Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

5503

Across tracked plugins

Affected Plugins

68

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
add-to-home-screen-wp add-to-home-screen-wp
97
 Add to home screen WP Plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0 2.1 June 30, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
 Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting LOW [*, 6.0.0) 6.0.0 June 30, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
 Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting LOW [*, 6.0.0) 6.0.0 June 30, 2026
autoshare-for-twitter autoshare-for-twitter
93
 simple-git < 3.15.0 - Remote Code Execution LOW *-1.2.1 1.3.0 June 30, 2026
Autoptimize autoptimize
87
 Autoptimize <= 3.0.4 - Sensitive Information Disclosure LOW *-3.0.4 3.1.0 June 30, 2026
acf-quickedit-fields acf-quickedit-fields
97
 ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference LOW *-3.2.2 3.2.3 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying LOW *-1.3.2.4 1.3.2.5 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef LOW *-1.3.2 1.3.2.1 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf LOW *-1.3.2 1.3.2.1 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip LOW *-1.3.2.3 1.3.2.4 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key LOW *-1.3.2.2 1.3.2.3 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion LOW *-1.3.2.4 1.3.2.5 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf LOW *-1.3.2 1.3.2.1 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date LOW *-1.3.2.3 1.3.2.4 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf LOW *-1.3.2 1.3.2.1 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID LOW *-1.3.2.2 1.3.2.3 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf LOW *-1.3.2 1.3.2.1 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion LOW *-1.3.2.4 1.3.2.5 June 30, 2026
chained-quiz chained-quiz
93
 Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn LOW *-1.3.2.2 1.3.2.3 June 30, 2026
bulk-delete-users-by-email bulk-delete-users-by-email
93
 Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery LOW *-1.2 2.0.0 June 30, 2026
bulk-delete-users-by-email bulk-delete-users-by-email
93
 Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 2.0.0 June 30, 2026
advanced-booking-calendar advanced-booking-calendar
95
 Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection LOW *-1.7.1 June 30, 2026
armember armember
97
 ARMember Premium <= 5.5.1 - Privilege Escalation LOW *-5.5.1 5.6 June 30, 2026
advanced-booking-calendar advanced-booking-calendar
95
 Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery LOW *-1.7.1 June 30, 2026
apptivo-business-site apptivo-business-site
95
 Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.0.12 3.0.14 June 30, 2026
aio-time-clock-lite aio-time-clock-lite
97
 All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.320 1.3.321 June 30, 2026
1app-business-forms 1app-business-forms
95
 1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0.0 June 30, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
 Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form LOW *-1.3.72 1.3.73 June 30, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
 Appointment Hour Booking <= 1.3.72 - CSV Injection LOW *-1.3.72 1.3.73 June 30, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
 Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass LOW *-1.3.72 1.3.73 June 30, 2026
Better Click To Share – Shareable Quote Boxes for X (Twitter) better-click-to-tweet
95
 Better Click To Tweet <= 5.10.3 - Cross-Site Request Forgery LOW *-5.10.3 5.10.4 June 30, 2026
Better Click To Share – Shareable Quote Boxes for X (Twitter) better-click-to-tweet
95
 Better Click To Tweet <= 5.10.3 - Missing Authorization LOW *-5.10.3 5.10.4 June 30, 2026
age-gate age-gate
97
 Age Gate <= 2.13.4 - Open Redirect LOW [*, 2.13.5) 2.13.5 June 30, 2026
authenticator authenticator
93
 Authenticator <= 1.3.0 - Missing Authorization LOW *-1.3.0 1.3.1 June 30, 2026
clictracker clictracker
91
 WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.5 June 30, 2026
arforms-form-builder arforms-form-builder
95
 ARForms Form Builder <= 1.5.6 - Unauthenticated Cross-Site Scripting LOW *-1.5.6 1.5.7 June 30, 2026
checkout-for-paypal checkout-for-paypal
93
 Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.13 1.0.14 June 30, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
 All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery LOW *-5.1.0 5.1.1 June 30, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
 Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion LOW *-5.6.5 5.6.6 June 30, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
 Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion LOW *-1.1.7 1.1.8 June 30, 2026
booking-calendar booking-calendar
91
 Booking calendar, Appointment Booking System <= 3.2.1 - Unauthenticated Arbitrary File Upload LOW *-3.2.1 3.2.2 June 30, 2026
antihacker antihacker
97
 Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install LOW *-4.19 4.20 June 30, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
 All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass LOW *-5.0.7 5.0.8 June 30, 2026
addons-for-elementor addons-for-elementor
93
 Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-7.2.3 7.2.4 June 30, 2026
address-autocomplete-using-google-place-api address-autocomplete-using-google-place-api
95
 Address Autocomplete Using Google Place Api <= 1.0.0 - Cross-Site Request Forgery LOW *-1.0.0 June 30, 2026
cardealer cardealer
93
 Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation LOW *-3.04 3.05 June 30, 2026
buddybadges buddybadges
91
 Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection LOW *-1.0.0 June 30, 2026
auxin-elements auxin-elements
89
 Shortcodes and extra features for Phlox theme <= 2.10.5 - PHP Objection Injection LOW *-2.10.5 2.10.7 June 30, 2026
anthologize anthologize
95
 Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.8.0 0.8.1 June 30, 2026
All-In-One Security (AIOS) – Security and Firewall all-in-one-wp-security-and-firewall
72
 All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery LOW *-5.1.0 5.1.1 June 30, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty chaty
88
 Floating Chat Widget - Chaty <= 3.0.2 - Authenticated (Administrator+) SQL Injection LOW *-3.0.2 3.0.3 June 30, 2026
becustom becustom
93
 Becustom <= 1.0.5.2 - Cross-Site Request Forgery LOW *-1.0.5.2 1.0.5.3 June 30, 2026
advanced-import advanced-import
97
 Advanced Import <= 1.3.7 - Cross-Site Request Forgery LOW *-1.3.7 1.3.8 June 30, 2026
chameleon chameleon
93
 Chameleon <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.3 1.4.4 June 30, 2026
Broken Link Checker broken-link-checker
68
 Broken Link Checker <= 1.11.19 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.11.19 1.11.20 June 30, 2026
AdRotate Banner Manager adrotate
74
 AdRotate Banner Manager <= 5.9 - Cross-Site Request Forgery LOW *-5.9 5.9.1 June 30, 2026
add-multiple-marker add-multiple-marker
97
 Add Multiple Marker <= 1.2 - Cross-Site Request Forgery LOW *-1.2 1.3 June 30, 2026
add-multiple-marker add-multiple-marker
97
 Add Multiple Marker <= 1.2 - Missing Authorization Checks to Settings Update LOW *-1.2 1.3 June 30, 2026
activity-reactions-for-buddypress activity-reactions-for-buddypress
93
 Activity Reactions For Buddypress <= 1.0.22 - Cross-Site Request Forgery LOW *-1.0.22 June 30, 2026
activity-reactions-for-buddypress activity-reactions-for-buddypress
93
 Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization LOW *-1.0.22 June 30, 2026
clerkio clerkio
93
 Clerk <= 3.8.2 - Authorization Bypass via Insufficient Validation LOW *-3.8.2 3.8.3 June 30, 2026
advanced-wp-columns advanced-wp-columns
95
 Advanced WP Columns <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.6 June 30, 2026
add-comments add-comments
95
 Add Comments <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.1 June 30, 2026
car-rental car-rental
91
 Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.2 June 30, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
 Better Messages <= 1.9.10.68 - Authorization Bypass to Blocking Control Bypass LOW *-1.9.10.68 1.9.10.69 June 30, 2026
asgaros-forum asgaros-forum
97
 Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery LOW *-2.1.0 2.2.0 June 30, 2026
3dprint 3dprint
95
 3DPrint < 3.5.6.9 - Cross-Site Request Forgery to Arbitrary File Deletion LOW *-3.5.4.8 3.5.6.9 June 30, 2026
awesome-support awesome-support
93
 Awesome Support <= 6.1.1 - Insecure Direct Object Reference to (Subscriber+) Ticket Export LOW *-6.1.1 6.1.2 June 30, 2026
Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent
93
 Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.9.0 2.9.1 June 30, 2026
analytics-for-wp analytics-for-wp
95
 Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.1 June 30, 2026
001-prime-strategy-translate-accelerator 001-prime-strategy-translate-accelerator
95
 001 Prime Strategy Translate Accelerator <= 1.1.1 - Missing Authorization LOW *-1.1.1 June 30, 2026
am-hili-affiliate-manager-for-publishers am-hili-affiliate-manager-for-publishers
95
 AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 June 30, 2026
agenteasy-properties agenteasy-properties
95
 AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.4 June 30, 2026
administrator-z administrator-z
95
 Administrator Z <= 2022.9.28 - Unauthorized File Upload via ACF LOW *-2022.9.28 2022.9.29 June 30, 2026
accessibility accessibility
97
 Accessibility <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping LOW *-1.0.2 1.0.3 June 30, 2026
a3-responsive-slider a3-responsive-slider
97
 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.2.0 2.2.1 June 30, 2026
a3-portfolio a3-portfolio
97
 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-3.0.1 3.0.2 June 30, 2026
a3 Lazy Load a3-lazy-load
95
 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset LOW *-2.6.0 2.6.1 June 30, 2026
4ecps-webforms 4ecps-webforms
95
 4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.2.17 0.2.18 June 30, 2026
authorizer authorizer
93
 phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation LOW [*, 1.6.0) 1.6.0 June 30, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
 Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion LOW *-5.6.4 5.6.5 June 30, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
 Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery LOW [*, 1.1.7) 1.1.7 June 30, 2026
booster-elite-for-woocommerce booster-elite-for-woocommerce
93
 Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download LOW [*, 1.1.7) 1.1.7 June 30, 2026
addfreestats addfreestats
97
 AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.15 4.16 June 30, 2026
Appointment Hour Booking – Booking Calendar appointment-hour-booking
97
 Appointment Hour Booking <= 1.3.71 - Missing Authorization LOW *-1.3.71 1.3.72 June 30, 2026
appointment-booking-calendar appointment-booking-calendar
97
 Appointment Booking Calendar <= 1.3.69 - Missing Authorization LOW *-1.3.69 1.3.70 June 30, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery LOW *-4.1.5 4.1.6 June 30, 2026
Advanced Coupons for WooCommerce Coupons & Store Credit advanced-coupons-for-woocommerce-free
80
 Advanced Coupons for WooCommerce Coupons <= 4.5 - Cross-Site Request Forgery LOW *-4.5 4.5.0.1 June 30, 2026
captainform captainform
89
 Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery LOW *-2.5.3 June 30, 2026
api2cart-bridge-connector api2cart-bridge-connector
97
 Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload LOW 1.1.0 1.2.0 June 30, 2026
api2cart-bridge-connector api2cart-bridge-connector
97
 Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution LOW *-1.1.0 1.2.0 June 30, 2026
all-in-one-seo-pack-pro all-in-one-seo-pack-pro
97
 All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery LOW *-4.2.5.1 4.2.6 June 30, 2026
buddyforms buddyforms
89
 BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting LOW *-2.7.2 2.7.3 June 30, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
 Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download LOW *-5.6.4 5.6.5 June 30, 2026
backup backup
93
 Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.9 1.6.9.1 June 30, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery LOW *-4.1.5 4.1.6 June 30, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization LOW *-4.1.5 4.1.6 June 30, 2026
auto-upload-images auto-upload-images
93
 Auto Upload Images <= 3.3 - Cross-Site Request Forgery LOW *-3.3 3.3.1 June 30, 2026
auto-upload-images auto-upload-images
93
 Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.3 3.3.1 June 30, 2026
advanced-floating-content-lite advanced-floating-content-lite
97
 Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 June 30, 2026
LOW

add-to-home-screen-wp

add-to-home-screen-wp

Score: 97/100 Add to home screen WP Plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: June 30, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting Affected: [*, 6.0.0) Patched: 6.0.0 Updated: June 30, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting Affected: [*, 6.0.0) Patched: 6.0.0 Updated: June 30, 2026
LOW

autoshare-for-twitter

autoshare-for-twitter

Score: 93/100 simple-git < 3.15.0 - Remote Code Execution Affected: *-1.2.1 Patched: 1.3.0 Updated: June 30, 2026
LOW

Autoptimize

autoptimize

Score: 87/100 Autoptimize <= 3.0.4 - Sensitive Information Disclosure Affected: *-3.0.4 Patched: 3.1.0 Updated: June 30, 2026
LOW

acf-quickedit-fields

acf-quickedit-fields

Score: 97/100 ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-3.2.2 Patched: 3.2.3 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying Affected: *-1.3.2.4 Patched: 1.3.2.5 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef Affected: *-1.3.2 Patched: 1.3.2.1 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip Affected: *-1.3.2.3 Patched: 1.3.2.4 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion Affected: *-1.3.2.4 Patched: 1.3.2.5 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date Affected: *-1.3.2.3 Patched: 1.3.2.4 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf Affected: *-1.3.2 Patched: 1.3.2.1 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion Affected: *-1.3.2.4 Patched: 1.3.2.5 Updated: June 30, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn Affected: *-1.3.2.2 Patched: 1.3.2.3 Updated: June 30, 2026
LOW

bulk-delete-users-by-email

bulk-delete-users-by-email

Score: 93/100 Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: 2.0.0 Updated: June 30, 2026
LOW

bulk-delete-users-by-email

bulk-delete-users-by-email

Score: 93/100 Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: 2.0.0 Updated: June 30, 2026
LOW

advanced-booking-calendar

advanced-booking-calendar

Score: 95/100 Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection Affected: *-1.7.1 Patched: Updated: June 30, 2026
LOW

armember

armember

Score: 97/100 ARMember Premium <= 5.5.1 - Privilege Escalation Affected: *-5.5.1 Patched: 5.6 Updated: June 30, 2026
LOW

advanced-booking-calendar

advanced-booking-calendar

Score: 95/100 Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery Affected: *-1.7.1 Patched: Updated: June 30, 2026
LOW

apptivo-business-site

apptivo-business-site

Score: 95/100 Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.0.12 Patched: 3.0.14 Updated: June 30, 2026
LOW

aio-time-clock-lite

aio-time-clock-lite

Score: 97/100 All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.320 Patched: 1.3.321 Updated: June 30, 2026
LOW

1app-business-forms

1app-business-forms

Score: 95/100 1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026
LOW

Appointment Hour Booking – Booking Calendar

appointment-hour-booking

Score: 97/100 Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form Affected: *-1.3.72 Patched: 1.3.73 Updated: June 30, 2026
LOW

age-gate

age-gate

Score: 97/100 Age Gate <= 2.13.4 - Open Redirect Affected: [*, 2.13.5) Patched: 2.13.5 Updated: June 30, 2026
LOW

authenticator

authenticator

Score: 93/100 Authenticator <= 1.3.0 - Missing Authorization Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026
LOW

clictracker

clictracker

Score: 91/100 WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: June 30, 2026
LOW

arforms-form-builder

arforms-form-builder

Score: 95/100 ARForms Form Builder <= 1.5.6 - Unauthenticated Cross-Site Scripting Affected: *-1.5.6 Patched: 1.5.7 Updated: June 30, 2026
LOW

checkout-for-paypal

checkout-for-paypal

Score: 93/100 Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: 1.0.14 Updated: June 30, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion Affected: *-5.6.5 Patched: 5.6.6 Updated: June 30, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.1 - Unauthenticated Arbitrary File Upload Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026
LOW

antihacker

antihacker

Score: 97/100 Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install Affected: *-4.19 Patched: 4.20 Updated: June 30, 2026
LOW

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Score: 72/100 All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass Affected: *-5.0.7 Patched: 5.0.8 Updated: June 30, 2026
LOW

addons-for-elementor

addons-for-elementor

Score: 93/100 Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-7.2.3 Patched: 7.2.4 Updated: June 30, 2026
LOW

address-autocomplete-using-google-place-api

address-autocomplete-using-google-place-api

Score: 95/100 Address Autocomplete Using Google Place Api <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026
LOW

cardealer

cardealer

Score: 93/100 Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation Affected: *-3.04 Patched: 3.05 Updated: June 30, 2026
LOW

buddybadges

buddybadges

Score: 91/100 Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.0 Patched: Updated: June 30, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.10.5 - PHP Objection Injection Affected: *-2.10.5 Patched: 2.10.7 Updated: June 30, 2026
LOW

anthologize

anthologize

Score: 95/100 Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.8.0 Patched: 0.8.1 Updated: June 30, 2026
LOW

becustom

becustom

Score: 93/100 Becustom <= 1.0.5.2 - Cross-Site Request Forgery Affected: *-1.0.5.2 Patched: 1.0.5.3 Updated: June 30, 2026
LOW

advanced-import

advanced-import

Score: 97/100 Advanced Import <= 1.3.7 - Cross-Site Request Forgery Affected: *-1.3.7 Patched: 1.3.8 Updated: June 30, 2026
LOW

chameleon

chameleon

Score: 93/100 Chameleon <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026
LOW

Broken Link Checker

broken-link-checker

Score: 68/100 Broken Link Checker <= 1.11.19 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.11.19 Patched: 1.11.20 Updated: June 30, 2026
LOW

AdRotate Banner Manager

adrotate

Score: 74/100 AdRotate Banner Manager <= 5.9 - Cross-Site Request Forgery Affected: *-5.9 Patched: 5.9.1 Updated: June 30, 2026
LOW

add-multiple-marker

add-multiple-marker

Score: 97/100 Add Multiple Marker <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026
LOW

add-multiple-marker

add-multiple-marker

Score: 97/100 Add Multiple Marker <= 1.2 - Missing Authorization Checks to Settings Update Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026
LOW

activity-reactions-for-buddypress

activity-reactions-for-buddypress

Score: 93/100 Activity Reactions For Buddypress <= 1.0.22 - Cross-Site Request Forgery Affected: *-1.0.22 Patched: Updated: June 30, 2026
LOW

activity-reactions-for-buddypress

activity-reactions-for-buddypress

Score: 93/100 Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization Affected: *-1.0.22 Patched: Updated: June 30, 2026
LOW

clerkio

clerkio

Score: 93/100 Clerk <= 3.8.2 - Authorization Bypass via Insufficient Validation Affected: *-3.8.2 Patched: 3.8.3 Updated: June 30, 2026
LOW

advanced-wp-columns

advanced-wp-columns

Score: 95/100 Advanced WP Columns <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: June 30, 2026
LOW

add-comments

add-comments

Score: 95/100 Add Comments <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026
LOW

car-rental

car-rental

Score: 91/100 Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 30, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: 2.2.0 Updated: June 30, 2026
LOW

3dprint

3dprint

Score: 95/100 3DPrint < 3.5.6.9 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-3.5.4.8 Patched: 3.5.6.9 Updated: June 30, 2026
LOW

awesome-support

awesome-support

Score: 93/100 Awesome Support <= 6.1.1 - Insecure Direct Object Reference to (Subscriber+) Ticket Export Affected: *-6.1.1 Patched: 6.1.2 Updated: June 30, 2026
LOW

Beautiful Cookie Consent Banner

beautiful-and-responsive-cookie-consent

Score: 93/100 Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.9.0 Patched: 2.9.1 Updated: June 30, 2026
LOW

analytics-for-wp

analytics-for-wp

Score: 95/100 Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: June 30, 2026
LOW

001-prime-strategy-translate-accelerator

001-prime-strategy-translate-accelerator

Score: 95/100 001 Prime Strategy Translate Accelerator <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: June 30, 2026
LOW

am-hili-affiliate-manager-for-publishers

am-hili-affiliate-manager-for-publishers

Score: 95/100 AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026
LOW

agenteasy-properties

agenteasy-properties

Score: 95/100 AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026
LOW

administrator-z

administrator-z

Score: 95/100 Administrator Z <= 2022.9.28 - Unauthorized File Upload via ACF Affected: *-2022.9.28 Patched: 2022.9.29 Updated: June 30, 2026
LOW

accessibility

accessibility

Score: 97/100 Accessibility <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026
LOW

a3-responsive-slider

a3-responsive-slider

Score: 97/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.2.0 Patched: 2.2.1 Updated: June 30, 2026
LOW

a3-portfolio

a3-portfolio

Score: 97/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026
LOW

a3 Lazy Load

a3-lazy-load

Score: 95/100 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026
LOW

4ecps-webforms

4ecps-webforms

Score: 95/100 4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2.17 Patched: 0.2.18 Updated: June 30, 2026
LOW

authorizer

authorizer

Score: 93/100 phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation Affected: [*, 1.6.0) Patched: 1.6.0 Updated: June 30, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion Affected: *-5.6.4 Patched: 5.6.5 Updated: June 30, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery Affected: [*, 1.1.7) Patched: 1.1.7 Updated: June 30, 2026
LOW

booster-elite-for-woocommerce

booster-elite-for-woocommerce

Score: 93/100 Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download Affected: [*, 1.1.7) Patched: 1.1.7 Updated: June 30, 2026
LOW

addfreestats

addfreestats

Score: 97/100 AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.15 Patched: 4.16 Updated: June 30, 2026
LOW

appointment-booking-calendar

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.3.69 - Missing Authorization Affected: *-1.3.69 Patched: 1.3.70 Updated: June 30, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026
LOW

captainform

captainform

Score: 89/100 Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery Affected: *-2.5.3 Patched: Updated: June 30, 2026
LOW

api2cart-bridge-connector

api2cart-bridge-connector

Score: 97/100 Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload Affected: 1.1.0 Patched: 1.2.0 Updated: June 30, 2026
LOW

api2cart-bridge-connector

api2cart-bridge-connector

Score: 97/100 Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution Affected: *-1.1.0 Patched: 1.2.0 Updated: June 30, 2026
LOW

all-in-one-seo-pack-pro

all-in-one-seo-pack-pro

Score: 97/100 All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery Affected: *-4.2.5.1 Patched: 4.2.6 Updated: June 30, 2026
LOW

buddyforms

buddyforms

Score: 89/100 BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting Affected: *-2.7.2 Patched: 2.7.3 Updated: June 30, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download Affected: *-5.6.4 Patched: 5.6.5 Updated: June 30, 2026
LOW

backup

backup

Score: 93/100 Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.9 Patched: 1.6.9.1 Updated: June 30, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization Affected: *-4.1.5 Patched: 4.1.6 Updated: June 30, 2026
LOW

auto-upload-images

auto-upload-images

Score: 93/100 Auto Upload Images <= 3.3 - Cross-Site Request Forgery Affected: *-3.3 Patched: 3.3.1 Updated: June 30, 2026
LOW

auto-upload-images

auto-upload-images

Score: 93/100 Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3 Patched: 3.3.1 Updated: June 30, 2026
LOW

advanced-floating-content-lite

advanced-floating-content-lite

Score: 97/100 Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

Showing 4201 to 4300 of 5503 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 16:46 UTC.