Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
easy-map-creator	easy-map-creator	91	Easy Map Creator <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-3.0.2		June 30, 2026
simple-al-slider	simple-al-slider	N/A	Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.2.10		June 30, 2026
ayo-shortcodes	ayo-shortcodes	91	Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute	LOW	*-0.2		June 30, 2026
kirimemail-woocommerce-integration	kirimemail-woocommerce-integration	91	Kirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings Update	LOW	*-1.2.9		June 30, 2026
debatemaster	debatemaster	91	DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode	LOW	*-1.0.0		June 30, 2026
url-media-uploader	url-media-uploader	N/A	URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload	LOW	*-1.0.1		June 30, 2026
upcoming-for-calendly	upcoming-for-calendly	N/A	Upcoming for Calendly <= 1.2.4 - Cross-Site Request Forgery to Settings Update	LOW	*-1.2.4	1.2.5	June 30, 2026
bmlt-wordpress-satellite-plugin	bmlt-wordpress-satellite-plugin	91	BMLT WordPress Plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion	LOW	*-3.11.4		June 30, 2026
watchtowerhq	watchtowerhq	N/A	WatchTowerHQ <= 3.16.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter	LOW	*-3.16.0	3.16.1	June 30, 2026
omplag	omplag	N/A	Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0.2		June 30, 2026
wplg-default-mail-from	wplg-default-mail-from	N/A	WPLG Default Mail From <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0.0		June 30, 2026
player-leaderboard	player-leaderboard	N/A	Player Leaderboard 1.0.0 - 1.0.2 - Authenticated (Contributor+) Local File Inclusion	LOW	1.0.0-1.0.2	1.0.3	June 30, 2026
foxtool	foxtool	93	Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection	LOW	*-2.5.2	2.5.3	June 30, 2026
coding-blocks	coding-blocks	91	Coding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.1.0		June 30, 2026
vimeo-simplegallery	vimeo-simplegallery	N/A	Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification	LOW	*-0.2		June 30, 2026
animated-pixel-marquee-creator	animated-pixel-marquee-creator	95	Animated Pixel Marquee Creator <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter	LOW	*-1.0.0		June 30, 2026
paypal-payments-shortcode	paypal-payments-shortcode	N/A	Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute	LOW	*-1.01		June 30, 2026
buddytask	buddytask	93	BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation	LOW	*-1.3.0	1.4.0	June 30, 2026
accept-stripe-payments-using-contact-form-7	accept-stripe-payments-using-contact-form-7	97	Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message	LOW	*-3.1	3.2	June 30, 2026
bg-hide-email-address	bg-hide-email-address	91	Hide Email Address <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.1		June 30, 2026
better-elementor-addons	better-elementor-addons	93	Better Elementor Addons <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider Widget	LOW	*-1.5.5	1.5.6	June 30, 2026
data-visualizer	data-visualizer	91	Data Visualizer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1		June 30, 2026
app-template-blocks-for-wpbakery-page-builder	app-template-blocks-for-wpbakery-page-builder	95	App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-2.0.2		June 30, 2026
like-dislike-voting	like-dislike-voting	91	Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0.1		June 30, 2026
reviews-sorted	reviews-sorted	N/A	Reviews Sorted <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute	LOW	*-2.4.2		June 30, 2026
logic-pro	logic-pro	91	Visitor Logic Lite <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie	LOW	*-1.0.3		June 30, 2026
simple-nivo-slider	simple-nivo-slider	N/A	Simple Nivo Slider <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.5.6		June 30, 2026
simplyconvert	simplyconvert	N/A	SimplyConvert <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option	LOW	*-1.0		June 30, 2026
ljusers	ljusers	91	LJUsers <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute	LOW	*-1.2.0		June 30, 2026
lt-unleashed	lt-unleashed	91	LT Unleashed <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter	LOW	*-1.1.1		June 30, 2026
wp-job-portal	wp-job-portal	N/A	WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read	LOW	*-2.4.0	2.4.1	June 30, 2026
wpdiscuz	wpdiscuz	N/A	Comments – wpDiscuz <= 7.6.39 - Unauthenticated Authentication Bypass Through Account Takeover	LOW	*-7.6.39	7.6.40	June 30, 2026
wp-coupons-and-deals	wp-coupons-and-deals	N/A	Coupons and Deals <= 3.2.4 - Missing Authorization	LOW	*-3.2.4	3.2.5	June 30, 2026
spoter-elementor	spoter-elementor	N/A	Spoter for Elementor <= 1.04 - Missing Authorization	LOW	*-1.04		June 30, 2026
rtl-tester	rtl-tester	N/A	RTL Tester <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2		June 30, 2026
reformer-elementor	reformer-elementor	N/A	Reformer for Elementor <= 1.0.6 - Missing Authorization	LOW	*-1.0.6		June 30, 2026
modalier-elementor	modalier-elementor	91	Modalier for Elementor <= 1.0.6 - Missing Authorization	LOW	*-1.0.6		June 30, 2026
media-library-tools	media-library-tools	93	Media Library Tools <= 1.6.15 - Authenticated (Author+) SQL Injection	LOW	*-1.6.15	1.7.0	June 30, 2026
masker-elementor	masker-elementor	91	Masker for Elementor <= 1.1.4 - Missing Authorization	LOW	*-1.1.4		June 30, 2026
lottier-wpbakery	lottier-wpbakery	91	Lottier for WPBakery <= 1.1.7 - Missing Authorization	LOW	*-1.1.7		June 30, 2026
lottier-gutenberg	lottier-gutenberg	91	Lottier <= 1.1.1 - Missing Authorization	LOW	*-1.1.1		June 30, 2026
lottier-elementor	lottier-elementor	91	Lottier for Elementor <= 1.0.9 - Missing Authorization	LOW	*-1.0.9		June 30, 2026
laser	laser	91	Laser <= 1.1.1 - Missing Authorization	LOW	*-1.1.1		June 30, 2026
huger-elementor	huger-elementor	91	Huger for Elementor <= 1.1.5 - Missing Authorization	LOW	*-1.1.5		June 30, 2026
grider-elementor	grider-elementor	91	Grider for Elementor <= 1.0.8 - Missing Authorization	LOW	*-1.0.8		June 30, 2026
freshchat	freshchat	91	Freshchat <= 2.3.4 - Cross-Site Request Forgery	LOW	*-2.3.4		June 30, 2026
buttoner-elementor	buttoner-elementor	91	Buttoner for Elementor <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Settings Change	LOW	*-1.0.6		June 30, 2026
bsk-pdf-manager	bsk-pdf-manager	91	BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-3.7.1	3.7.2	June 30, 2026
Widgets for Google Reviews	wp-reviews-plugin-for-google	92	Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode	LOW	*-13.2.1	13.2.2	June 30, 2026
List category posts	list-category-posts	94	List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode	LOW	*-0.91.0	0.92.0	June 30, 2026
feedzy-rss-feeds	feedzy-rss-feeds	93	RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery	LOW	*-5.1.1	5.1.2	June 30, 2026
wp-cardealer	wp-cardealer	N/A	WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation	LOW	*-1.2.16	1.2.17	June 30, 2026
ultimate-post-kit	ultimate-post-kit	N/A	Ultimate Post Kit <= 4.0.15 - Unauthenticated Information Disclosure	LOW	*-4.0.15	4.0.16	June 30, 2026
searcher-elementor	searcher-elementor	N/A	Searcher for Elementor <= 1.0.3 - Missing Authorization	LOW	*-1.0.3		June 30, 2026
scroller	scroller	N/A	Scroller <= 2.0.2 - Missing Authorization	LOW	*-2.0.2		June 30, 2026
nelio-popups	nelio-popups	N/A	Nelio Popups <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.0	1.3.1	June 30, 2026
motionger-elementor	motionger-elementor	N/A	Motionger for Elementor <= 2.0.4 - Missing Authorization	LOW	*-2.0.4		June 30, 2026
leaky-paywall	leaky-paywall	93	Leaky Paywall <= 4.22.6 - Missing Authorization	LOW	*-4.22.6	5.0	June 30, 2026
knowband-mobile-app-builder-for-woocommerce	knowband-mobile-app-builder-for-woocommerce	93	Knowband Mobile App Builder <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary User Deletion	LOW	*-2.0.8	3.0.0	June 30, 2026
homey-core	homey-core	93	Homey Core <= 2.4.3 - Missing Authorization	LOW	*-2.4.3	2.4.4	June 30, 2026
comparimager-elementor	comparimager-elementor	91	Comparimager for Elementor <= 1.0.1 - Missing Authorization	LOW	*-1.0.1		June 30, 2026
coder-elementor	coder-elementor	91	Coder for Elementor <= 1.0.13 - Missing Authorization	LOW	*-1.0.13		June 30, 2026
carter-elementor	carter-elementor	91	Carter for Elementor <= 1.0.2 - Missing Authorization	LOW	*-1.0.2		June 30, 2026
audier-elementor	audier-elementor	91	Audier For Elementor <= 1.0.9 - Missing Authorization	LOW	*-1.0.9		June 30, 2026
hippoo	hippoo	93	Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read	LOW	*-1.7.1	1.7.2	June 30, 2026
eltdf-membership	eltdf-membership	93	Elated Membership <= 1.2 - Authentication Bypass via Social Login	LOW	*-1.2	1.3	June 30, 2026
video-merchant	video-merchant	N/A	Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload	LOW	*-5.0.4		June 30, 2026
simple-download-counter	simple-download-counter	N/A	Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal	LOW	*-2.2.2	2.2.3	June 30, 2026
imager-elementor	imager-elementor	91	Imager for Elementor <= 2.0.4 - Missing Authorization	LOW	*-2.0.4		June 30, 2026
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links	broken-link-checker-seo	93	Broken Link Checker <= 1.2.6 - Authenticated (Author+) SQL Injection	LOW	*-1.2.6	1.2.7	June 30, 2026
advance-wp-query-search-filter	advance-wp-query-search-filter	93	Advance WP Query Search Filter <= 1.0.10 - Reflected Cross-Site Scripting	LOW	*-1.0.10		June 30, 2026
advance-wp-query-search-filter	advance-wp-query-search-filter	93	Advance WP Query Search Filter <= 1.0.10 - Reflected Cross-Site Scripting	LOW	*-1.0.10		June 30, 2026
Security Plugin, Firewall & Malware Scanner with Auto Removal	security-malware-firewall	70	Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL	LOW	*-2.168	2.169	June 30, 2026
yamaps	yamaps	N/A	YaMaps <= 0.6.39 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.6.39	0.6.40	June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	*-4.16.7	4.16.8	June 30, 2026
wp-flashy-marketing-automation	wp-flashy-marketing-automation	N/A	Flashy Marketing Automation <= 2.0.8 - Cross-Site Request Forgery	LOW	*-2.0.8	2.0.9	June 30, 2026
wp-email-capture	wp-email-capture	N/A	Email Capture <= 3.12.4 - Missing Authorization	LOW	*-3.12.4	3.12.5	June 30, 2026
wp-easycart	wp-easycart	N/A	EasyCart <= 5.8.11 - Unauthenticated Information Exposure	LOW	*-5.8.11	5.8.12	June 30, 2026
wp-crm-system	wp-crm-system	N/A	WP-CRM System <= 3.4.5 - Missing Authorization	LOW	*-3.4.5		June 30, 2026
Tableberg – Simple Gutenberg Table Block	tableberg	N/A	Table Block by Tableberg <= 0.6.9 - Missing Authorization	LOW	*-0.6.9	0.6.10	June 30, 2026
plugin-organizer	plugin-organizer	N/A	Plugin Organizer <= 10.2.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-10.2.3	10.2.4	June 30, 2026
page-views-count	page-views-count	N/A	Page View Count <= 2.8.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-2.8.7		June 30, 2026
just-tinymce-styles	just-tinymce-styles	91	Just TinyMCE Custom Styles <= 1.2.1 - Cross-Site Request Forgery	LOW	*-1.2.1		June 30, 2026
fb-reviews-widget	fb-reviews-widget	93	Social Reviews & Recommendations <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews	LOW	*-2.5	2.6	June 30, 2026
facebook-photo-fetcher	facebook-photo-fetcher	91	Social Photo Fetcher <= 3.0.4 - Cross-Site Request Forgery	LOW	*-3.0.4		June 30, 2026
eupago-gateway-for-woocommerce	eupago-gateway-for-woocommerce	91	Eupago Gateway For Woocommerce <= 4.6.3 - Missing Authorization	LOW	*-4.6.3		June 30, 2026
custom-field-template	custom-field-template	93	Custom Field Template <= 2.7.6 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.7.6	2.7.7	June 30, 2026
cf7-salesforce	cf7-salesforce	93	Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.6 - Missing Authorization	LOW	*-1.4.6	1.4.7	June 30, 2026
cf-geoplugin	cf-geoplugin	91	Geo Controller <= 8.9.4 - Unauthenticated Information Exposure	LOW	*-8.9.4		June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure	LOW	*-2.9.4	2.9.4.1	June 30, 2026
ai-co-pilot-for-wp	ai-co-pilot-for-wp	97	AI CoPilot <= 1.2.7 - Authenticated (Contributor+) Sensitive Information Exposure	LOW	*-1.2.7	1.2.8	June 30, 2026
advanced-product-fields-for-woocommerce	advanced-product-fields-for-woocommerce	97	Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication	LOW	*-1.6.17	1.6.18	June 30, 2026
wp-yandex-metrika	wp-yandex-metrika	N/A	Yandex.Metrica <= 1.2.2 - Missing Authorization	LOW	*-1.2.2		June 30, 2026
wp-ultimate-review	wp-ultimate-review	N/A	Ultimate Review <= 2.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.7	2.3.8	June 30, 2026
woocommerce-pdf-invoices-packing-slips	woocommerce-pdf-invoices-packing-slips	N/A	WooCommerce PDF Invoices & Packing Slips <= 4.9.1 - Missing Authorization	LOW	*-4.9.1	5.0.0	June 30, 2026
salon-booking-system	salon-booking-system	N/A	Salon booking system <= 10.30.3 - Cross-Site Request Forgery	LOW	*-10.30.3	10.30.4	June 30, 2026
make-section-column-clickable-elementor	make-section-column-clickable-elementor	93	Make Section & Column Clickable For Elementor <= 2.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-2.4	2.4.1	June 30, 2026
generic-elements-for-elementor	generic-elements-for-elementor	89	Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.8		June 30, 2026
contact-form-plugin	contact-form-plugin	93	Contact Form by BestWebSoft <= 4.3.6 - Missing Authorization	LOW	*-4.3.6	4.3.7	June 30, 2026
xpro-elementor-addons	xpro-elementor-addons	N/A	Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.19.1	1.4.20	June 30, 2026

LOW

easy-map-creator

Score: 91/100 Easy Map Creator <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-3.0.2 Patched: Updated: June 30, 2026

LOW

simple-al-slider

Score: N/A Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.2.10 Patched: Updated: June 30, 2026

LOW

ayo-shortcodes

Score: 91/100 Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute Affected: *-0.2 Patched: Updated: June 30, 2026

LOW

kirimemail-woocommerce-integration

Score: 91/100 Kirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings Update Affected: *-1.2.9 Patched: Updated: June 30, 2026

LOW

debatemaster

Score: 91/100 DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

url-media-uploader

Score: N/A URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

upcoming-for-calendly

Score: N/A Upcoming for Calendly <= 1.2.4 - Cross-Site Request Forgery to Settings Update Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

bmlt-wordpress-satellite-plugin

Score: 91/100 BMLT WordPress Plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion Affected: *-3.11.4 Patched: Updated: June 30, 2026

LOW

watchtowerhq

Score: N/A WatchTowerHQ <= 3.16.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter Affected: *-3.16.0 Patched: 3.16.1 Updated: June 30, 2026

LOW

omplag

Score: N/A Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wplg-default-mail-from

Score: N/A WPLG Default Mail From <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

player-leaderboard

Score: N/A Player Leaderboard 1.0.0 - 1.0.2 - Authenticated (Contributor+) Local File Inclusion Affected: 1.0.0-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

Score: 93/100 Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

coding-blocks

Score: 91/100 Coding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

vimeo-simplegallery

Score: N/A Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification Affected: *-0.2 Patched: Updated: June 30, 2026

LOW

animated-pixel-marquee-creator

Score: 95/100 Animated Pixel Marquee Creator <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

paypal-payments-shortcode

Score: N/A Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute Affected: *-1.01 Patched: Updated: June 30, 2026

LOW

buddytask

Score: 93/100 BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation Affected: *-1.3.0 Patched: 1.4.0 Updated: June 30, 2026

LOW

accept-stripe-payments-using-contact-form-7

Score: 97/100 Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message Affected: *-3.1 Patched: 3.2 Updated: June 30, 2026

LOW

bg-hide-email-address

Score: 91/100 Hide Email Address <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

better-elementor-addons

Score: 93/100 Better Elementor Addons <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider Widget Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

data-visualizer

Score: 91/100 Data Visualizer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

app-template-blocks-for-wpbakery-page-builder

Score: 95/100 App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

like-dislike-voting

Score: 91/100 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

reviews-sorted

Score: N/A Reviews Sorted <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute Affected: *-2.4.2 Patched: Updated: June 30, 2026

LOW

logic-pro

Score: 91/100 Visitor Logic Lite <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

simple-nivo-slider

Score: N/A Simple Nivo Slider <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.5.6 Patched: Updated: June 30, 2026

LOW

simplyconvert

Score: N/A SimplyConvert <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

ljusers

Score: 91/100 LJUsers <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

lt-unleashed

Score: 91/100 LT Unleashed <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

wp-job-portal

Score: N/A WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

wpdiscuz

Score: N/A Comments – wpDiscuz <= 7.6.39 - Unauthenticated Authentication Bypass Through Account Takeover Affected: *-7.6.39 Patched: 7.6.40 Updated: June 30, 2026

LOW

wp-coupons-and-deals

Score: N/A Coupons and Deals <= 3.2.4 - Missing Authorization Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

spoter-elementor

Score: N/A Spoter for Elementor <= 1.04 - Missing Authorization Affected: *-1.04 Patched: Updated: June 30, 2026

LOW

rtl-tester

Score: N/A RTL Tester <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

reformer-elementor

Score: N/A Reformer for Elementor <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

modalier-elementor

Score: 91/100 Modalier for Elementor <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

media-library-tools

Score: 93/100 Media Library Tools <= 1.6.15 - Authenticated (Author+) SQL Injection Affected: *-1.6.15 Patched: 1.7.0 Updated: June 30, 2026

LOW

masker-elementor

Score: 91/100 Masker for Elementor <= 1.1.4 - Missing Authorization Affected: *-1.1.4 Patched: Updated: June 30, 2026

LOW

lottier-wpbakery

Score: 91/100 Lottier for WPBakery <= 1.1.7 - Missing Authorization Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

lottier-gutenberg

Score: 91/100 Lottier <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

lottier-elementor

Score: 91/100 Lottier for Elementor <= 1.0.9 - Missing Authorization Affected: *-1.0.9 Patched: Updated: June 30, 2026

LOW

laser

Score: 91/100 Laser <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

huger-elementor

Score: 91/100 Huger for Elementor <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

grider-elementor

Score: 91/100 Grider for Elementor <= 1.0.8 - Missing Authorization Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

freshchat

Score: 91/100 Freshchat <= 2.3.4 - Cross-Site Request Forgery Affected: *-2.3.4 Patched: Updated: June 30, 2026

LOW

buttoner-elementor

Score: 91/100 Buttoner for Elementor <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Settings Change Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

bsk-pdf-manager

Score: 91/100 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload Affected: *-3.7.1 Patched: 3.7.2 Updated: June 30, 2026

LOW

Widgets for Google Reviews

wp-reviews-plugin-for-google

Score: 92/100 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode Affected: *-13.2.1 Patched: 13.2.2 Updated: June 30, 2026

LOW

List category posts

list-category-posts

Score: 94/100 List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode Affected: *-0.91.0 Patched: 0.92.0 Updated: June 30, 2026

LOW

feedzy-rss-feeds

Score: 93/100 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery Affected: *-5.1.1 Patched: 5.1.2 Updated: June 30, 2026

LOW

wp-cardealer

Score: N/A WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation Affected: *-1.2.16 Patched: 1.2.17 Updated: June 30, 2026

LOW

ultimate-post-kit

Score: N/A Ultimate Post Kit <= 4.0.15 - Unauthenticated Information Disclosure Affected: *-4.0.15 Patched: 4.0.16 Updated: June 30, 2026

LOW

searcher-elementor

Score: N/A Searcher for Elementor <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

scroller

Score: N/A Scroller <= 2.0.2 - Missing Authorization Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

nelio-popups

Score: N/A Nelio Popups <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

motionger-elementor

Score: N/A Motionger for Elementor <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: Updated: June 30, 2026

LOW

leaky-paywall

Score: 93/100 Leaky Paywall <= 4.22.6 - Missing Authorization Affected: *-4.22.6 Patched: 5.0 Updated: June 30, 2026

LOW

knowband-mobile-app-builder-for-woocommerce

Score: 93/100 Knowband Mobile App Builder <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary User Deletion Affected: *-2.0.8 Patched: 3.0.0 Updated: June 30, 2026

LOW

homey-core

Score: 93/100 Homey Core <= 2.4.3 - Missing Authorization Affected: *-2.4.3 Patched: 2.4.4 Updated: June 30, 2026

LOW

comparimager-elementor

Score: 91/100 Comparimager for Elementor <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

coder-elementor

Score: 91/100 Coder for Elementor <= 1.0.13 - Missing Authorization Affected: *-1.0.13 Patched: Updated: June 30, 2026

LOW

carter-elementor

Score: 91/100 Carter for Elementor <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

audier-elementor

Score: 91/100 Audier For Elementor <= 1.0.9 - Missing Authorization Affected: *-1.0.9 Patched: Updated: June 30, 2026

LOW

hippoo

Score: 93/100 Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

eltdf-membership

Score: 93/100 Elated Membership <= 1.2 - Authentication Bypass via Social Login Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

video-merchant

Score: N/A Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-5.0.4 Patched: Updated: June 30, 2026

LOW

simple-download-counter

Score: N/A Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026

LOW

imager-elementor

Score: 91/100 Imager for Elementor <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: Updated: June 30, 2026

LOW

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

Score: 93/100 Broken Link Checker <= 1.2.6 - Authenticated (Author+) SQL Injection Affected: *-1.2.6 Patched: 1.2.7 Updated: June 30, 2026

LOW

advance-wp-query-search-filter

Score: 93/100 Advance WP Query Search Filter <= 1.0.10 - Reflected Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: June 30, 2026

LOW

advance-wp-query-search-filter

Score: 93/100 Advance WP Query Search Filter <= 1.0.10 - Reflected Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: June 30, 2026

LOW

Security Plugin, Firewall & Malware Scanner with Auto Removal

security-malware-firewall

Score: 70/100 Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL Affected: *-2.168 Patched: 2.169 Updated: June 30, 2026

LOW

yamaps

Score: N/A YaMaps <= 0.6.39 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6.39 Patched: 0.6.40 Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-4.16.7 Patched: 4.16.8 Updated: June 30, 2026

LOW

wp-flashy-marketing-automation

Score: N/A Flashy Marketing Automation <= 2.0.8 - Cross-Site Request Forgery Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

wp-email-capture

Score: N/A Email Capture <= 3.12.4 - Missing Authorization Affected: *-3.12.4 Patched: 3.12.5 Updated: June 30, 2026

LOW

wp-easycart

Score: N/A EasyCart <= 5.8.11 - Unauthenticated Information Exposure Affected: *-5.8.11 Patched: 5.8.12 Updated: June 30, 2026

LOW

wp-crm-system

Score: N/A WP-CRM System <= 3.4.5 - Missing Authorization Affected: *-3.4.5 Patched: Updated: June 30, 2026

LOW

Tableberg – Simple Gutenberg Table Block

tableberg

Score: N/A Table Block by Tableberg <= 0.6.9 - Missing Authorization Affected: *-0.6.9 Patched: 0.6.10 Updated: June 30, 2026

LOW

plugin-organizer

Score: N/A Plugin Organizer <= 10.2.3 - Authenticated (Subscriber+) SQL Injection Affected: *-10.2.3 Patched: 10.2.4 Updated: June 30, 2026

LOW

page-views-count

Score: N/A Page View Count <= 2.8.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.8.7 Patched: Updated: June 30, 2026

LOW

just-tinymce-styles

Score: 91/100 Just TinyMCE Custom Styles <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

fb-reviews-widget

Score: 93/100 Social Reviews & Recommendations <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026

LOW

facebook-photo-fetcher

Score: 91/100 Social Photo Fetcher <= 3.0.4 - Cross-Site Request Forgery Affected: *-3.0.4 Patched: Updated: June 30, 2026

LOW

eupago-gateway-for-woocommerce

Score: 91/100 Eupago Gateway For Woocommerce <= 4.6.3 - Missing Authorization Affected: *-4.6.3 Patched: Updated: June 30, 2026

LOW

custom-field-template

Score: 93/100 Custom Field Template <= 2.7.6 - Authenticated (Subscriber+) Information Exposure Affected: *-2.7.6 Patched: 2.7.7 Updated: June 30, 2026

LOW

cf7-salesforce

Score: 93/100 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: 1.4.7 Updated: June 30, 2026

LOW

cf-geoplugin

Score: 91/100 Geo Controller <= 8.9.4 - Unauthenticated Information Exposure Affected: *-8.9.4 Patched: Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-2.9.4 Patched: 2.9.4.1 Updated: June 30, 2026

LOW

ai-co-pilot-for-wp

Score: 97/100 AI CoPilot <= 1.2.7 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

advanced-product-fields-for-woocommerce

Score: 97/100 Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication Affected: *-1.6.17 Patched: 1.6.18 Updated: June 30, 2026

LOW

wp-yandex-metrika

Score: N/A Yandex.Metrica <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

wp-ultimate-review

Score: N/A Ultimate Review <= 2.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026

LOW

woocommerce-pdf-invoices-packing-slips

Score: N/A WooCommerce PDF Invoices & Packing Slips <= 4.9.1 - Missing Authorization Affected: *-4.9.1 Patched: 5.0.0 Updated: June 30, 2026

LOW

salon-booking-system

Score: N/A Salon booking system <= 10.30.3 - Cross-Site Request Forgery Affected: *-10.30.3 Patched: 10.30.4 Updated: June 30, 2026

LOW

make-section-column-clickable-elementor

Score: 93/100 Make Section & Column Clickable For Elementor <= 2.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: 2.4.1 Updated: June 30, 2026

LOW

generic-elements-for-elementor

Score: 89/100 Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: June 30, 2026

LOW

contact-form-plugin

Score: 93/100 Contact Form by BestWebSoft <= 4.3.6 - Missing Authorization Affected: *-4.3.6 Patched: 4.3.7 Updated: June 30, 2026

LOW

xpro-elementor-addons

Score: N/A Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.19.1 Patched: 1.4.20 Updated: June 30, 2026

Showing 4501 to 4600 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 12:53 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List