-Site Scripting	LOW	*-1.4.7	1.4.8	June 29, 2026
url-cloak-encrypt	url-cloak-encrypt	N/A	Cloak & Encrypt < 3.8.0 - Cross-Site Scripting	LOW	[*, 3.8.0)	3.8.0	June 29, 2026
foliopress-wysiwyg	foliopress-wysiwyg	93	Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting	LOW	[*, 2.6.8.5)	2.6.8.5	June 29, 2026
intouch	intouch	91	intouch <= 2.0 - Cross-Site Scripting	LOW	*-2.0		June 29, 2026
flash-player-widget	flash-player-widget	91	Flash player widget <= 1.3 - Content Spoofing	LOW	*		June 29, 2026
advanced-dewplayer	advanced-dewplayer	95	Advanced Dewplayer < 1.3 - Directory Traversal	LOW	*-1.2	1.3	June 29, 2026
wp-cron-dashboard	wp-cron-dashboard	N/A	WP-Cron Dashboard < 1.1.6 - Cross-Site Scripting	LOW	[*, 1.1.6)	1.1.6	June 29, 2026
askapache-firefox-adsense	askapache-firefox-adsense	95	AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery	LOW	*-3.0		June 29, 2026
recommend-a-friend	recommend-a-friend	N/A	Recommend to a friend <= 2.2.2 - Cross-Site Scripting	LOW	*-2.2.2		June 29, 2026
dewplayer-flash-mp3-player	dewplayer-flash-mp3-player	89	Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing/Injection	LOW	*		June 29, 2026
advanced-dewplayer	advanced-dewplayer	95	Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing/Injection	LOW	[*, 1.5)	1.5	June 29, 2026
s3-video	s3-video	N/A	S3 Video <= 0.982 - Cross-Site Scripting	LOW	*-0.982	0.983	June 29, 2026
easy-media-gallery	easy-media-gallery	91	Gallery – Photo Albums Plugin < 1.2.29 - Cross-Site Scripting	LOW	[*, 1.2.29)	1.2.29	June 29, 2026
wp-realty	wp-realty	N/A	WPRealty <= 2.9.1 - Reflected Cross-Site Scripting	LOW	*-2.9.1		June 29, 2026
ad-minister	ad-minister	95	Ad-minister <= 0.6 - Cross-Site Scripting	LOW	*-0.6		June 29, 2026
player	player	N/A	SpiderVPlayer <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1		June 29, 2026
formcraft	formcraft	91	FormCraft <= 1.3.7 - SQL Injection	LOW	*-1.3.7	1.3.8	June 29, 2026
Download Manager	download-manager	63	Download Manager < 2.5.9 - Stored Cross-Site Scripting	LOW	*-2.5.8	2.5.9	June 29, 2026
spicy-blogroll	spicy-blogroll	N/A	Spicy Blogroll <= 1.0.0 - Local File Inclusion	LOW	*-1.0.0		June 29, 2026
Download Manager	download-manager	63	Download Manager <= 2.5.8 - Cross-Site Scripting	LOW	*-2.5.8	2.5.9	June 29, 2026
easy-career-openings	easy-career-openings	89	Easy Career Openings <= 0.4 - SQL Injection	LOW	*-0.4		June 29, 2026
groupdocs-comparison	groupdocs-comparison	93	GroupDocs.Comparison for Cloud < 1.0.3 - Cross-Site Scripting	LOW	[*, 1.0.3)	1.0.3	June 29, 2026
js-multihotel	js-multihotel	86	JS MultiHotel <= 2.2.1 - Reflected Cross-Site Scripting	LOW	*-2.2.1		June 29, 2026
optinfirex	optinfirex	N/A	Optinferex Plugin (All Known Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
amerisale-re	amerisale-re	95	Amerisale-Re (All Versions) - Reflected Cross-Site Scripting	LOW	*		June 29, 2026
all-in-one-event-calendar	all-in-one-event-calendar	97	Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting	LOW	[*, 1.10)	1.10	June 29, 2026
polldaddy	polldaddy	N/A	Crowdsignal Dashboard < 2.0.21 - Cross-Site Request Forgery	LOW	[*, 2.0.21)	2.0.21	June 29, 2026
lbg_zoominoutslider	lbg_zoominoutslider	87	Responsive Zoom In/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
floating-tweets	floating-tweets	89	Floating Tweets <= 1.0.1 - Directory Traversal	LOW	*-1.0.1		June 29, 2026
wordpress-checkout	wordpress-checkout	N/A	wp-checkout (Unknown Versions) - Arbitrary File Upload	LOW	*		June 29, 2026
gallery-bank	gallery-bank	89	Gallery Bank – WordPress Photo Gallery Plugin < 2.0.20 - Reflected Cross-Site Scripting	LOW	[*, 2.0.20)	2.0.20	June 29, 2026
mobilechief-mobile-site-creator	mobilechief-mobile-site-creator	N/A	MobileChief – Mobile Site Builder <= 1.5.7 - Cross-Site Scripting	LOW	*-1.5.7		June 29, 2026
portable-phpmyadmin	portable-phpmyadmin	N/A	Portable phpMyAdmin <= 1.5.0 - Authentication Bypass	LOW	*-1.5.0		June 29, 2026
payment-gateways-caller-for-wp-e-commerce	payment-gateways-caller-for-wp-e-commerce	N/A	Payment Gateways Caller for WP e-Commerce < 0.1.1 - Local File Inclusion	LOW	[*, 0.1.1)	0.1.1	June 29, 2026
blue-wrench-videos-widget	blue-wrench-videos-widget	91	Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting	LOW	*-1.0.5	2.0.0	June 29, 2026
videowall	videowall	N/A	videowall (All Versions) - Reflected Cross-Site Scripting	LOW	*		June 29, 2026
quick-paypal-payments	quick-paypal-payments	N/A	Quick Paypal Payments < 3.1 - Cross-Site Scripting	LOW	[*, 3.1)	3.1	June 29, 2026
dhtmlxspreadsheet	dhtmlxspreadsheet	91	dhtmlxSpreadsheet <= 2.0 - Cross-Site Scripting	LOW	*-2.0		June 29, 2026
WooCommerce	woocommerce	80	WooCommerce <= 2.0.17 - Cross-Site Scripting	LOW	*-2.0.17	2.0.18	June 29, 2026
social-sharing-toolkit	social-sharing-toolkit	N/A	Social Sharing Toolkit <= 2.1.1 - Cross-Site Request Forgery	LOW	*-2.1.1	2.1.2	June 29, 2026
wp-image-resizer	wp-image-resizer	N/A	WP Image Resizer (Unspecified Version) - Cross-Site Scripting	LOW	*		June 29, 2026
video-metabox	video-metabox	N/A	Video Metabox <= 1.1 - Stored Cross Site Scripting	LOW	*-1.1	1.1.1	June 29, 2026
dexs-pm-system	dexs-pm-system	91	Dexs PM System <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
finalist	finalist	89	Finalist (All Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
sl-user-create	sl-user-create	N/A	SL User Create < 0.2.5 - Information Disclosure	LOW	[*, 0.2.5)	0.2.5	June 29, 2026

LOW

js-multihotel

Score: 86/100 JS Multi Hotel <= 2.2.1 - Reflected Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: June 29, 2026

LOW

wp-business-intelligence-lite

Score: N/A WP Business intelligence lite < 1.3 - Arbitrary File Upload Affected: [*, 1.3) Patched: 1.3 Updated: June 29, 2026

LOW

gd-star-rating

Score: 87/100 GD Star Rating <= 1.9.22 - Cross-Site Request Forgery Affected: *-1.9.22 Patched: Updated: June 29, 2026

LOW

gd-star-rating

Score: 87/100 GD Star Rating <= 1.9.22 - Blind SQL Injection Affected: *-1.9.22 Patched: Updated: June 29, 2026

LOW

ajax-pagination

Score: 95/100 Ajax Pagination (twitter Style) <= 1.1 - Local File Inclusion Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

leaflet-maps-marker-pro

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - SQL Injection Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

leaflet-maps-marker-pro

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

leaflet-maps-marker-pro

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Deletion Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

leaflet-maps-marker-pro

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Upload Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

mapsmarker

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

mapsmarker

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Upload Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

mapsmarker

Score: 93/100 Leaflet Maps Marker Pro < 1.5.8 - Path Traversal Affected: [*, 1.5.8) Patched: 1.5.8 Updated: June 29, 2026

LOW

custom-background

Score: 91/100 Custom Background <= 3.2.2.67929 - Arbitrary File Upload Affected: *-3.2.2.67929 Patched: Updated: June 29, 2026

LOW

world-of-warcraft-armory-table

Score: N/A World of Warcraft – Armory Table < 0.2.6 - Cross-Site Scripting Affected: [*, 0.2.6) Patched: 0.2.6 Updated: June 29, 2026

LOW

facebook-page-photo-gallery

Score: 91/100 Facebook Page Photo Gallery <= 2.0.9 - Cross-Site Scripting Affected: *-2.0.9 Patched: Updated: June 29, 2026

LOW

premium_gallery_manager

Score: N/A Premium Gallery Manager (Unknown Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

contextual-related-posts

Score: 93/100 Contextual Related Posts < 1.8.10.2 - SQL Injection Affected: [*, 1.8.10.2) Patched: 1.8.10.2 Updated: June 29, 2026

LOW

barclaycart

Score: 91/100 Barclaycart (All Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.9.1 - SQL Injection Affected: *-2.9.1 Patched: 2.9.2 Updated: June 29, 2026

LOW

clickdesk-live-support-chat-plugin

Score: 91/100 Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 4.3 - Cross-Site Scripting Affected: *-4.3 Patched: Updated: June 29, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting Affected: *-1.3.12 Patched: Updated: June 29, 2026

LOW

google-analytics-mu

Score: 93/100 Google Analytics MU < 2.4 - Cross-Site Request Forgery Affected: *-2.3.1 Patched: 2.4 Updated: June 29, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming < 4.29.5 - Full Path Disclosure Affected: [*, 4.29.5) Patched: 4.29.5 Updated: June 29, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion Affected: [*, 4.29.5) Patched: 4.29.5 Updated: June 29, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload Affected: *-4.27.4 Patched: 4.29.5 Updated: June 29, 2026

LOW

aryo-activity-log

Score: 97/100 Activity Log Plugin < 2.0.4 - Fulle Path Disclosure Affected: [*, 2.0.4) Patched: 2.0.4 Updated: June 29, 2026

LOW

zedity

Score: N/A Zedity – The Layout-Free Content Editor < 2.5.1 - Reflected Cross-Site Scripting Affected: [*, 2.5.1) Patched: 2.5.1 Updated: June 29, 2026

LOW

widget-control-powered-by-everyblock

Score: N/A Widget Control Powered By Everyblock <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.29.6 - Cross-Site Scripting Affected: *-4.29.6 Patched: 4.29.9 Updated: June 29, 2026

LOW

mtouch-quiz

Score: N/A mTouch Quiz < 3.0.7 - Cross-Site Scripting Affected: [*, 3.0.7) Patched: 3.0.7 Updated: June 29, 2026

LOW

mtouch-quiz

Score: N/A mTouch Quiz < 3.0.7 - SQL Injection Affected: [*, 3.0.7) Patched: 3.0.7 Updated: June 29, 2026

LOW

Contact Form 7

contact-form-7

Score: 97/100 Contact Form 7 < 3.7.2 - CAPTCHA Bypass Affected: [*, 3.7.2) Patched: 3.7.2 Updated: June 29, 2026

LOW

thanks-you-counter-button

Score: N/A Thank You Counter Button <= 1.9.3 - Cross-Site Scripting Affected: *-1.9.3 Patched: Updated: June 29, 2026

LOW

relevanssi

Score: N/A Relevanssi <= 3.3 - SQL Injection Affected: *-3.3 Patched: 3.3.1 Updated: June 29, 2026

LOW

mp3-jplayer

Score: N/A MP3-jPlayer < 1.8.8 - Cross-Site Scripting Affected: [*, 1.8.8) Patched: 1.8.8 Updated: June 29, 2026

LOW

user-domain-whitelist

Score: N/A User Domain Whitelist <= 1.4 - Cross-Site Request Forgery Affected: [*, 1.5) Patched: 1.5 Updated: June 29, 2026

LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection Affected: 3.9-3.9.4 Patched: 3.9.5 Updated: June 29, 2026

LOW

connections

Score: 91/100 Connections Business Directory < 0.7.9.4 - Cross-Site Scripting Affected: [*, 0.7.9.4) Patched: 0.7.9.4 Updated: June 29, 2026

LOW

subscribe-to-comments-reloaded

Score: N/A Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-140129 Patched: 140219 Updated: June 29, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 NextGen Gallery <= 2.0 - Path Traversal Affected: *-2.0 Patched: 2.0.7 Updated: June 29, 2026

LOW

nextend-facebook-connect

Score: N/A Nextend Social Login and Register <= 1.5.0 - Cross-Site Scripting Affected: [*, 1.5.1) Patched: 1.5.1 Updated: June 29, 2026

LOW

wp-security-scan

Score: N/A Acunetix WP Security <= 4.0.4 - Cross-Site Request Forgery Affected: [*, 4.0.5) Patched: 4.0.5 Updated: June 29, 2026

LOW

search-everything

Score: N/A Search Everything <= 7.0.2 - SQL Injection Affected: [*, 7.0.3) Patched: 7.0.3 Updated: June 29, 2026

LOW

all_in_one_carousel

Score: 97/100 All In One Slider <= 1.2.20 - Reflected Cross-Site Scripting Affected: *-1.2.20 Patched: 1.2.21 Updated: June 29, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Cross-Site Scripting Affected: [*, 4.29.5) Patched: 4.29.5 Updated: June 29, 2026

LOW

buddypress

Score: 93/100 BuddyPress <= 1.9.1 - Authorization Bypass Affected: [*, 1.9.2) Patched: 1.9.2 Updated: June 29, 2026

LOW

stop-user-enumeration

Score: N/A Stop User Enumeration <= 1.2.4 - Security Bypass Affected: *-1.2.4 Patched: 1.2.5 Updated: June 29, 2026

LOW

Media File Renamer: Rename for better SEO (AI-Powered)

media-file-renamer

Score: 88/100 Media File Renamer < 1.9.4 - Stored Cross-Site Scripting Affected: [*, 1.9.4) Patched: 1.9.4 Updated: June 29, 2026

LOW

amerisale-re

Score: 95/100 amerisale-re (All Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

seolinkrotator

Score: N/A SEO Link Rotator <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

media-downloader

Score: 93/100 Media Downloader <= 0.1.992 - Reflected Cross-Site Scripting Affected: *-0.1.992 Patched: 0.1.993 Updated: June 29, 2026

LOW

nokia-mapsplaces

Score: N/A Nokia Maps & Places < 1.6.7 - Open Redirect Affected: [*, 1.6.7) Patched: 1.6.7 Updated: June 29, 2026

LOW

wordpress-social-ring

Score: N/A Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) <= 1.1.9 - Cross-Site Scripting Affected: [*, 1.2.0) Patched: 1.2.0 Updated: June 29, 2026

LOW

newsletter-manager

Score: N/A Newsletter Manager < 1.4 - Cross-Site Request Forgery Affected: [*, 1.4) Patched: 1.4 Updated: June 29, 2026

LOW

wp-members

Score: N/A WP-Members Membership Plugin <= 2.8.9 - Reflected Cross-Site Scripting Affected: [*, 2.8.10) Patched: 2.8.10 Updated: June 29, 2026

LOW

aprils-super-functions-pack

Score: 97/100 April's Super Functions Pack <= 1.4.7 - Reflected Cross-Site Scripting Affected: *-1.4.7 Patched: 1.4.8 Updated: June 29, 2026

LOW

url-cloak-encrypt

Score: N/A Cloak & Encrypt < 3.8.0 - Cross-Site Scripting Affected: [*, 3.8.0) Patched: 3.8.0 Updated: June 29, 2026

LOW

foliopress-wysiwyg

Score: 93/100 Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting Affected: [*, 2.6.8.5) Patched: 2.6.8.5 Updated: June 29, 2026

LOW

intouch

Score: 91/100 intouch <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

flash-player-widget

Score: 91/100 Flash player widget <= 1.3 - Content Spoofing Affected: * Patched: Updated: June 29, 2026

LOW

advanced-dewplayer

Score: 95/100 Advanced Dewplayer < 1.3 - Directory Traversal Affected: *-1.2 Patched: 1.3 Updated: June 29, 2026

LOW

wp-cron-dashboard

Score: N/A WP-Cron Dashboard < 1.1.6 - Cross-Site Scripting Affected: [*, 1.1.6) Patched: 1.1.6 Updated: June 29, 2026

LOW

askapache-firefox-adsense

Score: 95/100 AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery Affected: *-3.0 Patched: Updated: June 29, 2026

LOW

recommend-a-friend

Score: N/A Recommend to a friend <= 2.2.2 - Cross-Site Scripting Affected: *-2.2.2 Patched: Updated: June 29, 2026

LOW

dewplayer-flash-mp3-player

Score: 89/100 Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing/Injection Affected: * Patched: Updated: June 29, 2026

LOW

advanced-dewplayer

Score: 95/100 Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing/Injection Affected: [*, 1.5) Patched: 1.5 Updated: June 29, 2026

LOW

s3-video

Score: N/A S3 Video <= 0.982 - Cross-Site Scripting Affected: *-0.982 Patched: 0.983 Updated: June 29, 2026

LOW

easy-media-gallery

Score: 91/100 Gallery – Photo Albums Plugin < 1.2.29 - Cross-Site Scripting Affected: [*, 1.2.29) Patched: 1.2.29 Updated: June 29, 2026

LOW

wp-realty

Score: N/A WPRealty <= 2.9.1 - Reflected Cross-Site Scripting Affected: *-2.9.1 Patched: Updated: June 29, 2026

LOW

ad-minister

Score: 95/100 Ad-minister <= 0.6 - Cross-Site Scripting Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

player

Score: N/A SpiderVPlayer <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

formcraft

Score: 91/100 FormCraft <= 1.3.7 - SQL Injection Affected: *-1.3.7 Patched: 1.3.8 Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager < 2.5.9 - Stored Cross-Site Scripting Affected: *-2.5.8 Patched: 2.5.9 Updated: June 29, 2026

LOW

spicy-blogroll

Score: N/A Spicy Blogroll <= 1.0.0 - Local File Inclusion Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 2.5.8 - Cross-Site Scripting Affected: *-2.5.8 Patched: 2.5.9 Updated: June 29, 2026

LOW

easy-career-openings

Score: 89/100 Easy Career Openings <= 0.4 - SQL Injection Affected: *-0.4 Patched: Updated: June 29, 2026

LOW

groupdocs-comparison

Score: 93/100 GroupDocs.Comparison for Cloud < 1.0.3 - Cross-Site Scripting Affected: [*, 1.0.3) Patched: 1.0.3 Updated: June 29, 2026

LOW

js-multihotel

Score: 86/100 JS MultiHotel <= 2.2.1 - Reflected Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: June 29, 2026

LOW

optinfirex

Score: N/A Optinferex Plugin (All Known Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

amerisale-re

Score: 95/100 Amerisale-Re (All Versions) - Reflected Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

all-in-one-event-calendar

Score: 97/100 Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting Affected: [*, 1.10) Patched: 1.10 Updated: June 29, 2026

LOW

polldaddy

Score: N/A Crowdsignal Dashboard < 2.0.21 - Cross-Site Request Forgery Affected: [*, 2.0.21) Patched: 2.0.21 Updated: June 29, 2026

LOW

lbg_zoominoutslider

Score: 87/100 Responsive Zoom In/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

floating-tweets

Score: 89/100 Floating Tweets <= 1.0.1 - Directory Traversal Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

wordpress-checkout

Score: N/A wp-checkout (Unknown Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

gallery-bank

Score: 89/100 Gallery Bank – WordPress Photo Gallery Plugin < 2.0.20 - Reflected Cross-Site Scripting Affected: [*, 2.0.20) Patched: 2.0.20 Updated: June 29, 2026

LOW

mobilechief-mobile-site-creator

Score: N/A MobileChief – Mobile Site Builder <= 1.5.7 - Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: June 29, 2026

LOW

portable-phpmyadmin

Score: N/A Portable phpMyAdmin <= 1.5.0 - Authentication Bypass Affected: *-1.5.0 Patched: Updated: June 29, 2026

LOW

payment-gateways-caller-for-wp-e-commerce

Score: N/A Payment Gateways Caller for WP e-Commerce < 0.1.1 - Local File Inclusion Affected: [*, 0.1.1) Patched: 0.1.1 Updated: June 29, 2026

LOW

blue-wrench-videos-widget

Score: 91/100 Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting Affected: *-1.0.5 Patched: 2.0.0 Updated: June 29, 2026

LOW

videowall

Score: N/A videowall (All Versions) - Reflected Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

quick-paypal-payments

Score: N/A Quick Paypal Payments < 3.1 - Cross-Site Scripting Affected: [*, 3.1) Patched: 3.1 Updated: June 29, 2026

LOW

dhtmlxspreadsheet

Score: 91/100 dhtmlxSpreadsheet <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 2.0.17 - Cross-Site Scripting Affected: *-2.0.17 Patched: 2.0.18 Updated: June 29, 2026

LOW

social-sharing-toolkit

Score: N/A Social Sharing Toolkit <= 2.1.1 - Cross-Site Request Forgery Affected: *-2.1.1 Patched: 2.1.2 Updated: June 29, 2026

LOW

wp-image-resizer

Score: N/A WP Image Resizer (Unspecified Version) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

video-metabox

Score: N/A Video Metabox <= 1.1 - Stored Cross Site Scripting Affected: *-1.1 Patched: 1.1.1 Updated: June 29, 2026

LOW

dexs-pm-system

Score: 91/100 Dexs PM System <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

finalist

Score: 89/100 Finalist (All Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

sl-user-create

Score: N/A SL User Create < 0.2.5 - Information Disclosure Affected: [*, 0.2.5) Patched: 0.2.5 Updated: June 29, 2026

Showing 35501 to 35600 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 01:26 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List