Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36307

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
logo-slider-wp	logo-slider-wp	89	Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-4.9.0		June 30, 2026
trusona	trusona	N/A	Trusona for WordPress <= 2.0.0 - Missing Authorization	LOW	*-2.0.0		June 30, 2026
uper-elementor	uper-elementor	N/A	Uper for Elementor <= 1.0.5 - Missing Authorization	LOW	*-1.0.5		June 30, 2026
thegem-elements-elementor	thegem-elements-elementor	N/A	TheGem Theme Elements (for Elementor) <= 5.11.0 - Authenticated (Contributor+) Local File Inclusion	LOW	*-5.11.0	5.11.1	June 30, 2026
thegem-elements-elementor	thegem-elements-elementor	N/A	TheGem Theme Elements (for Elementor) <= 5.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.11.0	5.11.1	June 30, 2026
thegem-elements	thegem-elements	N/A	TheGem Theme Elements (for WPBakery) <= 5.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.11.0	5.11.1	June 30, 2026
merge-minify-refresh	merge-minify-refresh	93	Merge + Minify + Refresh <= 2.14 - Cross-Site Request Forgery	LOW	*-2.14	2.15	June 30, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic <= 6.0.6.9 - Cross-Site Request Forgery	LOW	*-6.0.6.9	6.0.7.0	June 30, 2026
crumber-elementor	crumber-elementor	91	Crumber <= 1.0.10 - Missing Authorization	LOW	*-1.0.10		June 30, 2026
creatorlms	creatorlms	93	Creator LMS <= 1.1.12 - Missing Authorization	LOW	*-1.1.12	1.1.13	June 30, 2026
copyscape-premium	copyscape-premium	93	Copyscape Premium <= 1.4.1 - Cross-Site Request Forgery	LOW	*-1.4.1	1.4.2	June 30, 2026
templately	templately	N/A	Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write	LOW	*-3.4.8	3.4.9	June 30, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion	LOW	*-4.4.8	4.4.9	June 30, 2026
accessibility-toolbar	accessibility-toolbar	95	Web Accessibility with Max Access <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.0		June 30, 2026
stylish-cost-calculator	stylish-cost-calculator	N/A	Stylish Cost Calculator < 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 8.3.1)	8.3.1	June 30, 2026
woocommerce-square	woocommerce-square	N/A	WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id	LOW	[4.2.0, 4.2.3), [4.3.0, 4.3.2), [4.4.0, 4.4.2), [4.5.0, 4.5.2), [4.6.0, 4.6.4), [4.7.0, 4.7.4)	4.2.3	June 30, 2026
delay-redirects	delay-redirects	91	Delay Redirects <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
add-expires-headers	add-expires-headers	97	Add Expires Headers & Optimized Minify <= 3.2.0 - Missing Authorization	LOW	*-3.2.0	3.3.0	June 30, 2026
yith-woocommerce-request-a-quote	yith-woocommerce-request-a-quote	N/A	YITH WooCommerce Request A Quote <= 2.46.0 - Missing Authorization	LOW	*-2.46.0	2.46.1	June 30, 2026
woocommerce-stock-manager	woocommerce-stock-manager	N/A	Stock Manager for WooCommerce < 3.6.0 - Cross-Site Request Forgery	LOW	[*, 3.6.0)	3.6.0	June 30, 2026
widget-countdown	widget-countdown	N/A	Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.7.7	2.7.8	June 30, 2026
tickera-event-ticketing-system	tickera-event-ticketing-system	N/A	Tickera <= 3.5.6.4 - Missing Authorization	LOW	*-3.5.6.4	3.5.6.5	June 30, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.12.2 - Missing Authorization	LOW	*-6.15.12.2	6.15.13	June 30, 2026
shortcoder	shortcoder	N/A	Shortcoder — Create Shortcodes for Anything <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.5.1	6.5.2	June 30, 2026
proxy-vpn-blocker	proxy-vpn-blocker	N/A	Proxy & VPN Blocker <= 3.5.3 - Missing Authorization	LOW	*-3.5.3	3.5.4	June 30, 2026
miniorange-sms-order-notification-otp-verification	miniorange-sms-order-notification-otp-verification	93	miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification	LOW	*-4.3.8	4.3.9	June 30, 2026
featured-image-from-url	featured-image-from-url	93	Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'	LOW	*-5.3.1	5.3.2	June 30, 2026
convertforce-popup-builder	convertforce-popup-builder	93	ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation	LOW	*-0.0.7	0.0.8	June 30, 2026
contest-gallery	contest-gallery	93	Contest Gallery <= 28.1.1 - Missing Authorization	LOW	*-28.1.1	28.1.2	June 30, 2026
blog2social	blog2social	93	Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-8.7.2	8.7.3	June 30, 2026
better-business-reviews	better-business-reviews	93	Better Business Reviews <= 0.1.1 - Missing Authorization	LOW	*-0.1.1	0.1.2	June 30, 2026
auxin-elements	auxin-elements	89	Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget	LOW	*-2.17.13	2.17.14	June 30, 2026
autogen-headers-menu	autogen-headers-menu	91	Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter	LOW	*-1.0.1		June 30, 2026
change-wp-page-permalinks	change-wp-page-permalinks	91	WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush	LOW	*-1.5.4		June 30, 2026
shabat-keeper	shabat-keeper	N/A	Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-0.4.4		June 30, 2026
woodpecker	woodpecker	N/A	Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute	LOW	*-3.0.4		June 30, 2026
pullquote	pullquote	N/A	PullQuote <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0		June 30, 2026
lesson-plan-book	lesson-plan-book	91	Lesson Plan Book <= 1.3 - Reflected Cross-Site Scripting	LOW	*-1.3		June 30, 2026
wp-client-testimonial	wp-client-testimonial	N/A	Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field	LOW	*-2.0		June 30, 2026
contact-form-vcard-generator	contact-form-vcard-generator	87	Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter	LOW	*-2.4		June 30, 2026
debtcom-business-in-a-box	debtcom-business-in-a-box	91	Debt.com Business in a Box <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-4.1.0		June 30, 2026
mg-advancedoptions	mg-advancedoptions	91	MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 30, 2026
menu-card	menu-card	91	Menu Card <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.8.0		June 30, 2026
curved-text	curved-text	91	Curved Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.1		June 30, 2026
the-tooltip	the-tooltip	N/A	The Tooltip <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.2		June 30, 2026
Header and Footer Scripts	header-and-footer-scripts	95	Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.0	2.4.0	June 30, 2026
wppopupmagic	wppopupmagic	N/A	WP Popup Magic <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute	LOW	*-1.0.0		June 30, 2026
top-position-google-finance	top-position-google-finance	N/A	Top Position Google Finance <= 0.1.0 - Reflected Cross-Site Scripting	LOW	*-0.1.0		June 30, 2026
nearby-now-reviews	nearby-now-reviews	N/A	Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-5.2		June 30, 2026
entry-views	entry-views	91	Entry Views <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.0		June 30, 2026
accelerated-mobile-pages	accelerated-mobile-pages	97	AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-1.1.10	1.1.11	June 30, 2026
Booking Calendar	booking	71	Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure	LOW	*-10.14.10	10.14.11	June 30, 2026
tutor	tutor	N/A	Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification	LOW	*-3.9.3	3.9.4	June 30, 2026
wp-table-builder	wp-table-builder	N/A	WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation	LOW	*-2.0.19	2.0.20	June 30, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field'	LOW	*-3.28.23	3.28.24	June 30, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element	LOW	*-3.28.25	3.28.26	June 30, 2026
wp-event-solution	wp-event-solution	N/A	Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings'	LOW	*-4.0.51	4.0.52	June 30, 2026
tutor	tutor	N/A	Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion	LOW	*-3.9.2	3.9.4	June 30, 2026
tutor	tutor	N/A	Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass	LOW	*-3.9.3	3.9.4	June 30, 2026
wp-google-street-view	wp-google-street-view	N/A	WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode	LOW	*-1.1.8	1.1.9	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter	LOW	*-5.3.3	5.3.4	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters	LOW	*-5.3.4	5.3.5	June 30, 2026
bulk-image-alt-text-with-yoast	bulk-image-alt-text-with-yoast	93	BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.1	2.2.2	June 30, 2026
betterdocs	betterdocs	93	BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure	LOW	*-4.3.3	4.3.4	June 30, 2026
indieweb	indieweb	93	IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter	LOW	*-4.0.5	5.0.0	June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export	LOW	*-1.49.1	1.49.2	June 30, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field	LOW	*-3.28.29	3.28.30	June 30, 2026
post-expirator	post-expirator	N/A	Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation	LOW	*-4.9.3	4.9.4	June 30, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions	LOW	*-1.2.38	2.0.0	June 30, 2026
wedocs	wedocs	N/A	weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure	LOW	*-2.1.15	2.1.16	June 30, 2026
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer	clearfy	93	Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering	LOW	*-2.4.0	2.4.1	June 30, 2026
woocommerce-for-japan	woocommerce-for-japan	N/A	Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification	LOW	*-2.7.17	2.8.0	June 30, 2026
woocommerce-sendinblue-newsletter-subscription	woocommerce-sendinblue-newsletter-subscription	N/A	Brevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting	LOW	*-4.0.49	4.0.50	June 30, 2026
wp-quick-post-duplicator	wp-quick-post-duplicator	N/A	WP Quick Post Duplicator <= 2.1 - Missing Authorization	LOW	*-2.1	2.2	June 30, 2026
wp-lead-capture	wp-lead-capture	N/A	Lead Capturing Pages <= 2.5 - Unauthenticated SQL Injection	LOW	*-2.5		June 30, 2026
wp_attractivedonationssystem	wp_attractivedonationssystem	N/A	Attractive Donations System - Easy Stripe & Paypal donations <= 1.25 - Missing Authorization to Unauthenticated Arbitrary Content Deletion	LOW	*-1.25		June 30, 2026
workreap	workreap	N/A	Workreap (theme's plugin) <= 3.3.6 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.3.6		June 30, 2026
woocommerce-orders-ei	woocommerce-orders-ei	N/A	WooCommerce Orders & Customers Exporter <= 5.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-5.4		June 30, 2026
woo-gift-cards-lite	woo-gift-cards-lite	N/A	Ultimate Gift Cards for WooCommerce <= 3.2.4 - Missing Authorization	LOW	*-3.2.4	3.2.5	June 30, 2026
virtualassistant	virtualassistant	N/A	Virtual Assistant <= 3.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.0		June 30, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration <= 4.4.9 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	*-4.4.9	5.0	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.2	5.4.3	June 30, 2026
super-interactive-maps	super-interactive-maps	N/A	Super Interactive Maps <= 2.3 - Reflected Cross-Site Scripting	LOW	*-2.3		June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 10.3.3 - Missing Authorization	LOW	*-10.3.3	10.3.4	June 30, 2026
nk-themes-helper	nk-themes-helper	N/A	nK Themes Helper <= 1.7.9 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.7.9		June 30, 2026
nextgen-download-gallery	nextgen-download-gallery	N/A	NextGEN Download Gallery <= 1.6.2 - Unauthenticated Information Exposure	LOW	*-1.6.2		June 30, 2026
magic_slider	magic_slider	91	Magic Slider <= 2.2 - Reflected Cross-Site Scripting	LOW	*-2.2		June 30, 2026
magic_carousel	magic_carousel	91	Magic Responsive Slider and Carousel WordPress <= 1.6 - Reflected Cross-Site Scripting	LOW	*-1.6		June 30, 2026
login-customizer	login-customizer	93	Custom Login Page Customizer <= 2.5.3 - Unauthenticated Privilege Escalation via Password Reset	LOW	*-2.5.3	2.5.4	June 30, 2026
lbg-vp2-html5-rightside	lbg-vp2-html5-rightside	91	HTML5 Video Player with Playlist & Multiple Skins <= 5.3.5 - Reflected Cross-Site Scripting	LOW	*-5.3.5		June 30, 2026
lbg-vp2-html5-bottom	lbg-vp2-html5-bottom	91	HTML5 Video Player <= 5.3.5 - Reflected Cross-Site Scripting	LOW	*-5.3.5		June 30, 2026
lbg_fullscreen_fullwidth_slider	lbg_fullscreen_fullwidth_slider	89	Image&Video FullScreen Background <= 1.6.7 - Reflected Cross-Site Scripting	LOW	*-1.6.7		June 30, 2026
kenta-companion	kenta-companion	91	Kenta Companion <= 1.3.3 - Cross-Site Request Forgery	LOW	*-1.3.3		June 30, 2026
give	give	93	GiveWP <= 4.13.1 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-4.13.1	4.13.2	June 30, 2026
forms-for-campaign-monitor	forms-for-campaign-monitor	93	Campaign Monitor for WordPress <= 2.9.1 - Missing Authorization	LOW	*-2.9.1	2.9.2	June 30, 2026
felan-framework	felan-framework	87	Felan Framework <= 1.1.3 - Missing Authorization	LOW	*-1.1.3		June 30, 2026
felan-framework	felan-framework	87	Felan Framework <= 1.1.3 - Unauthenticated SQL Injection	LOW	*-1.1.3		June 30, 2026
famous_grid_image_and_video_gallery	famous_grid_image_and_video_gallery	91	Famous - Responsive Image And Video Grid Gallery WordPress <= 1.4 - Reflected Cross-Site Scripting	LOW	*-1.4		June 30, 2026
easy-media-download	easy-media-download	93	Easy Media Download <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.11	1.1.12	June 30, 2026
countdown-with-background	countdown-with-background	91	CountDown With Image or Video Background <= 1.5 - Reflected Cross-Site Scripting	LOW	*-1.5		June 30, 2026

LOW

logo-slider-wp

Score: 89/100 Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.9.0 Patched: Updated: June 30, 2026

LOW

trusona

Score: N/A Trusona for WordPress <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

uper-elementor

Score: N/A Uper for Elementor <= 1.0.5 - Missing Authorization Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

thegem-elements-elementor

Score: N/A TheGem Theme Elements (for Elementor) <= 5.11.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-5.11.0 Patched: 5.11.1 Updated: June 30, 2026

LOW

thegem-elements-elementor

Score: N/A TheGem Theme Elements (for Elementor) <= 5.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.11.0 Patched: 5.11.1 Updated: June 30, 2026

LOW

thegem-elements

Score: N/A TheGem Theme Elements (for WPBakery) <= 5.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.11.0 Patched: 5.11.1 Updated: June 30, 2026

LOW

merge-minify-refresh

Score: 93/100 Merge + Minify + Refresh <= 2.14 - Cross-Site Request Forgery Affected: *-2.14 Patched: 2.15 Updated: June 30, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic <= 6.0.6.9 - Cross-Site Request Forgery Affected: *-6.0.6.9 Patched: 6.0.7.0 Updated: June 30, 2026

LOW

crumber-elementor

Score: 91/100 Crumber <= 1.0.10 - Missing Authorization Affected: *-1.0.10 Patched: Updated: June 30, 2026

LOW

creatorlms

Score: 93/100 Creator LMS <= 1.1.12 - Missing Authorization Affected: *-1.1.12 Patched: 1.1.13 Updated: June 30, 2026

LOW

copyscape-premium

Score: 93/100 Copyscape Premium <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026

LOW

templately

Score: N/A Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write Affected: *-3.4.8 Patched: 3.4.9 Updated: June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion Affected: *-4.4.8 Patched: 4.4.9 Updated: June 30, 2026

LOW

accessibility-toolbar

Score: 95/100 Web Accessibility with Max Access <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: June 30, 2026

LOW

stylish-cost-calculator

Score: N/A Stylish Cost Calculator < 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 8.3.1) Patched: 8.3.1 Updated: June 30, 2026

LOW

Score: N/A WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id Affected: [4.2.0, 4.2.3), [4.3.0, 4.3.2), [4.4.0, 4.4.2), [4.5.0, 4.5.2), [4.6.0, 4.6.4), [4.7.0, 4.7.4) Patched: 4.2.3 Updated: June 30, 2026

LOW

delay-redirects

Score: 91/100 Delay Redirects <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

add-expires-headers

Score: 97/100 Add Expires Headers & Optimized Minify <= 3.2.0 - Missing Authorization Affected: *-3.2.0 Patched: 3.3.0 Updated: June 30, 2026

LOW

yith-woocommerce-request-a-quote

Score: N/A YITH WooCommerce Request A Quote <= 2.46.0 - Missing Authorization Affected: *-2.46.0 Patched: 2.46.1 Updated: June 30, 2026

LOW

woocommerce-stock-manager

Score: N/A Stock Manager for WooCommerce < 3.6.0 - Cross-Site Request Forgery Affected: [*, 3.6.0) Patched: 3.6.0 Updated: June 30, 2026

LOW

widget-countdown

Score: N/A Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.7.7 Patched: 2.7.8 Updated: June 30, 2026

LOW

tickera-event-ticketing-system

Score: N/A Tickera <= 3.5.6.4 - Missing Authorization Affected: *-3.5.6.4 Patched: 3.5.6.5 Updated: June 30, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.12.2 - Missing Authorization Affected: *-6.15.12.2 Patched: 6.15.13 Updated: June 30, 2026

LOW

shortcoder

Score: N/A Shortcoder — Create Shortcodes for Anything <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.5.1 Patched: 6.5.2 Updated: June 30, 2026

LOW

proxy-vpn-blocker

Score: N/A Proxy & VPN Blocker <= 3.5.3 - Missing Authorization Affected: *-3.5.3 Patched: 3.5.4 Updated: June 30, 2026

LOW

miniorange-sms-order-notification-otp-verification

Score: 93/100 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification Affected: *-4.3.8 Patched: 4.3.9 Updated: June 30, 2026

LOW

featured-image-from-url

Score: 93/100 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' Affected: *-5.3.1 Patched: 5.3.2 Updated: June 30, 2026

LOW

convertforce-popup-builder

Score: 93/100 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation Affected: *-0.0.7 Patched: 0.0.8 Updated: June 30, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery <= 28.1.1 - Missing Authorization Affected: *-28.1.1 Patched: 28.1.2 Updated: June 30, 2026

LOW

blog2social

Score: 93/100 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-8.7.2 Patched: 8.7.3 Updated: June 30, 2026

LOW

better-business-reviews

Score: 93/100 Better Business Reviews <= 0.1.1 - Missing Authorization Affected: *-0.1.1 Patched: 0.1.2 Updated: June 30, 2026

LOW

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget Affected: *-2.17.13 Patched: 2.17.14 Updated: June 30, 2026

LOW

autogen-headers-menu

Score: 91/100 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

change-wp-page-permalinks

Score: 91/100 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush Affected: *-1.5.4 Patched: Updated: June 30, 2026

LOW

shabat-keeper

Score: N/A Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-0.4.4 Patched: Updated: June 30, 2026

LOW

woodpecker

Score: N/A Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute Affected: *-3.0.4 Patched: Updated: June 30, 2026

LOW

pullquote

Score: N/A PullQuote <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

lesson-plan-book

Score: 91/100 Lesson Plan Book <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

wp-client-testimonial

Score: N/A Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

contact-form-vcard-generator

Score: 87/100 Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

debtcom-business-in-a-box

Score: 91/100 Debt.com Business in a Box <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-4.1.0 Patched: Updated: June 30, 2026

LOW

mg-advancedoptions

Score: 91/100 MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

menu-card

Score: 91/100 Menu Card <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.8.0 Patched: Updated: June 30, 2026

LOW

curved-text

Score: 91/100 Curved Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

the-tooltip

Score: N/A The Tooltip <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

Header and Footer Scripts

header-and-footer-scripts

Score: 95/100 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: 2.4.0 Updated: June 30, 2026

LOW

wppopupmagic

Score: N/A WP Popup Magic <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

top-position-google-finance

Score: N/A Top Position Google Finance <= 0.1.0 - Reflected Cross-Site Scripting Affected: *-0.1.0 Patched: Updated: June 30, 2026

LOW

nearby-now-reviews

Score: N/A Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-5.2 Patched: Updated: June 30, 2026

LOW

entry-views

Score: 91/100 Entry Views <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

accelerated-mobile-pages

Score: 97/100 AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.1.10 Patched: 1.1.11 Updated: June 30, 2026

LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure Affected: *-10.14.10 Patched: 10.14.11 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification Affected: *-3.9.3 Patched: 3.9.4 Updated: June 30, 2026

LOW

wp-table-builder

Score: N/A WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation Affected: *-2.0.19 Patched: 2.0.20 Updated: June 30, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field' Affected: *-3.28.23 Patched: 3.28.24 Updated: June 30, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element Affected: *-3.28.25 Patched: 3.28.26 Updated: June 30, 2026

LOW

wp-event-solution

Score: N/A Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' Affected: *-4.0.51 Patched: 4.0.52 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion Affected: *-3.9.2 Patched: 3.9.4 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass Affected: *-3.9.3 Patched: 3.9.4 Updated: June 30, 2026

LOW

wp-google-street-view

Score: N/A WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter Affected: *-5.3.3 Patched: 5.3.4 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters Affected: *-5.3.4 Patched: 5.3.5 Updated: June 30, 2026

LOW

bulk-image-alt-text-with-yoast

Score: 93/100 BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

betterdocs

Score: 93/100 BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-4.3.3 Patched: 4.3.4 Updated: June 30, 2026

LOW

indieweb

Score: 93/100 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter Affected: *-4.0.5 Patched: 5.0.0 Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export Affected: *-1.49.1 Patched: 1.49.2 Updated: June 30, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field Affected: *-3.28.29 Patched: 3.28.30 Updated: June 30, 2026

LOW

post-expirator

Score: N/A Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation Affected: *-4.9.3 Patched: 4.9.4 Updated: June 30, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions Affected: *-1.2.38 Patched: 2.0.0 Updated: June 30, 2026

LOW

wedocs

Score: N/A weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure Affected: *-2.1.15 Patched: 2.1.16 Updated: June 30, 2026

LOW

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

clearfy

Score: 93/100 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

woocommerce-for-japan

Score: N/A Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification Affected: *-2.7.17 Patched: 2.8.0 Updated: June 30, 2026

LOW

woocommerce-sendinblue-newsletter-subscription

Score: N/A Brevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.0.49 Patched: 4.0.50 Updated: June 30, 2026

LOW

wp-quick-post-duplicator

Score: N/A WP Quick Post Duplicator <= 2.1 - Missing Authorization Affected: *-2.1 Patched: 2.2 Updated: June 30, 2026

LOW

wp-lead-capture

Score: N/A Lead Capturing Pages <= 2.5 - Unauthenticated SQL Injection Affected: *-2.5 Patched: Updated: June 30, 2026

LOW

wp_attractivedonationssystem

Score: N/A Attractive Donations System - Easy Stripe & Paypal donations <= 1.25 - Missing Authorization to Unauthenticated Arbitrary Content Deletion Affected: *-1.25 Patched: Updated: June 30, 2026

LOW

workreap

Score: N/A Workreap (theme's plugin) <= 3.3.6 - Authenticated (Subscriber+) SQL Injection Affected: *-3.3.6 Patched: Updated: June 30, 2026

LOW

woocommerce-orders-ei

Score: N/A WooCommerce Orders & Customers Exporter <= 5.4 - Authenticated (Subscriber+) SQL Injection Affected: *-5.4 Patched: Updated: June 30, 2026

LOW

woo-gift-cards-lite

Score: N/A Ultimate Gift Cards for WooCommerce <= 3.2.4 - Missing Authorization Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

virtualassistant

Score: N/A Virtual Assistant <= 3.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration <= 4.4.9 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-4.4.9 Patched: 5.0 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.2 Patched: 5.4.3 Updated: June 30, 2026

LOW

super-interactive-maps

Score: N/A Super Interactive Maps <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 10.3.3 - Missing Authorization Affected: *-10.3.3 Patched: 10.3.4 Updated: June 30, 2026

LOW

nk-themes-helper

Score: N/A nK Themes Helper <= 1.7.9 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.7.9 Patched: Updated: June 30, 2026

LOW

nextgen-download-gallery

Score: N/A NextGEN Download Gallery <= 1.6.2 - Unauthenticated Information Exposure Affected: *-1.6.2 Patched: Updated: June 30, 2026

LOW

magic_slider

Score: 91/100 Magic Slider <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: June 30, 2026

LOW

magic_carousel

Score: 91/100 Magic Responsive Slider and Carousel WordPress <= 1.6 - Reflected Cross-Site Scripting Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

login-customizer

Score: 93/100 Custom Login Page Customizer <= 2.5.3 - Unauthenticated Privilege Escalation via Password Reset Affected: *-2.5.3 Patched: 2.5.4 Updated: June 30, 2026

LOW

lbg-vp2-html5-rightside

Score: 91/100 HTML5 Video Player with Playlist & Multiple Skins <= 5.3.5 - Reflected Cross-Site Scripting Affected: *-5.3.5 Patched: Updated: June 30, 2026

LOW

lbg-vp2-html5-bottom

Score: 91/100 HTML5 Video Player <= 5.3.5 - Reflected Cross-Site Scripting Affected: *-5.3.5 Patched: Updated: June 30, 2026

LOW

lbg_fullscreen_fullwidth_slider

Score: 89/100 Image&Video FullScreen Background <= 1.6.7 - Reflected Cross-Site Scripting Affected: *-1.6.7 Patched: Updated: June 30, 2026

LOW

kenta-companion

Score: 91/100 Kenta Companion <= 1.3.3 - Cross-Site Request Forgery Affected: *-1.3.3 Patched: Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 4.13.1 - Unauthenticated Arbitrary Shortcode Execution Affected: *-4.13.1 Patched: 4.13.2 Updated: June 30, 2026

LOW

forms-for-campaign-monitor

Score: 93/100 Campaign Monitor for WordPress <= 2.9.1 - Missing Authorization Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

felan-framework

Score: 87/100 Felan Framework <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

felan-framework

Score: 87/100 Felan Framework <= 1.1.3 - Unauthenticated SQL Injection Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

famous_grid_image_and_video_gallery

Score: 91/100 Famous - Responsive Image And Video Grid Gallery WordPress <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

easy-media-download

Score: 93/100 Easy Media Download <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.11 Patched: 1.1.12 Updated: June 30, 2026

LOW

countdown-with-background

Score: 91/100 CountDown With Image or Video Background <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 30, 2026

Showing 3601 to 3700 of 36307 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 18:54 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List