Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
eyewear-prescription-form	eyewear-prescription-form	89	Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation	LOW	*-6.0.1		June 30, 2026
simply-gallery-block	simply-gallery-block	N/A	Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification	LOW	*-3.3.0	3.3.1	June 30, 2026
a3 Lazy Load	a3-lazy-load	95	a3 Lazy Load <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.5	2.7.6	June 30, 2026
export-wp-page-to-static-html	export-wp-page-to-static-html	93	Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File	LOW	*-4.3.4	5.0.0	June 30, 2026
colibri-page-builder	colibri-page-builder	93	Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.335	1.0.342	June 30, 2026
buddypress-media	buddypress-media	93	rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function	LOW	4.7.0-4.7.3	4.7.4	June 30, 2026
yith-woocommerce-quick-view	yith-woocommerce-quick-view	N/A	YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode	LOW	*-2.7.0	2.7.1	June 30, 2026
linkedin-auto-publish	linkedin-auto-publish	93	WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage	LOW	*-1.9.8	1.9.9	June 30, 2026
header-and-footer-script-adder	header-and-footer-script-adder	93	Header Footer Script Adder – Insert Code in Header, Body & Footer <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.5	2.0.6	June 30, 2026
login-lockdown	login-lockdown	93	Login Lockdown & Protection <= 2.14 - IP Block Bypass	LOW	*-2.14	2.15	June 30, 2026
emplibot	emplibot	93	Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking \| SEO Optimized \| Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery	LOW	*-1.0.9	1.1.0	June 30, 2026
social-media-auto-publish	social-media-auto-publish	N/A	Social Media Auto Publish <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage	LOW	*-3.6.5	3.6.6	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection	LOW	*-1.4.7	1.4.8	June 30, 2026
404-solution	404-solution	97	404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter	LOW	*-3.1.0	3.1.1	June 30, 2026
ht-slider-for-elementor	ht-slider-for-elementor	93	HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.4	1.7.5	June 30, 2026
design-import-export	design-import-export	93	Design Import/Export <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import	LOW	*-2.2	2.3	June 30, 2026
happy-helpdesk-support-ticket-system	happy-helpdesk-support-ticket-system	93	HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply	LOW	*-1.0.9	1.0.10	June 30, 2026
employee-spotlight	employee-spotlight	93	Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification	LOW	*-5.1.3	5.1.4	June 30, 2026
ays-slider	ays-slider	93	Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion	LOW	*-2.7.0	2.7.1	June 30, 2026
generateblocks	generateblocks	93	GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata	LOW	*-2.1.2	2.2.0	June 30, 2026
ymc-smart-filter	ymc-smart-filter	N/A	Filter & Grids <= 3.2.0 - Unauthenticated SQL Injection	LOW	*-3.2.0	3.2.1	June 30, 2026
wpgraphql-smart-cache	wpgraphql-smart-cache	N/A	WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure	LOW	[*, 2.0.1)	2.0.1	June 30, 2026
wpbookit	wpbookit	N/A	WPBookit <= 1.0.7 - Cross-Site Request Forgery to Customer Deletion	LOW	*-1.0.7		June 30, 2026
wp-webhooks	wp-webhooks	N/A	Webhooks <= 3.3.8 - Unauthenticated Arbitrary File Upload	LOW	*-3.3.8	3.3.9	June 30, 2026
wow-media-library-fix	wow-media-library-fix	N/A	Fix Media Library <= 2.0 - Unauthenticated Information Exposure	LOW	*-2.0		June 30, 2026
ultimate-auction	ultimate-auction	N/A	Ultimate Auction <= 4.3.2 - Missing Authorization	LOW	*-4.3.2		June 30, 2026
ultimate-auction	ultimate-auction	N/A	Ultimate Auction <= 4.3.2 - Unauthenticated Information Exposure	LOW	*-4.3.2		June 30, 2026
trinity-audio	trinity-audio	N/A	Trinity Audio <= 5.23.3 - Missing Authorization	LOW	*-5.23.3	5.24	June 30, 2026
shopbuilder	shopbuilder	N/A	Shopbuilder <= 3.2.1 - Reflected Cross-Site Scripting	LOW	*-3.2.1	3.2.2	June 30, 2026
redux-framework	redux-framework	N/A	Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter	LOW	*-4.5.8	4.5.9	June 30, 2026
pdf-generator-addon-for-elementor-page-builder	pdf-generator-addon-for-elementor-page-builder	N/A	PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Path Traversal	LOW	*-1.7.5	2.0.1	June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.13.2 - Missing Authorization to Unauthenticated Submission Disclosure	LOW	*-3.13.2	3.13.3	June 30, 2026
logo-slider-wp	logo-slider-wp	89	Logo Slider <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.8.0	4.9.0	June 30, 2026
livemesh-siteorigin-widgets	livemesh-siteorigin-widgets	91	Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets	LOW	*-3.9.1	3.9.2	June 30, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-51.1.39		June 30, 2026
jobmonster-addon	jobmonster-addon	93	Jobmonster Elementor Addon <= 1.1.4 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.1.4	1.1.5	June 30, 2026
jetwidgets-for-elementor	jetwidgets-for-elementor	93	JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets	LOW	*-1.0.20	1.0.21	June 30, 2026
instawp-connect	instawp-connect	93	InstaWP Connect <= 0.1.1.9 - Missing Authorization	LOW	*-0.1.1.9	0.1.2.0	June 30, 2026
easy-property-listings	easy-property-listings	93	Easy Property Listings <= 3.5.22 - Missing Authorization	LOW	*-3.5.22	3.5.23	June 30, 2026
directory-pro	directory-pro	86	Directory Pro <= 2.5.6 - Missing Authorization	LOW	*-2.5.6		June 30, 2026
custom-post-type-ui	custom-post-type-ui	93	Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter	LOW	*-1.18.1	1.18.2	June 30, 2026
magical-posts-display	magical-posts-display	93	Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget	LOW	*-1.2.54	1.2.55	June 30, 2026
simple-bike-rental	simple-bike-rental	N/A	Simple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure	LOW	*-1.0.6	1.0.7	June 30, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion	LOW	*-7.2.2.2	7.2.2.3	June 30, 2026
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager	78	Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure	LOW	*-7.2.2.2	7.2.2.3	June 30, 2026
ai-feeds	ai-feeds	97	AI Feeds <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode	LOW	*-1.0.22	1.0.23	June 30, 2026
secure-copy-content-protection	secure-copy-content-protection	N/A	Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File	LOW	*-4.9.2	4.9.3	June 30, 2026
secure-copy-content-protection	secure-copy-content-protection	N/A	Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export	LOW	*-4.9.2	4.9.3	June 30, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress	email-subscribers	65	Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution	LOW	*-5.9.10	5.9.11	June 30, 2026
pdf-for-contact-form-7	pdf-for-contact-form-7	N/A	PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication	LOW	*-6.3.3	6.3.4	June 30, 2026
official-mailerlite-sign-up-forms	official-mailerlite-sign-up-forms	N/A	MailerLite – Signup forms (official) <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7.16	1.7.17	June 30, 2026
wp-recipe-maker	wp-recipe-maker	N/A	WP Recipe Maker <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure	LOW	*-10.2.2	10.2.3	June 30, 2026
simple-csv-table	simple-csv-table	N/A	Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read	LOW	*-1.0.1	1.0.2	June 30, 2026
wp-fastest-cache-premium	wp-fastest-cache-premium	N/A	WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery	LOW	*-1.7.4	1.7.5	June 30, 2026
vikrentitems	vikrentitems	N/A	VikRentItems Flexible Rental Management System <= 1.2.0 - Reflected Cross-Site Scripting via 'delto' Parameter	LOW	*-1.2.0	1.2.1	June 30, 2026
funnel-builder	funnel-builder	93	FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection	LOW	*-3.13.1.5	3.13.1.6	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing	LOW	*-2.13.3	2.13.4	June 30, 2026
mailgun-subscriptions	mailgun-subscriptions	93	Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.1	1.3.2	June 30, 2026
wpnakama	wpnakama	N/A	WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter	LOW	*-0.6.3	0.6.4	June 30, 2026
guest-support	guest-support	93	Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint	LOW	*-1.2.3	1.3.0	June 30, 2026
fancy-product-designer	fancy-product-designer	93	Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload	LOW	*-6.4.8	6.5.0	June 30, 2026
hippoo	hippoo	93	Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write	LOW	*-1.7.1	1.7.2	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF	LOW	*-3.5.33	3.5.34	June 30, 2026
blaze-demo-importer	blaze-demo-importer	93	Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion	LOW	1.0.0-1.0.13	1.0.14	June 30, 2026
flow-flow-social-streams	flow-flow-social-streams	91	Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action	LOW	3.0.0-4.7.5		June 30, 2026
contact-form-7-with-chatwork	contact-form-7-with-chatwork	91	Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings	LOW	*-1.1.0		June 30, 2026
infility-global	infility-global	81	Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-2.14.42	2.14.43	June 30, 2026
bold-timeline-lite	bold-timeline-lite	93	Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode	LOW	*-1.2.7	1.2.8	June 30, 2026
doubledome-resource-link-library	doubledome-resource-link-library	93	Resource Library for Logged In Users <= 1.5 - Cross-Site Request Forgery to Multiple Administrative Actions	LOW	*-1.5	1.6	June 30, 2026
wp-dropzone	wp-dropzone	N/A	WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute	LOW	*-1.1.1		June 30, 2026
wpik-wordpress-basic-ajax-form	wpik-wordpress-basic-ajax-form	N/A	Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
rabbit-hole	rabbit-hole	N/A	Rabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings Reset	LOW	*-1.1		June 30, 2026
comments-secretary	comments-secretary	91	评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.3.2		June 30, 2026
WP User Manager – User Profile Builder & Membership	wp-user-manager	83	WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter	LOW	*-2.9.12	2.9.13	June 30, 2026
lazytasks-project-task-management	lazytasks-project-task-management	91	LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation	LOW	*-1.2.29		June 30, 2026
simple-theme-changer	simple-theme-changer	N/A	Simple Theme Changer <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions	LOW	*-1.0		June 30, 2026
simple-theme-changer	simple-theme-changer	N/A	Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update	LOW	*-1.0		June 30, 2026
gf-multi-uploader	gf-multi-uploader	93	Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion	LOW	*-1.1.7	1.1.8	June 30, 2026
imaq-core	imaq-core	91	IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update	LOW	*-1.2.1		June 30, 2026
wp-job-portal	wp-job-portal	N/A	WP Job Portal <= 2.5.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field	LOW	*-2.5.2	2.5.3	June 30, 2026
premmerce-woocommerce-wishlist	premmerce-woocommerce-wishlist	N/A	Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion	LOW	*-1.1.10	1.1.11	June 30, 2026
filter-plus	filter-plus	91	Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification	LOW	*-1.1.6	1.1.7	June 30, 2026
ls-gmap-route	ls-gmap-route	91	LS Google Map Router <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1.0		June 30, 2026
fx-currency-converter	fx-currency-converter	93	FX Currency Converter <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.2.0	0.2.1	June 30, 2026
divelogs-widget	divelogs-widget	93	Divelogs Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.5	1.6	June 30, 2026
gpxpress	gpxpress	91	GPXpress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.3		June 30, 2026
wpgancio	wpgancio	N/A	WPGancio <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.12		June 30, 2026
truefy-embed	truefy-embed	N/A	Truefy Embed <= 1.1.0 - Cross-Site Request Forgery to 'truefy_embed_options_update' Settings Update	LOW	*-1.1.0		June 30, 2026
newstatpress	newstatpress	N/A	NewStatPress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.3	1.4.4	June 30, 2026
campay-api	campay-api	93	Campay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment Bypass	LOW	*-1.2.2	1.2.3	June 30, 2026
twwc-protein	twwc-protein	N/A	TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting	LOW	*-1.0.24		June 30, 2026
purchase-and-expense-manager	purchase-and-expense-manager	N/A	Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion	LOW	*-1.1.2		June 30, 2026
viglink-spotlight-by-shortcode	viglink-spotlight-by-shortcode	N/A	VigLink SpotLight By ShortCode <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute	LOW	* - 1.0.a		June 30, 2026
dropdown-category-list	dropdown-category-list	91	Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0		June 30, 2026
WPMasterToolKit (WPMTK) – All in one plugin	wpmastertoolkit	N/A	WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection	LOW	*-2.13.0	2.13.1	June 30, 2026
bukazu-search-widget	bukazu-search-widget	93	BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute	LOW	*-3.3.2	3.5	June 30, 2026
wp-flot	wp-flot	N/A	WP Flot <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.2.2		June 30, 2026
zenost-shortcodes	zenost-shortcodes	N/A	Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0		June 30, 2026
premmerce-woocommerce-brands	premmerce-woocommerce-brands	N/A	Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update	LOW	*-1.2.13	1.2.14	June 30, 2026
simple-post-listing	simple-post-listing	N/A	Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.2		June 30, 2026

LOW

eyewear-prescription-form

Score: 89/100 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation Affected: *-6.0.1 Patched: Updated: June 30, 2026

LOW

simply-gallery-block

Score: N/A Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026

LOW

a3 Lazy Load

a3-lazy-load

Score: 95/100 a3 Lazy Load <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.5 Patched: 2.7.6 Updated: June 30, 2026

LOW

export-wp-page-to-static-html

Score: 93/100 Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File Affected: *-4.3.4 Patched: 5.0.0 Updated: June 30, 2026

LOW

colibri-page-builder

Score: 93/100 Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.335 Patched: 1.0.342 Updated: June 30, 2026

LOW

Score: 93/100 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function Affected: 4.7.0-4.7.3 Patched: 4.7.4 Updated: June 30, 2026

LOW

yith-woocommerce-quick-view

Score: N/A YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode Affected: *-2.7.0 Patched: 2.7.1 Updated: June 30, 2026

LOW

linkedin-auto-publish

Score: 93/100 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage Affected: *-1.9.8 Patched: 1.9.9 Updated: June 30, 2026

LOW

header-and-footer-script-adder

Score: 93/100 Header Footer Script Adder – Insert Code in Header, Body & Footer <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: June 30, 2026

LOW

login-lockdown

Score: 93/100 Login Lockdown & Protection <= 2.14 - IP Block Bypass Affected: *-2.14 Patched: 2.15 Updated: June 30, 2026

LOW

emplibot

Score: 93/100 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026

LOW

social-media-auto-publish

Score: N/A Social Media Auto Publish <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage Affected: *-3.6.5 Patched: 3.6.6 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

404-solution

Score: 97/100 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter Affected: *-3.1.0 Patched: 3.1.1 Updated: June 30, 2026

LOW

ht-slider-for-elementor

Score: 93/100 HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: June 30, 2026

LOW

design-import-export

Score: 93/100 Design Import/Export <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

happy-helpdesk-support-ticket-system

Score: 93/100 HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply Affected: *-1.0.9 Patched: 1.0.10 Updated: June 30, 2026

LOW

employee-spotlight

Score: 93/100 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification Affected: *-5.1.3 Patched: 5.1.4 Updated: June 30, 2026

LOW

ays-slider

Score: 93/100 Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion Affected: *-2.7.0 Patched: 2.7.1 Updated: June 30, 2026

LOW

generateblocks

Score: 93/100 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata Affected: *-2.1.2 Patched: 2.2.0 Updated: June 30, 2026

LOW

ymc-smart-filter

Score: N/A Filter & Grids <= 3.2.0 - Unauthenticated SQL Injection Affected: *-3.2.0 Patched: 3.2.1 Updated: June 30, 2026

LOW

wpgraphql-smart-cache

Score: N/A WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure Affected: [*, 2.0.1) Patched: 2.0.1 Updated: June 30, 2026

LOW

wpbookit

Score: N/A WPBookit <= 1.0.7 - Cross-Site Request Forgery to Customer Deletion Affected: *-1.0.7 Patched: Updated: June 30, 2026

LOW

wp-webhooks

Score: N/A Webhooks <= 3.3.8 - Unauthenticated Arbitrary File Upload Affected: *-3.3.8 Patched: 3.3.9 Updated: June 30, 2026

LOW

wow-media-library-fix

Score: N/A Fix Media Library <= 2.0 - Unauthenticated Information Exposure Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

ultimate-auction

Score: N/A Ultimate Auction <= 4.3.2 - Missing Authorization Affected: *-4.3.2 Patched: Updated: June 30, 2026

LOW

ultimate-auction

Score: N/A Ultimate Auction <= 4.3.2 - Unauthenticated Information Exposure Affected: *-4.3.2 Patched: Updated: June 30, 2026

LOW

trinity-audio

Score: N/A Trinity Audio <= 5.23.3 - Missing Authorization Affected: *-5.23.3 Patched: 5.24 Updated: June 30, 2026

LOW

shopbuilder

Score: N/A Shopbuilder <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026

LOW

redux-framework

Score: N/A Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter Affected: *-4.5.8 Patched: 4.5.9 Updated: June 30, 2026

LOW

pdf-generator-addon-for-elementor-page-builder

Score: N/A PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Path Traversal Affected: *-1.7.5 Patched: 2.0.1 Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.13.2 - Missing Authorization to Unauthenticated Submission Disclosure Affected: *-3.13.2 Patched: 3.13.3 Updated: June 30, 2026

LOW

logo-slider-wp

Score: 89/100 Logo Slider <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.8.0 Patched: 4.9.0 Updated: June 30, 2026

LOW

livemesh-siteorigin-widgets

Score: 91/100 Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets Affected: *-3.9.1 Patched: 3.9.2 Updated: June 30, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-51.1.39 Patched: Updated: June 30, 2026

LOW

jobmonster-addon

Score: 93/100 Jobmonster Elementor Addon <= 1.1.4 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

jetwidgets-for-elementor

Score: 93/100 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets Affected: *-1.0.20 Patched: 1.0.21 Updated: June 30, 2026

LOW

instawp-connect

Score: 93/100 InstaWP Connect <= 0.1.1.9 - Missing Authorization Affected: *-0.1.1.9 Patched: 0.1.2.0 Updated: June 30, 2026

LOW

easy-property-listings

Score: 93/100 Easy Property Listings <= 3.5.22 - Missing Authorization Affected: *-3.5.22 Patched: 3.5.23 Updated: June 30, 2026

LOW

directory-pro

Score: 86/100 Directory Pro <= 2.5.6 - Missing Authorization Affected: *-2.5.6 Patched: Updated: June 30, 2026

LOW

custom-post-type-ui

Score: 93/100 Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter Affected: *-1.18.1 Patched: 1.18.2 Updated: June 30, 2026

LOW

magical-posts-display

Score: 93/100 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget Affected: *-1.2.54 Patched: 1.2.55 Updated: June 30, 2026

LOW

simple-bike-rental

Score: N/A Simple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion Affected: *-7.2.2.2 Patched: 7.2.2.3 Updated: June 30, 2026

LOW

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Score: 78/100 Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure Affected: *-7.2.2.2 Patched: 7.2.2.3 Updated: June 30, 2026

LOW

ai-feeds

Score: 97/100 AI Feeds <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode Affected: *-1.0.22 Patched: 1.0.23 Updated: June 30, 2026

LOW

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File Affected: *-4.9.2 Patched: 4.9.3 Updated: June 30, 2026

LOW

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export Affected: *-4.9.2 Patched: 4.9.3 Updated: June 30, 2026

LOW

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Score: 65/100 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution Affected: *-5.9.10 Patched: 5.9.11 Updated: June 30, 2026

LOW

pdf-for-contact-form-7

Score: N/A PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication Affected: *-6.3.3 Patched: 6.3.4 Updated: June 30, 2026

LOW

official-mailerlite-sign-up-forms

Score: N/A MailerLite – Signup forms (official) <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.16 Patched: 1.7.17 Updated: June 30, 2026

LOW

wp-recipe-maker

Score: N/A WP Recipe Maker <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure Affected: *-10.2.2 Patched: 10.2.3 Updated: June 30, 2026

LOW

simple-csv-table

Score: N/A Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read Affected: *-1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

wp-fastest-cache-premium

Score: N/A WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery Affected: *-1.7.4 Patched: 1.7.5 Updated: June 30, 2026

LOW

vikrentitems

Score: N/A VikRentItems Flexible Rental Management System <= 1.2.0 - Reflected Cross-Site Scripting via 'delto' Parameter Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

funnel-builder

Score: 93/100 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection Affected: *-3.13.1.5 Patched: 3.13.1.6 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing Affected: *-2.13.3 Patched: 2.13.4 Updated: June 30, 2026

LOW

mailgun-subscriptions

Score: 93/100 Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

wpnakama

Score: N/A WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter Affected: *-0.6.3 Patched: 0.6.4 Updated: June 30, 2026

LOW

guest-support

Score: 93/100 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint Affected: *-1.2.3 Patched: 1.3.0 Updated: June 30, 2026

LOW

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload Affected: *-6.4.8 Patched: 6.5.0 Updated: June 30, 2026

LOW

hippoo

Score: 93/100 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF Affected: *-3.5.33 Patched: 3.5.34 Updated: June 30, 2026

LOW

blaze-demo-importer

Score: 93/100 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion Affected: 1.0.0-1.0.13 Patched: 1.0.14 Updated: June 30, 2026

LOW

flow-flow-social-streams

Score: 91/100 Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action Affected: 3.0.0-4.7.5 Patched: Updated: June 30, 2026

LOW

contact-form-7-with-chatwork

Score: 91/100 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

infility-global

Score: 81/100 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-2.14.42 Patched: 2.14.43 Updated: June 30, 2026

LOW

bold-timeline-lite

Score: 93/100 Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

doubledome-resource-link-library

Score: 93/100 Resource Library for Logged In Users <= 1.5 - Cross-Site Request Forgery to Multiple Administrative Actions Affected: *-1.5 Patched: 1.6 Updated: June 30, 2026

LOW

wp-dropzone

Score: N/A WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

wpik-wordpress-basic-ajax-form

Score: N/A Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

rabbit-hole

Score: N/A Rabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings Reset Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

comments-secretary

Score: 91/100 评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

WP User Manager – User Profile Builder & Membership

wp-user-manager

Score: 83/100 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter Affected: *-2.9.12 Patched: 2.9.13 Updated: June 30, 2026

LOW

lazytasks-project-task-management

Score: 91/100 LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation Affected: *-1.2.29 Patched: Updated: June 30, 2026

LOW

simple-theme-changer

Score: N/A Simple Theme Changer <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

simple-theme-changer

Score: N/A Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

gf-multi-uploader

Score: 93/100 Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

imaq-core

Score: 91/100 IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

wp-job-portal

Score: N/A WP Job Portal <= 2.5.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

premmerce-woocommerce-wishlist

Score: N/A Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion Affected: *-1.1.10 Patched: 1.1.11 Updated: June 30, 2026

LOW

filter-plus

Score: 91/100 Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

ls-gmap-route

Score: 91/100 LS Google Map Router <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

fx-currency-converter

Score: 93/100 FX Currency Converter <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.2.0 Patched: 0.2.1 Updated: June 30, 2026

LOW

divelogs-widget

Score: 93/100 Divelogs Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.5 Patched: 1.6 Updated: June 30, 2026

LOW

gpxpress

Score: 91/100 GPXpress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

wpgancio

Score: N/A WPGancio <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.12 Patched: Updated: June 30, 2026

LOW

truefy-embed

Score: N/A Truefy Embed <= 1.1.0 - Cross-Site Request Forgery to 'truefy_embed_options_update' Settings Update Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

newstatpress

Score: N/A NewStatPress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

campay-api

Score: 93/100 Campay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment Bypass Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026

LOW

twwc-protein

Score: N/A TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting Affected: *-1.0.24 Patched: Updated: June 30, 2026

LOW

purchase-and-expense-manager

Score: N/A Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion Affected: *-1.1.2 Patched: Updated: June 30, 2026

LOW

viglink-spotlight-by-shortcode

Score: N/A VigLink SpotLight By ShortCode <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute Affected: * - 1.0.a Patched: Updated: June 30, 2026

LOW

dropdown-category-list

Score: 91/100 Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

WPMasterToolKit (WPMTK) – All in one plugin

wpmastertoolkit

Score: N/A WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection Affected: *-2.13.0 Patched: 2.13.1 Updated: June 30, 2026

LOW

bukazu-search-widget

Score: 93/100 BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute Affected: *-3.3.2 Patched: 3.5 Updated: June 30, 2026

LOW

wp-flot

Score: N/A WP Flot <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.2.2 Patched: Updated: June 30, 2026

LOW

zenost-shortcodes

Score: N/A Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

premmerce-woocommerce-brands

Score: N/A Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update Affected: *-1.2.13 Patched: 1.2.14 Updated: June 30, 2026

LOW

simple-post-listing

Score: N/A Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.2 Patched: Updated: June 30, 2026

Showing 4401 to 4500 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 14:02 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List