Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
related-posts-by-zemanta	related-posts-by-zemanta	N/A	Related Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery	LOW	*-1.3.1	1.3.2	June 28, 2026
wp-photo-album-plus	wp-photo-album-plus	N/A	WP Photo Album Plus < 5.0.3 - Cross-Site Scripting	LOW	[*, 5.0.3)	5.0.3	June 28, 2026
login-with-ajax	login-with-ajax	93	Login With Ajax < 3.1 - Cross-Site Request Forgery	LOW	[*, 3.1)	3.1	June 28, 2026
advanced-xml-reader	advanced-xml-reader	95	Advanced XML Reader <= 0.3.4 - External Entity Injection	LOW	*-0.3.4		June 28, 2026
advanced-xml-reader	advanced-xml-reader	95	Advanced XML Reader Plugin <= 0.3.4 - XML External Entity Injection	LOW	*-0.3.4		June 28, 2026
easy-adsense-lite	easy-adsense-lite	93	Easy Plugin for AdSense < 6.10 - Cross-Site Request Forgery	LOW	[*, 6.10)	6.10	June 28, 2026
facebook-members	facebook-members	93	Facebook Members < 5.0.5 - Cross-Site Request Forgery	LOW	[*, 5.0.5)	5.0.5	June 28, 2026
foursquare-checkins	foursquare-checkins	93	FourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	[*, 1.3)	1.3	June 28, 2026
all-in-one-webmaster	all-in-one-webmaster	97	WP Webmaster < 8.2.4 - Cross-Site Request Forgery	LOW	[*, 8.2.4)	8.2.4	June 28, 2026
eelv-newsletter	eelv-newsletter	89	EELV Newsletter <= 3.3.0 - Reflected Cross-Site Scripting	LOW	*-3.3.0	3.3.1	June 28, 2026
player	player	N/A	SpiderVPlayer <= 2.1 - SQL Injection	LOW	*-2.1		June 28, 2026
spiffy	spiffy	N/A	Spiffy XSPF Player <= 0.1 - SQL Injection	LOW	*-0.1		June 28, 2026
ga-universal	ga-universal	93	GA Universal < 1.0.1 - Cross-Site Request Forgery	LOW	[*, 1.0.1)	1.0.1	June 28, 2026
trafficanalyzer	trafficanalyzer	N/A	Traffic Analyzer < 3.4.2 - Cross-Site Scripting	LOW	*-3.4.1	3.4.2	June 28, 2026
social-media-widget	social-media-widget	N/A	Social Media Widget 4.0 - Spam Link Injection	LOW	4.0	4.0.1	June 28, 2026
wp-download-manager	wp-download-manager	N/A	WP-DownloadManager Plugin < 1.61 - Cross-Site Scripting	LOW	[*, 1.61)	1.61	June 28, 2026
social-media-widget	social-media-widget	N/A	Social Media Widget <= 4.0 - Arbitrary File Upload	LOW	*-4.0	4.0.1	June 28, 2026
wp-print	wp-print	N/A	WP-Print <= 2.51 - Cross-Site Request Forgery	LOW	[*, 2.52)	2.52	June 28, 2026
types	types	N/A	Toolset Types <= 1.2.1.1 - Cross-Site Scripting	LOW	*-1.2.1.1	1.2.1.2	June 28, 2026
kioskprox	kioskprox	91	Kioskprox (Unkown Versions) - Cross-Site Scripting	LOW	*		June 28, 2026
feedweb	feedweb	93	Feedweb < 1.9 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 1.9)	1.9	June 28, 2026
drawblog	drawblog	91	DrawBlog < 0.81 - Cross-Site Request Forgery	LOW	[*, 0.81)	0.81	June 28, 2026
simple-fields	simple-fields	N/A	Simple Fields < 1.2 - Cross-Site Request Forgery	LOW	[*, 1.2)	1.2	June 28, 2026
wp-funeral-press	wp-funeral-press	N/A	WP FuneralPress <= 1.1.6 - Cross-Site Scripting	LOW	*-1.1.6	1.1.7	June 28, 2026
wp125	wp125	N/A	WP125 <= 1.4.9 - Cross-Site Request Forgery	LOW	*-1.4.9	1.5.0	June 28, 2026
mathjax-latex	mathjax-latex	93	MathJax-LaTeX < 1.2 - Cross-Site Request Forgery	LOW	[*, 1.2)	1.2	June 28, 2026
levelfourstorefront	levelfourstorefront	93	L4 Shopping Cart Plugin < 8.1.1 - SQL Injection	LOW	*-8.1	8.1.1	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.55 - SQL Injection	LOW	*-2.55	2.56	June 28, 2026
finalist	finalist	89	Finalist (All Versions) - SQL Injection	LOW	*		June 28, 2026
backupbuddy	backupbuddy	93	BackupBuddy <= 2.2.28 - Sensitive Information Disclosure	LOW	[*, 3.0)	3.0	June 28, 2026
backupbuddy	backupbuddy	93	BackupBuddy < 3.0 - Authentication Bypass	LOW	[*, 3.0)	3.0	June 28, 2026
backupbuddy	backupbuddy	93	BackupBuddy < 3.0 - Authentication Bypass	LOW	[*, 3.0)	3.0	June 28, 2026
backupbuddy	backupbuddy	93	BackupBuddy < 3.0 - Authentication Bypass	LOW	[*, 3.0)	3.0	June 28, 2026
faqs-manager	faqs-manager	87	FAQs Manager <= 1.0 - SQL Injection	LOW	*-1.0		June 28, 2026
faqs-manager	faqs-manager	87	FAQs Manager <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 28, 2026
faqs-manager	faqs-manager	87	FAQs Manager <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 28, 2026
occasions	occasions	N/A	Occasions <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 28, 2026
o2s-gallery	o2s-gallery	N/A	o2s gallery <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0	1.1	June 28, 2026
wp-mailup	wp-mailup	N/A	MailUp newsletter sign-up form < 1.3.2 - Cross-Site Scripting	LOW	[*, 1.3.2)	1.3.2	June 28, 2026
timelineoptinpro	timelineoptinpro	N/A	timelineoptinpro Plugin (All Versions) - Cross-Site Scripting	LOW	*		June 28, 2026
wp-mailup	wp-mailup	N/A	MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting	LOW	[*, 1.3.3)	1.3.3	June 28, 2026
leaguemanager	leaguemanager	93	LeagueManager < 3.8.1 - SQL Injection	LOW	[*, 3.8.1)	3.8.1	June 28, 2026
podpress	podpress	N/A	podPress <= 8.8.10.17 - Cross-Site Scripting via playerID	LOW	*-8.8.10.17		June 28, 2026
terillion-reviews	terillion-reviews	N/A	Terillion Reviews < 1.2 - Stored Cross-Site Scripting	LOW	[*, 1.2)	1.2	June 28, 2026
all-in-one-event-calendar	all-in-one-event-calendar	97	All-in-One Events Calendar < 1.10 - SQL Injection	LOW	[*, 1.10)	1.10	June 28, 2026
count-per-day	count-per-day	93	Count per Day < 3.2.6 - Cross-Site Scripting	LOW	[*, 3.2.6)	3.2.6	June 28, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager <= 5.3.6 - Multiple Cross-Site Scripting	LOW	*-5.3.6	5.3.6.1	June 28, 2026
googlealertandtwitterplugin	googlealertandtwitterplugin	91	Google Alert and Twitter Plugin <= 3.1.5 - Multiple Vulnerabilities	LOW	3.1.5		June 28, 2026
magn-html5-drag-and-drop-media-uploader	magn-html5-drag-and-drop-media-uploader	93	Magn WP Drag And Drop Media Uploader <= 1.2.0 - Arbitrary File Upload	LOW	*-1.2.0	1.2.1	June 28, 2026
comment-rating	comment-rating	91	Comment Rating <= 2.9.32 - SQL Injection	LOW	*-2.9.32		June 28, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum <= 1.0.33.3 - SQL Injection	LOW	*-1.0.33.3	1.0.34	June 28, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting	LOW	*-1.0.33.3	1.0.34	June 28, 2026
wp-topbar	wp-topbar	N/A	WP-TopBar <= 3.04 - Cross-Site Scripting	LOW	[*, 3.0.5)	3.0.5	June 28, 2026
smart-flv	smart-flv	N/A	Smart Flv <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 28, 2026
zopim-live-chat	zopim-live-chat	N/A	Zendesk Chat < 1.2.6 - Cross-Site Scripting	LOW	[*, 1.2.6)	1.2.6	June 28, 2026
wp-easy-gallery	wp-easy-gallery	N/A	WP Easy Gallery <= 2.7 - SQL Injection	LOW	*-2.7	2.7.1	June 28, 2026
responsive-logo-slideshow	responsive-logo-slideshow	N/A	Responsive Logo Slideshow < 1.2 - Cross-Site Scripting	LOW	[*, 1.2)	1.2	June 28, 2026
marekkis-watermark	marekkis-watermark	89	Marekkis Watermark-Plugin <= 0.9.4 - Cross-Site Scripting	LOW	*-0.9.4		June 28, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	WordPress Gallery Plugin – NextGEN Gallery 1.9.10 - 1.9.11 - Full Path Disclosure	LOW	1.9.10-1.9.11	2.0.0	June 28, 2026
editorial-calendar	editorial-calendar	93	Editorial Calendar <= 2.6 - Authenticated (Admin+) SQL Injection	LOW	*-2.6	2.7	June 28, 2026
wp-ecommerce-shop-styling	wp-ecommerce-shop-styling	N/A	WP eCommerce Shop Styling < 1.8 - Remote File Inclusion	LOW	[*, 1.8)	1.8	June 28, 2026
commentluv	commentluv	91	CommentLuv < 2.92.4 - Reflected Cross-Site Scripting	LOW	[*, 2.92.4)	2.92.4	June 28, 2026
wysija-newsletters	wysija-newsletters	N/A	MailPoet Newsletters <= 2.2 - Multiple SQL Injections	LOW	*-2.2	2.2.1	June 28, 2026
yolink-search	yolink-search	N/A	yolink Search for WordPress < 2.6 - Reflected Cross-Site Scripting	LOW	[*, 2.6)	2.6	June 28, 2026
wordpress-simple-shout-box	wordpress-simple-shout-box	N/A	WordPress Shout Box Widget <= 2.0.2 - SQL Injection	LOW	*-2.0.2		June 28, 2026
wordpress-gallery-plugin	wordpress-gallery-plugin	N/A	WordPress Gallery Plugin <= 1.4 - Unauthenticated Remote File Inclusion	LOW	*-1.4		June 28, 2026
rlswordpresssearch	rlswordpresssearch	N/A	RLSWordPressSearch (All Versions) - SQL Injection	LOW	*		June 28, 2026
portfolio-slideshow-pro	portfolio-slideshow-pro	N/A	Portfolio Slideshow Pro <= 3.0 - SQL Injection	LOW	*		June 28, 2026
wp-homepage-slideshow	wp-homepage-slideshow	N/A	Homepage SlideShow <= 2.3 - Arbitrary File Upload	LOW	*-2.3		June 28, 2026
audio-player	audio-player	93	Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter	LOW	[*, 2.0.4.6)	2.0.4.6	June 28, 2026
accordion	accordion	95	Accordion (All Versions) - Arbitrary File Upload	LOW	*		June 28, 2026
wp-levoslideshow	wp-levoslideshow	N/A	Levo Slideshow <= 2.3 - Arbitrary File Upload	LOW	*-2.3		June 28, 2026
power-zoomer	power-zoomer	N/A	Power Zoomer <= 1.2 - Arbitrary File Upload	LOW	*-1.2		June 28, 2026
dynamic-font-replacement-4wp	dynamic-font-replacement-4wp	89	Dynamic Font Replacement DFR4WP EN <= 1.3 EN - SQL Injection	LOW	* - 1.3 EN		June 28, 2026
wp-file-uploader	wp-file-uploader	N/A	WordPress File Uploader <= 1.1 - Arbitrary File Upload	LOW	*-1.1		June 28, 2026
devformatter	devformatter	91	Developer Formatter < 2013.0.1.41 - Cross-Site Request Forgery	LOW	[*, 2013.0.1.41)	2013.0.1.41	June 28, 2026
cardoza-wordpress-poll	cardoza-wordpress-poll	91	WordPress Poll <= 34.05 - SQL Injection	LOW	*-34.05	34.06	June 28, 2026
cardoza-wordpress-poll	cardoza-wordpress-poll	91	WordPress Poll < 34.06 - SQL Injection	LOW	*-34.05	34.06	June 28, 2026
ripe-hd-player	ripe-hd-player	N/A	Ripe HD FLV <= 1.1 - Full Path Disclosure	LOW	*-1.1		June 28, 2026
ripe-hd-player	ripe-hd-player	N/A	Ripe HD FLV <= 1.1 - SQL Injection	LOW	*-1.1		June 28, 2026
zingiri-forum	zingiri-forum	N/A	Forums < 1.4.4 - Directory Traversal	LOW	[*, 1.4.4)	1.4.4	June 28, 2026
google-xml-sitemaps-generator	google-xml-sitemaps-generator	93	Google XML Sitemaps Generator < 3.2.9 - Authenticated (Admin+) PHP Code Injection	LOW	*-3.2.8	3.2.9	June 28, 2026
google-document-embedder	google-document-embedder	91	Google Doc Embedder < 2.5.4 - Directory Traversal	LOW	[*, 2.5.4)	2.5.4	June 28, 2026
spam-free-wordpress	spam-free-wordpress	N/A	Spam Free WordPress <= 1.9.3 - IP Protection Bypass	LOW	*-1.9.3	2.0	June 28, 2026
spam-free-wordpress	spam-free-wordpress	N/A	Spam Free WordPress <= 1.9.3 - Full Path Disclosure	LOW	*-1.9.3	2.0	June 28, 2026
openinviter-for-wordpress	openinviter-for-wordpress	N/A	OpenInviter for WordPress <= 1.7.0 - Sensitive Information Disclosure	LOW	*-1.7.0		June 28, 2026
xerte-online	xerte-online	N/A	Xerte Online <= 0.35 - Arbitrary File Upload	LOW	*-0.35	0.36	June 28, 2026
reflex-gallery	reflex-gallery	N/A	ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload	LOW	[*, 3.1.4)	3.1.4	June 28, 2026
levelfourstorefront	levelfourstorefront	93	Level Four Store Front < 8.1.15 - Arbitrary File Upload	LOW	[*, 8.1.15)	8.1.15	June 28, 2026
download-shortcode	download-shortcode	93	Download Shortcode <= 0.2.3 - Directory Traversal	LOW	*-0.2.3	1.0	June 28, 2026
advanced-custom-fields	advanced-custom-fields	97	Advanced Custom Fields <= 3.5.1 - Remote Code Execution via Remote File Inclusion	LOW	*-3.5.1	3.5.2	June 28, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum <= 1.0.34 - Cross-Site Request Forgery	LOW	*-1.0.34	1.0.35	June 28, 2026
sintic_gallery	sintic_gallery	N/A	sintic_gallery (All Known Versions) - Arbitrary File Upload	LOW	*		June 28, 2026
sb-uploader	sb-uploader	N/A	SB Uploader <= 4.8 - Arbitrary File Upload	LOW	*-4.8		June 28, 2026
grou-random-image-widget	grou-random-image-widget	91	Grou Random Image Widget <= 1.18 - Full Path Disclosure	LOW	*		June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.53 - Sensitive Information Disclosure	LOW	[*, 2.53)	2.53	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.53 - SQL Injection	LOW	[*, 2.53)	2.53	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 3.1.0 - Arbitrary File Deletion	LOW	[*, 3.1.0)	3.1.0	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.00 - Arbitrary File Modification	LOW	*-2.00	2.10	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.00 - SQL Injection	LOW	[*, 2.10)	2.10	June 28, 2026

LOW

related-posts-by-zemanta

Score: N/A Related Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: 1.3.2 Updated: June 28, 2026

LOW

wp-photo-album-plus

Score: N/A WP Photo Album Plus < 5.0.3 - Cross-Site Scripting Affected: [*, 5.0.3) Patched: 5.0.3 Updated: June 28, 2026

LOW

login-with-ajax

Score: 93/100 Login With Ajax < 3.1 - Cross-Site Request Forgery Affected: [*, 3.1) Patched: 3.1 Updated: June 28, 2026

LOW

advanced-xml-reader

Score: 95/100 Advanced XML Reader <= 0.3.4 - External Entity Injection Affected: *-0.3.4 Patched: Updated: June 28, 2026

LOW

advanced-xml-reader

Score: 95/100 Advanced XML Reader Plugin <= 0.3.4 - XML External Entity Injection Affected: *-0.3.4 Patched: Updated: June 28, 2026

LOW

easy-adsense-lite

Score: 93/100 Easy Plugin for AdSense < 6.10 - Cross-Site Request Forgery Affected: [*, 6.10) Patched: 6.10 Updated: June 28, 2026

LOW

facebook-members

Score: 93/100 Facebook Members < 5.0.5 - Cross-Site Request Forgery Affected: [*, 5.0.5) Patched: 5.0.5 Updated: June 28, 2026

LOW

foursquare-checkins

Score: 93/100 FourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting Affected: [*, 1.3) Patched: 1.3 Updated: June 28, 2026

LOW

all-in-one-webmaster

Score: 97/100 WP Webmaster < 8.2.4 - Cross-Site Request Forgery Affected: [*, 8.2.4) Patched: 8.2.4 Updated: June 28, 2026

LOW

eelv-newsletter

Score: 89/100 EELV Newsletter <= 3.3.0 - Reflected Cross-Site Scripting Affected: *-3.3.0 Patched: 3.3.1 Updated: June 28, 2026

LOW

player

Score: N/A SpiderVPlayer <= 2.1 - SQL Injection Affected: *-2.1 Patched: Updated: June 28, 2026

LOW

spiffy

Score: N/A Spiffy XSPF Player <= 0.1 - SQL Injection Affected: *-0.1 Patched: Updated: June 28, 2026

LOW

ga-universal

Score: 93/100 GA Universal < 1.0.1 - Cross-Site Request Forgery Affected: [*, 1.0.1) Patched: 1.0.1 Updated: June 28, 2026

LOW

trafficanalyzer

Score: N/A Traffic Analyzer < 3.4.2 - Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: June 28, 2026

LOW

social-media-widget

Score: N/A Social Media Widget 4.0 - Spam Link Injection Affected: 4.0 Patched: 4.0.1 Updated: June 28, 2026

LOW

wp-download-manager

Score: N/A WP-DownloadManager Plugin < 1.61 - Cross-Site Scripting Affected: [*, 1.61) Patched: 1.61 Updated: June 28, 2026

LOW

social-media-widget

Score: N/A Social Media Widget <= 4.0 - Arbitrary File Upload Affected: *-4.0 Patched: 4.0.1 Updated: June 28, 2026

LOW

wp-print

Score: N/A WP-Print <= 2.51 - Cross-Site Request Forgery Affected: [*, 2.52) Patched: 2.52 Updated: June 28, 2026

LOW

types

Score: N/A Toolset Types <= 1.2.1.1 - Cross-Site Scripting Affected: *-1.2.1.1 Patched: 1.2.1.2 Updated: June 28, 2026

LOW

kioskprox

Score: 91/100 Kioskprox (Unkown Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 28, 2026

LOW

feedweb

Score: 93/100 Feedweb < 1.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 1.9) Patched: 1.9 Updated: June 28, 2026

LOW

drawblog

Score: 91/100 DrawBlog < 0.81 - Cross-Site Request Forgery Affected: [*, 0.81) Patched: 0.81 Updated: June 28, 2026

LOW

simple-fields

Score: N/A Simple Fields < 1.2 - Cross-Site Request Forgery Affected: [*, 1.2) Patched: 1.2 Updated: June 28, 2026

LOW

wp-funeral-press

Score: N/A WP FuneralPress <= 1.1.6 - Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: June 28, 2026

LOW

wp125

Score: N/A WP125 <= 1.4.9 - Cross-Site Request Forgery Affected: *-1.4.9 Patched: 1.5.0 Updated: June 28, 2026

LOW

mathjax-latex

Score: 93/100 MathJax-LaTeX < 1.2 - Cross-Site Request Forgery Affected: [*, 1.2) Patched: 1.2 Updated: June 28, 2026

LOW

levelfourstorefront

Score: 93/100 L4 Shopping Cart Plugin < 8.1.1 - SQL Injection Affected: *-8.1 Patched: 8.1.1 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.55 - SQL Injection Affected: *-2.55 Patched: 2.56 Updated: June 28, 2026

LOW

finalist

Score: 89/100 Finalist (All Versions) - SQL Injection Affected: * Patched: Updated: June 28, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy <= 2.2.28 - Sensitive Information Disclosure Affected: [*, 3.0) Patched: 3.0 Updated: June 28, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy < 3.0 - Authentication Bypass Affected: [*, 3.0) Patched: 3.0 Updated: June 28, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy < 3.0 - Authentication Bypass Affected: [*, 3.0) Patched: 3.0 Updated: June 28, 2026

LOW

backupbuddy

Score: 93/100 BackupBuddy < 3.0 - Authentication Bypass Affected: [*, 3.0) Patched: 3.0 Updated: June 28, 2026

LOW

faqs-manager

Score: 87/100 FAQs Manager <= 1.0 - SQL Injection Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

faqs-manager

Score: 87/100 FAQs Manager <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

faqs-manager

Score: 87/100 FAQs Manager <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

occasions

Score: N/A Occasions <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 28, 2026

LOW

o2s-gallery

Score: N/A o2s gallery <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: 1.1 Updated: June 28, 2026

LOW

wp-mailup

Score: N/A MailUp newsletter sign-up form < 1.3.2 - Cross-Site Scripting Affected: [*, 1.3.2) Patched: 1.3.2 Updated: June 28, 2026

LOW

timelineoptinpro

Score: N/A timelineoptinpro Plugin (All Versions) - Cross-Site Scripting Affected: * Patched: Updated: June 28, 2026

LOW

wp-mailup

Score: N/A MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting Affected: [*, 1.3.3) Patched: 1.3.3 Updated: June 28, 2026

LOW

leaguemanager

Score: 93/100 LeagueManager < 3.8.1 - SQL Injection Affected: [*, 3.8.1) Patched: 3.8.1 Updated: June 28, 2026

LOW

podpress

Score: N/A podPress <= 8.8.10.17 - Cross-Site Scripting via playerID Affected: *-8.8.10.17 Patched: Updated: June 28, 2026

LOW

terillion-reviews

Score: N/A Terillion Reviews < 1.2 - Stored Cross-Site Scripting Affected: [*, 1.2) Patched: 1.2 Updated: June 28, 2026

LOW

all-in-one-event-calendar

Score: 97/100 All-in-One Events Calendar < 1.10 - SQL Injection Affected: [*, 1.10) Patched: 1.10 Updated: June 28, 2026

LOW

count-per-day

Score: 93/100 Count per Day < 3.2.6 - Cross-Site Scripting Affected: [*, 3.2.6) Patched: 3.2.6 Updated: June 28, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager <= 5.3.6 - Multiple Cross-Site Scripting Affected: *-5.3.6 Patched: 5.3.6.1 Updated: June 28, 2026

LOW

googlealertandtwitterplugin

Score: 91/100 Google Alert and Twitter Plugin <= 3.1.5 - Multiple Vulnerabilities Affected: 3.1.5 Patched: Updated: June 28, 2026

LOW

magn-html5-drag-and-drop-media-uploader

Score: 93/100 Magn WP Drag And Drop Media Uploader <= 1.2.0 - Arbitrary File Upload Affected: *-1.2.0 Patched: 1.2.1 Updated: June 28, 2026

LOW

comment-rating

Score: 91/100 Comment Rating <= 2.9.32 - SQL Injection Affected: *-2.9.32 Patched: Updated: June 28, 2026

LOW

mingle-forum

Score: N/A Mingle Forum <= 1.0.33.3 - SQL Injection Affected: *-1.0.33.3 Patched: 1.0.34 Updated: June 28, 2026

LOW

mingle-forum

Score: N/A Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting Affected: *-1.0.33.3 Patched: 1.0.34 Updated: June 28, 2026

LOW

wp-topbar

Score: N/A WP-TopBar <= 3.04 - Cross-Site Scripting Affected: [*, 3.0.5) Patched: 3.0.5 Updated: June 28, 2026

LOW

smart-flv

Score: N/A Smart Flv <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

zopim-live-chat

Score: N/A Zendesk Chat < 1.2.6 - Cross-Site Scripting Affected: [*, 1.2.6) Patched: 1.2.6 Updated: June 28, 2026

LOW

wp-easy-gallery

Score: N/A WP Easy Gallery <= 2.7 - SQL Injection Affected: *-2.7 Patched: 2.7.1 Updated: June 28, 2026

LOW

responsive-logo-slideshow

Score: N/A Responsive Logo Slideshow < 1.2 - Cross-Site Scripting Affected: [*, 1.2) Patched: 1.2 Updated: June 28, 2026

LOW

marekkis-watermark

Score: 89/100 Marekkis Watermark-Plugin <= 0.9.4 - Cross-Site Scripting Affected: *-0.9.4 Patched: Updated: June 28, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 WordPress Gallery Plugin – NextGEN Gallery 1.9.10 - 1.9.11 - Full Path Disclosure Affected: 1.9.10-1.9.11 Patched: 2.0.0 Updated: June 28, 2026

LOW

editorial-calendar

Score: 93/100 Editorial Calendar <= 2.6 - Authenticated (Admin+) SQL Injection Affected: *-2.6 Patched: 2.7 Updated: June 28, 2026

LOW

wp-ecommerce-shop-styling

Score: N/A WP eCommerce Shop Styling < 1.8 - Remote File Inclusion Affected: [*, 1.8) Patched: 1.8 Updated: June 28, 2026

LOW

commentluv

Score: 91/100 CommentLuv < 2.92.4 - Reflected Cross-Site Scripting Affected: [*, 2.92.4) Patched: 2.92.4 Updated: June 28, 2026

LOW

wysija-newsletters

Score: N/A MailPoet Newsletters <= 2.2 - Multiple SQL Injections Affected: *-2.2 Patched: 2.2.1 Updated: June 28, 2026

LOW

yolink-search

Score: N/A yolink Search for WordPress < 2.6 - Reflected Cross-Site Scripting Affected: [*, 2.6) Patched: 2.6 Updated: June 28, 2026

LOW

wordpress-simple-shout-box

Score: N/A WordPress Shout Box Widget <= 2.0.2 - SQL Injection Affected: *-2.0.2 Patched: Updated: June 28, 2026

LOW

wordpress-gallery-plugin

Score: N/A WordPress Gallery Plugin <= 1.4 - Unauthenticated Remote File Inclusion Affected: *-1.4 Patched: Updated: June 28, 2026

LOW

rlswordpresssearch

Score: N/A RLSWordPressSearch (All Versions) - SQL Injection Affected: * Patched: Updated: June 28, 2026

LOW

portfolio-slideshow-pro

Score: N/A Portfolio Slideshow Pro <= 3.0 - SQL Injection Affected: * Patched: Updated: June 28, 2026

LOW

wp-homepage-slideshow

Score: N/A Homepage SlideShow <= 2.3 - Arbitrary File Upload Affected: *-2.3 Patched: Updated: June 28, 2026

LOW

audio-player

Score: 93/100 Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter Affected: [*, 2.0.4.6) Patched: 2.0.4.6 Updated: June 28, 2026

LOW

accordion

Score: 95/100 Accordion (All Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 28, 2026

LOW

wp-levoslideshow

Score: N/A Levo Slideshow <= 2.3 - Arbitrary File Upload Affected: *-2.3 Patched: Updated: June 28, 2026

LOW

power-zoomer

Score: N/A Power Zoomer <= 1.2 - Arbitrary File Upload Affected: *-1.2 Patched: Updated: June 28, 2026

LOW

dynamic-font-replacement-4wp

Score: 89/100 Dynamic Font Replacement DFR4WP EN <= 1.3 EN - SQL Injection Affected: * - 1.3 EN Patched: Updated: June 28, 2026

LOW

wp-file-uploader

Score: N/A WordPress File Uploader <= 1.1 - Arbitrary File Upload Affected: *-1.1 Patched: Updated: June 28, 2026

LOW

devformatter

Score: 91/100 Developer Formatter < 2013.0.1.41 - Cross-Site Request Forgery Affected: [*, 2013.0.1.41) Patched: 2013.0.1.41 Updated: June 28, 2026

LOW

cardoza-wordpress-poll

Score: 91/100 WordPress Poll <= 34.05 - SQL Injection Affected: *-34.05 Patched: 34.06 Updated: June 28, 2026

LOW

cardoza-wordpress-poll

Score: 91/100 WordPress Poll < 34.06 - SQL Injection Affected: *-34.05 Patched: 34.06 Updated: June 28, 2026

LOW

ripe-hd-player

Score: N/A Ripe HD FLV <= 1.1 - Full Path Disclosure Affected: *-1.1 Patched: Updated: June 28, 2026

LOW

ripe-hd-player

Score: N/A Ripe HD FLV <= 1.1 - SQL Injection Affected: *-1.1 Patched: Updated: June 28, 2026

LOW

zingiri-forum

Score: N/A Forums < 1.4.4 - Directory Traversal Affected: [*, 1.4.4) Patched: 1.4.4 Updated: June 28, 2026

LOW

google-xml-sitemaps-generator

Score: 93/100 Google XML Sitemaps Generator < 3.2.9 - Authenticated (Admin+) PHP Code Injection Affected: *-3.2.8 Patched: 3.2.9 Updated: June 28, 2026

LOW

google-document-embedder

Score: 91/100 Google Doc Embedder < 2.5.4 - Directory Traversal Affected: [*, 2.5.4) Patched: 2.5.4 Updated: June 28, 2026

LOW

spam-free-wordpress

Score: N/A Spam Free WordPress <= 1.9.3 - IP Protection Bypass Affected: *-1.9.3 Patched: 2.0 Updated: June 28, 2026

LOW

spam-free-wordpress

Score: N/A Spam Free WordPress <= 1.9.3 - Full Path Disclosure Affected: *-1.9.3 Patched: 2.0 Updated: June 28, 2026

LOW

openinviter-for-wordpress

Score: N/A OpenInviter for WordPress <= 1.7.0 - Sensitive Information Disclosure Affected: *-1.7.0 Patched: Updated: June 28, 2026

LOW

xerte-online

Score: N/A Xerte Online <= 0.35 - Arbitrary File Upload Affected: *-0.35 Patched: 0.36 Updated: June 28, 2026

LOW

reflex-gallery

Score: N/A ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload Affected: [*, 3.1.4) Patched: 3.1.4 Updated: June 28, 2026

LOW

levelfourstorefront

Score: 93/100 Level Four Store Front < 8.1.15 - Arbitrary File Upload Affected: [*, 8.1.15) Patched: 8.1.15 Updated: June 28, 2026

LOW

download-shortcode

Score: 93/100 Download Shortcode <= 0.2.3 - Directory Traversal Affected: *-0.2.3 Patched: 1.0 Updated: June 28, 2026

LOW

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 3.5.1 - Remote Code Execution via Remote File Inclusion Affected: *-3.5.1 Patched: 3.5.2 Updated: June 28, 2026

LOW

mingle-forum

Score: N/A Mingle Forum <= 1.0.34 - Cross-Site Request Forgery Affected: *-1.0.34 Patched: 1.0.35 Updated: June 28, 2026

LOW

sintic_gallery

Score: N/A sintic_gallery (All Known Versions) - Arbitrary File Upload Affected: * Patched: Updated: June 28, 2026

LOW

sb-uploader

Score: N/A SB Uploader <= 4.8 - Arbitrary File Upload Affected: *-4.8 Patched: Updated: June 28, 2026

LOW

grou-random-image-widget

Score: 91/100 Grou Random Image Widget <= 1.18 - Full Path Disclosure Affected: * Patched: Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.53 - Sensitive Information Disclosure Affected: [*, 2.53) Patched: 2.53 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.53 - SQL Injection Affected: [*, 2.53) Patched: 2.53 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 3.1.0 - Arbitrary File Deletion Affected: [*, 3.1.0) Patched: 3.1.0 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.00 - Arbitrary File Modification Affected: *-2.00 Patched: 2.10 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.00 - SQL Injection Affected: [*, 2.10) Patched: 2.10 Updated: June 28, 2026

Showing 35701 to 35800 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 28, 2026 at 22:34 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List