Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wpmarketplace	wpmarketplace	N/A	WP Marketplace – Complete Shopping Cart / eCommerce Solution <= 1.2.1 - Arbitrary File Upload	LOW	[*, 1.2.2)	1.2.2	June 28, 2026
front-end-editor	front-end-editor	93	Front-end Editor < 2.3 - Arbitrary File Upload	LOW	[*, 2.3)	2.3	June 28, 2026
uploadify-integration	uploadify-integration	N/A	Uploadify Integration <= 0.9.7 - Reflected Cross-Site Scripting	LOW	*-0.9.7		June 28, 2026
taggator	taggator	N/A	TagGator Plugin < 1.33 - SQL Injection	LOW	[*, 1.33)	1.33	June 28, 2026
another-wordpress-classifieds-plugin	another-wordpress-classifieds-plugin	97	WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload	LOW	[*, 2.0)	2.0	June 28, 2026
wp-integrator	wp-integrator	N/A	WordPress Integrator <= 1.32 - Cross-Site Scripting	LOW	*-1.32		June 28, 2026
deans-fckeditor-with-pwwangs-code-plugin-for-wordpress	deans-fckeditor-with-pwwangs-code-plugin-for-wordpress	91	Dean's FCKEditor <= 1.0.0 - Arbitrary File Upload	LOW	*-1.0.0		June 28, 2026
register-plus-redux	register-plus-redux	N/A	Register Plus Redux <= 4.3 - Cross-Site Scripting	LOW	*-4.3		June 28, 2026
buddypress	buddypress	93	BuddyPress - 1.5-1.5.4 - SQL Injection	LOW	1.5-1.5.4	1.5.5	June 28, 2026
cms-tree-page-view	cms-tree-page-view	93	CMS Tree Page View < 0.8.9 - Cross-Site Scripting	LOW	[*, 0.8.9)	0.8.9	June 28, 2026
mapplic-lite	mapplic-lite	N/A	Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting	LOW	[*, 1.0.1)	1.0.1	June 28, 2026
mapplic	mapplic	N/A	Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting	LOW	[*, 6.2)	6.2	June 28, 2026
iframe-admin-pages	iframe-admin-pages	91	IFrame Admin Pages <= 0.1 - Reflected Cross-Site Scripting	LOW	*-0.1		June 28, 2026
kish-guest-posting	kish-guest-posting	91	Kish Guest Posting <= 1.2 - Unauthenticated Arbitrary File Upload	LOW	*-1.2		June 28, 2026
wpstorecart	wpstorecart	N/A	IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload	LOW	*-2.5.29	2.5.30	June 28, 2026
video-embed-thumbnail-generator	video-embed-thumbnail-generator	N/A	Videopack (formerly Video Embed & Thumbnail Generator) < 2.0 - Remote Code Execution	LOW	[*, 2.0)	2.0	June 28, 2026
video-embed-thumbnail-generator	video-embed-thumbnail-generator	N/A	Videopack (formerly Video Embed & Thumbnail Generator) <= 1.1 - Full Path Disclosure	LOW	*-1.1	2.0	June 28, 2026
s2member	s2member	N/A	s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting	LOW	[*, 111220)	111220	June 28, 2026
404like	404like	97	404like <= 1.0 - SQL Injection	LOW	*-1.0	1.0.2	June 28, 2026
front-end-upload	front-end-upload	93	Front End Upload < 0.5.4 - Arbitrary File Upload	LOW	*-0.5.3	0.5.4	June 28, 2026
slideshow-gallery-2	slideshow-gallery-2	N/A	Slideshow Gallery <= 1.1.4 - Cross-Site Scripting	LOW	*-1.1.4		June 28, 2026
theme-tuner	theme-tuner	N/A	Theme Tuner < 0.8 - Remote File Inclusion	LOW	[*, 0.8)	0.8	June 28, 2026
kish-guest-posting	kish-guest-posting	91	Kish Guest Posting <= 1.1 - Arbitrary File Upload	LOW	[*, 1.2)	1.2	June 28, 2026
allwebmenus-wordpress-menu-plugin	allwebmenus-wordpress-menu-plugin	97	AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload	LOW	*-1.1.8	1.1.9	June 28, 2026
allwebmenus-wordpress-menu-plugin	allwebmenus-wordpress-menu-plugin	97	AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload	LOW	[*, 1.1.9)	1.1.9	June 28, 2026
shortcode-redirect	shortcode-redirect	N/A	Shortcode Redirect <= 1.0.01 - Cross-Site Scripting	LOW	*-1.0.01	1.0.02	June 28, 2026
my-calendar	my-calendar	N/A	My Calendar < 1.10.5 - Cross-Site Scripting	LOW	[*, 1.10.5)	1.10.5	June 28, 2026
myeasybackup	myeasybackup	N/A	myEASYbackup < 1.0.9 - Directory Traversal	LOW	[*, 1.0.9)	1.0.9	June 28, 2026
count-per-day	count-per-day	93	Count per Day <= 3.1 - Arbitrary File Download	LOW	*-3.1	3.1.1	June 28, 2026
age-verification	age-verification	97	Age Verification <= 0.4 - Open Redirect	LOW	*-0.4	0.5	June 28, 2026
yousaytoo-auto-publishing-plugin	yousaytoo-auto-publishing-plugin	N/A	YouSayToo auto-publishing plugin <= 1.0 - Cross-Site Scripting	LOW	*-1.0		June 28, 2026
pretty-link-lite	pretty-link-lite	N/A	Pretty Link Lite < 1.5.6 - Cross-Site Scripting	LOW	[*, 1.5.6)	1.5.6	June 28, 2026
pay-with-tweet	pay-with-tweet	N/A	Pay With Tweet <= 1.1 - Authenticated SQL Injection	LOW	*-1.1	1.2	June 28, 2026
pay-with-tweet	pay-with-tweet	N/A	Pay With Tweet <= 1.1 - Cross-Site Scripting	LOW	*-1.1	1.2	June 28, 2026
blaze-slide-show-for-wordpress	blaze-slide-show-for-wordpress	91	Blaze Slideshow <= 2.4 - Arbitrary File Upload	LOW	*-2.4	2.6	June 28, 2026
wp-livephp	wp-livephp	N/A	WP Live.php <= 1.2.1 - Cross-Site Scripting	LOW	*-1.2.1	1.3	June 28, 2026
thecartpress	thecartpress	N/A	TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting	LOW	*-1.1.5	1.1.6	June 28, 2026
connections	connections	91	Connections Business Directory < 0.7.1.6 - Authorization Bypass	LOW	*-0.7.1.5	0.7.1.6	June 28, 2026
wp-symposium	wp-symposium	N/A	WP Symposium < 11.12.24 - Arbitrary File Upload	LOW	[*, 11.12.24)	11.12.24	June 28, 2026
wordpress-sentinel	wordpress-sentinel	N/A	WordPress Sentinel <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0	1.0.1	June 28, 2026
absolute-privacy	absolute-privacy	95	Absolute Privacy <= 2.0.5 - Authentication Bypass	LOW	*-2.0.5	2.0.6	June 28, 2026
wordpress-sentinel	wordpress-sentinel	N/A	WordPress Sentinel <= 1.0.0 - Cross-Site Scripting	LOW	*-1.0.0	1.0.1	June 28, 2026
wordpress-sentinel	wordpress-sentinel	N/A	WordPress Sentinel < 1.0.1 - SQL Injection	LOW	*-1.0.0	1.0.1	June 28, 2026
pretty-link-lite	pretty-link-lite	N/A	Pretty Link Lite < 1.5.4 - Cross-Site Scripting	LOW	[*, 1.5.4)	1.5.4	June 28, 2026
disqus-comment-system	disqus-comment-system	93	Disqus Comment System < 2.68 - Reflected Cross-Site Scripting	LOW	[*, 2.68)	2.68	June 28, 2026
lazyest-backup	lazyest-backup	93	Lazyest Backup < 0.2.2 - Reflected Cross-Site Scripting	LOW	[*, 0.2.2)	0.2.2	June 28, 2026
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin	pretty-link	N/A	Pretty Links – Link Management, Branding, Tracking & Sharing Plugin < 1.5.6 - Reflected Cross-Site Scripting	LOW	[*, 1.5.6)	1.5.6	June 28, 2026
flash-album-gallery	flash-album-gallery	91	Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 1.57 - Cross-Site Scripting	LOW	[*, 1.57)	1.57	June 28, 2026
1-jquery-photo-gallery-slideshow-flash	1-jquery-photo-gallery-slideshow-flash	95	ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting	LOW	*-1.11		June 28, 2026
skysa-official	skysa-official	N/A	Skysa App Bar Integration < 1.04 - Cross-Site Scripting	LOW	*-1.03	1.04	June 28, 2026
featurific-for-wordpress	featurific-for-wordpress	91	Featurific For WordPress <= 1.6.2 - Cross-Site Scripting	LOW	*-1.6.2		June 28, 2026
clickdesk-live-support-chat-plugin	clickdesk-live-support-chat-plugin	91	Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting	LOW	*-2.0	3.0	June 28, 2026
wp-e-commerce	wp-e-commerce	N/A	WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting	LOW	[*, 3.8.7.2)	3.8.7.2	June 28, 2026
alert-before-your-post	alert-before-your-post	95	Alert Before Your Post <= 0.1.1 - Cross-Site Scripting	LOW	*-0.1.1		June 28, 2026
wp-cumulus	wp-cumulus	N/A	WP-Cumulus <= 1.22 - Cross-Site Scripting via xmlpath	LOW	*-1.22	1.23	June 28, 2026
flexible-custom-post-type	flexible-custom-post-type	93	Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting	LOW	[*, 0.1.7)	0.1.7	June 28, 2026
g-web-shop	g-web-shop	93	Zingiri Web Shop <= 2.2.3 - Remote Code Execution	LOW	*-2.2.3	2.2.4	June 28, 2026
AdRotate Banner Manager	adrotate	74	AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection	LOW	[*, 3.6.8)	3.6.8	June 28, 2026
wptouch	wptouch	N/A	WPtouch <= 1.9.8 - SQL Injection	LOW	[*, 1.9.8.1)	1.9.8.1	June 28, 2026
user-access-manager	user-access-manager	N/A	User Access Manager < 1.2 - Cross-Site Request Forgery	LOW	[*, 1.2)	1.2	June 28, 2026
wordpress-users	wordpress-users	N/A	WordPress Users <= 1.3 - SQL Injection	LOW	*-1.3	1.4	June 28, 2026
wp-postratings	wp-postratings	N/A	WP-PostRatings <= 1.61 - SQL Injection	LOW	*-1.61	1.62	June 28, 2026
wp-recentcomments	wp-recentcomments	N/A	WP-RecentComments <= 2.0.6 - Cross-Site Scripting	LOW	[*, 2.0.7)	2.0.7	June 28, 2026
wp-recentcomments	wp-recentcomments	N/A	WP-RecentComments <= 2.0.7 - SQL Injection	LOW	*-2.0.7	2.1	June 28, 2026
relocate-upload	relocate-upload	N/A	Relocate Upload < 0.20 - Remote File Inclusion	LOW	[*, 0.20)	0.20	June 28, 2026
allwebmenus-wordpress-menu-plugin	allwebmenus-wordpress-menu-plugin	97	AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion	LOW	*-1.1.3	1.1.4	June 28, 2026
global-flash-galleries	global-flash-galleries	93	Global Flash Gallery <= 0.15.1 - Arbitrary File Upload	LOW	*-0.15.1	0.15.2	June 28, 2026
scormcloud	scormcloud	N/A	SCORM Cloud For WordPress < 1.0.7 - SQL Injection	LOW	[*, 1.0.7)	1.0.7	June 28, 2026
eventify	eventify	91	Eventify - Simple Events <= 1.7.f - SQL Injection via eventid	LOW	* - 1.7.f	1.7.g	June 28, 2026
search-autocomplete	search-autocomplete	N/A	Search Autocomplete < 1.0.9 - SQL Injection	LOW	[*, 1.0.9)	1.0.9	June 28, 2026
timthumb	timthumb	N/A	TimThumb <= 1.33 - Remote File Download	LOW	[*, 2.0)	2.0	June 28, 2026
simple-post-thumbnails	simple-post-thumbnails	N/A	TimThumb <= 1.33 - Remote File Download	LOW	*		June 28, 2026
category-list-portfolio-page	category-list-portfolio-page	91	TimThumb <= 1.33 - Remote File Download	LOW	*		June 28, 2026
fv-wordpress-flowplayer	fv-wordpress-flowplayer	93	FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting	LOW	*-1.2.11	1.2.12	June 28, 2026
social-slider	social-slider	N/A	Social Slider < 7.4.2 - SQL Injection	LOW	[*, 7.4.2)	7.4.2	June 28, 2026
eshop	eshop	89	eShop < 6.2.9 - Reflected Cross-Site Scripting	LOW	[*, 6.2.9)	6.2.9	June 28, 2026
addthis	addthis	97	WordPress Share Buttons Plugin – AddThis < 2.2.0 - Code Injection	LOW	[*, 2.2.0)	2.2.0	June 28, 2026
is-human	is-human	91	is-human <= 1.4.2 - Unauthenticated Remote Code Execution	LOW	*-1.4.2		June 28, 2026
sermon-browser	sermon-browser	N/A	Sermon Browser < 0.43.6 - Cross-Site Scripting	LOW	[*, 0.43.6)	0.43.6	June 28, 2026
sermon-browser	sermon-browser	N/A	Sermon Browser < 0.43.6 - SQL Injection	LOW	[*, 0.43.6)	0.43.6	June 28, 2026
socialgrid	socialgrid	N/A	SocialGrid <= 2.4 - Cross-Site Scripting	LOW	*-2.4		June 28, 2026
wp-custom-pages	wp-custom-pages	N/A	WP Custom Pages <= 0.5.0.1 - Path Traversal	LOW	*-0.5.0.1		June 28, 2026
BackWPup – WordPress Backup & Restore Plugin	backwpup	96	BackWPup <= 1.7.1 - Remote File Inclusion	LOW	*-1.7.1	1.7.2	June 28, 2026
wp-related-posts	wp-related-posts	N/A	WP Related Posts <= 1.0 - Cross-Site Request Forgery	LOW	[*, 1.1)	1.1	June 28, 2026
wp-recaptcha	wp-recaptcha	N/A	WP-reCAPTCHA <= 2.9.8.2 - Multiple Cross-Site Request Forgery	LOW	*-2.9.8.2	3.0	June 28, 2026
sodahead-polls	sodahead-polls	N/A	SodaHead Polls < 2.0.4 - Multiple Cross-Site Scripting	LOW	[*, 2.0.4)	2.0.4	June 28, 2026
BackWPup – WordPress Backup & Restore Plugin	backwpup	96	BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal	LOW	[*, 1.4.1)	1.4.1	June 28, 2026
starbox-voting	starbox-voting	N/A	Starbox Voting <= 2.0.4 - Full Path Disclosure	LOW	*-2.0.4		June 28, 2026
photosmash-galleries	photosmash-galleries	N/A	Photosmash Plugin < 1.0.5 - Cross-Site Scripting	LOW	[*, 1.0.5)	1.0.5	June 28, 2026
gd-star-rating	gd-star-rating	87	GD Star Rating <= 1.9.22 - Cross-Site Scripting	LOW	*-1.9.22		June 28, 2026
forum-server	forum-server	89	WP Forum Server <= 1.6.5 - SQL Injection	LOW	*-1.6.5	1.6.6	June 28, 2026
uploadify	uploadify	N/A	Uploadify <= 1.0 - Arbitrary File Upload	LOW	*-1.0		June 28, 2026
user-photo	user-photo	N/A	User Photo <= 0.9.4 - Arbitrary File Upload	LOW	*-0.9.4	0.9.5	June 28, 2026
cdnvote	cdnvote	93	CDN Vote < 0.4.2 - SQL Injection	LOW	[*, 0.4.2)	0.4.2	June 28, 2026
rss-feed-reader	rss-feed-reader	N/A	RSS Feed Reader <= 0.1 - Cross-Site Scripting	LOW	*-0.1		June 28, 2026
statpresscn	statpresscn	N/A	StatPressCN <= 1.9.0 - Cross-Site Scripting	LOW	*-1.9.0	1.9.1	June 28, 2026
embedded-video-with-link	embedded-video-with-link	91	Embedded Video <= 4.1 - Cross-Site Scripting	LOW	*-4.1		June 28, 2026
cforms2	cforms2	93	CformsII <= 14.10.1 - CAPTCHA Bypass	LOW	*-14.10.1	14.11	June 28, 2026
wp-safe-search	wp-safe-search	N/A	WP Safe Search <= 0.7 - Cross-Site Scripting	LOW	*-0.7		June 28, 2026
wordpress-processing-embed	wordpress-processing-embed	N/A	WordPress Processing Embed <= 0.5.1 - Cross-Site Scripting	LOW	*-0.5.1		June 28, 2026

LOW

wpmarketplace

Score: N/A WP Marketplace – Complete Shopping Cart / eCommerce Solution <= 1.2.1 - Arbitrary File Upload Affected: [*, 1.2.2) Patched: 1.2.2 Updated: June 28, 2026

LOW

front-end-editor

Score: 93/100 Front-end Editor < 2.3 - Arbitrary File Upload Affected: [*, 2.3) Patched: 2.3 Updated: June 28, 2026

LOW

uploadify-integration

Score: N/A Uploadify Integration <= 0.9.7 - Reflected Cross-Site Scripting Affected: *-0.9.7 Patched: Updated: June 28, 2026

LOW

taggator

Score: N/A TagGator Plugin < 1.33 - SQL Injection Affected: [*, 1.33) Patched: 1.33 Updated: June 28, 2026

LOW

another-wordpress-classifieds-plugin

Score: 97/100 WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload Affected: [*, 2.0) Patched: 2.0 Updated: June 28, 2026

LOW

wp-integrator

Score: N/A WordPress Integrator <= 1.32 - Cross-Site Scripting Affected: *-1.32 Patched: Updated: June 28, 2026

LOW

deans-fckeditor-with-pwwangs-code-plugin-for-wordpress

Score: 91/100 Dean's FCKEditor <= 1.0.0 - Arbitrary File Upload Affected: *-1.0.0 Patched: Updated: June 28, 2026

LOW

register-plus-redux

Score: N/A Register Plus Redux <= 4.3 - Cross-Site Scripting Affected: *-4.3 Patched: Updated: June 28, 2026

LOW

buddypress

Score: 93/100 BuddyPress - 1.5-1.5.4 - SQL Injection Affected: 1.5-1.5.4 Patched: 1.5.5 Updated: June 28, 2026

LOW

cms-tree-page-view

Score: 93/100 CMS Tree Page View < 0.8.9 - Cross-Site Scripting Affected: [*, 0.8.9) Patched: 0.8.9 Updated: June 28, 2026

LOW

mapplic-lite

Score: N/A Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting Affected: [*, 1.0.1) Patched: 1.0.1 Updated: June 28, 2026

LOW

mapplic

Score: N/A Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting Affected: [*, 6.2) Patched: 6.2 Updated: June 28, 2026

LOW

iframe-admin-pages

Score: 91/100 IFrame Admin Pages <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 28, 2026

LOW

kish-guest-posting

Score: 91/100 Kish Guest Posting <= 1.2 - Unauthenticated Arbitrary File Upload Affected: *-1.2 Patched: Updated: June 28, 2026

LOW

wpstorecart

Score: N/A IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload Affected: *-2.5.29 Patched: 2.5.30 Updated: June 28, 2026

LOW

video-embed-thumbnail-generator

Score: N/A Videopack (formerly Video Embed & Thumbnail Generator) < 2.0 - Remote Code Execution Affected: [*, 2.0) Patched: 2.0 Updated: June 28, 2026

LOW

video-embed-thumbnail-generator

Score: N/A Videopack (formerly Video Embed & Thumbnail Generator) <= 1.1 - Full Path Disclosure Affected: *-1.1 Patched: 2.0 Updated: June 28, 2026

LOW

s2member

Score: N/A s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting Affected: [*, 111220) Patched: 111220 Updated: June 28, 2026

LOW

404like

Score: 97/100 404like <= 1.0 - SQL Injection Affected: *-1.0 Patched: 1.0.2 Updated: June 28, 2026

LOW

front-end-upload

Score: 93/100 Front End Upload < 0.5.4 - Arbitrary File Upload Affected: *-0.5.3 Patched: 0.5.4 Updated: June 28, 2026

LOW

slideshow-gallery-2

Score: N/A Slideshow Gallery <= 1.1.4 - Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: June 28, 2026

LOW

theme-tuner

Score: N/A Theme Tuner < 0.8 - Remote File Inclusion Affected: [*, 0.8) Patched: 0.8 Updated: June 28, 2026

LOW

kish-guest-posting

Score: 91/100 Kish Guest Posting <= 1.1 - Arbitrary File Upload Affected: [*, 1.2) Patched: 1.2 Updated: June 28, 2026

LOW

allwebmenus-wordpress-menu-plugin

Score: 97/100 AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload Affected: *-1.1.8 Patched: 1.1.9 Updated: June 28, 2026

LOW

allwebmenus-wordpress-menu-plugin

Score: 97/100 AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload Affected: [*, 1.1.9) Patched: 1.1.9 Updated: June 28, 2026

LOW

shortcode-redirect

Score: N/A Shortcode Redirect <= 1.0.01 - Cross-Site Scripting Affected: *-1.0.01 Patched: 1.0.02 Updated: June 28, 2026

LOW

my-calendar

Score: N/A My Calendar < 1.10.5 - Cross-Site Scripting Affected: [*, 1.10.5) Patched: 1.10.5 Updated: June 28, 2026

LOW

myeasybackup

Score: N/A myEASYbackup < 1.0.9 - Directory Traversal Affected: [*, 1.0.9) Patched: 1.0.9 Updated: June 28, 2026

LOW

count-per-day

Score: 93/100 Count per Day <= 3.1 - Arbitrary File Download Affected: *-3.1 Patched: 3.1.1 Updated: June 28, 2026

LOW

age-verification

Score: 97/100 Age Verification <= 0.4 - Open Redirect Affected: *-0.4 Patched: 0.5 Updated: June 28, 2026

LOW

yousaytoo-auto-publishing-plugin

Score: N/A YouSayToo auto-publishing plugin <= 1.0 - Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

pretty-link-lite

Score: N/A Pretty Link Lite < 1.5.6 - Cross-Site Scripting Affected: [*, 1.5.6) Patched: 1.5.6 Updated: June 28, 2026

LOW

pay-with-tweet

Score: N/A Pay With Tweet <= 1.1 - Authenticated SQL Injection Affected: *-1.1 Patched: 1.2 Updated: June 28, 2026

LOW

pay-with-tweet

Score: N/A Pay With Tweet <= 1.1 - Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: June 28, 2026

LOW

blaze-slide-show-for-wordpress

Score: 91/100 Blaze Slideshow <= 2.4 - Arbitrary File Upload Affected: *-2.4 Patched: 2.6 Updated: June 28, 2026

LOW

wp-livephp

Score: N/A WP Live.php <= 1.2.1 - Cross-Site Scripting Affected: *-1.2.1 Patched: 1.3 Updated: June 28, 2026

LOW

thecartpress

Score: N/A TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: June 28, 2026

LOW

connections

Score: 91/100 Connections Business Directory < 0.7.1.6 - Authorization Bypass Affected: *-0.7.1.5 Patched: 0.7.1.6 Updated: June 28, 2026

LOW

wp-symposium

Score: N/A WP Symposium < 11.12.24 - Arbitrary File Upload Affected: [*, 11.12.24) Patched: 11.12.24 Updated: June 28, 2026

LOW

wordpress-sentinel

Score: N/A WordPress Sentinel <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: 1.0.1 Updated: June 28, 2026

LOW

absolute-privacy

Score: 95/100 Absolute Privacy <= 2.0.5 - Authentication Bypass Affected: *-2.0.5 Patched: 2.0.6 Updated: June 28, 2026

LOW

wordpress-sentinel

Score: N/A WordPress Sentinel <= 1.0.0 - Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: June 28, 2026

LOW

wordpress-sentinel

Score: N/A WordPress Sentinel < 1.0.1 - SQL Injection Affected: *-1.0.0 Patched: 1.0.1 Updated: June 28, 2026

LOW

pretty-link-lite

Score: N/A Pretty Link Lite < 1.5.4 - Cross-Site Scripting Affected: [*, 1.5.4) Patched: 1.5.4 Updated: June 28, 2026

LOW

disqus-comment-system

Score: 93/100 Disqus Comment System < 2.68 - Reflected Cross-Site Scripting Affected: [*, 2.68) Patched: 2.68 Updated: June 28, 2026

LOW

lazyest-backup

Score: 93/100 Lazyest Backup < 0.2.2 - Reflected Cross-Site Scripting Affected: [*, 0.2.2) Patched: 0.2.2 Updated: June 28, 2026

LOW

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

Score: N/A Pretty Links – Link Management, Branding, Tracking & Sharing Plugin < 1.5.6 - Reflected Cross-Site Scripting Affected: [*, 1.5.6) Patched: 1.5.6 Updated: June 28, 2026

LOW

flash-album-gallery

Score: 91/100 Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 1.57 - Cross-Site Scripting Affected: [*, 1.57) Patched: 1.57 Updated: June 28, 2026

LOW

1-jquery-photo-gallery-slideshow-flash

Score: 95/100 ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting Affected: *-1.11 Patched: Updated: June 28, 2026

LOW

skysa-official

Score: N/A Skysa App Bar Integration < 1.04 - Cross-Site Scripting Affected: *-1.03 Patched: 1.04 Updated: June 28, 2026

LOW

featurific-for-wordpress

Score: 91/100 Featurific For WordPress <= 1.6.2 - Cross-Site Scripting Affected: *-1.6.2 Patched: Updated: June 28, 2026

LOW

clickdesk-live-support-chat-plugin

Score: 91/100 Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting Affected: *-2.0 Patched: 3.0 Updated: June 28, 2026

LOW

wp-e-commerce

Score: N/A WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting Affected: [*, 3.8.7.2) Patched: 3.8.7.2 Updated: June 28, 2026

LOW

alert-before-your-post

Score: 95/100 Alert Before Your Post <= 0.1.1 - Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 28, 2026

LOW

wp-cumulus

Score: N/A WP-Cumulus <= 1.22 - Cross-Site Scripting via xmlpath Affected: *-1.22 Patched: 1.23 Updated: June 28, 2026

LOW

flexible-custom-post-type

Score: 93/100 Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting Affected: [*, 0.1.7) Patched: 0.1.7 Updated: June 28, 2026

LOW

g-web-shop

Score: 93/100 Zingiri Web Shop <= 2.2.3 - Remote Code Execution Affected: *-2.2.3 Patched: 2.2.4 Updated: June 28, 2026

LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection Affected: [*, 3.6.8) Patched: 3.6.8 Updated: June 28, 2026

LOW

wptouch

Score: N/A WPtouch <= 1.9.8 - SQL Injection Affected: [*, 1.9.8.1) Patched: 1.9.8.1 Updated: June 28, 2026

LOW

user-access-manager

Score: N/A User Access Manager < 1.2 - Cross-Site Request Forgery Affected: [*, 1.2) Patched: 1.2 Updated: June 28, 2026

LOW

wordpress-users

Score: N/A WordPress Users <= 1.3 - SQL Injection Affected: *-1.3 Patched: 1.4 Updated: June 28, 2026

LOW

wp-postratings

Score: N/A WP-PostRatings <= 1.61 - SQL Injection Affected: *-1.61 Patched: 1.62 Updated: June 28, 2026

LOW

wp-recentcomments

Score: N/A WP-RecentComments <= 2.0.6 - Cross-Site Scripting Affected: [*, 2.0.7) Patched: 2.0.7 Updated: June 28, 2026

LOW

wp-recentcomments

Score: N/A WP-RecentComments <= 2.0.7 - SQL Injection Affected: *-2.0.7 Patched: 2.1 Updated: June 28, 2026

LOW

relocate-upload

Score: N/A Relocate Upload < 0.20 - Remote File Inclusion Affected: [*, 0.20) Patched: 0.20 Updated: June 28, 2026

LOW

allwebmenus-wordpress-menu-plugin

Score: 97/100 AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion Affected: *-1.1.3 Patched: 1.1.4 Updated: June 28, 2026

LOW

global-flash-galleries

Score: 93/100 Global Flash Gallery <= 0.15.1 - Arbitrary File Upload Affected: *-0.15.1 Patched: 0.15.2 Updated: June 28, 2026

LOW

scormcloud

Score: N/A SCORM Cloud For WordPress < 1.0.7 - SQL Injection Affected: [*, 1.0.7) Patched: 1.0.7 Updated: June 28, 2026

LOW

eventify

Score: 91/100 Eventify - Simple Events <= 1.7.f - SQL Injection via eventid Affected: * - 1.7.f Patched: 1.7.g Updated: June 28, 2026

LOW

search-autocomplete

Score: N/A Search Autocomplete < 1.0.9 - SQL Injection Affected: [*, 1.0.9) Patched: 1.0.9 Updated: June 28, 2026

LOW

timthumb

Score: N/A TimThumb <= 1.33 - Remote File Download Affected: [*, 2.0) Patched: 2.0 Updated: June 28, 2026

LOW

simple-post-thumbnails

Score: N/A TimThumb <= 1.33 - Remote File Download Affected: * Patched: Updated: June 28, 2026

LOW

category-list-portfolio-page

Score: 91/100 TimThumb <= 1.33 - Remote File Download Affected: * Patched: Updated: June 28, 2026

LOW

fv-wordpress-flowplayer

Score: 93/100 FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting Affected: *-1.2.11 Patched: 1.2.12 Updated: June 28, 2026

LOW

social-slider

Score: N/A Social Slider < 7.4.2 - SQL Injection Affected: [*, 7.4.2) Patched: 7.4.2 Updated: June 28, 2026

LOW

eshop

Score: 89/100 eShop < 6.2.9 - Reflected Cross-Site Scripting Affected: [*, 6.2.9) Patched: 6.2.9 Updated: June 28, 2026

LOW

addthis

Score: 97/100 WordPress Share Buttons Plugin – AddThis < 2.2.0 - Code Injection Affected: [*, 2.2.0) Patched: 2.2.0 Updated: June 28, 2026

LOW

is-human

Score: 91/100 is-human <= 1.4.2 - Unauthenticated Remote Code Execution Affected: *-1.4.2 Patched: Updated: June 28, 2026

LOW

sermon-browser

Score: N/A Sermon Browser < 0.43.6 - Cross-Site Scripting Affected: [*, 0.43.6) Patched: 0.43.6 Updated: June 28, 2026

LOW

sermon-browser

Score: N/A Sermon Browser < 0.43.6 - SQL Injection Affected: [*, 0.43.6) Patched: 0.43.6 Updated: June 28, 2026

LOW

socialgrid

Score: N/A SocialGrid <= 2.4 - Cross-Site Scripting Affected: *-2.4 Patched: Updated: June 28, 2026

LOW

wp-custom-pages

Score: N/A WP Custom Pages <= 0.5.0.1 - Path Traversal Affected: *-0.5.0.1 Patched: Updated: June 28, 2026

LOW

BackWPup – WordPress Backup & Restore Plugin

backwpup

Score: 96/100 BackWPup <= 1.7.1 - Remote File Inclusion Affected: *-1.7.1 Patched: 1.7.2 Updated: June 28, 2026

LOW

wp-related-posts

Score: N/A WP Related Posts <= 1.0 - Cross-Site Request Forgery Affected: [*, 1.1) Patched: 1.1 Updated: June 28, 2026

LOW

wp-recaptcha

Score: N/A WP-reCAPTCHA <= 2.9.8.2 - Multiple Cross-Site Request Forgery Affected: *-2.9.8.2 Patched: 3.0 Updated: June 28, 2026

LOW

sodahead-polls

Score: N/A SodaHead Polls < 2.0.4 - Multiple Cross-Site Scripting Affected: [*, 2.0.4) Patched: 2.0.4 Updated: June 28, 2026

LOW

BackWPup – WordPress Backup & Restore Plugin

backwpup

Score: 96/100 BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal Affected: [*, 1.4.1) Patched: 1.4.1 Updated: June 28, 2026

LOW

starbox-voting

Score: N/A Starbox Voting <= 2.0.4 - Full Path Disclosure Affected: *-2.0.4 Patched: Updated: June 28, 2026

LOW

photosmash-galleries

Score: N/A Photosmash Plugin < 1.0.5 - Cross-Site Scripting Affected: [*, 1.0.5) Patched: 1.0.5 Updated: June 28, 2026

LOW

gd-star-rating

Score: 87/100 GD Star Rating <= 1.9.22 - Cross-Site Scripting Affected: *-1.9.22 Patched: Updated: June 28, 2026

LOW

forum-server

Score: 89/100 WP Forum Server <= 1.6.5 - SQL Injection Affected: *-1.6.5 Patched: 1.6.6 Updated: June 28, 2026

LOW

uploadify

Score: N/A Uploadify <= 1.0 - Arbitrary File Upload Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

user-photo

Score: N/A User Photo <= 0.9.4 - Arbitrary File Upload Affected: *-0.9.4 Patched: 0.9.5 Updated: June 28, 2026

LOW

cdnvote

Score: 93/100 CDN Vote < 0.4.2 - SQL Injection Affected: [*, 0.4.2) Patched: 0.4.2 Updated: June 28, 2026

LOW

rss-feed-reader

Score: N/A RSS Feed Reader <= 0.1 - Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 28, 2026

LOW

statpresscn

Score: N/A StatPressCN <= 1.9.0 - Cross-Site Scripting Affected: *-1.9.0 Patched: 1.9.1 Updated: June 28, 2026

LOW

embedded-video-with-link

Score: 91/100 Embedded Video <= 4.1 - Cross-Site Scripting Affected: *-4.1 Patched: Updated: June 28, 2026

LOW

cforms2

Score: 93/100 CformsII <= 14.10.1 - CAPTCHA Bypass Affected: *-14.10.1 Patched: 14.11 Updated: June 28, 2026

LOW

wp-safe-search

Score: N/A WP Safe Search <= 0.7 - Cross-Site Scripting Affected: *-0.7 Patched: Updated: June 28, 2026

LOW

wordpress-processing-embed

Score: N/A WordPress Processing Embed <= 0.5.1 - Cross-Site Scripting Affected: *-0.5.1 Patched: Updated: June 28, 2026

Showing 36001 to 36100 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 28, 2026 at 18:10 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List