Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
cart66-lite	cart66-lite	93	Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting	LOW	[*, 1.5.1.15)	1.5.1.15	June 29, 2026
landing-pages	landing-pages	93	WordPress Landing Pages < 1.2.3 - SQL Injection	LOW	[*, 1.2.3)	1.2.3	June 29, 2026
wp-imagezoom	wp-imagezoom	N/A	Wp-ImageZoom <= 1.0.7 - SQL Injection	LOW	*-1.0.7	1.1.0	June 29, 2026
wp-realty	wp-realty	N/A	WPRealty <= 2.9.1 - Time-Based Blind SQL Injection	LOW	*-2.9.1		June 29, 2026
blogger-importer	blogger-importer	93	Blogger Importer <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5	0.6	June 29, 2026
woopra	woopra	N/A	Woopra Analytics Plugin < 1.4.3.2 - Remote Code Execution	LOW	[*, 1.4.3.2)	1.4.3.2	June 29, 2026
quick-contact-form	quick-contact-form	N/A	Quick Contact Form < 6.1 - Cross-Site Scripting	LOW	[*, 6.1)	6.1	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2.1 - Path Traversal	LOW	*-1.2.1	1.2.2	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2.1 - Cross-Site Request Forgery	LOW	*-1.2.1	1.2.2	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting	LOW	*-1.2.1	1.2.2	June 29, 2026
bp-group-documents	bp-group-documents	93	BP Group Documents <= 1.2 - Stored Cross-Site Scripting	LOW	*-1.2	1.2.2	June 29, 2026
wp-slimstat-ex	wp-slimstat-ex	N/A	SlimStat-Ex <= 2.1.2 - Arbitrary Code Execution	LOW	*-2.1.2		June 29, 2026
seo-watcher	seo-watcher	N/A	SEO Watcher <= 1.3.3 - Remote Code Execution	LOW	*-1.3.3		June 29, 2026
wp-ultimate-email-marketer	wp-ultimate-email-marketer	N/A	WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass	LOW	*-1.2.0		June 29, 2026
wp-ultimate-email-marketer	wp-ultimate-email-marketer	N/A	WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting	LOW	*-1.2.0		June 29, 2026
wp-miniaudioplayer	wp-miniaudioplayer	N/A	mb.mb.miniAudioPlayer < 1.4.3 - Cross-Site Scripting	LOW	[*, 1.4.3)	1.4.3	June 29, 2026
sharebar	sharebar	N/A	Sharebar <= 1.4.2 - Cross-Site Scripting	LOW	*-1.4.2	1.4.3	June 29, 2026
lbg_zoominoutslider	lbg_zoominoutslider	87	Responsive Zoom In/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
simple-custom-website-data	simple-custom-website-data	N/A	Custom Website Data < 1.1 - Cross-Site Scripting	LOW	[*, 1.1)	1.1	June 29, 2026
bradesco-gateway	bradesco-gateway	91	Bradesco Gateway <= 2.0 - Cross-Site Scripting	LOW	*-2.0		June 29, 2026
nospampti	nospampti	N/A	NOSpamPTI <= 2.1 - SQL Injection	LOW	*-2.1		June 29, 2026
comment-attachment	comment-attachment	91	Comment Attachment <= 1.5.5 - Cross-Site Scripting	LOW	*-1.5.5		June 29, 2026
wp_rokintroscroller	wp_rokintroscroller	N/A	RokIntroScroller <= 1.8 - Cross-Site Scripting	LOW	*-1.8	1.9	June 29, 2026
wp_rokintroscroller	wp_rokintroscroller	N/A	RokIntroScroller <= 1.8 - Arbitrary File Upload	LOW	*-1.8	1.9	June 29, 2026
wp_rokintroscroller	wp_rokintroscroller	N/A	RokIntroScroller <= 1.8 - Full Path Disclosure	LOW	*-1.8	1.9	June 29, 2026
wp_rokintroscroller	wp_rokintroscroller	N/A	RokIntroScroller <= 1.8 - Denial of Service	LOW	*-1.8	1.9	June 29, 2026
wp_rokintroscroller	wp_rokintroscroller	N/A	RokIntroScroller <= 1.8 - Abuse of Functionality	LOW	*-1.8	1.9	June 29, 2026
wp_rokstories	wp_rokstories	N/A	RokStories <= 1.25 - Denial of Service	LOW	*-1.25	1.26	June 29, 2026
wp_rokstories	wp_rokstories	N/A	RokStories <= 1.25 - Full Path Disclosure	LOW	*-1.25	1.26	June 29, 2026
wp_rokstories	wp_rokstories	N/A	RokStories <= 1.25 - Cross-Site Scripting	LOW	*-1.25	1.26	June 29, 2026
wp_rokstories	wp_rokstories	N/A	RokStories <= 1.25 - Abuse of Functionality	LOW	*-1.25	1.26	June 29, 2026
wp_rokstories	wp_rokstories	N/A	RokStories <= 1.25 - Arbitrary File Upload	LOW	*-1.25	1.26	June 29, 2026
wp_roknewspager	wp_roknewspager	N/A	RokNewsPager <= 1.17 - Denial of Service	LOW	*-1.17	1.18	June 29, 2026
wp_roknewspager	wp_roknewspager	N/A	RokNewsPager <= 1.17 - Arbitrary File Upload	LOW	*-1.17	1.18	June 29, 2026
wp_roknewspager	wp_roknewspager	N/A	RokNewsPager <= 1.17 - Missing Domain Restriction	LOW	*-1.17	1.18	June 29, 2026
wp_roknewspager	wp_roknewspager	N/A	RokNewsPager <= 1.17 - Cross-Site Scripting	LOW	*-1.17	1.18	June 29, 2026
wp_roknewspager	wp_roknewspager	N/A	RokNewsPager <= 1.17 - Path Disclosure	LOW	*-1.17	1.18	June 29, 2026
complete-gallery-manager	complete-gallery-manager	93	Complete Gallery Manager <= 3.3.3 - Arbitrary File Upload	LOW	[*, 3.3.4)	3.3.4	June 29, 2026
simple-dropbox-upload-form	simple-dropbox-upload-form	N/A	Simple Dropbox Upload < 1.8.8.1 - Arbitrary File Upload	LOW	[*, 1.8.8.1)	1.8.8.1	June 29, 2026
mukioplayer-for-wordpress	mukioplayer-for-wordpress	N/A	Mukioplayer For WordPress <= 1.6 - SQL injection	LOW	*-1.6		June 29, 2026
event-easy-calendar	event-easy-calendar	89	Event Easy Calendar <= 1.0.0 - Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
event-easy-calendar	event-easy-calendar	89	Event Easy Calendar <= 1.0.0 - Multiple Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
design-approval-system	design-approval-system	93	Design Approval System <= 3.6 - Cross-Site Scripting	LOW	*-3.6	3.7	June 29, 2026
nextgen-smooth-gallery	nextgen-smooth-gallery	N/A	NextGEN Smooth Gallery <= 1.2 - Cross-Site Scripting	LOW	*-1.2		June 29, 2026
indianic-testimonial	indianic-testimonial	91	Testimonial < 2.3 - SQL Injection	LOW	[*, 2.3)	2.3	June 29, 2026
indianic-testimonial	indianic-testimonial	91	Testimonial < 2.3 - Cross-Site Request Forgery	LOW	[*, 2.3)	2.3	June 29, 2026
indianic-testimonial	indianic-testimonial	91	Testimonial < 2.3 - Multiple Vulnerabilities	LOW	[*, 2.3)	2.3	June 29, 2026
encrypted-blog	encrypted-blog	93	Encrypted Blog <= 0.0.6.2 - Open Redirect	LOW	*-0.0.6.2	0.0.6.6	June 29, 2026
encrypted-blog	encrypted-blog	93	Encrypted Blog <= 0.0.6.2 - Reflected Cross-Site Scripting	LOW	*-0.0.6.2	0.0.6.6	June 29, 2026
wp-simple-login-registration-plugin	wp-simple-login-registration-plugin	N/A	Simple Login Registration <= 1.0.2 - Cross-Site Scripting	LOW	*-1.0.2	1.0.3	June 29, 2026
post-gallery	post-gallery	N/A	Post Gallery <= 1.0.6 - Cross-Site Scripting	LOW	*-1.0.6		June 29, 2026
contact-form-plugin	contact-form-plugin	93	Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting	LOW	*-3.34	3.35	June 29, 2026
videowhisper-video-conference-integration	videowhisper-video-conference-integration	N/A	Webcam Video Conference <= 3.1 - Cross-Site Scripting	LOW	*-3.1	4.51	June 29, 2026
videowhisper-live-streaming-integration	videowhisper-live-streaming-integration	N/A	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting	LOW	*-4.25.3	4.27	June 29, 2026
BackWPup – WordPress Backup & Restore Plugin	backwpup	96	BackWPup < 3.0.13 - Cross-Site Scripting	LOW	[*, 3.0.13)	3.0.13	June 29, 2026
a-forms	a-forms	97	A Forms <= 1.4.2 - Reflected Cross-Site Scripting	LOW	*-1.4.2	1.4.3	June 29, 2026
thinkit-wp-contact-form	thinkit-wp-contact-form	N/A	ThinkIT WP Contact Form Plugin < 0.3 - Cross-Site Scripting	LOW	[*, 0.3)	0.3	June 29, 2026
thinkit-wp-contact-form	thinkit-wp-contact-form	N/A	ThinkIT WP Contact Form < 0.3 - Cross-Site Request Forgery	LOW	[*, 0.3)	0.3	June 29, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager < 5.5 - Cross-Site Scripting	LOW	[*, 5.5)	5.5	June 29, 2026
contact-form-plugin	contact-form-plugin	93	Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting	LOW	*-3.51	3.52	June 29, 2026
hms-testimonials	hms-testimonials	93	HMS Testimonials <= 2.0.10 - Cross-Site Request Forgery	LOW	[*, 2.0.11)	2.0.11	June 29, 2026
hms-testimonials	hms-testimonials	93	HMS Testimonials < 2.0.11 - Cross-Site Scripting	LOW	[*, 2.0.11)	2.0.11	June 29, 2026
usernoise	usernoise	N/A	Usernoise modal feedback / contact form < 3.7.9 - Cross-Site Scripting	LOW	[*, 3.7.9)	3.7.9	June 29, 2026
comment-extra-field	comment-extra-field	89	Comment Extra Fields <= 1.7 - Reflected Cross-Site Scripting	LOW	*-1.7		June 29, 2026
download-monitor	download-monitor	93	Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter	LOW	[*, 3.3.6.2)	3.3.6.2	June 29, 2026
flagem	flagem	91	FlagEm (Unknown Versions) - Cross-Site Scripting	LOW	*		June 29, 2026
download-monitor	download-monitor	93	Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter	LOW	[*, 3.3.6.2)	3.3.6.2	June 29, 2026
WooCommerce	woocommerce	80	WooCommerce <= 2.0.12 - Self-Reflected Cross-Site Scripting	LOW	*-2.0.12	2.0.13	June 29, 2026
category-grid-view-gallery	category-grid-view-gallery	93	Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting	LOW	*-2.3.1	2.3.2	June 29, 2026
js-restaurant	js-restaurant	91	JS Restaurant (All Versions) - SQL Injection	LOW	*		June 29, 2026
booking-system	booking-system	91	Pinpoint Booking System – #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting	LOW	*-1.3.1	1.4	June 29, 2026
buddypress-extended-friendship-request	buddypress-extended-friendship-request	93	BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting	LOW	[*, 1.0.2)	1.0.2	June 29, 2026
wp_rokmicronews	wp_rokmicronews	N/A	RokMicroNews <= 1.5 - Multiple Vulnerabilities	LOW	*-1.5	1.6	June 29, 2026
xorbin-digital-flash-clock	xorbin-digital-flash-clock	N/A	Xorbin Digital Flash Clock < 1.0 - DOM Cross-Site Scripting	LOW	*-1.0		June 29, 2026
qtranslate	qtranslate	N/A	qTranslate <= 2.5.39 - Cross-Site Request Forgery	LOW	*-2.5.39		June 29, 2026
ultimate-auction	ultimate-auction	N/A	Ultimate WordPress Auction Plugin < 1.0.1 - Cross-Site Request Forgery	LOW	[*, 1.0.1)	1.0.1	June 29, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload	LOW	*-1.9.12	1.9.13	June 29, 2026
wp-maintenance-mode	wp-maintenance-mode	N/A	WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery	LOW	[*, 1.8.8)	1.8.8	June 29, 2026
antivirus	antivirus	97	AntiVirus < 1.1 - Full Path Disclosure	LOW	[*, 1.1)	1.1	June 29, 2026
exploit-scanner	exploit-scanner	93	Exploit Scanner <= 1.3.3 - Full Path Disclosure	LOW	*-1.3.3	1.3.4	June 29, 2026
wordpress-exit-box-lite	wordpress-exit-box-lite	N/A	WordPress Exit Box Lite <= 1.06 - Full Path Dislcosure	LOW	1.06	1.10	June 29, 2026
wordpress-exit-box-lite	wordpress-exit-box-lite	N/A	WordPress Exit Box Lite <= 1.0.6 - Cross-Site Request Forgery	LOW	*-1.06	1.10	June 29, 2026
exit-strategy	exit-strategy	93	WordPress Exit Strategy <= 1.55 - Cross-Site Request Forgery	LOW	*-1.55	1.59	June 29, 2026
exit-strategy	exit-strategy	93	WordPress Exit Strategy <= 1.55 - Information Exposure	LOW	*-1.55	1.59	June 29, 2026
adif-log-search-widget	adif-log-search-widget	95	ADIF Log Search Widget <= 1.0f - Cross-Site Scripting	LOW	* - 1.0f		June 29, 2026
leaflet-maps-marker	leaflet-maps-marker	93	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.5.4 - Cross-Site Scripting	LOW	[*, 3.5.4)	3.5.4	June 29, 2026
social-sharing-toolkit	social-sharing-toolkit	N/A	Social Sharing Toolkit < 2.1.2 - Cross-Site Scripting	LOW	[*, 2.1.2)	2.1.2	June 29, 2026
flagallery-skins	flagallery-skins	91	Flagallery-skins <= 1.1.5 - SQL Injection	LOW	*-1.1.5		June 29, 2026
digg-digg	digg-digg	93	Digg Digg < 5.3.5 - Cross-Site Request Forgery	LOW	[*, 5.3.5)	5.3.5	June 29, 2026
wp-cleanfix	wp-cleanfix	N/A	WP Cleanfix Plugin < 5.0.0 - Remote Code Execution	LOW	[*, 5.0.0)	5.0.0	June 29, 2026
mail-on-update	mail-on-update	93	Mail On Update < 5.3.0 - Cross-Site Request Forgery	LOW	[*, 5.3.0)	5.3.0	June 29, 2026
s3-video	s3-video	N/A	S3 Video Plugin < 0.98 - Cross-Site Scripting	LOW	[*, 0.98)	0.98	June 29, 2026
debug-bar	debug-bar	97	Debug Bar <= 0.8 - Reflected Cross-Site Scripting	LOW	*-0.8	0.8.1	June 29, 2026
related-posts	related-posts	N/A	Related Posts < 2.7.2 - Cross-Site Request Forgery	LOW	[*, 2.7.2)	2.7.2	June 29, 2026
newsletter	newsletter	N/A	Newsletter <= 3.2.6 - Reflected Cross-Site Scripting	LOW	*-3.2.6	3.2.7	June 29, 2026
contus-video-gallery	contus-video-gallery	91	WordPress Video Gallery < 2.1 - SQL Injection	LOW	[*, 2.1)	2.1	June 29, 2026
search-and-share	search-and-share	N/A	Search and Share <= 0.9.3 - Cross-Site Scripting	LOW	*-0.9.3		June 29, 2026
securimage-wp	securimage-wp	N/A	Securimage-WP Plugin < 3.5.1 - Reflected Cross-Site Scripting	LOW	[*, 3.5.1)	3.5.1	June 29, 2026
wp-postviews	wp-postviews	N/A	WP-PostViews < 1.63 - Cross-Site Request Forgery	LOW	[*, 1.63)	1.63	June 29, 2026
share-this	share-this	N/A	ShareThis <= 7.0.5 - Cross-Site Request Forgery	LOW	*-7.0.5	7.0.6	June 29, 2026

LOW

cart66-lite

Score: 93/100 Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting Affected: [*, 1.5.1.15) Patched: 1.5.1.15 Updated: June 29, 2026

LOW

landing-pages

Score: 93/100 WordPress Landing Pages < 1.2.3 - SQL Injection Affected: [*, 1.2.3) Patched: 1.2.3 Updated: June 29, 2026

LOW

wp-imagezoom

Score: N/A Wp-ImageZoom <= 1.0.7 - SQL Injection Affected: *-1.0.7 Patched: 1.1.0 Updated: June 29, 2026

LOW

wp-realty

Score: N/A WPRealty <= 2.9.1 - Time-Based Blind SQL Injection Affected: *-2.9.1 Patched: Updated: June 29, 2026

LOW

blogger-importer

Score: 93/100 Blogger Importer <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: 0.6 Updated: June 29, 2026

LOW

woopra

Score: N/A Woopra Analytics Plugin < 1.4.3.2 - Remote Code Execution Affected: [*, 1.4.3.2) Patched: 1.4.3.2 Updated: June 29, 2026

LOW

quick-contact-form

Score: N/A Quick Contact Form < 6.1 - Cross-Site Scripting Affected: [*, 6.1) Patched: 6.1 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2.1 - Path Traversal Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

bp-group-documents

Score: 93/100 BP Group Documents <= 1.2 - Stored Cross-Site Scripting Affected: *-1.2 Patched: 1.2.2 Updated: June 29, 2026

LOW

wp-slimstat-ex

Score: N/A SlimStat-Ex <= 2.1.2 - Arbitrary Code Execution Affected: *-2.1.2 Patched: Updated: June 29, 2026

LOW

seo-watcher

Score: N/A SEO Watcher <= 1.3.3 - Remote Code Execution Affected: *-1.3.3 Patched: Updated: June 29, 2026

LOW

wp-ultimate-email-marketer

Score: N/A WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

wp-ultimate-email-marketer

Score: N/A WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

wp-miniaudioplayer

Score: N/A mb.mb.miniAudioPlayer < 1.4.3 - Cross-Site Scripting Affected: [*, 1.4.3) Patched: 1.4.3 Updated: June 29, 2026

LOW

sharebar

Score: N/A Sharebar <= 1.4.2 - Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

lbg_zoominoutslider

Score: 87/100 Responsive Zoom In/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

simple-custom-website-data

Score: N/A Custom Website Data < 1.1 - Cross-Site Scripting Affected: [*, 1.1) Patched: 1.1 Updated: June 29, 2026

LOW

bradesco-gateway

Score: 91/100 Bradesco Gateway <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

nospampti

Score: N/A NOSpamPTI <= 2.1 - SQL Injection Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

comment-attachment

Score: 91/100 Comment Attachment <= 1.5.5 - Cross-Site Scripting Affected: *-1.5.5 Patched: Updated: June 29, 2026

LOW

wp_rokintroscroller

Score: N/A RokIntroScroller <= 1.8 - Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

wp_rokintroscroller

Score: N/A RokIntroScroller <= 1.8 - Arbitrary File Upload Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

wp_rokintroscroller

Score: N/A RokIntroScroller <= 1.8 - Full Path Disclosure Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

wp_rokintroscroller

Score: N/A RokIntroScroller <= 1.8 - Denial of Service Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

wp_rokintroscroller

Score: N/A RokIntroScroller <= 1.8 - Abuse of Functionality Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

wp_rokstories

Score: N/A RokStories <= 1.25 - Denial of Service Affected: *-1.25 Patched: 1.26 Updated: June 29, 2026

LOW

wp_rokstories

Score: N/A RokStories <= 1.25 - Full Path Disclosure Affected: *-1.25 Patched: 1.26 Updated: June 29, 2026

LOW

wp_rokstories

Score: N/A RokStories <= 1.25 - Cross-Site Scripting Affected: *-1.25 Patched: 1.26 Updated: June 29, 2026

LOW

wp_rokstories

Score: N/A RokStories <= 1.25 - Abuse of Functionality Affected: *-1.25 Patched: 1.26 Updated: June 29, 2026

LOW

wp_rokstories

Score: N/A RokStories <= 1.25 - Arbitrary File Upload Affected: *-1.25 Patched: 1.26 Updated: June 29, 2026

LOW

wp_roknewspager

Score: N/A RokNewsPager <= 1.17 - Denial of Service Affected: *-1.17 Patched: 1.18 Updated: June 29, 2026

LOW

wp_roknewspager

Score: N/A RokNewsPager <= 1.17 - Arbitrary File Upload Affected: *-1.17 Patched: 1.18 Updated: June 29, 2026

LOW

wp_roknewspager

Score: N/A RokNewsPager <= 1.17 - Missing Domain Restriction Affected: *-1.17 Patched: 1.18 Updated: June 29, 2026

LOW

wp_roknewspager

Score: N/A RokNewsPager <= 1.17 - Cross-Site Scripting Affected: *-1.17 Patched: 1.18 Updated: June 29, 2026

LOW

wp_roknewspager

Score: N/A RokNewsPager <= 1.17 - Path Disclosure Affected: *-1.17 Patched: 1.18 Updated: June 29, 2026

LOW

complete-gallery-manager

Score: 93/100 Complete Gallery Manager <= 3.3.3 - Arbitrary File Upload Affected: [*, 3.3.4) Patched: 3.3.4 Updated: June 29, 2026

LOW

simple-dropbox-upload-form

Score: N/A Simple Dropbox Upload < 1.8.8.1 - Arbitrary File Upload Affected: [*, 1.8.8.1) Patched: 1.8.8.1 Updated: June 29, 2026

LOW

mukioplayer-for-wordpress

Score: N/A Mukioplayer For WordPress <= 1.6 - SQL injection Affected: *-1.6 Patched: Updated: June 29, 2026

LOW

event-easy-calendar

Score: 89/100 Event Easy Calendar <= 1.0.0 - Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

event-easy-calendar

Score: 89/100 Event Easy Calendar <= 1.0.0 - Multiple Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

design-approval-system

Score: 93/100 Design Approval System <= 3.6 - Cross-Site Scripting Affected: *-3.6 Patched: 3.7 Updated: June 29, 2026

LOW

nextgen-smooth-gallery

Score: N/A NextGEN Smooth Gallery <= 1.2 - Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

indianic-testimonial

Score: 91/100 Testimonial < 2.3 - SQL Injection Affected: [*, 2.3) Patched: 2.3 Updated: June 29, 2026

LOW

indianic-testimonial

Score: 91/100 Testimonial < 2.3 - Cross-Site Request Forgery Affected: [*, 2.3) Patched: 2.3 Updated: June 29, 2026

LOW

indianic-testimonial

Score: 91/100 Testimonial < 2.3 - Multiple Vulnerabilities Affected: [*, 2.3) Patched: 2.3 Updated: June 29, 2026

LOW

encrypted-blog

Score: 93/100 Encrypted Blog <= 0.0.6.2 - Open Redirect Affected: *-0.0.6.2 Patched: 0.0.6.6 Updated: June 29, 2026

LOW

encrypted-blog

Score: 93/100 Encrypted Blog <= 0.0.6.2 - Reflected Cross-Site Scripting Affected: *-0.0.6.2 Patched: 0.0.6.6 Updated: June 29, 2026

LOW

wp-simple-login-registration-plugin

Score: N/A Simple Login Registration <= 1.0.2 - Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

post-gallery

Score: N/A Post Gallery <= 1.0.6 - Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

contact-form-plugin

Score: 93/100 Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting Affected: *-3.34 Patched: 3.35 Updated: June 29, 2026

LOW

videowhisper-video-conference-integration

Score: N/A Webcam Video Conference <= 3.1 - Cross-Site Scripting Affected: *-3.1 Patched: 4.51 Updated: June 29, 2026

LOW

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting Affected: *-4.25.3 Patched: 4.27 Updated: June 29, 2026

LOW

BackWPup – WordPress Backup & Restore Plugin

backwpup

Score: 96/100 BackWPup < 3.0.13 - Cross-Site Scripting Affected: [*, 3.0.13) Patched: 3.0.13 Updated: June 29, 2026

LOW

a-forms

Score: 97/100 A Forms <= 1.4.2 - Reflected Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

thinkit-wp-contact-form

Score: N/A ThinkIT WP Contact Form Plugin < 0.3 - Cross-Site Scripting Affected: [*, 0.3) Patched: 0.3 Updated: June 29, 2026

LOW

thinkit-wp-contact-form

Score: N/A ThinkIT WP Contact Form < 0.3 - Cross-Site Request Forgery Affected: [*, 0.3) Patched: 0.3 Updated: June 29, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager < 5.5 - Cross-Site Scripting Affected: [*, 5.5) Patched: 5.5 Updated: June 29, 2026

LOW

contact-form-plugin

Score: 93/100 Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting Affected: *-3.51 Patched: 3.52 Updated: June 29, 2026

LOW

hms-testimonials

Score: 93/100 HMS Testimonials <= 2.0.10 - Cross-Site Request Forgery Affected: [*, 2.0.11) Patched: 2.0.11 Updated: June 29, 2026

LOW

hms-testimonials

Score: 93/100 HMS Testimonials < 2.0.11 - Cross-Site Scripting Affected: [*, 2.0.11) Patched: 2.0.11 Updated: June 29, 2026

LOW

usernoise

Score: N/A Usernoise modal feedback / contact form < 3.7.9 - Cross-Site Scripting Affected: [*, 3.7.9) Patched: 3.7.9 Updated: June 29, 2026

LOW

comment-extra-field

Score: 89/100 Comment Extra Fields <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

download-monitor

Score: 93/100 Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter Affected: [*, 3.3.6.2) Patched: 3.3.6.2 Updated: June 29, 2026

LOW

flagem

Score: 91/100 FlagEm (Unknown Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 29, 2026

LOW

download-monitor

Score: 93/100 Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter Affected: [*, 3.3.6.2) Patched: 3.3.6.2 Updated: June 29, 2026

LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 2.0.12 - Self-Reflected Cross-Site Scripting Affected: *-2.0.12 Patched: 2.0.13 Updated: June 29, 2026

LOW

category-grid-view-gallery

Score: 93/100 Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: 2.3.2 Updated: June 29, 2026

LOW

js-restaurant

Score: 91/100 JS Restaurant (All Versions) - SQL Injection Affected: * Patched: Updated: June 29, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System – #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting Affected: *-1.3.1 Patched: 1.4 Updated: June 29, 2026

LOW

buddypress-extended-friendship-request

Score: 93/100 BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 29, 2026

LOW

wp_rokmicronews

Score: N/A RokMicroNews <= 1.5 - Multiple Vulnerabilities Affected: *-1.5 Patched: 1.6 Updated: June 29, 2026

LOW

xorbin-digital-flash-clock

Score: N/A Xorbin Digital Flash Clock < 1.0 - DOM Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

qtranslate

Score: N/A qTranslate <= 2.5.39 - Cross-Site Request Forgery Affected: *-2.5.39 Patched: Updated: June 29, 2026

LOW

ultimate-auction

Score: N/A Ultimate WordPress Auction Plugin < 1.0.1 - Cross-Site Request Forgery Affected: [*, 1.0.1) Patched: 1.0.1 Updated: June 29, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload Affected: *-1.9.12 Patched: 1.9.13 Updated: June 29, 2026

LOW

wp-maintenance-mode

Score: N/A WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery Affected: [*, 1.8.8) Patched: 1.8.8 Updated: June 29, 2026

LOW

antivirus

Score: 97/100 AntiVirus < 1.1 - Full Path Disclosure Affected: [*, 1.1) Patched: 1.1 Updated: June 29, 2026

LOW

exploit-scanner

Score: 93/100 Exploit Scanner <= 1.3.3 - Full Path Disclosure Affected: *-1.3.3 Patched: 1.3.4 Updated: June 29, 2026

LOW

wordpress-exit-box-lite

Score: N/A WordPress Exit Box Lite <= 1.06 - Full Path Dislcosure Affected: 1.06 Patched: 1.10 Updated: June 29, 2026

LOW

wordpress-exit-box-lite

Score: N/A WordPress Exit Box Lite <= 1.0.6 - Cross-Site Request Forgery Affected: *-1.06 Patched: 1.10 Updated: June 29, 2026

LOW

exit-strategy

Score: 93/100 WordPress Exit Strategy <= 1.55 - Cross-Site Request Forgery Affected: *-1.55 Patched: 1.59 Updated: June 29, 2026

LOW

exit-strategy

Score: 93/100 WordPress Exit Strategy <= 1.55 - Information Exposure Affected: *-1.55 Patched: 1.59 Updated: June 29, 2026

LOW

adif-log-search-widget

Score: 95/100 ADIF Log Search Widget <= 1.0f - Cross-Site Scripting Affected: * - 1.0f Patched: Updated: June 29, 2026

LOW

leaflet-maps-marker

Score: 93/100 Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.5.4 - Cross-Site Scripting Affected: [*, 3.5.4) Patched: 3.5.4 Updated: June 29, 2026

LOW

social-sharing-toolkit

Score: N/A Social Sharing Toolkit < 2.1.2 - Cross-Site Scripting Affected: [*, 2.1.2) Patched: 2.1.2 Updated: June 29, 2026

LOW

flagallery-skins

Score: 91/100 Flagallery-skins <= 1.1.5 - SQL Injection Affected: *-1.1.5 Patched: Updated: June 29, 2026

LOW

digg-digg

Score: 93/100 Digg Digg < 5.3.5 - Cross-Site Request Forgery Affected: [*, 5.3.5) Patched: 5.3.5 Updated: June 29, 2026

LOW

wp-cleanfix

Score: N/A WP Cleanfix Plugin < 5.0.0 - Remote Code Execution Affected: [*, 5.0.0) Patched: 5.0.0 Updated: June 29, 2026

LOW

mail-on-update

Score: 93/100 Mail On Update < 5.3.0 - Cross-Site Request Forgery Affected: [*, 5.3.0) Patched: 5.3.0 Updated: June 29, 2026

LOW

s3-video

Score: N/A S3 Video Plugin < 0.98 - Cross-Site Scripting Affected: [*, 0.98) Patched: 0.98 Updated: June 29, 2026

LOW

debug-bar

Score: 97/100 Debug Bar <= 0.8 - Reflected Cross-Site Scripting Affected: *-0.8 Patched: 0.8.1 Updated: June 29, 2026

LOW

related-posts

Score: N/A Related Posts < 2.7.2 - Cross-Site Request Forgery Affected: [*, 2.7.2) Patched: 2.7.2 Updated: June 29, 2026

LOW

newsletter

Score: N/A Newsletter <= 3.2.6 - Reflected Cross-Site Scripting Affected: *-3.2.6 Patched: 3.2.7 Updated: June 29, 2026

LOW

contus-video-gallery

Score: 91/100 WordPress Video Gallery < 2.1 - SQL Injection Affected: [*, 2.1) Patched: 2.1 Updated: June 29, 2026

LOW

search-and-share

Score: N/A Search and Share <= 0.9.3 - Cross-Site Scripting Affected: *-0.9.3 Patched: Updated: June 29, 2026

LOW

securimage-wp

Score: N/A Securimage-WP Plugin < 3.5.1 - Reflected Cross-Site Scripting Affected: [*, 3.5.1) Patched: 3.5.1 Updated: June 29, 2026

LOW

wp-postviews

Score: N/A WP-PostViews < 1.63 - Cross-Site Request Forgery Affected: [*, 1.63) Patched: 1.63 Updated: June 29, 2026

LOW

share-this

Score: N/A ShareThis <= 7.0.5 - Cross-Site Request Forgery Affected: *-7.0.5 Patched: 7.0.6 Updated: June 29, 2026

Showing 35601 to 35700 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 00:01 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List