Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
monsters-editor-10-for-wp-super-edit	monsters-editor-10-for-wp-super-edit	N/A	Monsters Editor for WP Super Edit <= 1.1 - Arbitrary File Upload	LOW	*-1.1		June 28, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	iThemes Security < 3.4.4 - Cross-Site Scripting	LOW	[*, 3.4.4)	3.4.4	June 28, 2026
quick-post-widget	quick-post-widget	N/A	Quick Post Widget <= 1.9.1 - Multiple Cross-Site Scripting	LOW	*-1.9.1		June 28, 2026
wp-simplemail	wp-simplemail	N/A	WP SimpleMail <= 1.0.6 - Cross-Site Scripting	LOW	*-1.0.6		June 28, 2026
threewp-email-reflector	threewp-email-reflector	N/A	ThreeWP Email Reflector < 1.16 - Cross-Site Scripting	LOW	[*, 1.16)	1.16	June 28, 2026
postie	postie	N/A	Postie < 1.4.10 - Cross-Site Scripting	LOW	*-1.4.9	1.4.10	June 28, 2026
mini-mail-dashboard-widget	mini-mail-dashboard-widget	N/A	Mini Mail Dashboard Widget < 1.43 - Cross-Site Scripting	LOW	[*, 1.43)	1.43	June 28, 2026
vitamin	vitamin	N/A	Vitamin < 1.1.0 - Directory Traversal	LOW	[*, 1.1.0)	1.1.0	June 28, 2026
kau-boys-backend-localization	kau-boys-backend-localization	91	Backend Localization <= 2.0 - Reflected Cross-Site Scripting	LOW	*-2.0	2.0.1	June 28, 2026
kau-boys-backend-localization	kau-boys-backend-localization	91	Backend Localization <= 1.9 - Reflected Cross-Site Scripting	LOW	1.6.1	2.0	June 28, 2026
twitter-plugin	twitter-plugin	N/A	BestWebSoft's Twitter <= 2.14 - Cross-Site Request Forgery	LOW	*-2.14	2.15	June 28, 2026
portfolio-by-lisa-westlund	portfolio-by-lisa-westlund	N/A	Portfolio Plugin <= 2.04 - Cross-Site Request Forgery	LOW	*-2.04	2.05	June 28, 2026
count-per-day	count-per-day	93	Count per Day Plugin < 3.2.3 - Cross-Site Scripting	LOW	[*, 3.2.3)	3.2.3	June 28, 2026
wppageflip	wppageflip	N/A	A Page Flip Book < 3.0 - Directory Traversal	LOW	[*, 3.0)	3.0	June 28, 2026
wp-cleanfix	wp-cleanfix	N/A	WP Cleanfix <= 3.0.1 - Cross-Site Request Forgery	LOW	*-3.0.1	3.0.2	June 28, 2026
job-manager	job-manager	89	Job Manager <= 0.7.18 - Cross-Site Scripting	LOW	*-0.7.18	0.7.19	June 28, 2026
radykal-fancy-gallery	radykal-fancy-gallery	N/A	Radykal Fancy Gallery <= 1.2.4 - Arbitrary File Upload	LOW	*-1.2.4		June 28, 2026
ajax_multi_upload	ajax_multi_upload	97	AJAX Multi Upload <= 1.1 - Arbitrary File Upload	LOW	*-1.1	2.0	June 28, 2026
flipbook	flipbook	91	FlipBook <= 1.0 - Arbitrary File Upload	LOW	*-1.0		June 28, 2026
wp-imagezoom	wp-imagezoom	N/A	Wp-ImageZoom < 1.0.5 - Directory Traversal	LOW	[*, 1.0.5)	1.0.5	June 28, 2026
quick-chat	quick-chat	N/A	Quick Chat < 4.00 - SQL Injection	LOW	[*, 4.00)	4.00	June 28, 2026
lim4wp	lim4wp	91	lim4wp <= 1.1.1 - Arbitrary File Upload	LOW	*-1.1.1		June 28, 2026
lb-mixed-slideshow	lb-mixed-slideshow	91	LB Mixed Slideshow for WordPress <= 1.0 - Arbitrary File Upload	LOW	*-1.0		June 28, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	NextGen Gallery <= 1.9.7 - Cross-Site Scripting	LOW	*-1.9.7	1.9.8	June 28, 2026
invit0r	invit0r	91	Invit0r <= 0.22 - Arbitrary File Upload	LOW	*-0.22		June 28, 2026
evarisk	evarisk	93	Evarisk <= 5.1.5.4 - Arbitrary File Upload	LOW	*-5.1.5.4	5.1.5.5	June 28, 2026
annonces	annonces	97	Annonces <= 1.2.0.1 - Arbitrary File Upload	LOW	*-1.2.0.1	1.2.0.2	June 28, 2026
resume-submissions-job-postings	resume-submissions-job-postings	N/A	Resume Submissions & Job Postings < 2.5.2 - Arbitrary File Upload	LOW	[*, 2.5.2)	2.5.2	June 28, 2026
videowhisper-video-conference-integration	videowhisper-video-conference-integration	N/A	Webcam Video Conference < 4.51 - Arbitrary File Upload	LOW	[*, 4.51)	4.51	June 28, 2026
foxypress	foxypress	89	FoxyPress <= 0.4.2.1 - Arbitrary File Upload	LOW	[*, 0.4.2.2)	0.4.2.2	June 28, 2026
contus-video-galleryversion-10	contus-video-galleryversion-10	91	Contus Video Gallery <= 1.3 - Arbitrary File Upload	LOW	*-1.3		June 28, 2026
contus-hd-flv-player	contus-hd-flv-player	93	HD FLV Player <= 1.7 - Arbitrary File Upload	LOW	*-1.7	1.8	June 28, 2026
auctionplugin	auctionplugin	93	Woocommerce Wordpress Auctions <= 2.0.1.3 - Arbitrary File Upload	LOW	*-2.0.1.3	2.0.2	June 28, 2026
wp-gpx-maps	wp-gpx-maps	N/A	WP GPX Maps < 1.1.23 - Arbitrary File Upload	LOW	[*, 1.1.23)	1.1.23	June 28, 2026
topquark	topquark	N/A	Top Quark Architecture Plugin < 2.1.1 - Arbitrary File Upload	LOW	[*, 2.1.1)	2.1.1	June 28, 2026
thinkun-remind	thinkun-remind	N/A	Thinkun Remind <= 1.1.3 - Directory Traversal	LOW	*-1.1.3	1.1.4	June 28, 2026
rbxgallery	rbxgallery	N/A	RBX Gallery < 3.1 - Arbitrary File Upload	LOW	[*, 3.1)	3.1	June 28, 2026
picturesurf-gallery	picturesurf-gallery	N/A	Picturesurf Gallery <= 1.2 - Arbitrary File Upload	LOW	*-1.2		June 28, 2026
hungred-post-thumbnail	hungred-post-thumbnail	91	Hungred Post Thumbnail <= 2.1.9 - Arbitrary File Upload	LOW	*-2.1.9		June 28, 2026
omni-secure-files	omni-secure-files	N/A	Omni Secure Files <= 0.1.13 - Arbitrary File Upload	LOW	*-0.1.13	0.1.14	June 28, 2026
wassup	wassup	N/A	WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting	LOW	[*, 1.8.3.1)	1.8.3.1	June 28, 2026
mm-forms-community	mm-forms-community	N/A	MM Forms Community <= 2.2.6 - Arbitrary File Upload	LOW	*-2.2.6	2.2.7	June 28, 2026
mapsmarker	mapsmarker	N/A	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - SQL Injection	LOW	[*, 2.4)	2.4	June 28, 2026
mapsmarker	mapsmarker	N/A	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - Cross-Site Scripting	LOW	[*, 2.4)	2.4	June 28, 2026
fcchat	fcchat	93	FCChat Widget < 2.2.13.7 - Arbitrary File Upload	LOW	[*, 2.2.13.7)	2.2.13.7	June 28, 2026
wp-property	wp-property	N/A	WP Property <= 1.35.0 - Remote File Upload	LOW	*-1.35.0	1.35.1	June 28, 2026
wordpress-member-private-conversation	wordpress-member-private-conversation	N/A	Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload	LOW	[*, 1.4)	1.4	June 28, 2026
html5avmanager	html5avmanager	91	HTML5 AV Manager <= 0.2.7 - Arbitrary File Upload	LOW	*-0.2.7		June 28, 2026
wp-homepage-slideshow	wp-homepage-slideshow	N/A	Homepage SlideShow Plugin < 2.2 - Arbitrary File Upload	LOW	[*, 2.2)	2.2	June 28, 2026
wp-3dflick-slideshow	wp-3dflick-slideshow	N/A	3D Flick Slideshow < 2.2 - Arbitrary File Upload	LOW	*-2.1	2.2	June 28, 2026
smart-slide-show	smart-slide-show	N/A	Smart Slideshow <= 2.4 - Arbitrary File Upload	LOW	*-2.4		June 28, 2026
limit-login-attempts	limit-login-attempts	93	Limit Login Attempts <= 1.7.0 - Brute Force Bypass	LOW	*-1.7.0	1.7.1	June 28, 2026
plugin-newsletter	plugin-newsletter	N/A	Plugin: Newsletter <= 1.5 - Arbitrary File Read	LOW	*-1.5		June 28, 2026
formbuilder	formbuilder	91	FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting	LOW	*-0.90	0.91	June 28, 2026
asset-manager	asset-manager	95	Asset Manager <= 0.3 - Arbitrary File Upload	LOW	*-0.3		June 28, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager < 5.1.7 - Cross-Site Scripting	LOW	[*, 5.1.7)	5.1.7	June 28, 2026
share-and-follow	share-and-follow	N/A	Share and Follow <= 1.80.3 - Cross-Site Scripting	LOW	*-1.80.3	1.80.4	June 28, 2026
login-with-ajax	login-with-ajax	93	Login With Ajax <= 3.0.4 - Cross-Site Scripting	LOW	*-3.0.4	3.0.4.1	June 28, 2026
wp-survey-and-quiz-tool	wp-survey-and-quiz-tool	N/A	Survey And Quiz Tool <= 2.9.2 - Unauthenticated Cross-Site Scripting	LOW	*-2.9.2	2.9.3	June 28, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative	wp-statistics	90	WP Statistics <= 2.2.4 - Cross-Site Scripting	LOW	*-2.2.4	2.2.5	June 28, 2026
track-that-stat	track-that-stat	N/A	Track That Stat < 1.1.0 - Cross-Site Scripting	LOW	*-1.0.8	1.1.0	June 28, 2026
soundcloud-is-gold	soundcloud-is-gold	N/A	Soundcloud Is Gold <= 2.2 - Cross-Site Scripting	LOW	*-2.2	2.2.1	June 28, 2026
sharebar	sharebar	N/A	Sharebar <= 1.2.1 - SQL Injection	LOW	[*, 1.2.2)	1.2.2	June 28, 2026
sharebar	sharebar	N/A	Sharebar <= 1.2.1 - Cross-Site Scripting	LOW	*-1.2.1	1.2.2	June 28, 2026
sabre	sabre	N/A	Sabre < 1.2.2 - Cross-Site Scripting	LOW	[*, 1.2.2)	1.2.2	June 28, 2026
newsletter-manager	newsletter-manager	N/A	Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php	LOW	[*, 1.0.2)	1.0.2	June 28, 2026
newsletter-manager	newsletter-manager	N/A	Newsletter Manager < 1.0.2 - Cross-Site Scripting	LOW	[*, 1.0.2)	1.0.2	June 28, 2026
network-publisher	network-publisher	N/A	Network Publisher <= 5.0.1 - Cross-Site Scripting	LOW	*-5.0.1	5.1	June 28, 2026
mingle-forum	mingle-forum	N/A	Mingle Forum <= 1.0.33 - Cross-Site Scripting	LOW	*-1.0.33	1.0.33.2	June 28, 2026
leaguemanager	leaguemanager	93	LeagueManager <= 3.7 - Multiple Cross-Site Scripting	LOW	*-3.7	3.8	June 28, 2026
leaflet-maps-marker	leaflet-maps-marker	93	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting	LOW	*-2.3	2.3.1	June 28, 2026
joliprint	joliprint	93	PDF & Print Button Joliprint <= 1.3.0 - Cross-Site Scripting	LOW	*-1.3.0	1.3.1	June 28, 2026
gd-star-rating	gd-star-rating	87	GD Star Rating < 1.9.17 - Cross-Site Scripting	LOW	[*, 1.9.17)	1.9.17	June 28, 2026
forum-server	forum-server	89	WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.7.3	1.7.4	June 28, 2026
forum-server	forum-server	89	WP Forum Server < 1.7.5 - Cross-Site Scripting	LOW	[*, 1.7.5)	1.7.5	June 28, 2026
forum-server	forum-server	89	WP Forum Server < 1.7.4 - SQL Injection	LOW	[*, 1.7.4)	1.7.4	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 1.72 - Reflected Cross-Site Scripting	LOW	*-1.72	1.73	June 28, 2026
ezpz-one-click-backup	ezpz-one-click-backup	89	EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting	LOW	*-12.03.10		June 28, 2026
dynamic-widgets	dynamic-widgets	93	Dynamic Widgets <= 1.5.1 - Cross Site Scripting	LOW	*-1.5.1	1.5.2	June 28, 2026
media-file-manager-advanced	media-file-manager-advanced	N/A	Media File Manager Advanced <= 1.1.5 - Improper Access Control	LOW	*-1.1.5		June 28, 2026
wp-facethumb	wp-facethumb	N/A	WP-FaceThumb < 0.2 - Cross-Site Scripting	LOW	*-0.1	0.2	June 28, 2026
custom-contact-forms	custom-contact-forms	93	Custom Contact Forms Plugin <= 5.1.0.2 - Reflected Cross-Site Scripting	LOW	[*, 5.1.0.3)	5.1.0.3	June 28, 2026
catablog	catablog	89	CataBlog < 1.6.3 - Reflected Cross-Site Scripting	LOW	[*, 1.6.3)	1.6.3	June 28, 2026
BulletProof Security	bulletproof-security	68	BulletProof Security < .47.1 - Reflected Cross-Site Scripting	LOW	[*, .47.1)	.47.1	June 28, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	iThemes Security < 3.2.5 - Cross-Site Scripting	LOW	[*, 3.2.5)	3.2.5	June 28, 2026
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	better-wp-security	92	Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting	LOW	*-3.2.4	3.2.5	June 28, 2026
bad-behavior	bad-behavior	93	Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting	LOW	[*, 2.0.47), [2.2.0, 2.2.5)	2.0.47	June 28, 2026
2-click-socialmedia-buttons	2-click-socialmedia-buttons	97	2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting	LOW	*-0.33	0.34	June 28, 2026
2-click-socialmedia-buttons	2-click-socialmedia-buttons	97	2 Click Social Media Buttons < 0.34 - Cross-Site Scripting	LOW	[*, 0.34)	0.34	June 28, 2026
user-photo	user-photo	N/A	User Photo <= 0.9.5 - Cross-Site Scripting	LOW	*-0.9.5	0.9.5.2	June 28, 2026
login-with-ajax	login-with-ajax	93	Login With Ajax < 3.0.4.1 - Cross-Site Scripting	LOW	[*, 3.0.4.1)	3.0.5	June 28, 2026
Redirection	redirection	71	Redirection < 2.2.12 - Reflected Cross-Site Scripting	LOW	[*, 2.2.12)	2.2.12	June 28, 2026
wpsc-mijnpress	wpsc-mijnpress	N/A	WPsc MijnPress <= 0.0.1 - Cross-Site Scripting	LOW	*-0.0.1		June 28, 2026
zingiri-web-shop	zingiri-web-shop	N/A	Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting	LOW	[*, 2.4.2)	2.4.2	June 28, 2026
shareyourcart	shareyourcart	N/A	ShareYourCart < 1.7.1 - Sensitive Information Disclosure	LOW	[*, 1.7.1)	1.7.1	June 28, 2026
organizer	organizer	N/A	Organizer <= 1.2.1 - Multiple Cross-Site Scripting	LOW	*-1.2.1		June 28, 2026
zingiri-web-shop	zingiri-web-shop	N/A	Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities	LOW	[*, 2.4.0)	2.4.0	June 28, 2026
zingiri-tickets	zingiri-tickets	N/A	Zingiri Tickets <= 3.0.3 - Sensitive Information Disclosure	LOW	*-3.0.3		June 28, 2026
organizer	organizer	N/A	Organizer <= 1.2.1 - Path Disclosure	LOW	*-1.2.1		June 28, 2026
all-in-one-event-calendar	all-in-one-event-calendar	97	Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting	LOW	[*, 1.6)	1.6	June 28, 2026

LOW

monsters-editor-10-for-wp-super-edit

Score: N/A Monsters Editor for WP Super Edit <= 1.1 - Arbitrary File Upload Affected: *-1.1 Patched: Updated: June 28, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 iThemes Security < 3.4.4 - Cross-Site Scripting Affected: [*, 3.4.4) Patched: 3.4.4 Updated: June 28, 2026

LOW

quick-post-widget

Score: N/A Quick Post Widget <= 1.9.1 - Multiple Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: June 28, 2026

LOW

wp-simplemail

Score: N/A WP SimpleMail <= 1.0.6 - Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 28, 2026

LOW

threewp-email-reflector

Score: N/A ThreeWP Email Reflector < 1.16 - Cross-Site Scripting Affected: [*, 1.16) Patched: 1.16 Updated: June 28, 2026

LOW

postie

Score: N/A Postie < 1.4.10 - Cross-Site Scripting Affected: *-1.4.9 Patched: 1.4.10 Updated: June 28, 2026

LOW

mini-mail-dashboard-widget

Score: N/A Mini Mail Dashboard Widget < 1.43 - Cross-Site Scripting Affected: [*, 1.43) Patched: 1.43 Updated: June 28, 2026

LOW

vitamin

Score: N/A Vitamin < 1.1.0 - Directory Traversal Affected: [*, 1.1.0) Patched: 1.1.0 Updated: June 28, 2026

LOW

kau-boys-backend-localization

Score: 91/100 Backend Localization <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: 2.0.1 Updated: June 28, 2026

LOW

kau-boys-backend-localization

Score: 91/100 Backend Localization <= 1.9 - Reflected Cross-Site Scripting Affected: 1.6.1 Patched: 2.0 Updated: June 28, 2026

LOW

twitter-plugin

Score: N/A BestWebSoft's Twitter <= 2.14 - Cross-Site Request Forgery Affected: *-2.14 Patched: 2.15 Updated: June 28, 2026

LOW

portfolio-by-lisa-westlund

Score: N/A Portfolio Plugin <= 2.04 - Cross-Site Request Forgery Affected: *-2.04 Patched: 2.05 Updated: June 28, 2026

LOW

count-per-day

Score: 93/100 Count per Day Plugin < 3.2.3 - Cross-Site Scripting Affected: [*, 3.2.3) Patched: 3.2.3 Updated: June 28, 2026

LOW

wppageflip

Score: N/A A Page Flip Book < 3.0 - Directory Traversal Affected: [*, 3.0) Patched: 3.0 Updated: June 28, 2026

LOW

wp-cleanfix

Score: N/A WP Cleanfix <= 3.0.1 - Cross-Site Request Forgery Affected: *-3.0.1 Patched: 3.0.2 Updated: June 28, 2026

LOW

job-manager

Score: 89/100 Job Manager <= 0.7.18 - Cross-Site Scripting Affected: *-0.7.18 Patched: 0.7.19 Updated: June 28, 2026

LOW

radykal-fancy-gallery

Score: N/A Radykal Fancy Gallery <= 1.2.4 - Arbitrary File Upload Affected: *-1.2.4 Patched: Updated: June 28, 2026

LOW

ajax_multi_upload

Score: 97/100 AJAX Multi Upload <= 1.1 - Arbitrary File Upload Affected: *-1.1 Patched: 2.0 Updated: June 28, 2026

LOW

flipbook

Score: 91/100 FlipBook <= 1.0 - Arbitrary File Upload Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

wp-imagezoom

Score: N/A Wp-ImageZoom < 1.0.5 - Directory Traversal Affected: [*, 1.0.5) Patched: 1.0.5 Updated: June 28, 2026

LOW

quick-chat

Score: N/A Quick Chat < 4.00 - SQL Injection Affected: [*, 4.00) Patched: 4.00 Updated: June 28, 2026

LOW

lim4wp

Score: 91/100 lim4wp <= 1.1.1 - Arbitrary File Upload Affected: *-1.1.1 Patched: Updated: June 28, 2026

LOW

lb-mixed-slideshow

Score: 91/100 LB Mixed Slideshow for WordPress <= 1.0 - Arbitrary File Upload Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 NextGen Gallery <= 1.9.7 - Cross-Site Scripting Affected: *-1.9.7 Patched: 1.9.8 Updated: June 28, 2026

LOW

invit0r

Score: 91/100 Invit0r <= 0.22 - Arbitrary File Upload Affected: *-0.22 Patched: Updated: June 28, 2026

LOW

evarisk

Score: 93/100 Evarisk <= 5.1.5.4 - Arbitrary File Upload Affected: *-5.1.5.4 Patched: 5.1.5.5 Updated: June 28, 2026

LOW

annonces

Score: 97/100 Annonces <= 1.2.0.1 - Arbitrary File Upload Affected: *-1.2.0.1 Patched: 1.2.0.2 Updated: June 28, 2026

LOW

resume-submissions-job-postings

Score: N/A Resume Submissions & Job Postings < 2.5.2 - Arbitrary File Upload Affected: [*, 2.5.2) Patched: 2.5.2 Updated: June 28, 2026

LOW

videowhisper-video-conference-integration

Score: N/A Webcam Video Conference < 4.51 - Arbitrary File Upload Affected: [*, 4.51) Patched: 4.51 Updated: June 28, 2026

LOW

foxypress

Score: 89/100 FoxyPress <= 0.4.2.1 - Arbitrary File Upload Affected: [*, 0.4.2.2) Patched: 0.4.2.2 Updated: June 28, 2026

LOW

contus-video-galleryversion-10

Score: 91/100 Contus Video Gallery <= 1.3 - Arbitrary File Upload Affected: *-1.3 Patched: Updated: June 28, 2026

LOW

contus-hd-flv-player

Score: 93/100 HD FLV Player <= 1.7 - Arbitrary File Upload Affected: *-1.7 Patched: 1.8 Updated: June 28, 2026

LOW

auctionplugin

Score: 93/100 Woocommerce Wordpress Auctions <= 2.0.1.3 - Arbitrary File Upload Affected: *-2.0.1.3 Patched: 2.0.2 Updated: June 28, 2026

LOW

wp-gpx-maps

Score: N/A WP GPX Maps < 1.1.23 - Arbitrary File Upload Affected: [*, 1.1.23) Patched: 1.1.23 Updated: June 28, 2026

LOW

topquark

Score: N/A Top Quark Architecture Plugin < 2.1.1 - Arbitrary File Upload Affected: [*, 2.1.1) Patched: 2.1.1 Updated: June 28, 2026

LOW

thinkun-remind

Score: N/A Thinkun Remind <= 1.1.3 - Directory Traversal Affected: *-1.1.3 Patched: 1.1.4 Updated: June 28, 2026

LOW

rbxgallery

Score: N/A RBX Gallery < 3.1 - Arbitrary File Upload Affected: [*, 3.1) Patched: 3.1 Updated: June 28, 2026

LOW

picturesurf-gallery

Score: N/A Picturesurf Gallery <= 1.2 - Arbitrary File Upload Affected: *-1.2 Patched: Updated: June 28, 2026

LOW

hungred-post-thumbnail

Score: 91/100 Hungred Post Thumbnail <= 2.1.9 - Arbitrary File Upload Affected: *-2.1.9 Patched: Updated: June 28, 2026

LOW

omni-secure-files

Score: N/A Omni Secure Files <= 0.1.13 - Arbitrary File Upload Affected: *-0.1.13 Patched: 0.1.14 Updated: June 28, 2026

LOW

wassup

Score: N/A WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting Affected: [*, 1.8.3.1) Patched: 1.8.3.1 Updated: June 28, 2026

LOW

mm-forms-community

Score: N/A MM Forms Community <= 2.2.6 - Arbitrary File Upload Affected: *-2.2.6 Patched: 2.2.7 Updated: June 28, 2026

LOW

mapsmarker

Score: N/A Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - SQL Injection Affected: [*, 2.4) Patched: 2.4 Updated: June 28, 2026

LOW

mapsmarker

Score: N/A Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - Cross-Site Scripting Affected: [*, 2.4) Patched: 2.4 Updated: June 28, 2026

LOW

fcchat

Score: 93/100 FCChat Widget < 2.2.13.7 - Arbitrary File Upload Affected: [*, 2.2.13.7) Patched: 2.2.13.7 Updated: June 28, 2026

LOW

wp-property

Score: N/A WP Property <= 1.35.0 - Remote File Upload Affected: *-1.35.0 Patched: 1.35.1 Updated: June 28, 2026

LOW

wordpress-member-private-conversation

Score: N/A Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload Affected: [*, 1.4) Patched: 1.4 Updated: June 28, 2026

LOW

html5avmanager

Score: 91/100 HTML5 AV Manager <= 0.2.7 - Arbitrary File Upload Affected: *-0.2.7 Patched: Updated: June 28, 2026

LOW

wp-homepage-slideshow

Score: N/A Homepage SlideShow Plugin < 2.2 - Arbitrary File Upload Affected: [*, 2.2) Patched: 2.2 Updated: June 28, 2026

LOW

wp-3dflick-slideshow

Score: N/A 3D Flick Slideshow < 2.2 - Arbitrary File Upload Affected: *-2.1 Patched: 2.2 Updated: June 28, 2026

LOW

smart-slide-show

Score: N/A Smart Slideshow <= 2.4 - Arbitrary File Upload Affected: *-2.4 Patched: Updated: June 28, 2026

LOW

limit-login-attempts

Score: 93/100 Limit Login Attempts <= 1.7.0 - Brute Force Bypass Affected: *-1.7.0 Patched: 1.7.1 Updated: June 28, 2026

LOW

plugin-newsletter

Score: N/A Plugin: Newsletter <= 1.5 - Arbitrary File Read Affected: *-1.5 Patched: Updated: June 28, 2026

LOW

formbuilder

Score: 91/100 FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.90 Patched: 0.91 Updated: June 28, 2026

LOW

asset-manager

Score: 95/100 Asset Manager <= 0.3 - Arbitrary File Upload Affected: *-0.3 Patched: Updated: June 28, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager < 5.1.7 - Cross-Site Scripting Affected: [*, 5.1.7) Patched: 5.1.7 Updated: June 28, 2026

LOW

share-and-follow

Score: N/A Share and Follow <= 1.80.3 - Cross-Site Scripting Affected: *-1.80.3 Patched: 1.80.4 Updated: June 28, 2026

LOW

login-with-ajax

Score: 93/100 Login With Ajax <= 3.0.4 - Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.4.1 Updated: June 28, 2026

LOW

wp-survey-and-quiz-tool

Score: N/A Survey And Quiz Tool <= 2.9.2 - Unauthenticated Cross-Site Scripting Affected: *-2.9.2 Patched: 2.9.3 Updated: June 28, 2026

LOW

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Score: 90/100 WP Statistics <= 2.2.4 - Cross-Site Scripting Affected: *-2.2.4 Patched: 2.2.5 Updated: June 28, 2026

LOW

track-that-stat

Score: N/A Track That Stat < 1.1.0 - Cross-Site Scripting Affected: *-1.0.8 Patched: 1.1.0 Updated: June 28, 2026

LOW

soundcloud-is-gold

Score: N/A Soundcloud Is Gold <= 2.2 - Cross-Site Scripting Affected: *-2.2 Patched: 2.2.1 Updated: June 28, 2026

LOW

sharebar

Score: N/A Sharebar <= 1.2.1 - SQL Injection Affected: [*, 1.2.2) Patched: 1.2.2 Updated: June 28, 2026

LOW

sharebar

Score: N/A Sharebar <= 1.2.1 - Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 28, 2026

LOW

sabre

Score: N/A Sabre < 1.2.2 - Cross-Site Scripting Affected: [*, 1.2.2) Patched: 1.2.2 Updated: June 28, 2026

LOW

newsletter-manager

Score: N/A Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 28, 2026

LOW

newsletter-manager

Score: N/A Newsletter Manager < 1.0.2 - Cross-Site Scripting Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 28, 2026

LOW

network-publisher

Score: N/A Network Publisher <= 5.0.1 - Cross-Site Scripting Affected: *-5.0.1 Patched: 5.1 Updated: June 28, 2026

LOW

mingle-forum

Score: N/A Mingle Forum <= 1.0.33 - Cross-Site Scripting Affected: *-1.0.33 Patched: 1.0.33.2 Updated: June 28, 2026

LOW

leaguemanager

Score: 93/100 LeagueManager <= 3.7 - Multiple Cross-Site Scripting Affected: *-3.7 Patched: 3.8 Updated: June 28, 2026

LOW

leaflet-maps-marker

Score: 93/100 Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting Affected: *-2.3 Patched: 2.3.1 Updated: June 28, 2026

LOW

joliprint

Score: 93/100 PDF & Print Button Joliprint <= 1.3.0 - Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 28, 2026

LOW

gd-star-rating

Score: 87/100 GD Star Rating < 1.9.17 - Cross-Site Scripting Affected: [*, 1.9.17) Patched: 1.9.17 Updated: June 28, 2026

LOW

forum-server

Score: 89/100 WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: June 28, 2026

LOW

forum-server

Score: 89/100 WP Forum Server < 1.7.5 - Cross-Site Scripting Affected: [*, 1.7.5) Patched: 1.7.5 Updated: June 28, 2026

LOW

forum-server

Score: 89/100 WP Forum Server < 1.7.4 - SQL Injection Affected: [*, 1.7.4) Patched: 1.7.4 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 1.72 - Reflected Cross-Site Scripting Affected: *-1.72 Patched: 1.73 Updated: June 28, 2026

LOW

ezpz-one-click-backup

Score: 89/100 EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting Affected: *-12.03.10 Patched: Updated: June 28, 2026

LOW

dynamic-widgets

Score: 93/100 Dynamic Widgets <= 1.5.1 - Cross Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: June 28, 2026

LOW

media-file-manager-advanced

Score: N/A Media File Manager Advanced <= 1.1.5 - Improper Access Control Affected: *-1.1.5 Patched: Updated: June 28, 2026

LOW

wp-facethumb

Score: N/A WP-FaceThumb < 0.2 - Cross-Site Scripting Affected: *-0.1 Patched: 0.2 Updated: June 28, 2026

LOW

custom-contact-forms

Score: 93/100 Custom Contact Forms Plugin <= 5.1.0.2 - Reflected Cross-Site Scripting Affected: [*, 5.1.0.3) Patched: 5.1.0.3 Updated: June 28, 2026

LOW

catablog

Score: 89/100 CataBlog < 1.6.3 - Reflected Cross-Site Scripting Affected: [*, 1.6.3) Patched: 1.6.3 Updated: June 28, 2026

LOW

BulletProof Security

bulletproof-security

Score: 68/100 BulletProof Security < .47.1 - Reflected Cross-Site Scripting Affected: [*, .47.1) Patched: .47.1 Updated: June 28, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 iThemes Security < 3.2.5 - Cross-Site Scripting Affected: [*, 3.2.5) Patched: 3.2.5 Updated: June 28, 2026

LOW

Kadence Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Score: 92/100 Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting Affected: *-3.2.4 Patched: 3.2.5 Updated: June 28, 2026

LOW

bad-behavior

Score: 93/100 Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting Affected: [*, 2.0.47), [2.2.0, 2.2.5) Patched: 2.0.47 Updated: June 28, 2026

LOW

2-click-socialmedia-buttons

Score: 97/100 2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting Affected: *-0.33 Patched: 0.34 Updated: June 28, 2026

LOW

2-click-socialmedia-buttons

Score: 97/100 2 Click Social Media Buttons < 0.34 - Cross-Site Scripting Affected: [*, 0.34) Patched: 0.34 Updated: June 28, 2026

LOW

user-photo

Score: N/A User Photo <= 0.9.5 - Cross-Site Scripting Affected: *-0.9.5 Patched: 0.9.5.2 Updated: June 28, 2026

LOW

login-with-ajax

Score: 93/100 Login With Ajax < 3.0.4.1 - Cross-Site Scripting Affected: [*, 3.0.4.1) Patched: 3.0.5 Updated: June 28, 2026

LOW

Redirection

redirection

Score: 71/100 Redirection < 2.2.12 - Reflected Cross-Site Scripting Affected: [*, 2.2.12) Patched: 2.2.12 Updated: June 28, 2026

LOW

wpsc-mijnpress

Score: N/A WPsc MijnPress <= 0.0.1 - Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: June 28, 2026

LOW

zingiri-web-shop

Score: N/A Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting Affected: [*, 2.4.2) Patched: 2.4.2 Updated: June 28, 2026

LOW

shareyourcart

Score: N/A ShareYourCart < 1.7.1 - Sensitive Information Disclosure Affected: [*, 1.7.1) Patched: 1.7.1 Updated: June 28, 2026

LOW

organizer

Score: N/A Organizer <= 1.2.1 - Multiple Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 28, 2026

LOW

zingiri-web-shop

Score: N/A Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities Affected: [*, 2.4.0) Patched: 2.4.0 Updated: June 28, 2026

LOW

zingiri-tickets

Score: N/A Zingiri Tickets <= 3.0.3 - Sensitive Information Disclosure Affected: *-3.0.3 Patched: Updated: June 28, 2026

LOW

organizer

Score: N/A Organizer <= 1.2.1 - Path Disclosure Affected: *-1.2.1 Patched: Updated: June 28, 2026

LOW

all-in-one-event-calendar

Score: 97/100 Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting Affected: [*, 1.6) Patched: 1.6 Updated: June 28, 2026

Showing 35901 to 36000 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 28, 2026 at 19:36 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List