Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36313

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
forms-for-campaign-monitor	forms-for-campaign-monitor	93	Campaign Monitor for WordPress <= 2.9.1 - Missing Authorization	LOW	*-2.9.1	2.9.2	June 30, 2026
felan-framework	felan-framework	87	Felan Framework <= 1.1.3 - Missing Authorization	LOW	*-1.1.3		June 30, 2026
felan-framework	felan-framework	87	Felan Framework <= 1.1.3 - Unauthenticated SQL Injection	LOW	*-1.1.3		June 30, 2026
famous_grid_image_and_video_gallery	famous_grid_image_and_video_gallery	91	Famous - Responsive Image And Video Grid Gallery WordPress <= 1.4 - Reflected Cross-Site Scripting	LOW	*-1.4		June 30, 2026
easy-media-download	easy-media-download	93	Easy Media Download <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.11	1.1.12	June 30, 2026
countdown-with-background	countdown-with-background	91	CountDown With Image or Video Background <= 1.5 - Reflected Cross-Site Scripting	LOW	*-1.5		June 30, 2026
blockons	blockons	89	Blockons <= 1.2.15 - Missing Authorization	LOW	*-1.2.15		June 30, 2026
ba-book-everything	ba-book-everything	93	BA Book Everything <= 1.8.16 - Missing Authorization	LOW	*-1.8.16	1.8.17	June 30, 2026
gutenverse-form	gutenverse-form	93	Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-2.3.2	2.4.0	June 30, 2026
tutor	tutor	N/A	Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details	LOW	*-3.9.3	3.9.4	June 30, 2026
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager	folders	86	Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement	LOW	*-3.1.5	3.1.6	June 30, 2026
jeg-elementor-kit	jeg-elementor-kit	93	Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget	LOW	*-3.0.1	3.0.2	June 30, 2026
stackable-ultimate-gutenberg-blocks	stackable-ultimate-gutenberg-blocks	N/A	Stackable <= 3.19.5 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.19.5	3.19.6	June 30, 2026
x-addons-elementor	x-addons-elementor	N/A	X Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.23		June 30, 2026
wpadverts	wpadverts	N/A	WPAdverts – Classifieds Plugin <= 2.3.0 - Missing Authorization	LOW	*-2.3.0	2.3.1	June 30, 2026
shopmagic-for-woocommerce	shopmagic-for-woocommerce	N/A	ShopMagic <= 4.7.2 - Missing Authorization	LOW	*-4.7.2	4.7.3	June 30, 2026
rss-feed-widget	rss-feed-widget	N/A	RSS Feed Widget <= 3.0.2 - Missing Authorization	LOW	*-3.0.2	3.0.3	June 30, 2026
rehub-framework	rehub-framework	N/A	REHub Framework <= 19.9.5 - Missing Authorization	LOW	*-19.9.5	19.9.9.6	June 30, 2026
regallery	regallery	N/A	Re Gallery – Responsive Photo Gallery <= 1.18.9 - Missing Authorization	LOW	*-1.18.9	1.18.10	June 30, 2026
real-estate-pro	real-estate-pro	N/A	Real Estate Pro <= 2.1.4 - Reflected Cross-Site Scripting	LOW	*-2.1.4		June 30, 2026
ninja-tables	ninja-tables	N/A	Ninja Tables <= 5.2.4 - Authenticated (Contributor+) SQL Injection	LOW	*-5.2.4	5.2.5	June 30, 2026
mediapress	mediapress	93	MediaPress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.2	1.6.3	June 30, 2026
media-search-enhanced	media-search-enhanced	93	Media Search Enhanced <= 0.9.1 - Authenticated (Author+) SQL Injection	LOW	*-0.9.1	0.9.2	June 30, 2026
lpagery	lpagery	93	Bulk Landing Page Creator for WordPress LPagery <= 2.4.9 - Missing Authorization	LOW	*-2.4.9	2.4.10	June 30, 2026
listinghub	listinghub	89	ListingHub 1.2.6 - Unauthenticated Stored Cross-Site Scripting	LOW	1.2.6		June 30, 2026
image-slider-slideshow	image-slider-slideshow	91	Image Slider Slideshow <= 1.8 - Authenticated (Contributor+) Insecure Direct Object Reference	LOW	*-1.8		June 30, 2026
handmade-framework	handmade-framework	89	Handmade Framework <= 3.9 - Authenticated (Contributor+) Local File Inclusion	LOW	*-3.9		June 30, 2026
ga-for-wp	ga-for-wp	89	GA4WP: Google Analytics for WordPress <= 2.10.0 - Missing Authorization	LOW	*-2.10.0		June 30, 2026
Docket Cache – Object Cache Accelerator	docket-cache	80	Docket Cache <= 24.07.04 - Missing Authorization	LOW	*-24.07.04	24.07.05	June 30, 2026
dashboard-welcome-for-beaver-builder	dashboard-welcome-for-beaver-builder	91	Dashboard Welcome for Beaver Builder <= 1.0.8 - Missing Authorization	LOW	*-1.0.8		June 30, 2026
coblocks	coblocks	93	Page Builder Gutenberg Blocks – CoBlocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.16	3.1.17	June 30, 2026
block-slider	block-slider	91	Block Slider <= 2.2.3 - Missing Authorization	LOW	*-2.2.3		June 30, 2026
baqend	baqend	91	Speed Kit <= 2.0.2 - Missing Authorization	LOW	*-2.0.2		June 30, 2026
ajax-search-for-woocommerce	ajax-search-for-woocommerce	97	FiboSearch <= 1.32.1 - Missing Authorization	LOW	*-1.32.1	1.32.2	June 30, 2026
accordions-wp	accordions-wp	97	Accordion <= 3.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.0.3	3.0.4	June 30, 2026
wish-to-go	wish-to-go	N/A	Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.5.2		June 30, 2026
ah-shortcodes	ah-shortcodes	95	AH Shortcodes <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute	LOW	*-1.0.2		June 30, 2026
simcast	simcast	N/A	Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.0		June 30, 2026
awesome-hotel-booking	awesome-hotel-booking	93	Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification	LOW	*-1.0.3	1.0.4	June 30, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder	LOW	*-6.1.7	6.1.8	June 30, 2026
snillrik-restaurant-menu	snillrik-restaurant-menu	N/A	Snillrik Restaurant <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute	LOW	*-2.3.0	2.3.1	June 30, 2026
email-customizer-for-woocommerce	email-customizer-for-woocommerce	93	Email Customizer for WooCommerce \| Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content	LOW	*-2.6.7	2.6.8	June 30, 2026
cool-yt-player	cool-yt-player	91	Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0		June 30, 2026
my-album-gallery	my-album-gallery	N/A	My Album Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute	LOW	*-1.0.4		June 30, 2026
my-album-gallery	my-album-gallery	N/A	My Album Gallery <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title	LOW	*-1.0.4		June 30, 2026
ad-sliding-faq	ad-sliding-faq	95	AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-2.4	2.5	June 30, 2026
testimonial-master	testimonial-master	N/A	Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-0.2.1		June 30, 2026
dk-pricr-responsive-pricing-table	dk-pricr-responsive-pricing-table	93	Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'	LOW	*-5.1.12	5.1.13	June 30, 2026
dk-pricr-responsive-pricing-table	dk-pricr-responsive-pricing-table	93	Responsive Pricing Table <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-5.1.12	5.1.13	June 30, 2026
niche-hero	niche-hero	N/A	Niche Hero \| Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute	LOW	*-1.0.5		June 30, 2026
qr-code-tag-for-wc-from-goaskle-com	qr-code-tag-for-wc-from-goaskle-com	N/A	QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes	LOW	*-1.9.42		June 30, 2026
viitor-shortcodes	viitor-shortcodes	N/A	Viitor Button Shortcodes <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute	LOW	*-3.0.0		June 30, 2026
multi-column-tag-map	multi-column-tag-map	N/A	Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter	LOW	*-17.0.39		June 30, 2026
stm-gallery	stm-gallery	N/A	STM Gallery 1.9 <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.9		June 30, 2026
easy-github-gist-shortcodes	easy-github-gist-shortcodes	91	Easy GitHub Gist Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.0		June 30, 2026
review-for-discount	review-for-discount	N/A	Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation	LOW	*-1.0.7	1.0.8	June 30, 2026
edd-download-info	edd-download-info	91	EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1		June 30, 2026
starred-review	starred-review	N/A	Starred Review <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable	LOW	*-1.4.2		June 30, 2026
sticky-action-buttons	sticky-action-buttons	N/A	Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-1.1		June 30, 2026
post-like-dislike	post-like-dislike	N/A	Post Like Dislike <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0		June 30, 2026
stumble-for-wordpress	stumble-for-wordpress	N/A	Stumble! for WordPress <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.1.1		June 30, 2026
yoco-payment-gateway	yoco-payment-gateway	N/A	Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read	LOW	*-3.9.0	3.9.1	June 30, 2026
wp-widget-changer	wp-widget-changer	N/A	WP Widget Changer <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.2.5		June 30, 2026
ai-botkit-for-lead-generation	ai-botkit-for-lead-generation	97	AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1.7	1.1.8	June 30, 2026
smart-app-banners	smart-app-banners	N/A	Smart App Banners <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes	LOW	*-1.2		June 30, 2026
aa-block-country	aa-block-country	95	AA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header	LOW	*-1.0.1		June 30, 2026
contact-us-simple-form	contact-us-simple-form	91	Contact Us Simple Form <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-1.0		June 30, 2026
mamurjor-employee-info	mamurjor-employee-info	91	Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation	LOW	*-1.0.0		June 30, 2026
woo-payment-gateway-for-piraeus-bank	woo-payment-gateway-for-piraeus-bank	N/A	Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change	LOW	*-3.1.4	3.1.5	June 30, 2026
mstoic-shortcodes	mstoic-shortcodes	N/A	Mstoic Shortcodes <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start' Shortcode Attribute	LOW	*-2.0		June 30, 2026
1180px-shortcodes	1180px-shortcodes	95	1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute	LOW	*-1.1.1		June 30, 2026
wp-js-list-pages-shortcodes	wp-js-list-pages-shortcodes	N/A	WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute	LOW	*-1.21		June 30, 2026
photofade	photofade	N/A	PhotoFade <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.2.1		June 30, 2026
wp-recipe-manager	wp-recipe-manager	N/A	WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field	LOW	*-1.0.0		June 30, 2026
front-editor	front-editor	89	Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion	LOW	*-5.0.0	5.0.1	June 30, 2026
stylish-order-form-builder	stylish-order-form-builder	N/A	Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter	LOW	*-1.0		June 30, 2026
kento-latest-tabs	kento-latest-tabs	91	Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update	LOW	*-1.5		June 30, 2026
acf-to-rest-api	acf-to-rest-api	95	ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification	LOW	*-3.3.4		June 30, 2026
googleanalytics	googleanalytics	91	ShareThis Dashboard for Google Analytics <= 3.2.4 - Unauthenticated Google Analytics Data Exposure	LOW	*-3.2.4		June 30, 2026
page-keys	page-keys	N/A	Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter	LOW	*-1.3.3	1.3.4	June 30, 2026
optional-email	optional-email	N/A	Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover	LOW	*-1.3.11		June 30, 2026
unify	unify	N/A	Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter	LOW	*-3.4.9	3.4.10	June 30, 2026
wp-enable-webp	wp-enable-webp	N/A	WP Enable WebP <= 1.0 - Authenticated (Author+) Arbitrary File Upload	LOW	*-1.0		June 30, 2026
wp-change-status-notifier	wp-change-status-notifier	N/A	WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0		June 30, 2026
svg-map-by-saedi	svg-map-by-saedi	N/A	SVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
xshare	xshare	95	xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter	LOW	*-1.0.1		June 30, 2026
recras	recras	N/A	Recras WordPress plugin <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute	LOW	*-6.4.1	6.4.2	June 30, 2026
latest-registered-users	latest-registered-users	91	Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export	LOW	*-1.4		June 30, 2026
moosend-landing-pages	moosend-landing-pages	91	Moosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion	LOW	*-1.1.6		June 30, 2026
mtcaptcha	mtcaptcha	N/A	MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update	LOW	*-2.7.2		June 30, 2026
user-activity-log	user-activity-log	N/A	User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login	LOW	*-2.2		June 30, 2026
rankology-seo-and-analytics-tool	rankology-seo-and-analytics-tool	N/A	Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation	LOW	*-2.0	2.5	June 30, 2026
ablocks	ablocks	95	aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification	LOW	*-2.4.0		June 30, 2026
learnpress	learnpress	93	LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion	LOW	*-4.3.2.1	4.3.2.2	June 30, 2026
key-figures	key-figures	91	Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render	LOW	*-1.1		June 30, 2026
woo-customers-manager	woo-customers-manager	N/A	Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting	LOW	*-1.1.14	1.1.15	June 30, 2026
money-space	money-space	93	Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure	LOW	*-2.13.9	2.14.0	June 30, 2026
quote-comments	quote-comments	N/A	Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update	LOW	*-3.0.0		June 30, 2026
newsletter-email-subscribe	newsletter-email-subscribe	N/A	Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-2.4		June 30, 2026
hblpay-payment-gateway-for-woocommerce	hblpay-payment-gateway-for-woocommerce	93	HBLPAY Payment Gateway for WooCommerce <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter	LOW	*-5.0.0	6.0.0	June 30, 2026

LOW

forms-for-campaign-monitor

Score: 93/100 Campaign Monitor for WordPress <= 2.9.1 - Missing Authorization Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

felan-framework

Score: 87/100 Felan Framework <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

felan-framework

Score: 87/100 Felan Framework <= 1.1.3 - Unauthenticated SQL Injection Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

famous_grid_image_and_video_gallery

Score: 91/100 Famous - Responsive Image And Video Grid Gallery WordPress <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

easy-media-download

Score: 93/100 Easy Media Download <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.11 Patched: 1.1.12 Updated: June 30, 2026

LOW

countdown-with-background

Score: 91/100 CountDown With Image or Video Background <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

blockons

Score: 89/100 Blockons <= 1.2.15 - Missing Authorization Affected: *-1.2.15 Patched: Updated: June 30, 2026

LOW

ba-book-everything

Score: 93/100 BA Book Everything <= 1.8.16 - Missing Authorization Affected: *-1.8.16 Patched: 1.8.17 Updated: June 30, 2026

LOW

gutenverse-form

Score: 93/100 Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.3.2 Patched: 2.4.0 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details Affected: *-3.9.3 Patched: 3.9.4 Updated: June 30, 2026

LOW

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

Score: 86/100 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement Affected: *-3.1.5 Patched: 3.1.6 Updated: June 30, 2026

LOW

jeg-elementor-kit

Score: 93/100 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026

LOW

stackable-ultimate-gutenberg-blocks

Score: N/A Stackable <= 3.19.5 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.19.5 Patched: 3.19.6 Updated: June 30, 2026

LOW

x-addons-elementor

Score: N/A X Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.23 Patched: Updated: June 30, 2026

LOW

wpadverts

Score: N/A WPAdverts – Classifieds Plugin <= 2.3.0 - Missing Authorization Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026

LOW

shopmagic-for-woocommerce

Score: N/A ShopMagic <= 4.7.2 - Missing Authorization Affected: *-4.7.2 Patched: 4.7.3 Updated: June 30, 2026

LOW

rss-feed-widget

Score: N/A RSS Feed Widget <= 3.0.2 - Missing Authorization Affected: *-3.0.2 Patched: 3.0.3 Updated: June 30, 2026

LOW

rehub-framework

Score: N/A REHub Framework <= 19.9.5 - Missing Authorization Affected: *-19.9.5 Patched: 19.9.9.6 Updated: June 30, 2026

LOW

regallery

Score: N/A Re Gallery – Responsive Photo Gallery <= 1.18.9 - Missing Authorization Affected: *-1.18.9 Patched: 1.18.10 Updated: June 30, 2026

LOW

real-estate-pro

Score: N/A Real Estate Pro <= 2.1.4 - Reflected Cross-Site Scripting Affected: *-2.1.4 Patched: Updated: June 30, 2026

LOW

ninja-tables

Score: N/A Ninja Tables <= 5.2.4 - Authenticated (Contributor+) SQL Injection Affected: *-5.2.4 Patched: 5.2.5 Updated: June 30, 2026

LOW

mediapress

Score: 93/100 MediaPress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

media-search-enhanced

Score: 93/100 Media Search Enhanced <= 0.9.1 - Authenticated (Author+) SQL Injection Affected: *-0.9.1 Patched: 0.9.2 Updated: June 30, 2026

LOW

lpagery

Score: 93/100 Bulk Landing Page Creator for WordPress LPagery <= 2.4.9 - Missing Authorization Affected: *-2.4.9 Patched: 2.4.10 Updated: June 30, 2026

LOW

listinghub

Score: 89/100 ListingHub 1.2.6 - Unauthenticated Stored Cross-Site Scripting Affected: 1.2.6 Patched: Updated: June 30, 2026

LOW

image-slider-slideshow

Score: 91/100 Image Slider Slideshow <= 1.8 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-1.8 Patched: Updated: June 30, 2026

LOW

handmade-framework

Score: 89/100 Handmade Framework <= 3.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.9 Patched: Updated: June 30, 2026

LOW

ga-for-wp

Score: 89/100 GA4WP: Google Analytics for WordPress <= 2.10.0 - Missing Authorization Affected: *-2.10.0 Patched: Updated: June 30, 2026

LOW

Docket Cache – Object Cache Accelerator

docket-cache

Score: 80/100 Docket Cache <= 24.07.04 - Missing Authorization Affected: *-24.07.04 Patched: 24.07.05 Updated: June 30, 2026

LOW

dashboard-welcome-for-beaver-builder

Score: 91/100 Dashboard Welcome for Beaver Builder <= 1.0.8 - Missing Authorization Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

coblocks

Score: 93/100 Page Builder Gutenberg Blocks – CoBlocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.16 Patched: 3.1.17 Updated: June 30, 2026

LOW

block-slider

Score: 91/100 Block Slider <= 2.2.3 - Missing Authorization Affected: *-2.2.3 Patched: Updated: June 30, 2026

LOW

baqend

Score: 91/100 Speed Kit <= 2.0.2 - Missing Authorization Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

ajax-search-for-woocommerce

Score: 97/100 FiboSearch <= 1.32.1 - Missing Authorization Affected: *-1.32.1 Patched: 1.32.2 Updated: June 30, 2026

LOW

accordions-wp

Score: 97/100 Accordion <= 3.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: June 30, 2026

LOW

wish-to-go

Score: N/A Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.5.2 Patched: Updated: June 30, 2026

LOW

ah-shortcodes

Score: 95/100 AH Shortcodes <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

simcast

Score: N/A Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

awesome-hotel-booking

Score: 93/100 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder Affected: *-6.1.7 Patched: 6.1.8 Updated: June 30, 2026

LOW

snillrik-restaurant-menu

Score: N/A Snillrik Restaurant <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026

LOW

email-customizer-for-woocommerce

Score: 93/100 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content Affected: *-2.6.7 Patched: 2.6.8 Updated: June 30, 2026

LOW

cool-yt-player

Score: 91/100 Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

my-album-gallery

Score: N/A My Album Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

my-album-gallery

Score: N/A My Album Gallery <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

ad-sliding-faq

Score: 95/100 AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-2.4 Patched: 2.5 Updated: June 30, 2026

LOW

testimonial-master

Score: N/A Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-0.2.1 Patched: Updated: June 30, 2026

LOW

dk-pricr-responsive-pricing-table

Score: 93/100 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency' Affected: *-5.1.12 Patched: 5.1.13 Updated: June 30, 2026

LOW

dk-pricr-responsive-pricing-table

Score: 93/100 Responsive Pricing Table <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-5.1.12 Patched: 5.1.13 Updated: June 30, 2026

LOW

niche-hero

Score: N/A Niche Hero | Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

qr-code-tag-for-wc-from-goaskle-com

Score: N/A QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes Affected: *-1.9.42 Patched: Updated: June 30, 2026

LOW

viitor-shortcodes

Score: N/A Viitor Button Shortcodes <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

multi-column-tag-map

Score: N/A Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter Affected: *-17.0.39 Patched: Updated: June 30, 2026

LOW

stm-gallery

Score: N/A STM Gallery 1.9 <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.9 Patched: Updated: June 30, 2026

LOW

easy-github-gist-shortcodes

Score: 91/100 Easy GitHub Gist Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

review-for-discount

Score: N/A Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

edd-download-info

Score: 91/100 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

starred-review

Score: N/A Starred Review <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

sticky-action-buttons

Score: N/A Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

post-like-dislike

Score: N/A Post Like Dislike <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

stumble-for-wordpress

Score: N/A Stumble! for WordPress <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

yoco-payment-gateway

Score: N/A Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read Affected: *-3.9.0 Patched: 3.9.1 Updated: June 30, 2026

LOW

wp-widget-changer

Score: N/A WP Widget Changer <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.2.5 Patched: Updated: June 30, 2026

LOW

ai-botkit-for-lead-generation

Score: 97/100 AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

smart-app-banners

Score: N/A Smart App Banners <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

aa-block-country

Score: 95/100 AA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

contact-us-simple-form

Score: 91/100 Contact Us Simple Form <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

mamurjor-employee-info

Score: 91/100 Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

woo-payment-gateway-for-piraeus-bank

Score: N/A Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026

LOW

mstoic-shortcodes

Score: N/A Mstoic Shortcodes <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start' Shortcode Attribute Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

1180px-shortcodes

Score: 95/100 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

wp-js-list-pages-shortcodes

Score: N/A WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute Affected: *-1.21 Patched: Updated: June 30, 2026

LOW

photofade

Score: N/A PhotoFade <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.2.1 Patched: Updated: June 30, 2026

LOW

wp-recipe-manager

Score: N/A WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

front-editor

Score: 89/100 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion Affected: *-5.0.0 Patched: 5.0.1 Updated: June 30, 2026

LOW

stylish-order-form-builder

Score: N/A Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

kento-latest-tabs

Score: 91/100 Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

acf-to-rest-api

Score: 95/100 ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification Affected: *-3.3.4 Patched: Updated: June 30, 2026

LOW

googleanalytics

Score: 91/100 ShareThis Dashboard for Google Analytics <= 3.2.4 - Unauthenticated Google Analytics Data Exposure Affected: *-3.2.4 Patched: Updated: June 30, 2026

LOW

page-keys

Score: N/A Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

optional-email

Score: N/A Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover Affected: *-1.3.11 Patched: Updated: June 30, 2026

LOW

unify

Score: N/A Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter Affected: *-3.4.9 Patched: 3.4.10 Updated: June 30, 2026

LOW

wp-enable-webp

Score: N/A WP Enable WebP <= 1.0 - Authenticated (Author+) Arbitrary File Upload Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-change-status-notifier

Score: N/A WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

svg-map-by-saedi

Score: N/A SVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

xshare

Score: 95/100 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

recras

Score: N/A Recras WordPress plugin <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute Affected: *-6.4.1 Patched: 6.4.2 Updated: June 30, 2026

LOW

latest-registered-users

Score: 91/100 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

moosend-landing-pages

Score: 91/100 Moosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion Affected: *-1.1.6 Patched: Updated: June 30, 2026

LOW

mtcaptcha

Score: N/A MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update Affected: *-2.7.2 Patched: Updated: June 30, 2026

LOW

user-activity-log

Score: N/A User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login Affected: *-2.2 Patched: Updated: June 30, 2026

LOW

rankology-seo-and-analytics-tool

Score: N/A Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation Affected: *-2.0 Patched: 2.5 Updated: June 30, 2026

LOW

ablocks

Score: 95/100 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification Affected: *-2.4.0 Patched: Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion Affected: *-4.3.2.1 Patched: 4.3.2.2 Updated: June 30, 2026

LOW

key-figures

Score: 91/100 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

woo-customers-manager

Score: N/A Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting Affected: *-1.1.14 Patched: 1.1.15 Updated: June 30, 2026

LOW

money-space

Score: 93/100 Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure Affected: *-2.13.9 Patched: 2.14.0 Updated: June 30, 2026

LOW

quote-comments

Score: N/A Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

newsletter-email-subscribe

Score: N/A Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

hblpay-payment-gateway-for-woocommerce

Score: 93/100 HBLPAY Payment Gateway for WooCommerce <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter Affected: *-5.0.0 Patched: 6.0.0 Updated: June 30, 2026

Showing 3701 to 3800 of 36313 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 20:09 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List