Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36306

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
youzify	youzify	N/A	Youzify <= 1.3.7 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.3.7		June 30, 2026
WC Builder – WooCommerce Page Builder for WPBakery	wc-builder	N/A	WC Builder <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.0	1.2.1	June 30, 2026
stratum	stratum	N/A	Stratum Widgets for Elementor <= 1.6.1 - Missing Authorization	LOW	*-1.6.1	1.6.2	June 30, 2026
restropress	restropress	N/A	RestroPress <= 3.2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.8.6	3.2.8.6.1	June 30, 2026
event-organiser	event-organiser	91	Event Organiser <= 3.12.8 - Missing Authorization	LOW	*-3.12.8		June 30, 2026
crowdsignal-forms	crowdsignal-forms	93	Crowdsignal Forms <= 1.7.2 - Missing Authorization	LOW	*-1.7.2	1.8.0	June 30, 2026
bold-timeline-lite	bold-timeline-lite	93	Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.7	1.2.8	June 30, 2026
auxin-elements	auxin-elements	89	Shortcodes and extra features for Phlox <= 2.17.14 - Missing Authorization	LOW	*-2.17.14		June 30, 2026
wedevs-project-manager	wedevs-project-manager	N/A	Project Manager <= 3.0.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-3.0.1	3.0.2	June 30, 2026
themebeez-toolkit	themebeez-toolkit	N/A	Themebeez Toolkit <= 1.3.5 - Missing Authorization	LOW	*-1.3.5		June 30, 2026
popping-sidebars-and-widgets-light	popping-sidebars-and-widgets-light	N/A	Popping Sidebars and Widgets Light <= 1.27 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.27		June 30, 2026
mobile-builder	mobile-builder	91	Mobile builder <= 1.4.2 - Authentication Bypass	LOW	*-1.4.2		June 30, 2026
invelity-sps-connect	invelity-sps-connect	91	Invelity SPS connect <= 1.0.8 - Reflected Cross-Site Scripting	LOW	*-1.0.8		June 30, 2026
inboxify-sign-up-form	inboxify-sign-up-form	91	Inboxify Sign Up Form <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
heateor-social-login	heateor-social-login	91	Heateor Social Login <= 1.1.39 - Cross-Site Request Forgery	LOW	*-1.1.39		June 30, 2026
CubeWP Framework	cubewp-framework	74	CubeWP <= 1.1.27 - Missing Authorization	LOW	*-1.1.27	1.1.28	June 30, 2026
cool-tag-cloud	cool-tag-cloud	89	Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.29		June 30, 2026
ced-good-market-integration	ced-good-market-integration	91	CedCommerce Integration for Good Market <= 1.0.6 - Unauthenticated Local File Inclusion	LOW	*-1.0.6		June 30, 2026
brands-for-woocommerce	brands-for-woocommerce	93	Brands for WooCommerce <= 3.8.6.3 - Authenticated (Contributor+) SQL Injection	LOW	*-3.8.6.3	3.8.6.4	June 30, 2026
booking-ultra-pro	booking-ultra-pro	91	Booking Ultra Pro <= 1.1.23 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.1.23		June 30, 2026
am-events	am-events	95	AM Events <= 1.13.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.13.1		June 30, 2026
advanced-custom-css	advanced-custom-css	95	Advanced Custom CSS <= 1.1.0 - Reflected Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
frontend-post-submission-manager-lite	frontend-post-submission-manager-lite	93	Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion	LOW	*-1.2.6	1.2.7	June 30, 2026
wpdiscuz	wpdiscuz	N/A	wpDiscuz <= 7.6.42 - Unauthenticated Insecure Direct Object Reference	LOW	*-7.6.42	7.6.44	June 30, 2026
wp-text-slider-widget	wp-text-slider-widget	N/A	Text Slider Widget <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
wp-document-revisions	wp-document-revisions	N/A	Document Revisions <= 3.7.2 - Missing Authorization	LOW	*-3.7.2	3.8.0	June 30, 2026
userpro	userpro	N/A	Userpro <= 5.1.9 - Missing Authorization	LOW	*-5.1.9		June 30, 2026
testimonial	testimonial	N/A	Testimonial Slider <= 2.0.15 - Missing Authorization	LOW	*-2.0.15		June 30, 2026
Simple File List	simple-file-list	90	Simple File List <= 6.3.7 - Missing Authorization	LOW	*-6.3.7	6.3.8	June 30, 2026
responsive-posts-carousel-pro	responsive-posts-carousel-pro	N/A	Responsive Posts Carousel Pro <= 15.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-15.1		June 30, 2026
plugin-optimizer	plugin-optimizer	N/A	Plugin Optimizer <= 1.3.7 - Missing Authorization	LOW	*-1.3.7		June 30, 2026
photo-gallery	photo-gallery	N/A	Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.38 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.8.38	1.8.39	June 30, 2026
All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements	mystickyelements	85	My Sticky Elements <= 2.3.3 - Missing Authorization	LOW	*-2.3.3	2.3.4	June 30, 2026
Event Booking Manager for WooCommerce	mage-eventpress	82	WpEvently <= 5.0.8 - Authenticated (Contributor+) PHP Object Injection	LOW	*-5.0.8	5.0.9	June 30, 2026
if-as-shortcode	if-as-shortcode	91	IF AS Shortcode <= 1.2 - Authenticated (Contributor+) Remote Code Execution	LOW	*-1.2		June 30, 2026
funnelforms-free	funnelforms-free	87	Funnelforms Free <= 3.8 - Missing Authorization	LOW	*-3.8		June 30, 2026
fast-user-switching	fast-user-switching	91	Fast User Switching <= 1.4.10 - Cross-Site Request Forgery	LOW	*-1.4.10		June 30, 2026
easy-paypal-donation	easy-paypal-donation	93	Accept Donations with PayPal <= 1.5.2 - Unauthenticated Open Redirect	LOW	*-1.5.2	1.5.3	June 30, 2026
custom-related-posts	custom-related-posts	93	Custom Related Posts <= 1.8.0 - Unauthenticated Information Exposure	LOW	*-1.8.0	1.8.1	June 30, 2026
cookiehint-wp	cookiehint-wp	89	CookieHint WP <= 1.0.0 - Unauthenticated Local File Inclusion	LOW	*-1.0.0		June 30, 2026
content-grid-slider	content-grid-slider	91	Content Grid Slider <= 1.5 - Reflected Cross-Site Scripting	LOW	*-1.5		June 30, 2026
codeflavors-vimeo-video-post-lite	codeflavors-vimeo-video-post-lite	93	Vimeotheque <= 2.3.5.2 - Cross-Site Request Forgery	LOW	*-2.3.5.2	2.3.6	June 30, 2026
cf7-hubspot	cf7-hubspot	93	Integration for Contact Form 7 HubSpot <= 1.4.2 - Authenticated (Administrator+) SQL Injection	LOW	*-1.4.2	1.4.3	June 30, 2026
category-icon	category-icon	93	Category Icon <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.0.2	1.0.3	June 30, 2026
yith-slider-for-page-builders	yith-slider-for-page-builders	N/A	YITH Slider for page builders <= 1.0.11 - Missing Authorization	LOW	*-1.0.11		June 30, 2026
subscribe-to-unlock-lite	subscribe-to-unlock-lite	N/A	Subscribe to Unlock Lite <= 1.3.0 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-1.3.0	1.3.1	June 30, 2026
salesmanago	salesmanago	N/A	SALESmanago <= 3.9.0 - Missing Authorization	LOW	*-3.9.0	3.9.1	June 30, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin	restaurant-reservations	N/A	Five Star Restaurant Reservations <= 2.7.8 - Cross-Site Request Forgery	LOW	*-2.7.8	2.7.9	June 30, 2026
membership-for-woocommerce	membership-for-woocommerce	93	Membership For WooCommerce <= 3.0.3 - Unauthenticated Insecure Direct Object Reference	LOW	*-3.0.3	3.0.4	June 30, 2026
mapsvg-lite-interactive-vector-maps	mapsvg-lite-interactive-vector-maps	93	MapSVG <= 8.7.3 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-8.7.3	8.7.4	June 30, 2026
link-library	link-library	93	Link Library <= 7.8.7 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-7.8.7	7.8.8	June 30, 2026
gift-hunt	gift-hunt	91	Gift Hunt <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.2		June 30, 2026
Docket Cache – Object Cache Accelerator	docket-cache	80	Docket Cache <= 24.07.03 - Unauthenticated Local File Inclusion	LOW	*-24.07.03	24.07.04	June 30, 2026
custom-field-template	custom-field-template	93	Custom Field Template <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.7	2.7.8	June 30, 2026
cooked	cooked	93	Cooked <= 1.11.3 - Missing Authorization	LOW	*-1.11.3	1.11.4	June 30, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode	coming-soon	68	Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.19.8 - Missing Authorization	LOW	*-6.19.8	6.19.9	June 30, 2026
car-rental-manager	car-rental-manager	93	Car Rental Manager <= 1.0.9 - Missing Authorization	LOW	*-1.0.9	1.2.0	June 30, 2026
bbp-core	bbp-core	93	BBP Core <= 1.4.1 - Missing Authorization	LOW	*-1.4.1	2.0.0	June 30, 2026
advanced-classifieds-and-directory-pro	advanced-classifieds-and-directory-pro	97	Advanced Classifieds & Directory Pro <= 3.2.9 - Cross-Site Request Forgery	LOW	*-3.2.9	3.3.0	June 30, 2026
woocommerce-delivery-notes	woocommerce-delivery-notes	N/A	Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution	LOW	*-5.8.0	5.9.0	June 30, 2026
wpbulky-wp-bulk-edit-post-types	wpbulky-wp-bulk-edit-post-types	N/A	WPBulky <= 1.1.13 - Authenticated (Author+) SQL Injection	LOW	*-1.1.13	1.1.14	June 30, 2026
v-form	v-form	N/A	VPSUForm <= 3.2.24 - Authenticated (Contributor+) Information Exposure	LOW	*-3.2.24	3.2.25	June 30, 2026
social-photo-feed-widget	social-photo-feed-widget	N/A	Widgets for Social Photo Feed <= 1.7.8 - Missing Authorization	LOW	*-1.7.8	1.7.9	June 30, 2026
share-print-pdf-woocommerce	share-print-pdf-woocommerce	N/A	Share, Print and PDF Products for WooCommerce <= 3.1.2 - Missing Authorization	LOW	*-3.1.2		June 30, 2026
responsive-posts-carousel-pro	responsive-posts-carousel-pro	N/A	Responsive Posts Carousel Pro <= 15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-15.2	15.3	June 30, 2026
product-loops	product-loops	N/A	Product Loops for WooCommerce <= 2.1.2 - Missing Authorization	LOW	*-2.1.2		June 30, 2026
happy-helpdesk-support-ticket-system	happy-helpdesk-support-ticket-system	93	HAPPY <= 1.0.9 - Missing Authorization	LOW	*-1.0.9	1.0.10	June 30, 2026
give	give	93	GiveWP <= 4.13.1 - Cross-Site Request Forgery	LOW	*-4.13.1	4.13.2	June 30, 2026
e-xact-hosted-payment	e-xact-hosted-payment	91	e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion	LOW	*-2.0		June 30, 2026
chakra-test	chakra-test	93	Chakra test <= 1.0.1 - Missing Authorization	LOW	*-1.0.1	1.0.2	June 30, 2026
brave-popup-builder	brave-popup-builder	93	Brave <= 0.8.3 - Missing Authorization	LOW	*-0.8.3	0.8.4	June 30, 2026
happy-elementor-addons	happy-elementor-addons	93	Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS	LOW	*-3.20.3	3.20.4	June 30, 2026
youtube-embed	youtube-embed	N/A	YouTube Embed <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4		June 30, 2026
wptelegram-widget	wptelegram-widget	N/A	Telegram Widget and Join Link <= 2.2.12 - Missing Authorization	LOW	*-2.2.12	2.2.13	June 30, 2026
WooCommerce	woocommerce	80	WooCommerce <= 10.4.2 - Authenticated (Subscriber+) Information Exposure	LOW	10.0-10.0.4, 10.1-10.1.2, 10.2-10.2.2, 10.3-10.3.6, 8.1-8.1.2, 8.2-8.2.3	10.0.5	June 30, 2026
userfeedback-lite	userfeedback-lite	N/A	User Feedback <= 1.10.0 - Authenticated (Editor+) SQL Injection	LOW	*-1.10.0	1.10.1	June 30, 2026
tablesome	tablesome	N/A	Tablesome <= 1.1.35.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.1.35.1	1.1.35.2	June 30, 2026
tablesome	tablesome	N/A	Tablesome <= 1.1.35.1 - Missing Authorization	LOW	*-1.1.35.1	1.1.35.2	June 30, 2026
social-polls-by-opinionstage	social-polls-by-opinionstage	N/A	Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Missing Authorization	LOW	*-19.12.0	19.12.1	June 30, 2026
Membership Plugin – Kadence Memberships	restrict-content	N/A	Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-3.2.15	3.2.16	June 30, 2026
real3d-flipbook-lite	real3d-flipbook-lite	N/A	Real 3D FlipBook <= 4.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.11.4	4.16.4	June 30, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.7.0.88 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-6.7.0.88	6.7.0.89	June 30, 2026
premium-addons-for-elementor	premium-addons-for-elementor	N/A	Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content'	LOW	*-4.11.53	4.11.54	June 30, 2026
premium-addons-for-elementor	premium-addons-for-elementor	N/A	Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'	LOW	*-4.11.53	4.11.54	June 30, 2026
poll-wp	poll-wp	N/A	TS Poll <= 2.5.5 - Missing Authorization	LOW	*-2.5.5	2.6.0	June 30, 2026
phastpress	phastpress	N/A	PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection	LOW	*-3.7	3.8	June 30, 2026
live-composer-page-builder	live-composer-page-builder	91	Page Builder: Live Composer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.6		June 30, 2026
job-postings	job-postings	91	Jobs for WordPress <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.17		June 30, 2026
fv-all-in-one-seo-pack	fv-all-in-one-seo-pack	93	FV Simpler SEO <= 1.9.6 - Missing Authorization	LOW	*-1.9.6	1.9.7	June 30, 2026
calendar	calendar	93	Calendar <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc'	LOW	*-1.3.16	1.3.17	June 30, 2026
bwl-pro-voting-manager	bwl-pro-voting-manager	89	BWL Pro Voting Manager <= 1.4.9 - Authenticated (Contributor+) SQL Injection	LOW	*-1.4.9		June 30, 2026
bwl-pro-voting-manager	bwl-pro-voting-manager	89	BWL Pro Voting Manager <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.9		June 30, 2026
bwl-kb-manager	bwl-kb-manager	91	BWL Knowledge Base Manager <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.3		June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update	LOW	*-2.9.4.1	2.9.4.2	June 30, 2026
addonify-quick-view	addonify-quick-view	97	Addonify <= 2.0.4 - Missing Authorization	LOW	*-2.0.4	2.0.5	June 30, 2026
seriously-simple-podcasting	seriously-simple-podcasting	N/A	Seriously Simple Podcasting <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.14.1	3.14.2	June 30, 2026
wh-tweaks	wh-tweaks	N/A	WH Tweaks <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.2	1.0.3	June 30, 2026
wappointment	wappointment	N/A	Wappointment <=2.7.2 - Missing Authorization	LOW	*-2.7.6	2.7.7	June 30, 2026
virusdie	virusdie	N/A	Virusdie <= 1.1.6 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.1.6	1.1.7	June 30, 2026
virusdie	virusdie	N/A	Virusdie <= 1.1.6 - Missing Authorization	LOW	*-1.1.6	1.1.7	June 30, 2026

LOW

youzify

Score: N/A Youzify <= 1.3.7 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.3.7 Patched: Updated: June 30, 2026

LOW

WC Builder – WooCommerce Page Builder for WPBakery

wc-builder

Score: N/A WC Builder <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

stratum

Score: N/A Stratum Widgets for Elementor <= 1.6.1 - Missing Authorization Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

restropress

Score: N/A RestroPress <= 3.2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.8.6 Patched: 3.2.8.6.1 Updated: June 30, 2026

LOW

event-organiser

Score: 91/100 Event Organiser <= 3.12.8 - Missing Authorization Affected: *-3.12.8 Patched: Updated: June 30, 2026

LOW

crowdsignal-forms

Score: 93/100 Crowdsignal Forms <= 1.7.2 - Missing Authorization Affected: *-1.7.2 Patched: 1.8.0 Updated: June 30, 2026

LOW

bold-timeline-lite

Score: 93/100 Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox <= 2.17.14 - Missing Authorization Affected: *-2.17.14 Patched: Updated: June 30, 2026

LOW

wedevs-project-manager

Score: N/A Project Manager <= 3.0.1 - Authenticated (Subscriber+) Information Exposure Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026

LOW

themebeez-toolkit

Score: N/A Themebeez Toolkit <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

popping-sidebars-and-widgets-light

Score: N/A Popping Sidebars and Widgets Light <= 1.27 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.27 Patched: Updated: June 30, 2026

LOW

mobile-builder

Score: 91/100 Mobile builder <= 1.4.2 - Authentication Bypass Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

invelity-sps-connect

Score: 91/100 Invelity SPS connect <= 1.0.8 - Reflected Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

inboxify-sign-up-form

Score: 91/100 Inboxify Sign Up Form <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

heateor-social-login

Score: 91/100 Heateor Social Login <= 1.1.39 - Cross-Site Request Forgery Affected: *-1.1.39 Patched: Updated: June 30, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP <= 1.1.27 - Missing Authorization Affected: *-1.1.27 Patched: 1.1.28 Updated: June 30, 2026

LOW

cool-tag-cloud

Score: 89/100 Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.29 Patched: Updated: June 30, 2026

LOW

ced-good-market-integration

Score: 91/100 CedCommerce Integration for Good Market <= 1.0.6 - Unauthenticated Local File Inclusion Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

brands-for-woocommerce

Score: 93/100 Brands for WooCommerce <= 3.8.6.3 - Authenticated (Contributor+) SQL Injection Affected: *-3.8.6.3 Patched: 3.8.6.4 Updated: June 30, 2026

LOW

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.23 - Authenticated (Subscriber+) Information Exposure Affected: *-1.1.23 Patched: Updated: June 30, 2026

LOW

am-events

Score: 95/100 AM Events <= 1.13.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.13.1 Patched: Updated: June 30, 2026

LOW

advanced-custom-css

Score: 95/100 Advanced Custom CSS <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

frontend-post-submission-manager-lite

Score: 93/100 Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion Affected: *-1.2.6 Patched: 1.2.7 Updated: June 30, 2026

LOW

wpdiscuz

Score: N/A wpDiscuz <= 7.6.42 - Unauthenticated Insecure Direct Object Reference Affected: *-7.6.42 Patched: 7.6.44 Updated: June 30, 2026

LOW

wp-text-slider-widget

Score: N/A Text Slider Widget <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-document-revisions

Score: N/A Document Revisions <= 3.7.2 - Missing Authorization Affected: *-3.7.2 Patched: 3.8.0 Updated: June 30, 2026

LOW

userpro

Score: N/A Userpro <= 5.1.9 - Missing Authorization Affected: *-5.1.9 Patched: Updated: June 30, 2026

LOW

testimonial

Score: N/A Testimonial Slider <= 2.0.15 - Missing Authorization Affected: *-2.0.15 Patched: Updated: June 30, 2026

LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 6.3.7 - Missing Authorization Affected: *-6.3.7 Patched: 6.3.8 Updated: June 30, 2026

LOW

responsive-posts-carousel-pro

Score: N/A Responsive Posts Carousel Pro <= 15.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-15.1 Patched: Updated: June 30, 2026

LOW

plugin-optimizer

Score: N/A Plugin Optimizer <= 1.3.7 - Missing Authorization Affected: *-1.3.7 Patched: Updated: June 30, 2026

LOW

photo-gallery

Score: N/A Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.38 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.8.38 Patched: 1.8.39 Updated: June 30, 2026

LOW

All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements

mystickyelements

Score: 85/100 My Sticky Elements <= 2.3.3 - Missing Authorization Affected: *-2.3.3 Patched: 2.3.4 Updated: June 30, 2026

LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 5.0.8 - Authenticated (Contributor+) PHP Object Injection Affected: *-5.0.8 Patched: 5.0.9 Updated: June 30, 2026

LOW

if-as-shortcode

Score: 91/100 IF AS Shortcode <= 1.2 - Authenticated (Contributor+) Remote Code Execution Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

funnelforms-free

Score: 87/100 Funnelforms Free <= 3.8 - Missing Authorization Affected: *-3.8 Patched: Updated: June 30, 2026

LOW

fast-user-switching

Score: 91/100 Fast User Switching <= 1.4.10 - Cross-Site Request Forgery Affected: *-1.4.10 Patched: Updated: June 30, 2026

LOW

easy-paypal-donation

Score: 93/100 Accept Donations with PayPal <= 1.5.2 - Unauthenticated Open Redirect Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

custom-related-posts

Score: 93/100 Custom Related Posts <= 1.8.0 - Unauthenticated Information Exposure Affected: *-1.8.0 Patched: 1.8.1 Updated: June 30, 2026

LOW

cookiehint-wp

Score: 89/100 CookieHint WP <= 1.0.0 - Unauthenticated Local File Inclusion Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

content-grid-slider

Score: 91/100 Content Grid Slider <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

codeflavors-vimeo-video-post-lite

Score: 93/100 Vimeotheque <= 2.3.5.2 - Cross-Site Request Forgery Affected: *-2.3.5.2 Patched: 2.3.6 Updated: June 30, 2026

LOW

cf7-hubspot

Score: 93/100 Integration for Contact Form 7 HubSpot <= 1.4.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

category-icon

Score: 93/100 Category Icon <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

yith-slider-for-page-builders

Score: N/A YITH Slider for page builders <= 1.0.11 - Missing Authorization Affected: *-1.0.11 Patched: Updated: June 30, 2026

LOW

subscribe-to-unlock-lite

Score: N/A Subscribe to Unlock Lite <= 1.3.0 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

salesmanago

Score: N/A SALESmanago <= 3.9.0 - Missing Authorization Affected: *-3.9.0 Patched: 3.9.1 Updated: June 30, 2026

LOW

Five Star Restaurant Reservations – WordPress Booking Plugin

restaurant-reservations

Score: N/A Five Star Restaurant Reservations <= 2.7.8 - Cross-Site Request Forgery Affected: *-2.7.8 Patched: 2.7.9 Updated: June 30, 2026

LOW

membership-for-woocommerce

Score: 93/100 Membership For WooCommerce <= 3.0.3 - Unauthenticated Insecure Direct Object Reference Affected: *-3.0.3 Patched: 3.0.4 Updated: June 30, 2026

LOW

mapsvg-lite-interactive-vector-maps

Score: 93/100 MapSVG <= 8.7.3 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-8.7.3 Patched: 8.7.4 Updated: June 30, 2026

LOW

link-library

Score: 93/100 Link Library <= 7.8.7 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-7.8.7 Patched: 7.8.8 Updated: June 30, 2026

LOW

gift-hunt

Score: 91/100 Gift Hunt <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

Docket Cache – Object Cache Accelerator

docket-cache

Score: 80/100 Docket Cache <= 24.07.03 - Unauthenticated Local File Inclusion Affected: *-24.07.03 Patched: 24.07.04 Updated: June 30, 2026

LOW

custom-field-template

Score: 93/100 Custom Field Template <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.7 Patched: 2.7.8 Updated: June 30, 2026

LOW

cooked

Score: 93/100 Cooked <= 1.11.3 - Missing Authorization Affected: *-1.11.3 Patched: 1.11.4 Updated: June 30, 2026

LOW

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

Score: 68/100 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.19.8 - Missing Authorization Affected: *-6.19.8 Patched: 6.19.9 Updated: June 30, 2026

LOW

car-rental-manager

Score: 93/100 Car Rental Manager <= 1.0.9 - Missing Authorization Affected: *-1.0.9 Patched: 1.2.0 Updated: June 30, 2026

LOW

bbp-core

Score: 93/100 BBP Core <= 1.4.1 - Missing Authorization Affected: *-1.4.1 Patched: 2.0.0 Updated: June 30, 2026

LOW

advanced-classifieds-and-directory-pro

Score: 97/100 Advanced Classifieds & Directory Pro <= 3.2.9 - Cross-Site Request Forgery Affected: *-3.2.9 Patched: 3.3.0 Updated: June 30, 2026

LOW

woocommerce-delivery-notes

Score: N/A Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution Affected: *-5.8.0 Patched: 5.9.0 Updated: June 30, 2026

LOW

wpbulky-wp-bulk-edit-post-types

Score: N/A WPBulky <= 1.1.13 - Authenticated (Author+) SQL Injection Affected: *-1.1.13 Patched: 1.1.14 Updated: June 30, 2026

LOW

v-form

Score: N/A VPSUForm <= 3.2.24 - Authenticated (Contributor+) Information Exposure Affected: *-3.2.24 Patched: 3.2.25 Updated: June 30, 2026

LOW

social-photo-feed-widget

Score: N/A Widgets for Social Photo Feed <= 1.7.8 - Missing Authorization Affected: *-1.7.8 Patched: 1.7.9 Updated: June 30, 2026

LOW

share-print-pdf-woocommerce

Score: N/A Share, Print and PDF Products for WooCommerce <= 3.1.2 - Missing Authorization Affected: *-3.1.2 Patched: Updated: June 30, 2026

LOW

responsive-posts-carousel-pro

Score: N/A Responsive Posts Carousel Pro <= 15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-15.2 Patched: 15.3 Updated: June 30, 2026

LOW

product-loops

Score: N/A Product Loops for WooCommerce <= 2.1.2 - Missing Authorization Affected: *-2.1.2 Patched: Updated: June 30, 2026

LOW

happy-helpdesk-support-ticket-system

Score: 93/100 HAPPY <= 1.0.9 - Missing Authorization Affected: *-1.0.9 Patched: 1.0.10 Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP <= 4.13.1 - Cross-Site Request Forgery Affected: *-4.13.1 Patched: 4.13.2 Updated: June 30, 2026

LOW

e-xact-hosted-payment

Score: 91/100 e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

chakra-test

Score: 93/100 Chakra test <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

brave-popup-builder

Score: 93/100 Brave <= 0.8.3 - Missing Authorization Affected: *-0.8.3 Patched: 0.8.4 Updated: June 30, 2026

LOW

happy-elementor-addons

Score: 93/100 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS Affected: *-3.20.3 Patched: 3.20.4 Updated: June 30, 2026

LOW

youtube-embed

Score: N/A YouTube Embed <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4 Patched: Updated: June 30, 2026

LOW

wptelegram-widget

Score: N/A Telegram Widget and Join Link <= 2.2.12 - Missing Authorization Affected: *-2.2.12 Patched: 2.2.13 Updated: June 30, 2026

LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 10.4.2 - Authenticated (Subscriber+) Information Exposure Affected: 10.0-10.0.4, 10.1-10.1.2, 10.2-10.2.2, 10.3-10.3.6, 8.1-8.1.2, 8.2-8.2.3 Patched: 10.0.5 Updated: June 30, 2026

LOW

userfeedback-lite

Score: N/A User Feedback <= 1.10.0 - Authenticated (Editor+) SQL Injection Affected: *-1.10.0 Patched: 1.10.1 Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome <= 1.1.35.1 - Authenticated (Subscriber+) Information Exposure Affected: *-1.1.35.1 Patched: 1.1.35.2 Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome <= 1.1.35.1 - Missing Authorization Affected: *-1.1.35.1 Patched: 1.1.35.2 Updated: June 30, 2026

LOW

social-polls-by-opinionstage

Score: N/A Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Missing Authorization Affected: *-19.12.0 Patched: 19.12.1 Updated: June 30, 2026

LOW

Membership Plugin – Kadence Memberships

restrict-content

Score: N/A Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-3.2.15 Patched: 3.2.16 Updated: June 30, 2026

LOW

real3d-flipbook-lite

Score: N/A Real 3D FlipBook <= 4.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.11.4 Patched: 4.16.4 Updated: June 30, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.7.0.88 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-6.7.0.88 Patched: 6.7.0.89 Updated: June 30, 2026

LOW

premium-addons-for-elementor

Score: N/A Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' Affected: *-4.11.53 Patched: 4.11.54 Updated: June 30, 2026

LOW

premium-addons-for-elementor

Score: N/A Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template' Affected: *-4.11.53 Patched: 4.11.54 Updated: June 30, 2026

LOW

poll-wp

Score: N/A TS Poll <= 2.5.5 - Missing Authorization Affected: *-2.5.5 Patched: 2.6.0 Updated: June 30, 2026

LOW

phastpress

Score: N/A PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

live-composer-page-builder

Score: 91/100 Page Builder: Live Composer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: June 30, 2026

LOW

job-postings

Score: 91/100 Jobs for WordPress <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.17 Patched: Updated: June 30, 2026

LOW

fv-all-in-one-seo-pack

Score: 93/100 FV Simpler SEO <= 1.9.6 - Missing Authorization Affected: *-1.9.6 Patched: 1.9.7 Updated: June 30, 2026

LOW

calendar

Score: 93/100 Calendar <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc' Affected: *-1.3.16 Patched: 1.3.17 Updated: June 30, 2026

LOW

bwl-pro-voting-manager

Score: 89/100 BWL Pro Voting Manager <= 1.4.9 - Authenticated (Contributor+) SQL Injection Affected: *-1.4.9 Patched: Updated: June 30, 2026

LOW

bwl-pro-voting-manager

Score: 89/100 BWL Pro Voting Manager <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.9 Patched: Updated: June 30, 2026

LOW

bwl-kb-manager

Score: 91/100 BWL Knowledge Base Manager <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update Affected: *-2.9.4.1 Patched: 2.9.4.2 Updated: June 30, 2026

LOW

addonify-quick-view

Score: 97/100 Addonify <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: 2.0.5 Updated: June 30, 2026

LOW

seriously-simple-podcasting

Score: N/A Seriously Simple Podcasting <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.14.1 Patched: 3.14.2 Updated: June 30, 2026

LOW

wh-tweaks

Score: N/A WH Tweaks <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

wappointment

Score: N/A Wappointment <=2.7.2 - Missing Authorization Affected: *-2.7.6 Patched: 2.7.7 Updated: June 30, 2026

LOW

virusdie

Score: N/A Virusdie <= 1.1.6 - Authenticated (Subscriber+) Information Exposure Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

virusdie

Score: N/A Virusdie <= 1.1.6 - Missing Authorization Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

Showing 4101 to 4200 of 36306 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 17:55 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List