Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36307

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
content-fetcher	content-fetcher	91	Content Fetcher <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
conformer-elementor	conformer-elementor	93	Conformer for Elementor <= 1.0.7 - Missing Authorization	LOW	*-1.0.7	1.0.8	June 30, 2026
coming-soon-by-boomdevs	coming-soon-by-boomdevs	91	BoomDevs WordPress Coming Soon <= 1.0.4 - Unauthenticated Information Exposure	LOW	*-1.0.4		June 30, 2026
co-marquage-service-public	co-marquage-service-public	91	Co-marquage service-public.fr <= 0.5.77 - Cross-Site Request Forgery	LOW	*-0.5.77		June 30, 2026
bp-activity-shortcode	bp-activity-shortcode	93	BuddyPress Activity Shortcode <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.8	1.1.9	June 30, 2026
bootstrap-modals	bootstrap-modals	91	Bootstrap Modals <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.2		June 30, 2026
bm-builder	bm-builder	93	BM Content Builder < 3.16.3.3 - Authenticated (Contributor+) Arbitrary File Download	LOW	[*, 3.16.3.3)	3.16.3.3	June 30, 2026
basepress	basepress	93	Knowledge Base documentation & wiki plugin – BasePress <= 2.17.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.17.0.1	2.17.0.2	June 30, 2026
automation-web-platform	automation-web-platform	93	Wawp <= 4.4 - Missing Authorization	LOW	*-4.4	4.5	June 30, 2026
audiomack	audiomack	91	Audiomack <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.8		June 30, 2026
appointify	appointify	93	Appointify <= 1.0.8 - Cross-Site Request Forgery	LOW	*-1.0.8		June 30, 2026
appender	appender	95	Appender <= 1.1.1 - Missing Authorization	LOW	*-1.1.1		June 30, 2026
anycomment	anycomment	93	AnyComment <= 0.3.6 - Missing Authorization	LOW	*-0.3.6		June 30, 2026
all-in-one-accessibility	all-in-one-accessibility	97	All in One Accessibility <= 1.15 - Missing Authorization	LOW	*-1.15	1.16	June 30, 2026
ai-copilot	ai-copilot	95	AI Copilot <= 1.4.7 - Missing Authorization	LOW	*-1.4.7		June 30, 2026
ai-content-writing-assistant	ai-content-writing-assistant	95	AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.7 - Missing Authorization	LOW	*-1.1.7		June 30, 2026
adwords-conversion-tracking-code	adwords-conversion-tracking-code	95	AdWords Conversion Tracking Code <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
addons-for-beaver-builder	addons-for-beaver-builder	93	Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.9.2		June 30, 2026
add-custom-codes	add-custom-codes	97	Add Custom Codes <= 4.80 - Missing Authorization	LOW	*-4.80	5.0	June 30, 2026
add-custom-codes	add-custom-codes	97	Add Custom Codes <= 4.80 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-4.80	5.0	June 30, 2026
accordion-slider-gallery	accordion-slider-gallery	95	Accordion Slider Gallery <= 2.7 - Missing Authorization	LOW	*-2.7		June 30, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy	easy-digital-downloads	78	Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect	LOW	*-3.6.2	3.6.3	June 30, 2026
jet-elements	jet-elements	93	JetElements For Elementor <= 2.7.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.12.2	2.7.12.3	June 30, 2026
yada-wiki	yada-wiki	N/A	Yada Wiki <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5	3.6	June 30, 2026
wpstream	wpstream	N/A	WpStream <= 4.9.5 - Missing Authorization	LOW	*-4.9.5	4.9.6	June 30, 2026
wpcal	wpcal	N/A	WPCal.io <= 0.9.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.9.5.9	0.9.5.10	June 30, 2026
wp-caldav2ics	wp-caldav2ics	N/A	WP-CalDav2ICS <= 1.3.4 - Cross-Site Request Forgery	LOW	*-1.3.4		June 30, 2026
wp-businessdirectory	wp-businessdirectory	N/A	WP-BusinessDirectory <= 3.1.5 - Reflected Cross-Site Scripting	LOW	*-3.1.5		June 30, 2026
woo-combo-offers	woo-combo-offers	N/A	Combo Offers WooCommerce <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2	4.3	June 30, 2026
wish-list-for-woocommerce	wish-list-for-woocommerce	N/A	Wishlist for WooCommerce <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.3.0	3.3.1	June 30, 2026
wing-migrator	wing-migrator	N/A	WING WordPress Migrator <= 1.2.0 - Cross-Site Request Forgery	LOW	*-1.2.0	2.0.0	June 30, 2026
wbc907-core	wbc907-core	N/A	WBC907 Core <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.1	3.4.2	June 30, 2026
videographywp	videographywp	N/A	Featured Video for WordPress – VideographyWP <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.18	1.0.20	June 30, 2026
universal-video-player	universal-video-player	N/A	Universal Video Player <= 3.8.4 - Reflected Cross-Site Scripting	LOW	*-3.8.4		June 30, 2026
ultimate-store-kit	ultimate-store-kit	N/A	Ultimate Store Kit Elementor Addons <= 2.9.4 - Missing Authorization	LOW	*-2.9.4	2.9.5	June 30, 2026
techlife-cpt	techlife-cpt	N/A	Tech Life CPT <= 16.4 - Authenticated (Contributor+) PHP Object Injection	LOW	*-16.4		June 30, 2026
team-showcase	team-showcase	N/A	Team Showcase <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.9	3.0.0	June 30, 2026
teachpress	teachpress	N/A	teachPress <= 9.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-9.0.12	9.0.13	June 30, 2026
sunshine-photo-cart	sunshine-photo-cart	N/A	Sunshine Photo Cart <= 3.5.7.1 - Missing Authorization	LOW	*-3.5.7.1	3.5.7.2	June 30, 2026
sitelock	sitelock	N/A	SiteLock Security <= 5.0.1 - Missing Authorization	LOW	*-5.0.1	5.0.2	June 30, 2026
simple-xml-sitemap	simple-xml-sitemap	N/A	Simple XML Sitemap <= 1.3 - Cross-Site Request Forgery	LOW	*-1.3		June 30, 2026
sell-downloads	sell-downloads	N/A	Sell Downloads <= 1.1.12 - Missing Authorization	LOW	*-1.1.12	1.2.0	June 30, 2026
searchazon	searchazon	N/A	SearchAzon <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 30, 2026
registration-login-with-mobile-phone-number	registration-login-with-mobile-phone-number	N/A	Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Missing Authorization	LOW	*-1.3.1	1.3.2	June 30, 2026
pinpoll	pinpoll	N/A	Pinpoll <= 4.0.0 - Reflected Cross-Site Scripting	LOW	*-4.0.0		June 30, 2026
movies-importer	movies-importer	N/A	Movies Bulk Importer <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
menu-in-post	menu-in-post	91	Menu In Post <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3		June 30, 2026
masvideos	masvideos	91	MAS Videos <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.3.2		June 30, 2026
jet-tabs	jet-tabs	93	JetTabs <= 2.2.12 - Missing Authorization	LOW	*-2.2.12	2.2.12.1	June 30, 2026
jet-tabs	jet-tabs	93	JetTabs <= 2.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.12	2.2.12.1	June 30, 2026
jet-search	jet-search	93	JetSearch <= 3.5.16 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5.16	3.5.16.1	June 30, 2026
jet-popup	jet-popup	93	JetPopup <= 2.0.20.1 - Authenticated (Contributor+) Insecure Direct Object Reference	LOW	*-2.0.20.1	2.0.20.2	June 30, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.1.1 - Missing Authorization	LOW	*-3.8.1.1	3.8.1.2	June 30, 2026
jet-blog	jet-blog	93	JetBlog <= 2.4.7 - Missing Authorization	LOW	*-2.4.7	2.4.7.1	June 30, 2026
irecco-core	irecco-core	91	iRecco Core <= 1.3.6 - Unauthenticated Local File Inclusion	LOW	*-1.3.6		June 30, 2026
gdpr-cookie-consent	gdpr-cookie-consent	93	Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 4.0.3 - Missing Authorization	LOW	*-4.0.3	4.0.4	June 30, 2026
fooevents	fooevents	93	FooEvents for WooCommerce <= 1.20.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.20.4	1.20.5	June 30, 2026
et-core-plugin	et-core-plugin	93	XStore Core < 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 5.6)	5.6	June 30, 2026
electrician	electrician	91	Electrician - Electrical Service WordPress <= 5.6 - Unauthenticated Server-Side Request Forgery	LOW	*-5.6		June 30, 2026
easy-property-listings-xml-csv-import	easy-property-listings-xml-csv-import	93	Import into Easy Property Listings <= 2.2.1 - Cross-Site Request Forgery	LOW	*-2.2.1	2.2.2	June 30, 2026
e-shops-cart2	e-shops-cart2	91	e-shops <= 1.0.4 - Reflected Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
dentalcare-cpt	dentalcare-cpt	91	Dental Care CPT <= 20.2 - Authenticated (Contributor+) PHP Object Injection	LOW	*-20.2		June 30, 2026
codecolorer	codecolorer	93	CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-0.10.1	0.10.2	June 30, 2026
civic-cookie-control-8	civic-cookie-control-8	93	Civic Cookie Control <= 1.53 - Missing Authorization	LOW	*-1.53	1.54	June 30, 2026
carousel-horizontal-posts-content-slider	carousel-horizontal-posts-content-slider	91	Carousel Horizontal Posts Content Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.3.2		June 30, 2026
awebooking	awebooking	91	AweBooking <= 3.2.26 - Authenticated (Subscriber+) Information Exposure	LOW	*-3.2.26		June 30, 2026
auto-listings	auto-listings	93	Auto Listings <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.1	2.7.2	June 30, 2026
authnet-cim-for-woo	authnet-cim-for-woo	91	Payment Gateway Authorize.Net CIM for WooCommerce <= 2.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion	LOW	*-2.1.2		June 30, 2026
appointify	appointify	93	Appointify <= 1.0.8 - Authenticated (Administrator+) SQL Injection	LOW	*-1.0.8		June 30, 2026
amount-left-free-shipping-woocommerce	amount-left-free-shipping-woocommerce	97	Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.9	2.5.0	June 30, 2026
academy	academy	97	Academy LMS <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.0	3.4.1	June 30, 2026
woo-lucky-wheel	woo-lucky-wheel	N/A	Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags	LOW	*-1.1.13	1.1.14	June 30, 2026
Advanced Ads – Ad Manager & AdSense	advanced-ads	80	Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode	LOW	*-2.0.14	2.0.15	June 30, 2026
pixelyoursite	pixelyoursite	N/A	PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File	LOW	*-11.1.5	11.1.5.1	June 30, 2026
wpstream	wpstream	N/A	WpStream <= 4.9.5 - Missing Authorization	LOW	*-4.9.5	4.9.6	June 30, 2026
wp-app-bar	wp-app-bar	N/A	App Bar <= 1.5 - Reflected Cross-Site Scripting	LOW	*-1.5		June 30, 2026
weforms	weforms	N/A	weForms <= 1.6.25 - Missing Authorization	LOW	*-1.6.25	1.6.26	June 30, 2026
wallet-system-for-woocommerce	wallet-system-for-woocommerce	N/A	Wallet System for WooCommerce <= 2.7.3 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.7.3	2.7.4	June 30, 2026
visitor-stats-widget	visitor-stats-widget	N/A	Visitor Stats Widget <= 1.5.0 - Reflected Cross-Site Scripting	LOW	*-1.5.0		June 30, 2026
strong-testimonials	strong-testimonials	N/A	Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update	LOW	*-3.2.18	3.2.19	June 30, 2026
slider-templates	slider-templates	N/A	Slider Templates <= 1.0.3 - Missing Authorization	LOW	*-1.0.3		June 30, 2026
scroll-rss-excerpt	scroll-rss-excerpt	N/A	Scroll rss excerpt <= 5.0 - Reflected Cross-Site Scripting	LOW	*-5.0		June 30, 2026
product-delivery-date-for-woocommerce-lite	product-delivery-date-for-woocommerce-lite	N/A	Product Delivery Date for WooCommerce – Lite <= 3.2.0 - Missing Authorization	LOW	*-3.2.0	3.3.0	June 30, 2026
print-google-cloud-print-gcp-woocommerce	print-google-cloud-print-gcp-woocommerce	N/A	BizPrint <= 4.6.7 - Missing Authorization	LOW	*-4.6.7	4.7.1	June 30, 2026
primer-by-chloedigital	primer-by-chloedigital	N/A	PRIMER by chloédigital <= 1.0.25 - Reflected Cross-Site Scripting	LOW	*-1.0.25		June 30, 2026
popup-builder-block	popup-builder-block	N/A	PopupKit <= 2.1.5 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.1.5	2.2.1	June 30, 2026
poptics	poptics	N/A	Poptics <= 1.0.20 - Authenticated (Contributor+) Information Exposure	LOW	*-1.0.20	1.0.21	June 30, 2026
netgsm	netgsm	N/A	Netgsm <= 2.9.63 - Reflected Cross-Site Scripting	LOW	*-2.9.63	2.9.64	June 30, 2026
gls-shipping-for-woocommerce	gls-shipping-for-woocommerce	93	GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting	LOW	*-1.4.0	1.4.1	June 30, 2026
flaming-password-reset	flaming-password-reset	91	Flaming Password Reset <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.0.3		June 30, 2026
blog-filter	blog-filter	93	Blog Filter <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.3	1.7.4	June 30, 2026
wp-discussion-board	wp-discussion-board	N/A	Discussion Board <= 2.5.7 - Missing Authorization	LOW	*-2.5.7	2.5.8	June 30, 2026
web-directory-free	web-directory-free	N/A	Web Directory Free <= 1.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.12	1.7.13	June 30, 2026
theatre	theatre	N/A	Theater for WordPress <= 0.19 - Missing Authorization	LOW	*-0.19	0.19.1	June 30, 2026
strong-testimonials	strong-testimonials	N/A	Strong Testimonials <= 3.2.20 - Missing Authorization	LOW	*-3.2.20	3.2.21	June 30, 2026
newsletters-lite	newsletters-lite	N/A	Newsletters <= 4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.12	4.13	June 30, 2026
hr-management-lite	hr-management-lite	89	HR Management Lite <= 3.7 - Missing Authorization	LOW	*-3.7	3.8	June 30, 2026
h5p	h5p	93	H5P <= 1.16.1 - Missing Authorization	LOW	*-1.16.1	1.16.2	June 30, 2026
flippingbook	flippingbook	93	FlippingBook <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 30, 2026
ays-popup-box	ays-popup-box	93	Popup box <= 6.0.7 - Cross-Site Request Forgery	LOW	*-6.0.7	6.0.8	June 30, 2026

LOW

content-fetcher

Score: 91/100 Content Fetcher <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

conformer-elementor

Score: 93/100 Conformer for Elementor <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

coming-soon-by-boomdevs

Score: 91/100 BoomDevs WordPress Coming Soon <= 1.0.4 - Unauthenticated Information Exposure Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

co-marquage-service-public

Score: 91/100 Co-marquage service-public.fr <= 0.5.77 - Cross-Site Request Forgery Affected: *-0.5.77 Patched: Updated: June 30, 2026

LOW

bp-activity-shortcode

Score: 93/100 BuddyPress Activity Shortcode <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

bootstrap-modals

Score: 91/100 Bootstrap Modals <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

bm-builder

Score: 93/100 BM Content Builder < 3.16.3.3 - Authenticated (Contributor+) Arbitrary File Download Affected: [*, 3.16.3.3) Patched: 3.16.3.3 Updated: June 30, 2026

LOW

Score: 93/100 Knowledge Base documentation & wiki plugin – BasePress <= 2.17.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.17.0.1 Patched: 2.17.0.2 Updated: June 30, 2026

LOW

automation-web-platform

Score: 93/100 Wawp <= 4.4 - Missing Authorization Affected: *-4.4 Patched: 4.5 Updated: June 30, 2026

LOW

audiomack

Score: 91/100 Audiomack <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.8 Patched: Updated: June 30, 2026

LOW

appointify

Score: 93/100 Appointify <= 1.0.8 - Cross-Site Request Forgery Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

appender

Score: 95/100 Appender <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

anycomment

Score: 93/100 AnyComment <= 0.3.6 - Missing Authorization Affected: *-0.3.6 Patched: Updated: June 30, 2026

LOW

all-in-one-accessibility

Score: 97/100 All in One Accessibility <= 1.15 - Missing Authorization Affected: *-1.15 Patched: 1.16 Updated: June 30, 2026

LOW

ai-copilot

Score: 95/100 AI Copilot <= 1.4.7 - Missing Authorization Affected: *-1.4.7 Patched: Updated: June 30, 2026

LOW

ai-content-writing-assistant

Score: 95/100 AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.7 - Missing Authorization Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

adwords-conversion-tracking-code

Score: 95/100 AdWords Conversion Tracking Code <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

addons-for-beaver-builder

Score: 93/100 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.9.2 Patched: Updated: June 30, 2026

LOW

add-custom-codes

Score: 97/100 Add Custom Codes <= 4.80 - Missing Authorization Affected: *-4.80 Patched: 5.0 Updated: June 30, 2026

LOW

add-custom-codes

Score: 97/100 Add Custom Codes <= 4.80 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.80 Patched: 5.0 Updated: June 30, 2026

LOW

accordion-slider-gallery

Score: 95/100 Accordion Slider Gallery <= 2.7 - Missing Authorization Affected: *-2.7 Patched: Updated: June 30, 2026

LOW

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

easy-digital-downloads

Score: 78/100 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect Affected: *-3.6.2 Patched: 3.6.3 Updated: June 30, 2026

LOW

jet-elements

Score: 93/100 JetElements For Elementor <= 2.7.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.12.2 Patched: 2.7.12.3 Updated: June 30, 2026

LOW

yada-wiki

Score: N/A Yada Wiki <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5 Patched: 3.6 Updated: June 30, 2026

LOW

wpstream

Score: N/A WpStream <= 4.9.5 - Missing Authorization Affected: *-4.9.5 Patched: 4.9.6 Updated: June 30, 2026

LOW

wpcal

Score: N/A WPCal.io <= 0.9.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.5.9 Patched: 0.9.5.10 Updated: June 30, 2026

LOW

wp-caldav2ics

Score: N/A WP-CalDav2ICS <= 1.3.4 - Cross-Site Request Forgery Affected: *-1.3.4 Patched: Updated: June 30, 2026

LOW

wp-businessdirectory

Score: N/A WP-BusinessDirectory <= 3.1.5 - Reflected Cross-Site Scripting Affected: *-3.1.5 Patched: Updated: June 30, 2026

LOW

woo-combo-offers

Score: N/A Combo Offers WooCommerce <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2 Patched: 4.3 Updated: June 30, 2026

LOW

wish-list-for-woocommerce

Score: N/A Wishlist for WooCommerce <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026

LOW

wing-migrator

Score: N/A WING WordPress Migrator <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: 2.0.0 Updated: June 30, 2026

LOW

wbc907-core

Score: N/A WBC907 Core <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: June 30, 2026

LOW

videographywp

Score: N/A Featured Video for WordPress – VideographyWP <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.18 Patched: 1.0.20 Updated: June 30, 2026

LOW

universal-video-player

Score: N/A Universal Video Player <= 3.8.4 - Reflected Cross-Site Scripting Affected: *-3.8.4 Patched: Updated: June 30, 2026

LOW

ultimate-store-kit

Score: N/A Ultimate Store Kit Elementor Addons <= 2.9.4 - Missing Authorization Affected: *-2.9.4 Patched: 2.9.5 Updated: June 30, 2026

LOW

techlife-cpt

Score: N/A Tech Life CPT <= 16.4 - Authenticated (Contributor+) PHP Object Injection Affected: *-16.4 Patched: Updated: June 30, 2026

LOW

team-showcase

Score: N/A Team Showcase <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9 Patched: 3.0.0 Updated: June 30, 2026

LOW

teachpress

Score: N/A teachPress <= 9.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-9.0.12 Patched: 9.0.13 Updated: June 30, 2026

LOW

sunshine-photo-cart

Score: N/A Sunshine Photo Cart <= 3.5.7.1 - Missing Authorization Affected: *-3.5.7.1 Patched: 3.5.7.2 Updated: June 30, 2026

LOW

sitelock

Score: N/A SiteLock Security <= 5.0.1 - Missing Authorization Affected: *-5.0.1 Patched: 5.0.2 Updated: June 30, 2026

LOW

simple-xml-sitemap

Score: N/A Simple XML Sitemap <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

sell-downloads

Score: N/A Sell Downloads <= 1.1.12 - Missing Authorization Affected: *-1.1.12 Patched: 1.2.0 Updated: June 30, 2026

LOW

searchazon

Score: N/A SearchAzon <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

registration-login-with-mobile-phone-number

Score: N/A Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Missing Authorization Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

pinpoll

Score: N/A Pinpoll <= 4.0.0 - Reflected Cross-Site Scripting Affected: *-4.0.0 Patched: Updated: June 30, 2026

LOW

movies-importer

Score: N/A Movies Bulk Importer <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

menu-in-post

Score: 91/100 Menu In Post <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

masvideos

Score: 91/100 MAS Videos <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

jet-tabs

Score: 93/100 JetTabs <= 2.2.12 - Missing Authorization Affected: *-2.2.12 Patched: 2.2.12.1 Updated: June 30, 2026

LOW

jet-tabs

Score: 93/100 JetTabs <= 2.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.12 Patched: 2.2.12.1 Updated: June 30, 2026

LOW

jet-search

Score: 93/100 JetSearch <= 3.5.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.16 Patched: 3.5.16.1 Updated: June 30, 2026

LOW

jet-popup

Score: 93/100 JetPopup <= 2.0.20.1 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-2.0.20.1 Patched: 2.0.20.2 Updated: June 30, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.1.1 - Missing Authorization Affected: *-3.8.1.1 Patched: 3.8.1.2 Updated: June 30, 2026

LOW

jet-blog

Score: 93/100 JetBlog <= 2.4.7 - Missing Authorization Affected: *-2.4.7 Patched: 2.4.7.1 Updated: June 30, 2026

LOW

irecco-core

Score: 91/100 iRecco Core <= 1.3.6 - Unauthenticated Local File Inclusion Affected: *-1.3.6 Patched: Updated: June 30, 2026

LOW

gdpr-cookie-consent

Score: 93/100 Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 4.0.3 - Missing Authorization Affected: *-4.0.3 Patched: 4.0.4 Updated: June 30, 2026

LOW

fooevents

Score: 93/100 FooEvents for WooCommerce <= 1.20.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.20.4 Patched: 1.20.5 Updated: June 30, 2026

LOW

et-core-plugin

Score: 93/100 XStore Core < 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 5.6) Patched: 5.6 Updated: June 30, 2026

LOW

electrician

Score: 91/100 Electrician - Electrical Service WordPress <= 5.6 - Unauthenticated Server-Side Request Forgery Affected: *-5.6 Patched: Updated: June 30, 2026

LOW

easy-property-listings-xml-csv-import

Score: 93/100 Import into Easy Property Listings <= 2.2.1 - Cross-Site Request Forgery Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

e-shops-cart2

Score: 91/100 e-shops <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

dentalcare-cpt

Score: 91/100 Dental Care CPT <= 20.2 - Authenticated (Contributor+) PHP Object Injection Affected: *-20.2 Patched: Updated: June 30, 2026

LOW

codecolorer

Score: 93/100 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.10.1 Patched: 0.10.2 Updated: June 30, 2026

LOW

civic-cookie-control-8

Score: 93/100 Civic Cookie Control <= 1.53 - Missing Authorization Affected: *-1.53 Patched: 1.54 Updated: June 30, 2026

LOW

carousel-horizontal-posts-content-slider

Score: 91/100 Carousel Horizontal Posts Content Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.2 Patched: Updated: June 30, 2026

LOW

awebooking

Score: 91/100 AweBooking <= 3.2.26 - Authenticated (Subscriber+) Information Exposure Affected: *-3.2.26 Patched: Updated: June 30, 2026

LOW

auto-listings

Score: 93/100 Auto Listings <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.1 Patched: 2.7.2 Updated: June 30, 2026

LOW

authnet-cim-for-woo

Score: 91/100 Payment Gateway Authorize.Net CIM for WooCommerce <= 2.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-2.1.2 Patched: Updated: June 30, 2026

LOW

appointify

Score: 93/100 Appointify <= 1.0.8 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

amount-left-free-shipping-woocommerce

Score: 97/100 Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.9 Patched: 2.5.0 Updated: June 30, 2026

LOW

academy

Score: 97/100 Academy LMS <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: 3.4.1 Updated: June 30, 2026

LOW

woo-lucky-wheel

Score: N/A Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags Affected: *-1.1.13 Patched: 1.1.14 Updated: June 30, 2026

LOW

Advanced Ads – Ad Manager & AdSense

advanced-ads

Score: 80/100 Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode Affected: *-2.0.14 Patched: 2.0.15 Updated: June 30, 2026

LOW

pixelyoursite

Score: N/A PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File Affected: *-11.1.5 Patched: 11.1.5.1 Updated: June 30, 2026

LOW

wpstream

Score: N/A WpStream <= 4.9.5 - Missing Authorization Affected: *-4.9.5 Patched: 4.9.6 Updated: June 30, 2026

LOW

wp-app-bar

Score: N/A App Bar <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

weforms

Score: N/A weForms <= 1.6.25 - Missing Authorization Affected: *-1.6.25 Patched: 1.6.26 Updated: June 30, 2026

LOW

wallet-system-for-woocommerce

Score: N/A Wallet System for WooCommerce <= 2.7.3 - Authenticated (Subscriber+) Information Exposure Affected: *-2.7.3 Patched: 2.7.4 Updated: June 30, 2026

LOW

visitor-stats-widget

Score: N/A Visitor Stats Widget <= 1.5.0 - Reflected Cross-Site Scripting Affected: *-1.5.0 Patched: Updated: June 30, 2026

LOW

strong-testimonials

Score: N/A Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update Affected: *-3.2.18 Patched: 3.2.19 Updated: June 30, 2026

LOW

slider-templates

Score: N/A Slider Templates <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

scroll-rss-excerpt

Score: N/A Scroll rss excerpt <= 5.0 - Reflected Cross-Site Scripting Affected: *-5.0 Patched: Updated: June 30, 2026

LOW

product-delivery-date-for-woocommerce-lite

Score: N/A Product Delivery Date for WooCommerce – Lite <= 3.2.0 - Missing Authorization Affected: *-3.2.0 Patched: 3.3.0 Updated: June 30, 2026

LOW

print-google-cloud-print-gcp-woocommerce

Score: N/A BizPrint <= 4.6.7 - Missing Authorization Affected: *-4.6.7 Patched: 4.7.1 Updated: June 30, 2026

LOW

primer-by-chloedigital

Score: N/A PRIMER by chloédigital <= 1.0.25 - Reflected Cross-Site Scripting Affected: *-1.0.25 Patched: Updated: June 30, 2026

LOW

popup-builder-block

Score: N/A PopupKit <= 2.1.5 - Authenticated (Subscriber+) Information Exposure Affected: *-2.1.5 Patched: 2.2.1 Updated: June 30, 2026

LOW

poptics

Score: N/A Poptics <= 1.0.20 - Authenticated (Contributor+) Information Exposure Affected: *-1.0.20 Patched: 1.0.21 Updated: June 30, 2026

LOW

netgsm

Score: N/A Netgsm <= 2.9.63 - Reflected Cross-Site Scripting Affected: *-2.9.63 Patched: 2.9.64 Updated: June 30, 2026

LOW

gls-shipping-for-woocommerce

Score: 93/100 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

flaming-password-reset

Score: 91/100 Flaming Password Reset <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

blog-filter

Score: 93/100 Blog Filter <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: June 30, 2026

LOW

wp-discussion-board

Score: N/A Discussion Board <= 2.5.7 - Missing Authorization Affected: *-2.5.7 Patched: 2.5.8 Updated: June 30, 2026

LOW

web-directory-free

Score: N/A Web Directory Free <= 1.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.12 Patched: 1.7.13 Updated: June 30, 2026

LOW

theatre

Score: N/A Theater for WordPress <= 0.19 - Missing Authorization Affected: *-0.19 Patched: 0.19.1 Updated: June 30, 2026

LOW

strong-testimonials

Score: N/A Strong Testimonials <= 3.2.20 - Missing Authorization Affected: *-3.2.20 Patched: 3.2.21 Updated: June 30, 2026

LOW

newsletters-lite

Score: N/A Newsletters <= 4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.12 Patched: 4.13 Updated: June 30, 2026

LOW

hr-management-lite

Score: 89/100 HR Management Lite <= 3.7 - Missing Authorization Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

h5p

Score: 93/100 H5P <= 1.16.1 - Missing Authorization Affected: *-1.16.1 Patched: 1.16.2 Updated: June 30, 2026

LOW

flippingbook

Score: 93/100 FlippingBook <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

ays-popup-box

Score: 93/100 Popup box <= 6.0.7 - Cross-Site Request Forgery Affected: *-6.0.7 Patched: 6.0.8 Updated: June 30, 2026

Showing 4001 to 4100 of 36307 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 19:12 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List