Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36280

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
mylinksdump	mylinksdump	N/A	myLinksDump <= 1.2 - SQL Injection	LOW	*-1.2		June 29, 2026
wp-useronline	wp-useronline	N/A	WP-UserOnline < 2.70 - Cross-Site Scripting	LOW	*-2.62	2.70	June 29, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting	LOW	[*, 1.5.2)	1.5.2	June 29, 2026
cpl	cpl	91	Copperleaf Photolog <= 0.16- SQL injection	LOW	*-0.16		June 29, 2026
wp-cumulus	wp-cumulus	N/A	WP-Cumulus <= 1.22 - Cross-Site Scripting via tagcloud	LOW	*-1.22	1.23	June 29, 2026
wp-cumulus	wp-cumulus	N/A	WP-Cumulus <= 1.20 - Sensitive Information Exposure	LOW	*-1.20	1.23	June 29, 2026
woopra	woopra	N/A	Various Affected Software (Various Versions) - Arbitrary File Upload	LOW	*-1.4.3.1	1.4.3.2	June 29, 2026
piwik-pro	piwik-pro	N/A	Various Affected Software (Various Versions) - Arbitrary File Upload	LOW	0.2.35-0.4.3	0.4.4	June 29, 2026
wp-forum	wp-forum	N/A	WP Forum <= 2.3 - Multiple SQL Injections	LOW	[*, 2.4)	2.4	June 29, 2026
wp-cumulus	wp-cumulus	N/A	WP Cumulus < 1.22 - Cross-Site Scripting	LOW	[*, 1.22)	1.22	June 29, 2026
google-analyticator	google-analyticator	93	Google Analyticator <= 5.2 - Cross-Site Scripting	LOW	[*, 5.2.1)	5.2.1	June 29, 2026
my-category-order	my-category-order	N/A	my-category-order <= 2.8.7 - SQL Injection	LOW	*-2.8.7	3.0.1	June 29, 2026
related-sites	related-sites	N/A	Related Sites <= 2.2 - SQL Injection	LOW	*-2.2	2.2.1	June 29, 2026
dm-albums	dm-albums	91	DM Albums <= 1.9.2 - Remote File Inclusion	LOW	*-1.9.2	1.9.3	June 29, 2026
firestats	firestats	93	FireStats <1.6.2 - SQL Injection	LOW	[*, 1.6.2)	1.6.2	June 29, 2026
photoracer	photoracer	N/A	Photoracer Plugin <= 1.0 - SQL Injection	LOW	*-1.0		June 29, 2026
firestats	firestats	93	FireStats < 1.6.2 - Remote File Inclusion	LOW	[*, 1.6.2)	1.6.2	June 29, 2026
wp-lytebox	wp-lytebox	N/A	Lytebox <= 1.3 - Local File Inclusion	LOW	*-1.3		June 29, 2026
wp-syntax	wp-syntax	N/A	WP Syntax < 0.9.10 - Remote Code Execution	LOW	*-0.9.9	0.9.10	June 29, 2026
fmoblog	fmoblog	91	fMoblog <= 2.1 - SQL Injection	LOW	*-2.1		June 29, 2026
page-flip-image-gallery	page-flip-image-gallery	N/A	Page Flip Image Gallery <= 0.2.2 - Directory Traversal	LOW	*-0.2.2		June 29, 2026
wp-shopping-cart	wp-shopping-cart	N/A	Instinct WP e-Commerce <= 3.4 - Arbitrary File Upload	LOW	*-3.4	3.6.8 RC1	June 29, 2026
st_newsletter	st_newsletter	N/A	ShiftThis Newsletter <= 2.3.1 - SQL Injection	LOW	*-2.3.1		June 29, 2026
php-shell	php-shell	N/A	PHP Shell (All Versions) - Backdoor	LOW	*		June 29, 2026
wp-comment-remix	wp-comment-remix	N/A	WP Comment Remix <= 1.4.3 - SQL Injection	LOW	*-1.4.3	1.4.4	June 29, 2026
wp-comment-remix	wp-comment-remix	N/A	WP Comment Remix < 1.4.4 - SQL Injection	LOW	[*, 1.4.4)	1.4.4	June 29, 2026
wp-comment-remix	wp-comment-remix	N/A	WP Comment Remix < 1.4.4 - Cross-Site Request Forgery	LOW	[*, 1.4.4)	1.4.4	June 29, 2026
downloads-manager	downloads-manager	91	Downloads Manager <= 0.2 - Arbitrary File Upload	LOW	*-0.2		June 29, 2026
tubepress	tubepress	N/A	TubePress < 1.6.5 - Cross-Site Scripting	LOW	*-1.5.7	1.6.5	June 29, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	NextGEN Gallery Plugin <= 1.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.9.0	1.9.1	June 29, 2026
download-monitor	download-monitor	93	Download Monitor <= 2.0.6 - Unauthenticated SQL Injection	LOW	*-2.0.6	2.0.9	June 29, 2026
wpss	wpss	N/A	WordPress Spreadsheet <= 0.6 - Unauthenticated SQL Injection	LOW	*-0.6		June 29, 2026
wp-download	wp-download	N/A	WP-Download <= 1.2 - SQL Injection	LOW	*-1.2	1.2.1	June 29, 2026
sniplets	sniplets	N/A	Sniplets < 1.2.3 - Cross-Site Scripting	LOW	[*, 1.2.3)	1.2.3	June 29, 2026
sniplets	sniplets	N/A	Sniplets < 1.2.3 - Remote Code Execution	LOW	[*, 1.2.3)	1.2.3	June 29, 2026
wp-photo-album-plus	wp-photo-album-plus	N/A	WP Photo Album Plus <= 1.1 - SQL Injection	LOW	*-1.0	1.1	June 29, 2026
sniplets	sniplets	N/A	Sniplets < 1.2.3 - Remote File Inclusion	LOW	[*, 1.2.3)	1.2.3	June 29, 2026
wp-people	wp-people	N/A	WP People <= 3.4.1 - SQL Injection	LOW	*-3.4.1		June 29, 2026
simple-forum	simple-forum	N/A	Yellow Swordfish Simple Forum <= 1.11 - SQL Injection	LOW	*-1.11		June 29, 2026
search-unleashed	search-unleashed	N/A	Search Unleashed <= 0.2.10 - Cross-Site Scripting	LOW	*-0.2.10	0.2.11	June 29, 2026
st_newsletter	st_newsletter	N/A	ShiftThis (Unspecified Version) - SQL Injection	LOW	*		June 29, 2026
wp-footnotes	wp-footnotes	N/A	WP-Footnotes <= 2.2 - Multiple Cross-Site Scripting	LOW	*-2.2	3.0	June 29, 2026
wordspew	wordspew	N/A	WordSpew <= 3.71 - SQL Injection	LOW	*-3.71		June 29, 2026
dmsguestbook	dmsguestbook	91	DMSGuestbook < 1.9.0 - Cross-Site Scripting	LOW	[*, 1.9.0)	1.9.0	June 29, 2026
dmsguestbook	dmsguestbook	91	DMSGuestbook <= 1.8.0 - Directory Traversal	LOW	*-1.8.0	1.8.1	June 29, 2026
dmsguestbook	dmsguestbook	91	DMSGuestbook < 1.9.0 - Cross-Site Scripting	LOW	[*, 1.9.0)	1.9.0	June 29, 2026
dmsguestbook	dmsguestbook	91	DMSGuestbook <= 1.7.0 - SQL Injection	LOW	*		June 29, 2026
wassup	wassup	N/A	WassUp Real Time Analytics 1.4 - 1.4.3 - SQL Injection	LOW	1.4-1.4.3	1.4.4	June 29, 2026
fgallery	fgallery	93	fGallery 2.4.1 - SQL injection	LOW	*-2.4.1	2.4.2	June 29, 2026
adserve	adserve	97	AdServe < 0.3 - SQL Injection	LOW	*-0.2	0.3	June 29, 2026
wp-cal	wp-cal	N/A	WP-Cal <= 0.3 - SQL Injection	LOW	*-0.3		June 29, 2026
permalinks-migration-plugin-for-wordpress	permalinks-migration-plugin-for-wordpress	N/A	Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	*-1.0		June 29, 2026
wp-forum	wp-forum	N/A	WP-Forum <= 1.7.4 - Remote SQL Injection	LOW	*-1.7.4	1.7.7	June 29, 2026
spambam	spambam	N/A	Spambam <= 2.1 - Authorization Bypass	LOW	*-2.1		June 29, 2026
peters-math-anti-spam	peters-math-anti-spam	N/A	Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass	LOW	*-0.1.6	1.0.0	June 29, 2026
wp-contactform	wp-contactform	N/A	WP-ContactForm <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.5		June 29, 2026
wp-filemanager	wp-filemanager	N/A	Wp-FileManager <= 1.2 - Arbitrary File Upload	LOW	*-1.2	1.3	June 29, 2026
wp-contactform	wp-contactform	N/A	WP-ContactForm <= 1.5.1 - Cross-Site Request Forgery	LOW	*-1.5.1		June 29, 2026
math-comment-spam-protection	math-comment-spam-protection	93	Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1	2.2	June 29, 2026
pictpress	pictpress	N/A	PictPress <= 0.91 - Directory Traversal	LOW	*-0.91	0.99	June 29, 2026
cryptographp	cryptographp	91	Cryptographp <= 1.2 - Cross-Site Scripting	LOW	*-1.2		June 29, 2026
captcha-offrepo	captcha-offrepo	93	Captcha! <= 2.5d - Cross-Site Scripting	LOW	* - 2.5d	2.6	June 29, 2026
math-comment-spam-protection	math-comment-spam-protection	93	Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery	LOW	*-2.1	2.2	June 29, 2026
peters-random-anti-spam-image	peters-random-anti-spam-image	N/A	Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting	LOW	*-1.0.6		June 29, 2026
backupwordpress	backupwordpress	93	BackUpWordPress <= 0.4.2b - Remote File Inclusion	LOW	[*, 0.4.3)	0.4.3	June 29, 2026
feedburner-feedsmith	feedburner-feedsmith	93	FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery	LOW	*-2.2	2.3	June 29, 2026
stats	stats	N/A	stats <= 1.1 - SQL Injection	LOW	*-1.1	1.1.1	June 29, 2026
feedstats-de	feedstats-de	93	FeedStats < 2.4 - Cross-Site Scripting	LOW	[*, 2.4)	2.4	June 29, 2026
stats	stats	N/A	stats <= 1.0 - Stored Cross-Site Scripting	LOW	*-1.0	1.1	June 29, 2026
adsense-deluxe	adsense-deluxe	95	AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery	LOW	*-0.8		June 29, 2026
Akismet Anti-spam: Spam Protection	akismet	92	Akismet Spam Protection < 2.0.2 - Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 29, 2026
wp-table	wp-table	N/A	WP-Table <= 1.43 - Local File Inclusion	LOW	*-1.43	1.44	June 29, 2026
wordtube	wordtube	N/A	wordTube <= 1.43 - Remote File Inclusion	LOW	*-1.43	1.44	June 29, 2026
wordtube	wordtube	N/A	wordTube <= 1.43 - Directory Traversal and File Inclusion	LOW	*-1.43	1.44	June 29, 2026
myflash	myflash	N/A	Myflash < 1.11 - Remote File Inclusion	LOW	*-1.00	1.11	June 29, 2026
the-hackers-diet	the-hackers-diet	N/A	The Hacker's Diet <= 0.9.6b - SQL Injection	LOW	* - 0.9.6b	0.9.7b	June 29, 2026
mygallery	mygallery	N/A	MySliderGallery <= 1.2.1 - Remote File Inclusion	LOW	*-1.2.1	1.4b5	June 29, 2026
subscribe-to-comments	subscribe-to-comments	N/A	Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting	LOW	*-2.0.7	2.0.8	June 29, 2026
wp-db-backupphp	wp-db-backupphp	N/A	Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal	LOW	*-1.7		June 29, 2026
secure-files	secure-files	N/A	secure-files <= 1.1 - Directory Traversal	LOW	*-1.1	1.2	June 29, 2026

LOW

mylinksdump

Score: N/A myLinksDump <= 1.2 - SQL Injection Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

wp-useronline

Score: N/A WP-UserOnline < 2.70 - Cross-Site Scripting Affected: *-2.62 Patched: 2.70 Updated: June 29, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting Affected: [*, 1.5.2) Patched: 1.5.2 Updated: June 29, 2026

LOW

cpl

Score: 91/100 Copperleaf Photolog <= 0.16- SQL injection Affected: *-0.16 Patched: Updated: June 29, 2026

LOW

wp-cumulus

Score: N/A WP-Cumulus <= 1.22 - Cross-Site Scripting via tagcloud Affected: *-1.22 Patched: 1.23 Updated: June 29, 2026

LOW

wp-cumulus

Score: N/A WP-Cumulus <= 1.20 - Sensitive Information Exposure Affected: *-1.20 Patched: 1.23 Updated: June 29, 2026

LOW

woopra

Score: N/A Various Affected Software (Various Versions) - Arbitrary File Upload Affected: *-1.4.3.1 Patched: 1.4.3.2 Updated: June 29, 2026

LOW

piwik-pro

Score: N/A Various Affected Software (Various Versions) - Arbitrary File Upload Affected: 0.2.35-0.4.3 Patched: 0.4.4 Updated: June 29, 2026

LOW

wp-forum

Score: N/A WP Forum <= 2.3 - Multiple SQL Injections Affected: [*, 2.4) Patched: 2.4 Updated: June 29, 2026

LOW

wp-cumulus

Score: N/A WP Cumulus < 1.22 - Cross-Site Scripting Affected: [*, 1.22) Patched: 1.22 Updated: June 29, 2026

LOW

google-analyticator

Score: 93/100 Google Analyticator <= 5.2 - Cross-Site Scripting Affected: [*, 5.2.1) Patched: 5.2.1 Updated: June 29, 2026

LOW

my-category-order

Score: N/A my-category-order <= 2.8.7 - SQL Injection Affected: *-2.8.7 Patched: 3.0.1 Updated: June 29, 2026

LOW

related-sites

Score: N/A Related Sites <= 2.2 - SQL Injection Affected: *-2.2 Patched: 2.2.1 Updated: June 29, 2026

LOW

dm-albums

Score: 91/100 DM Albums <= 1.9.2 - Remote File Inclusion Affected: *-1.9.2 Patched: 1.9.3 Updated: June 29, 2026

LOW

firestats

Score: 93/100 FireStats <1.6.2 - SQL Injection Affected: [*, 1.6.2) Patched: 1.6.2 Updated: June 29, 2026

LOW

photoracer

Score: N/A Photoracer Plugin <= 1.0 - SQL Injection Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

firestats

Score: 93/100 FireStats < 1.6.2 - Remote File Inclusion Affected: [*, 1.6.2) Patched: 1.6.2 Updated: June 29, 2026

LOW

wp-lytebox

Score: N/A Lytebox <= 1.3 - Local File Inclusion Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

wp-syntax

Score: N/A WP Syntax < 0.9.10 - Remote Code Execution Affected: *-0.9.9 Patched: 0.9.10 Updated: June 29, 2026

LOW

fmoblog

Score: 91/100 fMoblog <= 2.1 - SQL Injection Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

page-flip-image-gallery

Score: N/A Page Flip Image Gallery <= 0.2.2 - Directory Traversal Affected: *-0.2.2 Patched: Updated: June 29, 2026

LOW

wp-shopping-cart

Score: N/A Instinct WP e-Commerce <= 3.4 - Arbitrary File Upload Affected: *-3.4 Patched: 3.6.8 RC1 Updated: June 29, 2026

LOW

st_newsletter

Score: N/A ShiftThis Newsletter <= 2.3.1 - SQL Injection Affected: *-2.3.1 Patched: Updated: June 29, 2026

LOW

php-shell

Score: N/A PHP Shell (All Versions) - Backdoor Affected: * Patched: Updated: June 29, 2026

LOW

wp-comment-remix

Score: N/A WP Comment Remix <= 1.4.3 - SQL Injection Affected: *-1.4.3 Patched: 1.4.4 Updated: June 29, 2026

LOW

wp-comment-remix

Score: N/A WP Comment Remix < 1.4.4 - SQL Injection Affected: [*, 1.4.4) Patched: 1.4.4 Updated: June 29, 2026

LOW

wp-comment-remix

Score: N/A WP Comment Remix < 1.4.4 - Cross-Site Request Forgery Affected: [*, 1.4.4) Patched: 1.4.4 Updated: June 29, 2026

LOW

downloads-manager

Score: 91/100 Downloads Manager <= 0.2 - Arbitrary File Upload Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

tubepress

Score: N/A TubePress < 1.6.5 - Cross-Site Scripting Affected: *-1.5.7 Patched: 1.6.5 Updated: June 29, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 NextGEN Gallery Plugin <= 1.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.9.0 Patched: 1.9.1 Updated: June 29, 2026

LOW

download-monitor

Score: 93/100 Download Monitor <= 2.0.6 - Unauthenticated SQL Injection Affected: *-2.0.6 Patched: 2.0.9 Updated: June 29, 2026

LOW

wpss

Score: N/A WordPress Spreadsheet <= 0.6 - Unauthenticated SQL Injection Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

wp-download

Score: N/A WP-Download <= 1.2 - SQL Injection Affected: *-1.2 Patched: 1.2.1 Updated: June 29, 2026

LOW

sniplets

Score: N/A Sniplets < 1.2.3 - Cross-Site Scripting Affected: [*, 1.2.3) Patched: 1.2.3 Updated: June 29, 2026

LOW

sniplets

Score: N/A Sniplets < 1.2.3 - Remote Code Execution Affected: [*, 1.2.3) Patched: 1.2.3 Updated: June 29, 2026

LOW

wp-photo-album-plus

Score: N/A WP Photo Album Plus <= 1.1 - SQL Injection Affected: *-1.0 Patched: 1.1 Updated: June 29, 2026

LOW

sniplets

Score: N/A Sniplets < 1.2.3 - Remote File Inclusion Affected: [*, 1.2.3) Patched: 1.2.3 Updated: June 29, 2026

LOW

wp-people

Score: N/A WP People <= 3.4.1 - SQL Injection Affected: *-3.4.1 Patched: Updated: June 29, 2026

LOW

simple-forum

Score: N/A Yellow Swordfish Simple Forum <= 1.11 - SQL Injection Affected: *-1.11 Patched: Updated: June 29, 2026

LOW

search-unleashed

Score: N/A Search Unleashed <= 0.2.10 - Cross-Site Scripting Affected: *-0.2.10 Patched: 0.2.11 Updated: June 29, 2026

LOW

st_newsletter

Score: N/A ShiftThis (Unspecified Version) - SQL Injection Affected: * Patched: Updated: June 29, 2026

LOW

wp-footnotes

Score: N/A WP-Footnotes <= 2.2 - Multiple Cross-Site Scripting Affected: *-2.2 Patched: 3.0 Updated: June 29, 2026

LOW

wordspew

Score: N/A WordSpew <= 3.71 - SQL Injection Affected: *-3.71 Patched: Updated: June 29, 2026

LOW

dmsguestbook

Score: 91/100 DMSGuestbook < 1.9.0 - Cross-Site Scripting Affected: [*, 1.9.0) Patched: 1.9.0 Updated: June 29, 2026

LOW

dmsguestbook

Score: 91/100 DMSGuestbook <= 1.8.0 - Directory Traversal Affected: *-1.8.0 Patched: 1.8.1 Updated: June 29, 2026

LOW

dmsguestbook

Score: 91/100 DMSGuestbook < 1.9.0 - Cross-Site Scripting Affected: [*, 1.9.0) Patched: 1.9.0 Updated: June 29, 2026

LOW

dmsguestbook

Score: 91/100 DMSGuestbook <= 1.7.0 - SQL Injection Affected: * Patched: Updated: June 29, 2026

LOW

wassup

Score: N/A WassUp Real Time Analytics 1.4 - 1.4.3 - SQL Injection Affected: 1.4-1.4.3 Patched: 1.4.4 Updated: June 29, 2026

LOW

fgallery

Score: 93/100 fGallery 2.4.1 - SQL injection Affected: *-2.4.1 Patched: 2.4.2 Updated: June 29, 2026

LOW

adserve

Score: 97/100 AdServe < 0.3 - SQL Injection Affected: *-0.2 Patched: 0.3 Updated: June 29, 2026

LOW

wp-cal

Score: N/A WP-Cal <= 0.3 - SQL Injection Affected: *-0.3 Patched: Updated: June 29, 2026

LOW

permalinks-migration-plugin-for-wordpress

Score: N/A Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

wp-forum

Score: N/A WP-Forum <= 1.7.4 - Remote SQL Injection Affected: *-1.7.4 Patched: 1.7.7 Updated: June 29, 2026

LOW

spambam

Score: N/A Spambam <= 2.1 - Authorization Bypass Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

peters-math-anti-spam

Score: N/A Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass Affected: *-0.1.6 Patched: 1.0.0 Updated: June 29, 2026

LOW

wp-contactform

Score: N/A WP-ContactForm <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

wp-filemanager

Score: N/A Wp-FileManager <= 1.2 - Arbitrary File Upload Affected: *-1.2 Patched: 1.3 Updated: June 29, 2026

LOW

wp-contactform

Score: N/A WP-ContactForm <= 1.5.1 - Cross-Site Request Forgery Affected: *-1.5.1 Patched: Updated: June 29, 2026

LOW

math-comment-spam-protection

Score: 93/100 Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: June 29, 2026

LOW

pictpress

Score: N/A PictPress <= 0.91 - Directory Traversal Affected: *-0.91 Patched: 0.99 Updated: June 29, 2026

LOW

cryptographp

Score: 91/100 Cryptographp <= 1.2 - Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

captcha-offrepo

Score: 93/100 Captcha! <= 2.5d - Cross-Site Scripting Affected: * - 2.5d Patched: 2.6 Updated: June 29, 2026

LOW

math-comment-spam-protection

Score: 93/100 Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: 2.2 Updated: June 29, 2026

LOW

peters-random-anti-spam-image

Score: N/A Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

backupwordpress

Score: 93/100 BackUpWordPress <= 0.4.2b - Remote File Inclusion Affected: [*, 0.4.3) Patched: 0.4.3 Updated: June 29, 2026

LOW

feedburner-feedsmith

Score: 93/100 FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery Affected: *-2.2 Patched: 2.3 Updated: June 29, 2026

LOW

stats

Score: N/A stats <= 1.1 - SQL Injection Affected: *-1.1 Patched: 1.1.1 Updated: June 29, 2026

LOW

feedstats-de

Score: 93/100 FeedStats < 2.4 - Cross-Site Scripting Affected: [*, 2.4) Patched: 2.4 Updated: June 29, 2026

LOW

stats

Score: N/A stats <= 1.0 - Stored Cross-Site Scripting Affected: *-1.0 Patched: 1.1 Updated: June 29, 2026

LOW

adsense-deluxe

Score: 95/100 AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery Affected: *-0.8 Patched: Updated: June 29, 2026

LOW

Akismet Anti-spam: Spam Protection

akismet

Score: 92/100 Akismet Spam Protection < 2.0.2 - Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

wp-table

Score: N/A WP-Table <= 1.43 - Local File Inclusion Affected: *-1.43 Patched: 1.44 Updated: June 29, 2026

LOW

wordtube

Score: N/A wordTube <= 1.43 - Remote File Inclusion Affected: *-1.43 Patched: 1.44 Updated: June 29, 2026

LOW

wordtube

Score: N/A wordTube <= 1.43 - Directory Traversal and File Inclusion Affected: *-1.43 Patched: 1.44 Updated: June 29, 2026

LOW

myflash

Score: N/A Myflash < 1.11 - Remote File Inclusion Affected: *-1.00 Patched: 1.11 Updated: June 29, 2026

LOW

the-hackers-diet

Score: N/A The Hacker's Diet <= 0.9.6b - SQL Injection Affected: * - 0.9.6b Patched: 0.9.7b Updated: June 29, 2026

LOW

mygallery

Score: N/A MySliderGallery <= 1.2.1 - Remote File Inclusion Affected: *-1.2.1 Patched: 1.4b5 Updated: June 29, 2026

LOW

subscribe-to-comments

Score: N/A Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting Affected: *-2.0.7 Patched: 2.0.8 Updated: June 29, 2026

LOW

wp-db-backupphp

Score: N/A Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

secure-files

Score: N/A secure-files <= 1.1 - Directory Traversal Affected: *-1.1 Patched: 1.2 Updated: June 29, 2026

Showing 36201 to 36280 of 36280 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 20:19 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List