Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-stats-manager	wp-stats-manager	N/A	Visitor Statistics (Real Time Traffic) <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.3	8.4	June 30, 2026
wp-showhide	wp-showhide	N/A	WP-ShowHide <= 1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.05	1.06	June 30, 2026
wp-multi-step-checkout	wp-multi-step-checkout	N/A	Multi-Step Checkout for WooCommerce <= 2.33 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.33	2.34	June 30, 2026
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing	woocommerce-google-adwords-conversion-tracking-tag	93	Pixel Manager for WooCommerce <= 1.51.1 - Unauthenticated Information Exposure	LOW	*-1.51.1	1.52.0	June 30, 2026
Advanced Booking & Appointment System – Webba Booking Calendar	webba-booking-lite	70	Webba Booking <= 6.2.1 - Missing Authorization	LOW	*-6.2.1	6.2.2	June 30, 2026
wc-multivendor-marketplace	wc-multivendor-marketplace	N/A	WCFM Marketplace <= 3.6.17 - Missing Authorization	LOW	*-3.6.17		June 30, 2026
wc-frontend-manager	wc-frontend-manager	N/A	WCFM – Frontend Manager for WooCommerce <= 6.7.24 - Missing Authorization	LOW	*-6.7.24	6.7.25	June 30, 2026
watu	watu	N/A	Watu Quiz <= 3.4.5 - Missing Authorization	LOW	*-3.4.5	3.4.5.1	June 30, 2026
vk-google-job-posting-manager	vk-google-job-posting-manager	N/A	VK Google Job Posting Manager <= 1.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.22	1.2.23	June 30, 2026
userswp	userswp	N/A	UsersWP <= 1.2.48 - Cross-Site Request Forgery	LOW	*-1.2.48	1.2.49	June 30, 2026
truebooker-appointment-booking	truebooker-appointment-booking	N/A	TrueBooker <= 1.1.0 - Missing Authorization	LOW	*-1.1.0	1.1.1	June 30, 2026
tlp-team	tlp-team	N/A	Team <= 5.0.10 - Unauthenticated SQL Injection	LOW	*-5.0.10	5.0.11	June 30, 2026
thirstyaffiliates	thirstyaffiliates	N/A	ThirstyAffiliates <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.11.8	3.11.9	June 30, 2026
themify-portfolio-post	themify-portfolio-post	N/A	Themify Portfolio Post <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.3.0	1.3.1	June 30, 2026
sitewide-notice-wp	sitewide-notice-wp	N/A	Sitewide Notice WP <= 2.4.1 - Missing Authorization	LOW	*-2.4.1	2.4.2	June 30, 2026
simple-link-directory	simple-link-directory	N/A	Simple Link Directory <= 8.8.3 - Cross-Site Request Forgery	LOW	*-8.8.3	8.8.4	June 30, 2026
simple-link-directory	simple-link-directory	N/A	Simple Link Directory <= 8.8.3 - Missing Authorization	LOW	*-8.8.3	8.8.4	June 30, 2026
simple-folio	simple-folio	N/A	Simple Folio <= 1.1.0 - Cross-Site Request Forgery	LOW	*-1.1.0	1.1.1	June 30, 2026
sheets-to-wp-table-live-sync	sheets-to-wp-table-live-sync	N/A	FlexTable Google Sheets Connector <= 3.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.19.1	3.19.2	June 30, 2026
semrush-contentshake	semrush-contentshake	N/A	Semrush Content Toolkit <= 1.1.32 - Cross-Site Request Forgery	LOW	*-1.1.32	1.1.33	June 30, 2026
request-a-quote	request-a-quote	N/A	Request a Quote <= 2.5.3 - Missing Authorization	LOW	*-2.5.3	2.5.4	June 30, 2026
rencontre	rencontre	N/A	Rencontre <= 3.13.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.13.7	3.13.8	June 30, 2026
protect-wp-admin	protect-wp-admin	N/A	Protect WP Admin <= 4.1 - Missing Authorization	LOW	*-4.1	4.2	June 30, 2026
photo-block	photo-block	N/A	Photo Block <= 1.5.1 - Missing Authorization	LOW	*-1.5.1	1.6.0	June 30, 2026
ninja-tables	ninja-tables	N/A	Ninja Tables <= 5.2.3 - Authenticated (Administrator+) SQL Injection	LOW	*-5.2.3	5.2.4	June 30, 2026
newsletter	newsletter	N/A	Newsletter <= 9.0.9 - Authenticated (Administrator+) SQL Injection	LOW	*-9.0.9	9.1.0	June 30, 2026
my-calendar	my-calendar	N/A	My Calendar <= 3.6.16 - Missing Authorization	LOW	*-3.6.16	3.6.17	June 30, 2026
meks-quick-plugin-disabler	meks-quick-plugin-disabler	91	Meks Quick Plugin Disabler <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
lock-my-bp	lock-my-bp	93	Wbcom Designs <= 2.1.1 - Missing Authorization	LOW	*-2.1.1	2.1.2	June 30, 2026
listdom	listdom	93	Listdom <= 5.0.1 - Missing Authorization	LOW	*-5.0.1	5.1.0	June 30, 2026
lastudio-element-kit	lastudio-element-kit	93	LA-Studio Element Kit for Elementor < 1.5.6.3 - Missing Authorization	LOW	[*, 1.5.6.3)	1.5.6.3	June 30, 2026
image-caption-hover-pro	image-caption-hover-pro	93	Image Caption Hover Pro < 20.0 - Missing Authorization	LOW	[*, 20.0)	20.0	June 30, 2026
highlight-and-share	highlight-and-share	93	Highlight and Share <= 5.2.0 - Missing Authorization	LOW	*-5.2.0	5.3.0	June 30, 2026
health-check	health-check	91	Health Check & Troubleshooting <= 1.7.1 - Authenticated (Admin+) Path Traversal	LOW	*-1.7.1		June 30, 2026
gdpr-cookie-consent	gdpr-cookie-consent	93	Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 4.0.7 - Missing Authorization	LOW	*-4.0.7	4.0.8	June 30, 2026
fapi-member	fapi-member	91	FAPI Member <= 2.2.29 - Unauthenticated Insecure Direct Object Reference	LOW	*-2.2.29		June 30, 2026
fancy-product-designer	fancy-product-designer	93	Fancy Product Designer \| WooCommerce WordPress <= 6.4.8 - Unauthenticated Information Disclosure and PHAR Deserialization via 'url' Parameter	LOW	*-6.4.8	6.5.0	June 30, 2026
fancy-product-designer	fancy-product-designer	93	Fancy Product Designer \| WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter	LOW	*-6.4.8	6.5.0	June 30, 2026
fancy-product-designer	fancy-product-designer	93	Fancy Product Designer \| WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition	LOW	*-6.4.8	6.5.0	June 30, 2026
expand-maker	expand-maker	89	Read More & Accordion <= 3.5.5.1 - Missing Authorization	LOW	*-3.5.5.1	3.5.6	June 30, 2026
ebay-feeds-for-wordpress	ebay-feeds-for-wordpress	93	eBay Product Feeds <= 3.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.4.9	3.4.10	June 30, 2026
easy-invoice	easy-invoice	93	Easy Invoice <= 2.1.4 - Authenticated (Administrator+) Local File Inclusion	LOW	*-2.1.4	2.1.5	June 30, 2026
easy-form-builder	easy-form-builder	93	Easy Form Builder <= 3.8.20 - Missing Authorization	LOW	*-3.8.20	3.8.21	June 30, 2026
document-library-lite	document-library-lite	93	Document Library Lite <= 1.1.7 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.1.7	1.2.0	June 30, 2026
document-library-lite	document-library-lite	93	Document Library Lite <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.7	1.2.0	June 30, 2026
directorist	directorist	93	Directorist <= 8.6.6 - Unauthenticated Open Redirect	LOW	*-8.6.6	8.6.7	June 30, 2026
cww-companion	cww-companion	93	CWW Companion <= 1.3.2 - Cross-Site Request Forgery	LOW	*-1.3.2	1.3.3	June 30, 2026
cal-embedder-lite	cal-embedder-lite	93	UseStrict's Calendly Embedder <= 1.1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.7.2	1.2	June 30, 2026
business-directory-plugin	business-directory-plugin	93	Business Directory <= 6.4.19 - Missing Authorization	LOW	*-6.4.19	6.4.20	June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.30 - Missing Authorization	LOW	*-3.2.30	3.2.31	June 30, 2026
animation-addons-for-elementor	animation-addons-for-elementor	95	Animation Addons for Elementor <= 2.4.5 - Authenticated (Contributor+) Arbitrary Content Deletion	LOW	*-2.4.5	2.4.6	June 30, 2026
admin-site-enhancements	admin-site-enhancements	97	Admin and Site Enhancements (ASE) <= 8.0.8 - Missing Authorization	LOW	*-8.0.8	8.1.0	June 30, 2026
lightweight-accordion	lightweight-accordion	93	Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.20	1.6.0	June 30, 2026
wpecounter	wpecounter	N/A	Views Counter <= 2.1.2 - Missing Authorization	LOW	*-2.1.2	2.1.3	June 30, 2026
woocommerce-sendinblue-newsletter-subscription	woocommerce-sendinblue-newsletter-subscription	N/A	Sendinblue for WooCommerce <= 4.0.49 - Missing Authorization	LOW	*-4.0.49	4.0.50	June 30, 2026
top_bar_promoter	top_bar_promoter	N/A	xPromoter <= 1.3.4 - Authenticated (Contributor+) SQL Injection	LOW	*-1.3.4	1.3.5	June 30, 2026
pochipp	pochipp	N/A	Pochipp <= 1.18.0 - Missing Authorization	LOW	*-1.18.0	1.18.1	June 30, 2026
import-external-attachments	import-external-attachments	89	Import external attachments <= 1.5.12 - Missing Authorization	LOW	*-1.5.12		June 30, 2026
head-meta-data	head-meta-data	93	Head Meta Data <= 20250327 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-20250327	20251118	June 30, 2026
essential-real-estate	essential-real-estate	87	Essential Real Estate <= 5.2.2 - Missing Authorization	LOW	*-5.2.2		June 30, 2026
essential-real-estate	essential-real-estate	87	Essential Real Estate <= 5.2.2 - Authenticated (ERE Customer+) Insecure Direct Object Reference	LOW	*-5.2.2		June 30, 2026
countdown_with_background	countdown_with_background	91	CountDown With Image or Video Background <= 1.5 - Authenticated (Contributor+) SQL Injection	LOW	*-1.5		June 30, 2026
cmsmasters-content-composer	cmsmasters-content-composer	93	CMSMasters Content Composer <= 2.5.8 - Missing Authorization	LOW	*-2.5.8	2.5.9	June 30, 2026
agile-store-locator	agile-store-locator	97	Store Locator WordPress <= 1.6.2 - Authenticated (Contributor+) SQL Injection	LOW	*-1.6.2	1.6.3	June 30, 2026
accordion_slider_pro	accordion_slider_pro	95	Accordion Slider PRO <= 1.2 - Authenticated (Contributor+) SQL Injection	LOW	*-1.2	1.3	June 30, 2026
accessibility-by-audioeye	accessibility-by-audioeye	97	Accessibility by AudioEye <= 1.0.49 - Missing Authorization	LOW	*-1.0.49	1.1.0	June 30, 2026
addon-elements-for-elementor-page-builder	addon-elements-for-elementor-page-builder	97	Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.14.3	1.14.4	June 30, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection	LOW	*-2.4.12	2.4.13	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultimate Addons for Contact Form 7 <= 3.5.34 - Missing Authorization	LOW	*-3.5.34	3.5.35	June 30, 2026
restrict-elementor-widgets	restrict-elementor-widgets	N/A	Restrict Elementor Widgets, Columns and Sections <= 1.12 - Missing Authorization	LOW	*-1.12		June 30, 2026
Prime Slider Addons for Elementor	bdthemes-prime-slider-lite	88	Prime Slider – Addons For Elementor <= 4.0.10 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-4.0.10	4.1.0	June 30, 2026
brizy	brizy	93	Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function	LOW	*-2.7.16	2.7.17	June 30, 2026
marquee-addons-for-elementor	marquee-addons-for-elementor	93	MarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget	LOW	*-2.4.3	3.0.0	June 30, 2026
enteraddons	enteraddons	93	Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets	LOW	*-2.2.7	2.2.8	June 30, 2026
popup-builder	popup-builder	N/A	Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.4.1	4.4.2	June 30, 2026
ti-woocommerce-wishlist	ti-woocommerce-wishlist	N/A	TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection	LOW	*-2.10.0	2.11.0	June 30, 2026
widgetkit-for-elementor	widgetkit-for-elementor	N/A	All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets	LOW	*-2.5.6	2.5.7	June 30, 2026
exact-links	exact-links	83	URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection	LOW	*-3.0.7		June 30, 2026
mycred	mycred	N/A	myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval	LOW	*-2.9.7	2.9.7.1	June 30, 2026
wp3d-model-import-block	wp3d-model-import-block	N/A	WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-1.0.7		June 30, 2026
mediacommander	mediacommander	93	MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion	LOW	*-2.3.1	2.4.0	June 30, 2026
custom-frames	custom-frames	91	Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter	LOW	*-1.0.1		June 30, 2026
shortcode-ajax	shortcode-ajax	N/A	Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter	LOW	*-1.0		June 30, 2026
quick-testimonials	quick-testimonials	N/A	Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.1		June 30, 2026
payamito-sms-woocommerce	payamito-sms-woocommerce	N/A	افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection	LOW	*-1.3.5		June 30, 2026
popover-windows	popover-windows	N/A	Popover Windows <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update	LOW	*-1.2		June 30, 2026
popover-windows	popover-windows	N/A	Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions	LOW	*-1.2		June 30, 2026
lucky-draw	lucky-draw	91	Lucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-4.2		June 30, 2026
solutions-ad-manager	solutions-ad-manager	N/A	Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter	LOW	*-1.0.0		June 30, 2026
doubly	doubly	93	Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import	LOW	*-1.0.46	1.0.47	June 30, 2026
userback	userback	N/A	Userback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration Exposure	LOW	*-1.0.15	1.0.16	June 30, 2026
devs-crm	devs-crm	89	Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure	LOW	*-1.1.8		June 30, 2026
devs-crm	devs-crm	89	Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update	LOW	*-1.1.8		June 30, 2026
jay-login-register	jay-login-register	93	JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie	LOW	*-2.4.01	2.5.01	June 30, 2026
easy-notify-lite	easy-notify-lite	93	Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset	LOW	*-1.1.37	1.1.39	June 30, 2026
postem-ipsum	postem-ipsum	N/A	Postem Ipsum <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users	LOW	*-3.0.1		June 30, 2026
easy-theme-options	easy-theme-options	89	Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import	LOW	*-1.0		June 30, 2026
extensive-vc-addon	extensive-vc-addon	89	Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter	LOW	*-1.9.1		June 30, 2026
annuncifunebri-onoranza	annuncifunebri-onoranza	93	AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion	LOW	*-4.7.0	4.7.1	June 30, 2026
eyewear-prescription-form	eyewear-prescription-form	89	Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion	LOW	*-6.0.1		June 30, 2026

LOW

wp-stats-manager

Score: N/A Visitor Statistics (Real Time Traffic) <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.3 Patched: 8.4 Updated: June 30, 2026

LOW

wp-showhide

Score: N/A WP-ShowHide <= 1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.05 Patched: 1.06 Updated: June 30, 2026

LOW

wp-multi-step-checkout

Score: N/A Multi-Step Checkout for WooCommerce <= 2.33 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.33 Patched: 2.34 Updated: June 30, 2026

LOW

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Score: 93/100 Pixel Manager for WooCommerce <= 1.51.1 - Unauthenticated Information Exposure Affected: *-1.51.1 Patched: 1.52.0 Updated: June 30, 2026

LOW

Advanced Booking & Appointment System – Webba Booking Calendar

webba-booking-lite

Score: 70/100 Webba Booking <= 6.2.1 - Missing Authorization Affected: *-6.2.1 Patched: 6.2.2 Updated: June 30, 2026

LOW

wc-multivendor-marketplace

Score: N/A WCFM Marketplace <= 3.6.17 - Missing Authorization Affected: *-3.6.17 Patched: Updated: June 30, 2026

LOW

wc-frontend-manager

Score: N/A WCFM – Frontend Manager for WooCommerce <= 6.7.24 - Missing Authorization Affected: *-6.7.24 Patched: 6.7.25 Updated: June 30, 2026

LOW

watu

Score: N/A Watu Quiz <= 3.4.5 - Missing Authorization Affected: *-3.4.5 Patched: 3.4.5.1 Updated: June 30, 2026

LOW

vk-google-job-posting-manager

Score: N/A VK Google Job Posting Manager <= 1.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.22 Patched: 1.2.23 Updated: June 30, 2026

LOW

userswp

Score: N/A UsersWP <= 1.2.48 - Cross-Site Request Forgery Affected: *-1.2.48 Patched: 1.2.49 Updated: June 30, 2026

LOW

truebooker-appointment-booking

Score: N/A TrueBooker <= 1.1.0 - Missing Authorization Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

tlp-team

Score: N/A Team <= 5.0.10 - Unauthenticated SQL Injection Affected: *-5.0.10 Patched: 5.0.11 Updated: June 30, 2026

LOW

thirstyaffiliates

Score: N/A ThirstyAffiliates <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.11.8 Patched: 3.11.9 Updated: June 30, 2026

LOW

themify-portfolio-post

Score: N/A Themify Portfolio Post <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

sitewide-notice-wp

Score: N/A Sitewide Notice WP <= 2.4.1 - Missing Authorization Affected: *-2.4.1 Patched: 2.4.2 Updated: June 30, 2026

LOW

simple-link-directory

Score: N/A Simple Link Directory <= 8.8.3 - Cross-Site Request Forgery Affected: *-8.8.3 Patched: 8.8.4 Updated: June 30, 2026

LOW

simple-link-directory

Score: N/A Simple Link Directory <= 8.8.3 - Missing Authorization Affected: *-8.8.3 Patched: 8.8.4 Updated: June 30, 2026

LOW

simple-folio

Score: N/A Simple Folio <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

sheets-to-wp-table-live-sync

Score: N/A FlexTable Google Sheets Connector <= 3.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.19.1 Patched: 3.19.2 Updated: June 30, 2026

LOW

semrush-contentshake

Score: N/A Semrush Content Toolkit <= 1.1.32 - Cross-Site Request Forgery Affected: *-1.1.32 Patched: 1.1.33 Updated: June 30, 2026

LOW

request-a-quote

Score: N/A Request a Quote <= 2.5.3 - Missing Authorization Affected: *-2.5.3 Patched: 2.5.4 Updated: June 30, 2026

LOW

rencontre

Score: N/A Rencontre <= 3.13.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.13.7 Patched: 3.13.8 Updated: June 30, 2026

LOW

protect-wp-admin

Score: N/A Protect WP Admin <= 4.1 - Missing Authorization Affected: *-4.1 Patched: 4.2 Updated: June 30, 2026

LOW

photo-block

Score: N/A Photo Block <= 1.5.1 - Missing Authorization Affected: *-1.5.1 Patched: 1.6.0 Updated: June 30, 2026

LOW

ninja-tables

Score: N/A Ninja Tables <= 5.2.3 - Authenticated (Administrator+) SQL Injection Affected: *-5.2.3 Patched: 5.2.4 Updated: June 30, 2026

LOW

newsletter

Score: N/A Newsletter <= 9.0.9 - Authenticated (Administrator+) SQL Injection Affected: *-9.0.9 Patched: 9.1.0 Updated: June 30, 2026

LOW

my-calendar

Score: N/A My Calendar <= 3.6.16 - Missing Authorization Affected: *-3.6.16 Patched: 3.6.17 Updated: June 30, 2026

LOW

meks-quick-plugin-disabler

Score: 91/100 Meks Quick Plugin Disabler <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

lock-my-bp

Score: 93/100 Wbcom Designs <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

listdom

Score: 93/100 Listdom <= 5.0.1 - Missing Authorization Affected: *-5.0.1 Patched: 5.1.0 Updated: June 30, 2026

LOW

lastudio-element-kit

Score: 93/100 LA-Studio Element Kit for Elementor < 1.5.6.3 - Missing Authorization Affected: [*, 1.5.6.3) Patched: 1.5.6.3 Updated: June 30, 2026

LOW

image-caption-hover-pro

Score: 93/100 Image Caption Hover Pro < 20.0 - Missing Authorization Affected: [*, 20.0) Patched: 20.0 Updated: June 30, 2026

LOW

highlight-and-share

Score: 93/100 Highlight and Share <= 5.2.0 - Missing Authorization Affected: *-5.2.0 Patched: 5.3.0 Updated: June 30, 2026

LOW

health-check

Score: 91/100 Health Check & Troubleshooting <= 1.7.1 - Authenticated (Admin+) Path Traversal Affected: *-1.7.1 Patched: Updated: June 30, 2026

LOW

gdpr-cookie-consent

Score: 93/100 Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 4.0.7 - Missing Authorization Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026

LOW

fapi-member

Score: 91/100 FAPI Member <= 2.2.29 - Unauthenticated Insecure Direct Object Reference Affected: *-2.2.29 Patched: Updated: June 30, 2026

LOW

Score: 93/100 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Information Disclosure and PHAR Deserialization via 'url' Parameter Affected: *-6.4.8 Patched: 6.5.0 Updated: June 30, 2026

LOW

fancy-product-designer

Score: 93/100 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter Affected: *-6.4.8 Patched: 6.5.0 Updated: June 30, 2026

LOW

fancy-product-designer

Score: 93/100 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition Affected: *-6.4.8 Patched: 6.5.0 Updated: June 30, 2026

LOW

expand-maker

Score: 89/100 Read More & Accordion <= 3.5.5.1 - Missing Authorization Affected: *-3.5.5.1 Patched: 3.5.6 Updated: June 30, 2026

LOW

ebay-feeds-for-wordpress

Score: 93/100 eBay Product Feeds <= 3.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.4.9 Patched: 3.4.10 Updated: June 30, 2026

LOW

easy-invoice

Score: 93/100 Easy Invoice <= 2.1.4 - Authenticated (Administrator+) Local File Inclusion Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

easy-form-builder

Score: 93/100 Easy Form Builder <= 3.8.20 - Missing Authorization Affected: *-3.8.20 Patched: 3.8.21 Updated: June 30, 2026

LOW

document-library-lite

Score: 93/100 Document Library Lite <= 1.1.7 - Unauthenticated Insecure Direct Object Reference Affected: *-1.1.7 Patched: 1.2.0 Updated: June 30, 2026

LOW

document-library-lite

Score: 93/100 Document Library Lite <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: 1.2.0 Updated: June 30, 2026

LOW

directorist

Score: 93/100 Directorist <= 8.6.6 - Unauthenticated Open Redirect Affected: *-8.6.6 Patched: 8.6.7 Updated: June 30, 2026

LOW

cww-companion

Score: 93/100 CWW Companion <= 1.3.2 - Cross-Site Request Forgery Affected: *-1.3.2 Patched: 1.3.3 Updated: June 30, 2026

LOW

cal-embedder-lite

Score: 93/100 UseStrict's Calendly Embedder <= 1.1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.7.2 Patched: 1.2 Updated: June 30, 2026

LOW

business-directory-plugin

Score: 93/100 Business Directory <= 6.4.19 - Missing Authorization Affected: *-6.4.19 Patched: 6.4.20 Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.30 - Missing Authorization Affected: *-3.2.30 Patched: 3.2.31 Updated: June 30, 2026

LOW

animation-addons-for-elementor

Score: 95/100 Animation Addons for Elementor <= 2.4.5 - Authenticated (Contributor+) Arbitrary Content Deletion Affected: *-2.4.5 Patched: 2.4.6 Updated: June 30, 2026

LOW

admin-site-enhancements

Score: 97/100 Admin and Site Enhancements (ASE) <= 8.0.8 - Missing Authorization Affected: *-8.0.8 Patched: 8.1.0 Updated: June 30, 2026

LOW

lightweight-accordion

Score: 93/100 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.20 Patched: 1.6.0 Updated: June 30, 2026

LOW

wpecounter

Score: N/A Views Counter <= 2.1.2 - Missing Authorization Affected: *-2.1.2 Patched: 2.1.3 Updated: June 30, 2026

LOW

woocommerce-sendinblue-newsletter-subscription

Score: N/A Sendinblue for WooCommerce <= 4.0.49 - Missing Authorization Affected: *-4.0.49 Patched: 4.0.50 Updated: June 30, 2026

LOW

top_bar_promoter

Score: N/A xPromoter <= 1.3.4 - Authenticated (Contributor+) SQL Injection Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

pochipp

Score: N/A Pochipp <= 1.18.0 - Missing Authorization Affected: *-1.18.0 Patched: 1.18.1 Updated: June 30, 2026

LOW

import-external-attachments

Score: 89/100 Import external attachments <= 1.5.12 - Missing Authorization Affected: *-1.5.12 Patched: Updated: June 30, 2026

LOW

head-meta-data

Score: 93/100 Head Meta Data <= 20250327 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-20250327 Patched: 20251118 Updated: June 30, 2026

LOW

essential-real-estate

Score: 87/100 Essential Real Estate <= 5.2.2 - Missing Authorization Affected: *-5.2.2 Patched: Updated: June 30, 2026

LOW

essential-real-estate

Score: 87/100 Essential Real Estate <= 5.2.2 - Authenticated (ERE Customer+) Insecure Direct Object Reference Affected: *-5.2.2 Patched: Updated: June 30, 2026

LOW

countdown_with_background

Score: 91/100 CountDown With Image or Video Background <= 1.5 - Authenticated (Contributor+) SQL Injection Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

cmsmasters-content-composer

Score: 93/100 CMSMasters Content Composer <= 2.5.8 - Missing Authorization Affected: *-2.5.8 Patched: 2.5.9 Updated: June 30, 2026

LOW

agile-store-locator

Score: 97/100 Store Locator WordPress <= 1.6.2 - Authenticated (Contributor+) SQL Injection Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

accordion_slider_pro

Score: 95/100 Accordion Slider PRO <= 1.2 - Authenticated (Contributor+) SQL Injection Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

accessibility-by-audioeye

Score: 97/100 Accessibility by AudioEye <= 1.0.49 - Missing Authorization Affected: *-1.0.49 Patched: 1.1.0 Updated: June 30, 2026

LOW

addon-elements-for-elementor-page-builder

Score: 97/100 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.14.3 Patched: 1.14.4 Updated: June 30, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection Affected: *-2.4.12 Patched: 2.4.13 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultimate Addons for Contact Form 7 <= 3.5.34 - Missing Authorization Affected: *-3.5.34 Patched: 3.5.35 Updated: June 30, 2026

LOW

restrict-elementor-widgets

Score: N/A Restrict Elementor Widgets, Columns and Sections <= 1.12 - Missing Authorization Affected: *-1.12 Patched: Updated: June 30, 2026

LOW

Prime Slider Addons for Elementor

bdthemes-prime-slider-lite

Score: 88/100 Prime Slider – Addons For Elementor <= 4.0.10 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-4.0.10 Patched: 4.1.0 Updated: June 30, 2026

LOW

brizy

Score: 93/100 Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function Affected: *-2.7.16 Patched: 2.7.17 Updated: June 30, 2026

LOW

marquee-addons-for-elementor

Score: 93/100 MarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget Affected: *-2.4.3 Patched: 3.0.0 Updated: June 30, 2026

LOW

enteraddons

Score: 93/100 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets Affected: *-2.2.7 Patched: 2.2.8 Updated: June 30, 2026

LOW

popup-builder

Score: N/A Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.4.1 Patched: 4.4.2 Updated: June 30, 2026

LOW

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection Affected: *-2.10.0 Patched: 2.11.0 Updated: June 30, 2026

LOW

widgetkit-for-elementor

Score: N/A All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

exact-links

Score: 83/100 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection Affected: *-3.0.7 Patched: Updated: June 30, 2026

LOW

mycred

Score: N/A myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval Affected: *-2.9.7 Patched: 2.9.7.1 Updated: June 30, 2026

LOW

wp3d-model-import-block

Score: N/A WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.0.7 Patched: Updated: June 30, 2026

LOW

mediacommander

Score: 93/100 MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion Affected: *-2.3.1 Patched: 2.4.0 Updated: June 30, 2026

LOW

custom-frames

Score: 91/100 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

shortcode-ajax

Score: N/A Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

quick-testimonials

Score: N/A Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

payamito-sms-woocommerce

Score: N/A افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

popover-windows

Score: N/A Popover Windows <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

popover-windows

Score: N/A Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

lucky-draw

Score: 91/100 Lucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-4.2 Patched: Updated: June 30, 2026

LOW

solutions-ad-manager

Score: N/A Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

doubly

Score: 93/100 Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import Affected: *-1.0.46 Patched: 1.0.47 Updated: June 30, 2026

LOW

userback

Score: N/A Userback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration Exposure Affected: *-1.0.15 Patched: 1.0.16 Updated: June 30, 2026

LOW

devs-crm

Score: 89/100 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure Affected: *-1.1.8 Patched: Updated: June 30, 2026

LOW

devs-crm

Score: 89/100 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update Affected: *-1.1.8 Patched: Updated: June 30, 2026

LOW

jay-login-register

Score: 93/100 JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie Affected: *-2.4.01 Patched: 2.5.01 Updated: June 30, 2026

LOW

easy-notify-lite

Score: 93/100 Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset Affected: *-1.1.37 Patched: 1.1.39 Updated: June 30, 2026

LOW

postem-ipsum

Score: N/A Postem Ipsum <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

easy-theme-options

Score: 89/100 Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

extensive-vc-addon

Score: 89/100 Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter Affected: *-1.9.1 Patched: Updated: June 30, 2026

LOW

annuncifunebri-onoranza

Score: 93/100 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion Affected: *-4.7.0 Patched: 4.7.1 Updated: June 30, 2026

LOW

eyewear-prescription-form

Score: 89/100 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion Affected: *-6.0.1 Patched: Updated: June 30, 2026

Showing 4301 to 4400 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 15:26 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List