Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36304

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
codistoconnect	codistoconnect	89	Omnichannel for WooCommerce <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.3.65		June 30, 2026
cleverreach-wp	cleverreach-wp	93	CleverReach® WP <= 1.5.21 - Unauthenticated SQL Injection	LOW	*-1.5.21	1.5.22	June 30, 2026
addons-for-visual-composer	addons-for-visual-composer	93	Livemesh Addons for WPBakery Page Builder <= 3.9.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.9.4		June 30, 2026
Drag and Drop Multiple File Upload for Contact Form 7	drag-and-drop-multiple-file-upload-contact-form-7	93	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion	LOW	*-1.3.9.2	1.3.9.3	June 30, 2026
wp-members	wp-members	N/A	WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields	LOW	*-3.5.4.3	3.5.4.4	June 30, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin	simply-schedule-appointments	N/A	Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters	LOW	*-1.6.9.9	1.6.9.13	June 30, 2026
universal-google-adsense-and-ads-manager	universal-google-adsense-and-ads-manager	N/A	Universal Google Adsense and Ads manager <= 1.1.8 - Missing Authorization	LOW	*-1.1.8		June 30, 2026
simple-gdpr-cookie-compliance	simple-gdpr-cookie-compliance	N/A	Simple GDPR Cookie Compliance <= 2.0.0 - Missing Authorization	LOW	*-2.0.0	2.0.1	June 30, 2026
x-addons-elementor	x-addons-elementor	N/A	X Addons for Elementor <= 1.0.23 - Missing Authorization	LOW	*-1.0.23		June 30, 2026
penci-review	penci-review	N/A	Penci Review <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5		June 30, 2026
penci-pay-writer	penci-pay-writer	N/A	Penci Pay Writer <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5		June 30, 2026
modular-connector	modular-connector	93	Modular DS <= 2.5.1 - Unauthenticated Privilege Escalation	LOW	*-2.5.1	2.5.2	June 30, 2026
alma-gateway-for-woocommerce	alma-gateway-for-woocommerce	97	Alma <= 5.16.1 - Missing Authorization	LOW	*-5.16.1	5.16.2	June 30, 2026
bayarcash-wc	bayarcash-wc	93	Bayarcash WooCommerce <= 4.3.12 - Missing Authorization	LOW	*-4.3.12	4.3.14	June 30, 2026
float-gateway	float-gateway	93	Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation	LOW	*-1.1.9	1.1.10	June 30, 2026
wp-allow-hosts	wp-allow-hosts	N/A	WP Allowed Hosts <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter	LOW	*-1.0.8		June 30, 2026
linkedin-sc	linkedin-sc	91	LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page	LOW	*-1.1.9		June 30, 2026
shipping-rate-by-cities	shipping-rate-by-cities	N/A	Shipping Rate By Cities <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter	LOW	*-2.0.0	2.0.1	June 30, 2026
stopwords-for-comments	stopwords-for-comments	N/A	Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery	LOW	*-1.1		June 30, 2026
wmf-mobile-redirector	wmf-mobile-redirector	N/A	WMF Mobile Redirector <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters	LOW	*-1.2		June 30, 2026
short-link	short-link	N/A	Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page	LOW	*-1.0		June 30, 2026
aplazo-payment-gateway	aplazo-payment-gateway	97	Aplazo Payment Gateway <= 1.4.3 - Missing Authorization to Unauthenticated Order Status Manipulation	LOW	*-1.4.3	1.5.0	June 30, 2026
payhere-payment-gateway	payhere-payment-gateway	N/A	PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification	LOW	*-2.3.9	2.4.0	June 30, 2026
electric-studio-download-counter	electric-studio-download-counter	91	Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters	LOW	*-2.4		June 30, 2026
auto-post-to-social-media-wp-to-social-champ	auto-post-to-social-media-wp-to-social-champ	93	SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-1.3.5	1.3.6	June 30, 2026
perfit-woocommerce	perfit-woocommerce	N/A	Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion	LOW	*-1.0.1		June 30, 2026
list-site-contributors	list-site-contributors	91	List Site Contributors <= 1.1.8 - Reflected Cross-Site Scripting via alpha	LOW	*-1.1.8		June 30, 2026
news-and-blog-designer-bundle	news-and-blog-designer-bundle	N/A	News and Blog Designer Bundle <= 1.1 - Unauthenticated Local File Inclusion	LOW	*-1.1		June 30, 2026
ajs-footnotes	ajs-footnotes	95	AJS Footnotes <= 1.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
sosh-share-buttons	sosh-share-buttons	N/A	Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery	LOW	*-1.1.0		June 30, 2026
dashboard-builder	dashboard-builder	91	DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection	LOW	*-1.5.7		June 30, 2026
name-directory	name-directory	N/A	Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters	LOW	*-1.30.3	1.31.0	June 30, 2026
woosa-ai-for-woocommerce	woosa-ai-for-woocommerce	N/A	Integration Opvius AI for WooCommerce <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal	LOW	*-1.3.0		June 30, 2026
geeky-bot	geeky-bot	93	GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1.8	1.1.9	June 30, 2026
getcontentfromurl	getcontentfromurl	91	GetContentFromURL <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute	LOW	*-1.0		June 30, 2026
gotham-block-extra-light	gotham-block-extra-light	93	Gotham Block Extra Light <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-1.5.0	1.6.0	June 30, 2026
gotham-block-extra-light	gotham-block-extra-light	93	Gotham Block Extra Light <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode	LOW	*-1.5.0	1.6.0	June 30, 2026
wpblogsync	wpblogsync	N/A	WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update	LOW	*-1.0		June 30, 2026
netcash-pay-now-payment-gateway-for-woocommerce	netcash-pay-now-payment-gateway-for-woocommerce	N/A	Netcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status Modification	LOW	*-4.1.3	4.1.4	June 30, 2026
flat-shipping-rate-by-city-for-woocommerce	flat-shipping-rate-by-city-for-woocommerce	91	Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter	LOW	*-1.0.3		June 30, 2026
spiceforms-form-builder	spiceforms-form-builder	N/A	SpiceForms Form Builder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0		June 30, 2026
crush-pics	crush-pics	91	Crush.pics Image Optimizer <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update	LOW	*-1.8.7		June 30, 2026
real-post-slider-lite	real-post-slider-lite	N/A	Real Post Slider Lite <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings	LOW	*-2.4		June 30, 2026
makesweat	makesweat	91	Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting	LOW	*-0.1		June 30, 2026
internal-link-builder	internal-link-builder	89	Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings	LOW	*-1.0		June 30, 2026
lottiefiles	lottiefiles	93	LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure	LOW	*-3.0.0	3.1.0	June 30, 2026
responsive-accordion-slider	responsive-accordion-slider	N/A	Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'	LOW	*-1.2.2		June 30, 2026
pdf-resume-parser	pdf-resume-parser	N/A	PDF Resume Parser <= 1.0 - Unauthenticated Sensitive Information Disclosure in SMTP Credentials	LOW	*-1.0		June 30, 2026
wp-crm-system	wp-crm-system	N/A	WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification	LOW	*-3.4.5	3.4.6	June 30, 2026
searchwiz	searchwiz	N/A	SearchWiz <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title	LOW	*-1.0.0		June 30, 2026
testimonials-creator	testimonials-creator	N/A	Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	1.6		June 30, 2026
kunze-law	kunze-law	91	Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1		June 30, 2026
wplms_plugin	wplms_plugin	N/A	WPLMS <= 1.9.9.5.4 - Unauthenticated Arbitrary File Deletion	LOW	*-1.9.9.5.4		June 30, 2026
tutor-pro	tutor-pro	N/A	Tutor LMS Pro <= 3.9.6 - Unauthenticated SQL Injection	LOW	*-3.9.6	3.9.7	June 30, 2026
seriously-simple-podcasting	seriously-simple-podcasting	N/A	Seriously Simple Podcasting <= 3.14.1 - Authenticated (Editor+) Server-Side Request Forgery	LOW	*-3.14.1	3.14.2	June 30, 2026
realpress	realpress	N/A	RealPress – Real Estate Plugin <= 1.1.0 - Cross-Site Request Forgery	LOW	*-1.1.0	1.1.1	June 30, 2026
laurent-core	laurent-core	91	Laurent Core <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.4.1		June 30, 2026
jnews-video	jnews-video	91	JNews - Video <= 11.0.2 - Reflected Cross-Site Scripting	LOW	*-11.0.2		June 30, 2026
jnews-pay-writer	jnews-pay-writer	91	JNews - Pay Writer <= 11.0.0 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-11.0.0		June 30, 2026
hide_my_wp	hide_my_wp	91	Hide My WP <= 6.2.12 - Reflected Cross-Site Scripting	LOW	*-6.2.12		June 30, 2026
hdforms	hdforms	93	HDForms <= 1.6.1 - Unauthenticated Arbitrary File Deletion	LOW	*-1.6.1	1.6.2	June 30, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	FluentForm <= 6.1.11 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-6.1.11	6.1.12	June 30, 2026
dt-reservation-plugin	dt-reservation-plugin	91	Reservation <= 1.7 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.7		June 30, 2026
Breeze Cache	breeze	79	Breeze <= 2.2.21 - Missing Authorization	LOW	*-2.2.21	2.2.22	June 30, 2026
flex-qr-code-generator	flex-qr-code-generator	91	Flex QR Code Generator <= 1.2.10 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.2.10		June 30, 2026
wp-lead-capture	wp-lead-capture	N/A	Lead Capturing Pages <= 2.5 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.5		June 30, 2026
wp-duplicate-page	wp-duplicate-page	N/A	WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication	LOW	*-1.8	1.8.1	June 30, 2026
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks	uichemy	N/A	UiChemy <= 4.4.2 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-4.4.2	4.4.3	June 30, 2026
top_bar_promoter	top_bar_promoter	N/A	xPromoter <= 1.3.4 - Reflected Cross-Site Scripting	LOW	*-1.3.4		June 30, 2026
sctv-sales-countdown-timer	sctv-sales-countdown-timer	N/A	Sales Countdown Timer for WooCommerce and WordPress <= 1.1.8.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.1.8.1		June 30, 2026
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates	responsive-addons-for-elementor	N/A	Responsive Addons for Elementor <= 2.0.8 - Missing Authorization	LOW	*-2.0.8	2.0.9	June 30, 2026
profile-builder	profile-builder	N/A	User Profile Builder <= 3.15.1 - Unauthenticated Privilege Escalation via Account Takeover	LOW	*-3.15.1	3.15.2	June 30, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core <= 4.10.1 - Authenticated (Contributor+) PHP Object Injection	LOW	*-4.10.1	4.11.0	June 30, 2026
jnews-frontend-submit	jnews-frontend-submit	91	JNews - Frontend Submit <= 11.0.0 - Reflected Cross-Site Scripting	LOW	*-11.0.0		June 30, 2026
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management	74	EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API	LOW	*-4.2.7.0	4.2.8.0	June 30, 2026
ecwid-shopping-cart	ecwid-shopping-cart	93	Ecwid Shopping Cart <= 7.0.6 - Missing Authorization	LOW	*-7.0.6	7.0.7	June 30, 2026
dzs-videogallery	dzs-videogallery	91	DZS Video Gallery <= 12.39 - Authenticated (Subscriber+) SQL Injection	LOW	*-12.39	12.40	June 30, 2026
cp-image-store	cp-image-store	93	CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import	LOW	*-1.1.9	1.2.0	June 30, 2026
accordion_slider_pro	accordion_slider_pro	95	Accordion Slider PRO <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 30, 2026
wp-popups-lite	wp-popups-lite	N/A	WP Popups <= 2.2.0.5 - Missing Authorization	LOW	*-2.2.0.5	2.2.0.6	June 30, 2026
easy-modal	easy-modal	91	Easy Modal <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.0		June 30, 2026
popcashnet-code-integration-tool	popcashnet-code-integration-tool	N/A	PopCash.Net Code Integration Tool <= 1.8 - Missing Authorization	LOW	*-1.8	2.0	June 30, 2026
post-expirator	post-expirator	N/A	Post Expirator <= 4.9.3 - Missing Authorization	LOW	*-4.9.3	4.9.4	June 30, 2026
penci-recipe	penci-recipe	N/A	Penci Recipe <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1		June 30, 2026
penci-podcast	penci-podcast	N/A	Penci Podcast <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7		June 30, 2026
penci-filter-everything	penci-filter-everything	N/A	Penci Filter Everything <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7		June 30, 2026
penci-ai	penci-ai	N/A	Penci AI SmartContent Creator <= 2.0 - Missing Authorization	LOW	*-2.0		June 30, 2026
Kadence Central – Site Management, Backups, Security, and Reporting	ithemes-sync	82	Solid Central – Site Management, Backups, Security, and Reporting <= 3.2.8 - Missing Authorization	LOW	*-3.2.8	3.2.9	June 30, 2026
hurrytimer	hurrytimer	93	HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.14.2 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-2.14.2	2.14.3	June 30, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Amelia <= 1.2.38 - Missing Authorization	LOW	*-1.2.38	2.0	June 30, 2026
penci-shortcodes	penci-shortcodes	N/A	Penci Shortcodes & Performance <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.1	6.2	June 30, 2026
page-builder-add	page-builder-add	N/A	Landing Page Builder <= 1.5.3.4 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.5.3.4	1.5.3.5	June 30, 2026
terms-descriptions	terms-descriptions	N/A	Terms descriptions <= 3.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.4.9	3.4.10	June 30, 2026
suggestion-toolkit	suggestion-toolkit	N/A	Suggestion Toolkit <= 5.0 - Missing Authorization	LOW	*-5.0		June 30, 2026
neoforum	neoforum	N/A	Neoforum <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
neoforum	neoforum	N/A	Neoforum <= 1.0 - Authenticated (Administrator+) SQL Injection	LOW	*-1.0		June 30, 2026
woo-addon-uploads	woo-addon-uploads	N/A	File Uploads Addon for WooCommerce <= 1.7.3 - Missing Authorization	LOW	*-1.7.3	1.7.4	June 30, 2026
logo-slider-wp	logo-slider-wp	89	Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-4.9.0		June 30, 2026
trusona	trusona	N/A	Trusona for WordPress <= 2.0.0 - Missing Authorization	LOW	*-2.0.0		June 30, 2026
uper-elementor	uper-elementor	N/A	Uper for Elementor <= 1.0.5 - Missing Authorization	LOW	*-1.0.5		June 30, 2026

LOW

codistoconnect

Score: 89/100 Omnichannel for WooCommerce <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.65 Patched: Updated: June 30, 2026

LOW

cleverreach-wp

Score: 93/100 CleverReach® WP <= 1.5.21 - Unauthenticated SQL Injection Affected: *-1.5.21 Patched: 1.5.22 Updated: June 30, 2026

LOW

addons-for-visual-composer

Score: 93/100 Livemesh Addons for WPBakery Page Builder <= 3.9.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.9.4 Patched: Updated: June 30, 2026

LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion Affected: *-1.3.9.2 Patched: 1.3.9.3 Updated: June 30, 2026

LOW

Score: N/A WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields Affected: *-3.5.4.3 Patched: 3.5.4.4 Updated: June 30, 2026

LOW

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

Score: N/A Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters Affected: *-1.6.9.9 Patched: 1.6.9.13 Updated: June 30, 2026

LOW

universal-google-adsense-and-ads-manager

Score: N/A Universal Google Adsense and Ads manager <= 1.1.8 - Missing Authorization Affected: *-1.1.8 Patched: Updated: June 30, 2026

LOW

simple-gdpr-cookie-compliance

Score: N/A Simple GDPR Cookie Compliance <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

x-addons-elementor

Score: N/A X Addons for Elementor <= 1.0.23 - Missing Authorization Affected: *-1.0.23 Patched: Updated: June 30, 2026

LOW

penci-review

Score: N/A Penci Review <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5 Patched: Updated: June 30, 2026

LOW

penci-pay-writer

Score: N/A Penci Pay Writer <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

modular-connector

Score: 93/100 Modular DS <= 2.5.1 - Unauthenticated Privilege Escalation Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

alma-gateway-for-woocommerce

Score: 97/100 Alma <= 5.16.1 - Missing Authorization Affected: *-5.16.1 Patched: 5.16.2 Updated: June 30, 2026

LOW

bayarcash-wc

Score: 93/100 Bayarcash WooCommerce <= 4.3.12 - Missing Authorization Affected: *-4.3.12 Patched: 4.3.14 Updated: June 30, 2026

LOW

float-gateway

Score: 93/100 Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation Affected: *-1.1.9 Patched: 1.1.10 Updated: June 30, 2026

LOW

wp-allow-hosts

Score: N/A WP Allowed Hosts <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

linkedin-sc

Score: 91/100 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

shipping-rate-by-cities

Score: N/A Shipping Rate By Cities <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

stopwords-for-comments

Score: N/A Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

wmf-mobile-redirector

Score: N/A WMF Mobile Redirector <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

short-link

Score: N/A Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

aplazo-payment-gateway

Score: 97/100 Aplazo Payment Gateway <= 1.4.3 - Missing Authorization to Unauthenticated Order Status Manipulation Affected: *-1.4.3 Patched: 1.5.0 Updated: June 30, 2026

LOW

payhere-payment-gateway

Score: N/A PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification Affected: *-2.3.9 Patched: 2.4.0 Updated: June 30, 2026

LOW

electric-studio-download-counter

Score: 91/100 Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

auto-post-to-social-media-wp-to-social-champ

Score: 93/100 SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.3.5 Patched: 1.3.6 Updated: June 30, 2026

LOW

perfit-woocommerce

Score: N/A Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

list-site-contributors

Score: 91/100 List Site Contributors <= 1.1.8 - Reflected Cross-Site Scripting via alpha Affected: *-1.1.8 Patched: Updated: June 30, 2026

LOW

news-and-blog-designer-bundle

Score: N/A News and Blog Designer Bundle <= 1.1 - Unauthenticated Local File Inclusion Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

ajs-footnotes

Score: 95/100 AJS Footnotes <= 1.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

sosh-share-buttons

Score: N/A Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

dashboard-builder

Score: 91/100 DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection Affected: *-1.5.7 Patched: Updated: June 30, 2026

LOW

name-directory

Score: N/A Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters Affected: *-1.30.3 Patched: 1.31.0 Updated: June 30, 2026

LOW

woosa-ai-for-woocommerce

Score: N/A Integration Opvius AI for WooCommerce <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal Affected: *-1.3.0 Patched: Updated: June 30, 2026

LOW

geeky-bot

Score: 93/100 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

getcontentfromurl

Score: 91/100 GetContentFromURL <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

gotham-block-extra-light

Score: 93/100 Gotham Block Extra Light <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-1.5.0 Patched: 1.6.0 Updated: June 30, 2026

LOW

gotham-block-extra-light

Score: 93/100 Gotham Block Extra Light <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode Affected: *-1.5.0 Patched: 1.6.0 Updated: June 30, 2026

LOW

wpblogsync

Score: N/A WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

netcash-pay-now-payment-gateway-for-woocommerce

Score: N/A Netcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status Modification Affected: *-4.1.3 Patched: 4.1.4 Updated: June 30, 2026

LOW

flat-shipping-rate-by-city-for-woocommerce

Score: 91/100 Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

spiceforms-form-builder

Score: N/A SpiceForms Form Builder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

crush-pics

Score: 91/100 Crush.pics Image Optimizer <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Affected: *-1.8.7 Patched: Updated: June 30, 2026

LOW

real-post-slider-lite

Score: N/A Real Post Slider Lite <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

makesweat

Score: 91/100 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

internal-link-builder

Score: 89/100 Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

lottiefiles

Score: 93/100 LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure Affected: *-3.0.0 Patched: 3.1.0 Updated: June 30, 2026

LOW

responsive-accordion-slider

Score: N/A Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images' Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

pdf-resume-parser

Score: N/A PDF Resume Parser <= 1.0 - Unauthenticated Sensitive Information Disclosure in SMTP Credentials Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-crm-system

Score: N/A WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification Affected: *-3.4.5 Patched: 3.4.6 Updated: June 30, 2026

LOW

searchwiz

Score: N/A SearchWiz <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

testimonials-creator

Score: N/A Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: 1.6 Patched: Updated: June 30, 2026

LOW

kunze-law

Score: 91/100 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

wplms_plugin

Score: N/A WPLMS <= 1.9.9.5.4 - Unauthenticated Arbitrary File Deletion Affected: *-1.9.9.5.4 Patched: Updated: June 30, 2026

LOW

tutor-pro

Score: N/A Tutor LMS Pro <= 3.9.6 - Unauthenticated SQL Injection Affected: *-3.9.6 Patched: 3.9.7 Updated: June 30, 2026

LOW

seriously-simple-podcasting

Score: N/A Seriously Simple Podcasting <= 3.14.1 - Authenticated (Editor+) Server-Side Request Forgery Affected: *-3.14.1 Patched: 3.14.2 Updated: June 30, 2026

LOW

realpress

Score: N/A RealPress – Real Estate Plugin <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

laurent-core

Score: 91/100 Laurent Core <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.4.1 Patched: Updated: June 30, 2026

LOW

jnews-video

Score: 91/100 JNews - Video <= 11.0.2 - Reflected Cross-Site Scripting Affected: *-11.0.2 Patched: Updated: June 30, 2026

LOW

jnews-pay-writer

Score: 91/100 JNews - Pay Writer <= 11.0.0 - Authenticated (Subscriber+) Local File Inclusion Affected: *-11.0.0 Patched: Updated: June 30, 2026

LOW

hide_my_wp

Score: 91/100 Hide My WP <= 6.2.12 - Reflected Cross-Site Scripting Affected: *-6.2.12 Patched: Updated: June 30, 2026

LOW

hdforms

Score: 93/100 HDForms <= 1.6.1 - Unauthenticated Arbitrary File Deletion Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 FluentForm <= 6.1.11 - Unauthenticated Arbitrary Shortcode Execution Affected: *-6.1.11 Patched: 6.1.12 Updated: June 30, 2026

LOW

dt-reservation-plugin

Score: 91/100 Reservation <= 1.7 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

Breeze Cache

breeze

Score: 79/100 Breeze <= 2.2.21 - Missing Authorization Affected: *-2.2.21 Patched: 2.2.22 Updated: June 30, 2026

LOW

flex-qr-code-generator

Score: 91/100 Flex QR Code Generator <= 1.2.10 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.2.10 Patched: Updated: June 30, 2026

LOW

wp-lead-capture

Score: N/A Lead Capturing Pages <= 2.5 - Authenticated (Subscriber+) SQL Injection Affected: *-2.5 Patched: Updated: June 30, 2026

LOW

wp-duplicate-page

Score: N/A WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication Affected: *-1.8 Patched: 1.8.1 Updated: June 30, 2026

LOW

UiChemy — Figma Converter for Elementor, Gutenberg and Bricks

uichemy

Score: N/A UiChemy <= 4.4.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.4.2 Patched: 4.4.3 Updated: June 30, 2026

LOW

top_bar_promoter

Score: N/A xPromoter <= 1.3.4 - Reflected Cross-Site Scripting Affected: *-1.3.4 Patched: Updated: June 30, 2026

LOW

sctv-sales-countdown-timer

Score: N/A Sales Countdown Timer for WooCommerce and WordPress <= 1.1.8.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.8.1 Patched: Updated: June 30, 2026

LOW

Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates

responsive-addons-for-elementor

Score: N/A Responsive Addons for Elementor <= 2.0.8 - Missing Authorization Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

profile-builder

Score: N/A User Profile Builder <= 3.15.1 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-3.15.1 Patched: 3.15.2 Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core <= 4.10.1 - Authenticated (Contributor+) PHP Object Injection Affected: *-4.10.1 Patched: 4.11.0 Updated: June 30, 2026

LOW

jnews-frontend-submit

Score: 91/100 JNews - Frontend Submit <= 11.0.0 - Reflected Cross-Site Scripting Affected: *-11.0.0 Patched: Updated: June 30, 2026

LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API Affected: *-4.2.7.0 Patched: 4.2.8.0 Updated: June 30, 2026

LOW

ecwid-shopping-cart

Score: 93/100 Ecwid Shopping Cart <= 7.0.6 - Missing Authorization Affected: *-7.0.6 Patched: 7.0.7 Updated: June 30, 2026

LOW

dzs-videogallery

Score: 91/100 DZS Video Gallery <= 12.39 - Authenticated (Subscriber+) SQL Injection Affected: *-12.39 Patched: 12.40 Updated: June 30, 2026

LOW

cp-image-store

Score: 93/100 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import Affected: *-1.1.9 Patched: 1.2.0 Updated: June 30, 2026

LOW

accordion_slider_pro

Score: 95/100 Accordion Slider PRO <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

wp-popups-lite

Score: N/A WP Popups <= 2.2.0.5 - Missing Authorization Affected: *-2.2.0.5 Patched: 2.2.0.6 Updated: June 30, 2026

LOW

easy-modal

Score: 91/100 Easy Modal <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: June 30, 2026

LOW

popcashnet-code-integration-tool

Score: N/A PopCash.Net Code Integration Tool <= 1.8 - Missing Authorization Affected: *-1.8 Patched: 2.0 Updated: June 30, 2026

LOW

post-expirator

Score: N/A Post Expirator <= 4.9.3 - Missing Authorization Affected: *-4.9.3 Patched: 4.9.4 Updated: June 30, 2026

LOW

penci-recipe

Score: N/A Penci Recipe <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1 Patched: Updated: June 30, 2026

LOW

penci-podcast

Score: N/A Penci Podcast <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

penci-filter-everything

Score: N/A Penci Filter Everything <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

penci-ai

Score: N/A Penci AI SmartContent Creator <= 2.0 - Missing Authorization Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

Kadence Central – Site Management, Backups, Security, and Reporting

ithemes-sync

Score: 82/100 Solid Central – Site Management, Backups, Security, and Reporting <= 3.2.8 - Missing Authorization Affected: *-3.2.8 Patched: 3.2.9 Updated: June 30, 2026

LOW

hurrytimer

Score: 93/100 HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.14.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.14.2 Patched: 2.14.3 Updated: June 30, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Amelia <= 1.2.38 - Missing Authorization Affected: *-1.2.38 Patched: 2.0 Updated: June 30, 2026

LOW

penci-shortcodes

Score: N/A Penci Shortcodes & Performance <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.1 Patched: 6.2 Updated: June 30, 2026

LOW

page-builder-add

Score: N/A Landing Page Builder <= 1.5.3.4 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.5.3.4 Patched: 1.5.3.5 Updated: June 30, 2026

LOW

terms-descriptions

Score: N/A Terms descriptions <= 3.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.4.9 Patched: 3.4.10 Updated: June 30, 2026

LOW

suggestion-toolkit

Score: N/A Suggestion Toolkit <= 5.0 - Missing Authorization Affected: *-5.0 Patched: Updated: June 30, 2026

LOW

neoforum

Score: N/A Neoforum <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

neoforum

Score: N/A Neoforum <= 1.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

woo-addon-uploads

Score: N/A File Uploads Addon for WooCommerce <= 1.7.3 - Missing Authorization Affected: *-1.7.3 Patched: 1.7.4 Updated: June 30, 2026

LOW

logo-slider-wp

Score: 89/100 Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.9.0 Patched: Updated: June 30, 2026

LOW

trusona

Score: N/A Trusona for WordPress <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

uper-elementor

Score: N/A Uper for Elementor <= 1.0.5 - Missing Authorization Affected: *-1.0.5 Patched: Updated: June 30, 2026

Showing 3501 to 3600 of 36304 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 17:32 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List