Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wpzoom-elementor-addons	wpzoom-elementor-addons	N/A	WPZOOM Addons for Elementor <= 1.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.10	1.2.11	June 30, 2026
wpkoi-templates-for-elementor	wpkoi-templates-for-elementor	N/A	WPKoi Templates for Elementor <= 3.4.4 - Missing Authorization	LOW	*-3.4.4	3.4.5	June 30, 2026
thim-elementor-kit	thim-elementor-kit	N/A	Thim Elementor Kit <= 1.3.3 - Authenticated (Contributor+) Insecure Direct Object Reference	LOW	*-1.3.3	1.3.4	June 30, 2026
rehub-framework	rehub-framework	N/A	REHub Framework < 19.9.9.4 - Authenticated (Subscriber+) Information Exposure	LOW	[*, 19.9.9.4)	19.9.9.4	June 30, 2026
pdf-thumbnail-generator	pdf-thumbnail-generator	N/A	PDF Thumbnail Generator <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4	1.5	June 30, 2026
my-tickets	my-tickets	N/A	My Tickets <= 2.1.0 - Missing Authorization	LOW	*-2.1.0	2.1.1	June 30, 2026
Event Booking Manager for WooCommerce	mage-eventpress	82	WpEvently <= 5.1.1 - Cross-Site Request Forgery	LOW	*-5.1.1	5.1.2	June 30, 2026
jnews-paywall	jnews-paywall	93	JNews Paywall < 12.0.1 - Cross-Site Request Forgery	LOW	[*, 12.0.1)	12.0.1	June 30, 2026
jnews-gallery	jnews-gallery	93	JNews Gallery < 12.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 12.0.1)	12.0.1	June 30, 2026
gravitec-net-web-push-notifications	gravitec-net-web-push-notifications	93	Gravitec.net – Web Push Notifications <= 2.9.17 - Missing Authorization	LOW	*-2.9.17	2.9.18	June 30, 2026
funnel-builder	funnel-builder	93	Funnel Builder by FunnelKit <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.13.1.2	3.13.1.3	June 30, 2026
ergonet-varnish-cache	ergonet-varnish-cache	93	Ergonet Cache <= 1.0.13 - Missing Authorization	LOW	*-1.0.13	1.0.14	June 30, 2026
Auto Alt Text	auto-alt-text	98	Auto Alt Text <= 2.5.2 - Cross-Site Request Forgery	LOW	*-2.5.2	2.5.3	June 30, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All In One SEO Pack <= 4.9.1 - Authenticated (Contributor+) SQL Injection	LOW	*-4.9.1	4.9.1.1	June 30, 2026
advanced-faq-manager	advanced-faq-manager	97	Advanced FAQ Manager <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.5.2	1.5.3	June 30, 2026
actionwear-products-sync	actionwear-products-sync	95	Actionwear products sync <= 2.3.3 - Missing Authorization	LOW	*-2.3.3		June 30, 2026
All-in-One Video Gallery	all-in-one-video-gallery	70	All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP	LOW	4.5.4-4.5.7	4.6.4	June 30, 2026
astra-sites	astra-sites	93	Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass	LOW	*-4.4.41	4.4.42	June 30, 2026
Rich Showcase for Google Reviews	widget-google-reviews	87	Rich Shortcodes for Google Reviews <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review	LOW	*-6.8	6.8.1	June 30, 2026
tenweb-speed-optimizer	tenweb-speed-optimizer	N/A	10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache	LOW	*-2.32.7	2.32.11	June 30, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id	LOW	*-6.1.7	6.1.8	June 30, 2026
social-feed-gallery-portfolio	social-feed-gallery-portfolio	N/A	Social Feed Gallery Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.3		June 30, 2026
codeconfig-accessibility	codeconfig-accessibility	91	Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings	LOW	*-1.0.2		June 30, 2026
codeconfig-accessibility	codeconfig-accessibility	91	Accessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation	LOW	*-1.0.0	1.0.1	June 30, 2026
canadian-nutrition-facts-label	canadian-nutrition-facts-label	91	Canadian Nutrition Facts Label <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type	LOW	*-3.0		June 30, 2026
revinsite	revinsite	N/A	RevInsite <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1.0		June 30, 2026
woomotiv	woomotiv	N/A	Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting	LOW	*-3.6.3		June 30, 2026
cute-news-ticker	cute-news-ticker	91	Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute	LOW	*-1.0		June 30, 2026
extra-post-images	extra-post-images	91	Extra Post Images <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0		June 30, 2026
application-passwords	application-passwords	95	Application Passwords <= 0.1.3 - Reflected Cross-Site Scripting via reject_url	LOW	*-0.1.3		June 30, 2026
g-ffl-cockpit	g-ffl-cockpit	93	g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion	LOW	*-1.7.1	1.8.0	June 30, 2026
g-ffl-cockpit	g-ffl-cockpit	93	g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure	LOW	*-1.7.1	1.8.0	June 30, 2026
wp-landing-page	wp-landing-page	N/A	WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update	LOW	*-0.9.3		June 30, 2026
css3-buttons	css3-buttons	91	CSS3 Buttons <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.1		June 30, 2026
csv-sumotto	csv-sumotto	91	CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
listar-directory-listing	listar-directory-listing	89	Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update	LOW	*-3.0.0		June 30, 2026
listar-directory-listing	listar-directory-listing	89	Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion	LOW	*-3.0.0		June 30, 2026
list-attachments-shortcode	list-attachments-shortcode	91	List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode	LOW	* - 0.4.1a		June 30, 2026
helloprint	helloprint	91	Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification	LOW	*-2.1.2		June 30, 2026
instantsearch-for-woocommerce	instantsearch-for-woocommerce	93	Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation	LOW	*-3.0.67	3.0.68	June 30, 2026
mylco	mylco	N/A	myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-0.8.1		June 30, 2026
ultra-skype-button	ultra-skype-button	N/A	Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute	LOW	*-1.0		June 30, 2026
tr-timthumb	tr-timthumb	N/A	TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.4		June 30, 2026
flex-qr-code-generator	flex-qr-code-generator	91	Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload	LOW	*-1.2.7	1.2.8	June 30, 2026
yet-another-webclap-for-wordpress	yet-another-webclap-for-wordpress	N/A	Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.2		June 30, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause	LOW	*-3.40.1	3.41.0	June 30, 2026
wedocs	wedocs	N/A	weDocs <= 2.1.14 - Missing Authorization to Settings Update	LOW	*-2.1.14	2.1.15	June 30, 2026
Widgets for Google Reviews	wp-reviews-plugin-for-google	92	Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews	LOW	*-13.2.4	13.2.5	June 30, 2026
link-whisper	link-whisper	93	Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting	LOW	*-0.8.8	0.8.9	June 30, 2026
woo-thank-you-page-customizer	woo-thank-you-page-customizer	N/A	Thank You Page Customizer for WooCommerce <= 1.1.8 - Missing Authorization	LOW	*-1.1.8	1.1.9	June 30, 2026
tablesome	tablesome	N/A	Tablesome <= 1.1.34 - Missing Authorization	LOW	*-1.1.34	1.1.35.1	June 30, 2026
sv100-companion	sv100-companion	N/A	SV100 Companion <= 2.0.02 - Unauthenticated Privilege Escalation	LOW	*-2.0.02		June 30, 2026
sms-alert	sms-alert	N/A	SMS Alert Order Notifications <= 3.8.8 - Missing Authorization	LOW	*-3.8.8	3.8.9	June 30, 2026
sendpulse-email-marketing-newsletter	sendpulse-email-marketing-newsletter	N/A	SendPulse Email Marketing Newsletter <= 2.2.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.2.1	2.2.2	June 30, 2026
post-cloner	post-cloner	N/A	Post Cloner <= 1.0.0 - Missing Authorization	LOW	*-1.0.0		June 30, 2026
portfolio-and-projects	portfolio-and-projects	N/A	Portfolio and Projects <= 1.5.5 - Authenticated (Contributor+) Information Exposure	LOW	*-1.5.5	1.5.6	June 30, 2026
multiparcels-shipping-for-woocommerce	multiparcels-shipping-for-woocommerce	N/A	MultiParcels Shipping For WooCommerce <= 1.30.12 - Missing Authorization	LOW	*-1.30.12	1.30.13	June 30, 2026
master-addons	master-addons	93	Master Addons for Elementor <= 2.0.9.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.9.9.3	2.1.0	June 30, 2026
formstack	formstack	91	Formstack Online Forms <= 2.0.2 - Missing Authorization	LOW	*-2.0.2		June 30, 2026
envo-extra	envo-extra	93	Envo Extra <= 1.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.11	1.9.12	June 30, 2026
dt-the7-core	dt-the7-core	93	The7 Elements < 2.7.12 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 2.7.12)	2.7.12	June 30, 2026
custom-layouts	custom-layouts	93	Custom Layouts – Post + Product grids made easy <= 1.4.12 - Missing Authorization	LOW	*-1.4.12	1.5.0	June 30, 2026
constant-contact-woocommerce	constant-contact-woocommerce	93	Constant Contact + WooCommerce <= 2.4.1 - Missing Authorization	LOW	*-2.4.1	2.4.2	June 30, 2026
add-custom-codes	add-custom-codes	97	Add Custom Codes <= 4.80 - Cross-Site Request Forgery	LOW	*-4.80	5.0	June 30, 2026
wp-social	wp-social	N/A	Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering	LOW	*-3.1.3	3.1.4	June 30, 2026
my-auctions-allegro-free-edition	my-auctions-allegro-free-edition	N/A	My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller	LOW	*-3.6.32	3.6.33	June 30, 2026
trail-manager	trail-manager	N/A	Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
user-importer-and-generator	user-importer-and-generator	N/A	User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation	LOW	*-1.2.2		June 30, 2026
projectopia-core	projectopia-core	N/A	Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion	LOW	*-5.1.19	5.1.20	June 30, 2026
cool-tag-cloud	cool-tag-cloud	89	Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.29		June 30, 2026
cryptx	cryptx	93	CryptX <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.0.5	4.0.6	June 30, 2026
thai-lottery-widget	thai-lottery-widget	N/A	Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-2.5		June 30, 2026
ark-relatedpost	ark-relatedpost	97	ARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings Update	LOW	*-2.19	2.20	June 30, 2026
wc-vendors	wc-vendors	N/A	WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion	LOW	*-2.6.4	2.6.4.1	June 30, 2026
my-auctions-allegro-free-edition	my-auctions-allegro-free-edition	N/A	My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id	LOW	*-3.6.32	3.6.33	June 30, 2026
weekly-planner	weekly-planner	N/A	Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
user-verification	user-verification	N/A	Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover	LOW	*-2.0.44	2.0.45	June 30, 2026
live-css-preview	live-css-preview	93	Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-2.1.4	2.1.5	June 30, 2026
newsletters-from-rss-to-email-newsletters-using-nourish	newsletters-from-rss-to-email-newsletters-using-nourish	N/A	Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-1.0.1.3		June 30, 2026
torod	torod	N/A	Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification	LOW	*-1.9	2.0	June 30, 2026
voidek-employee-portal	voidek-employee-portal	N/A	Voidek Employee Portal <= 1.0.7 - Missing Authorization	LOW	*-1.0.7	1.0.8	June 30, 2026
payaza	payaza	N/A	Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update	LOW	*-0.3.8		June 30, 2026
jabberbenachrichtigung	jabberbenachrichtigung	91	Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO	LOW	* - 0.99-RC2		June 30, 2026
time-sheets	time-sheets	N/A	Time Sheets <= 2.1.3 - Use of Known Vulnerable Component	LOW	*-2.1.3		June 30, 2026
time-sheets	time-sheets	N/A	Time Sheets <= 2.1.3 - Cross-Site Request Forgery	LOW	*-2.1.3		June 30, 2026
twitscription	twitscription	N/A	Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO	LOW	*-0.1.1		June 30, 2026
wp-sos-donate	wp-sos-donate	N/A	WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-0.9.2		June 30, 2026
fitvids-for-wordpress	fitvids-for-wordpress	91	FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-4.0.1		June 30, 2026
dream-gallery	dream-gallery	91	dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action	LOW	*-1.0		June 30, 2026
sermon-manager-for-wordpress	sermon-manager-for-wordpress	N/A	Sermon Manager <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.30.0		June 30, 2026
contentstudio	contentstudio	93	ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload	LOW	*-1.3.7	1.4.0	June 30, 2026
contentstudio	contentstudio	93	ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update	LOW	*-1.3.7	1.4.0	June 30, 2026
eprolo-dropshipping	eprolo-dropshipping	93	EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification	LOW	*-2.3.1	2.4.0	June 30, 2026
easy-jump-links-menus	easy-jump-links-menus	91	Easy Jump Links Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.0		June 30, 2026
featured-image-via-url	featured-image-via-url	91	Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload	LOW	*-0.1		June 30, 2026
monetize-link	monetize-link	91	Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion	LOW	*-1.0.13		June 30, 2026
auto-thumbnailer	auto-thumbnailer	91	Auto Thumbnailer <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-1.0		June 30, 2026
image-optimizer-wpssk	image-optimizer-wpssk	91	Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization	LOW	*-1.2.0		June 30, 2026
cosign-sso	cosign-sso	91	CoSign Single Signon <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-0.3.1		June 30, 2026
webcake	webcake	N/A	Webcake – Landing Page Builder <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-1.1	1.2	June 30, 2026

LOW

wpzoom-elementor-addons

Score: N/A WPZOOM Addons for Elementor <= 1.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.10 Patched: 1.2.11 Updated: June 30, 2026

LOW

wpkoi-templates-for-elementor

Score: N/A WPKoi Templates for Elementor <= 3.4.4 - Missing Authorization Affected: *-3.4.4 Patched: 3.4.5 Updated: June 30, 2026

LOW

thim-elementor-kit

Score: N/A Thim Elementor Kit <= 1.3.3 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

rehub-framework

Score: N/A REHub Framework < 19.9.9.4 - Authenticated (Subscriber+) Information Exposure Affected: [*, 19.9.9.4) Patched: 19.9.9.4 Updated: June 30, 2026

LOW

pdf-thumbnail-generator

Score: N/A PDF Thumbnail Generator <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

my-tickets

Score: N/A My Tickets <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: 2.1.1 Updated: June 30, 2026

LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 5.1.1 - Cross-Site Request Forgery Affected: *-5.1.1 Patched: 5.1.2 Updated: June 30, 2026

LOW

jnews-paywall

Score: 93/100 JNews Paywall < 12.0.1 - Cross-Site Request Forgery Affected: [*, 12.0.1) Patched: 12.0.1 Updated: June 30, 2026

LOW

jnews-gallery

Score: 93/100 JNews Gallery < 12.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 12.0.1) Patched: 12.0.1 Updated: June 30, 2026

LOW

gravitec-net-web-push-notifications

Score: 93/100 Gravitec.net – Web Push Notifications <= 2.9.17 - Missing Authorization Affected: *-2.9.17 Patched: 2.9.18 Updated: June 30, 2026

LOW

funnel-builder

Score: 93/100 Funnel Builder by FunnelKit <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.13.1.2 Patched: 3.13.1.3 Updated: June 30, 2026

LOW

ergonet-varnish-cache

Score: 93/100 Ergonet Cache <= 1.0.13 - Missing Authorization Affected: *-1.0.13 Patched: 1.0.14 Updated: June 30, 2026

LOW

Auto Alt Text

auto-alt-text

Score: 98/100 Auto Alt Text <= 2.5.2 - Cross-Site Request Forgery Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All In One SEO Pack <= 4.9.1 - Authenticated (Contributor+) SQL Injection Affected: *-4.9.1 Patched: 4.9.1.1 Updated: June 30, 2026

LOW

advanced-faq-manager

Score: 97/100 Advanced FAQ Manager <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

actionwear-products-sync

Score: 95/100 Actionwear products sync <= 2.3.3 - Missing Authorization Affected: *-2.3.3 Patched: Updated: June 30, 2026

LOW

All-in-One Video Gallery

all-in-one-video-gallery

Score: 70/100 All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP Affected: 4.5.4-4.5.7 Patched: 4.6.4 Updated: June 30, 2026

LOW

astra-sites

Score: 93/100 Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass Affected: *-4.4.41 Patched: 4.4.42 Updated: June 30, 2026

LOW

Rich Showcase for Google Reviews

widget-google-reviews

Score: 87/100 Rich Shortcodes for Google Reviews <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review Affected: *-6.8 Patched: 6.8.1 Updated: June 30, 2026

LOW

tenweb-speed-optimizer

Score: N/A 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache Affected: *-2.32.7 Patched: 2.32.11 Updated: June 30, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id Affected: *-6.1.7 Patched: 6.1.8 Updated: June 30, 2026

LOW

social-feed-gallery-portfolio

Score: N/A Social Feed Gallery Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

Score: 91/100 Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

codeconfig-accessibility

Score: 91/100 Accessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

canadian-nutrition-facts-label

Score: 91/100 Canadian Nutrition Facts Label <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type Affected: *-3.0 Patched: Updated: June 30, 2026

LOW

revinsite

Score: N/A RevInsite <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

woomotiv

Score: N/A Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting Affected: *-3.6.3 Patched: Updated: June 30, 2026

LOW

cute-news-ticker

Score: 91/100 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

extra-post-images

Score: 91/100 Extra Post Images <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

application-passwords

Score: 95/100 Application Passwords <= 0.1.3 - Reflected Cross-Site Scripting via reject_url Affected: *-0.1.3 Patched: Updated: June 30, 2026

LOW

g-ffl-cockpit

Score: 93/100 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion Affected: *-1.7.1 Patched: 1.8.0 Updated: June 30, 2026

LOW

g-ffl-cockpit

Score: 93/100 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure Affected: *-1.7.1 Patched: 1.8.0 Updated: June 30, 2026

LOW

wp-landing-page

Score: N/A WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update Affected: *-0.9.3 Patched: Updated: June 30, 2026

LOW

css3-buttons

Score: 91/100 CSS3 Buttons <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

csv-sumotto

Score: 91/100 CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

listar-directory-listing

Score: 89/100 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

listar-directory-listing

Score: 89/100 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

list-attachments-shortcode

Score: 91/100 List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode Affected: * - 0.4.1a Patched: Updated: June 30, 2026

LOW

helloprint

Score: 91/100 Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification Affected: *-2.1.2 Patched: Updated: June 30, 2026

LOW

instantsearch-for-woocommerce

Score: 93/100 Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation Affected: *-3.0.67 Patched: 3.0.68 Updated: June 30, 2026

LOW

mylco

Score: N/A myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-0.8.1 Patched: Updated: June 30, 2026

LOW

ultra-skype-button

Score: N/A Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

tr-timthumb

Score: N/A TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

flex-qr-code-generator

Score: 91/100 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

yet-another-webclap-for-wordpress

Score: N/A Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.2 Patched: Updated: June 30, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause Affected: *-3.40.1 Patched: 3.41.0 Updated: June 30, 2026

LOW

wedocs

Score: N/A weDocs <= 2.1.14 - Missing Authorization to Settings Update Affected: *-2.1.14 Patched: 2.1.15 Updated: June 30, 2026

LOW

Widgets for Google Reviews

wp-reviews-plugin-for-google

Score: 92/100 Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews Affected: *-13.2.4 Patched: 13.2.5 Updated: June 30, 2026

LOW

link-whisper

Score: 93/100 Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting Affected: *-0.8.8 Patched: 0.8.9 Updated: June 30, 2026

LOW

woo-thank-you-page-customizer

Score: N/A Thank You Page Customizer for WooCommerce <= 1.1.8 - Missing Authorization Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome <= 1.1.34 - Missing Authorization Affected: *-1.1.34 Patched: 1.1.35.1 Updated: June 30, 2026

LOW

sv100-companion

Score: N/A SV100 Companion <= 2.0.02 - Unauthenticated Privilege Escalation Affected: *-2.0.02 Patched: Updated: June 30, 2026

LOW

sms-alert

Score: N/A SMS Alert Order Notifications <= 3.8.8 - Missing Authorization Affected: *-3.8.8 Patched: 3.8.9 Updated: June 30, 2026

LOW

sendpulse-email-marketing-newsletter

Score: N/A SendPulse Email Marketing Newsletter <= 2.2.1 - Authenticated (Subscriber+) Information Exposure Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

post-cloner

Score: N/A Post Cloner <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

portfolio-and-projects

Score: N/A Portfolio and Projects <= 1.5.5 - Authenticated (Contributor+) Information Exposure Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

multiparcels-shipping-for-woocommerce

Score: N/A MultiParcels Shipping For WooCommerce <= 1.30.12 - Missing Authorization Affected: *-1.30.12 Patched: 1.30.13 Updated: June 30, 2026

LOW

master-addons

Score: 93/100 Master Addons for Elementor <= 2.0.9.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.9.9.3 Patched: 2.1.0 Updated: June 30, 2026

LOW

formstack

Score: 91/100 Formstack Online Forms <= 2.0.2 - Missing Authorization Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

envo-extra

Score: 93/100 Envo Extra <= 1.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.11 Patched: 1.9.12 Updated: June 30, 2026

LOW

dt-the7-core

Score: 93/100 The7 Elements < 2.7.12 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 2.7.12) Patched: 2.7.12 Updated: June 30, 2026

LOW

custom-layouts

Score: 93/100 Custom Layouts – Post + Product grids made easy <= 1.4.12 - Missing Authorization Affected: *-1.4.12 Patched: 1.5.0 Updated: June 30, 2026

LOW

constant-contact-woocommerce

Score: 93/100 Constant Contact + WooCommerce <= 2.4.1 - Missing Authorization Affected: *-2.4.1 Patched: 2.4.2 Updated: June 30, 2026

LOW

add-custom-codes

Score: 97/100 Add Custom Codes <= 4.80 - Cross-Site Request Forgery Affected: *-4.80 Patched: 5.0 Updated: June 30, 2026

LOW

wp-social

Score: N/A Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

my-auctions-allegro-free-edition

Score: N/A My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller Affected: *-3.6.32 Patched: 3.6.33 Updated: June 30, 2026

LOW

trail-manager

Score: N/A Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

user-importer-and-generator

Score: N/A User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

projectopia-core

Score: N/A Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion Affected: *-5.1.19 Patched: 5.1.20 Updated: June 30, 2026

LOW

cool-tag-cloud

Score: 89/100 Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.29 Patched: Updated: June 30, 2026

LOW

cryptx

Score: 93/100 CryptX <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.5 Patched: 4.0.6 Updated: June 30, 2026

LOW

thai-lottery-widget

Score: N/A Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-2.5 Patched: Updated: June 30, 2026

LOW

ark-relatedpost

Score: 97/100 ARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings Update Affected: *-2.19 Patched: 2.20 Updated: June 30, 2026

LOW

wc-vendors

Score: N/A WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion Affected: *-2.6.4 Patched: 2.6.4.1 Updated: June 30, 2026

LOW

my-auctions-allegro-free-edition

Score: N/A My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id Affected: *-3.6.32 Patched: 3.6.33 Updated: June 30, 2026

LOW

weekly-planner

Score: N/A Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

user-verification

Score: N/A Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover Affected: *-2.0.44 Patched: 2.0.45 Updated: June 30, 2026

LOW

live-css-preview

Score: 93/100 Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

newsletters-from-rss-to-email-newsletters-using-nourish

Score: N/A Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-1.0.1.3 Patched: Updated: June 30, 2026

LOW

torod

Score: N/A Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification Affected: *-1.9 Patched: 2.0 Updated: June 30, 2026

LOW

voidek-employee-portal

Score: N/A Voidek Employee Portal <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

payaza

Score: N/A Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update Affected: *-0.3.8 Patched: Updated: June 30, 2026

LOW

jabberbenachrichtigung

Score: 91/100 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO Affected: * - 0.99-RC2 Patched: Updated: June 30, 2026

LOW

time-sheets

Score: N/A Time Sheets <= 2.1.3 - Use of Known Vulnerable Component Affected: *-2.1.3 Patched: Updated: June 30, 2026

LOW

time-sheets

Score: N/A Time Sheets <= 2.1.3 - Cross-Site Request Forgery Affected: *-2.1.3 Patched: Updated: June 30, 2026

LOW

twitscription

Score: N/A Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO Affected: *-0.1.1 Patched: Updated: June 30, 2026

LOW

wp-sos-donate

Score: N/A WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-0.9.2 Patched: Updated: June 30, 2026

LOW

fitvids-for-wordpress

Score: 91/100 FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: June 30, 2026

LOW

dream-gallery

Score: 91/100 dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

sermon-manager-for-wordpress

Score: N/A Sermon Manager <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.30.0 Patched: Updated: June 30, 2026

LOW

contentstudio

Score: 93/100 ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload Affected: *-1.3.7 Patched: 1.4.0 Updated: June 30, 2026

LOW

contentstudio

Score: 93/100 ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update Affected: *-1.3.7 Patched: 1.4.0 Updated: June 30, 2026

LOW

eprolo-dropshipping

Score: 93/100 EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification Affected: *-2.3.1 Patched: 2.4.0 Updated: June 30, 2026

LOW

easy-jump-links-menus

Score: 91/100 Easy Jump Links Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

featured-image-via-url

Score: 91/100 Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

monetize-link

Score: 91/100 Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion Affected: *-1.0.13 Patched: Updated: June 30, 2026

LOW

auto-thumbnailer

Score: 91/100 Auto Thumbnailer <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

image-optimizer-wpssk

Score: 91/100 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

cosign-sso

Score: 91/100 CoSign Single Signon <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-0.3.1 Patched: Updated: June 30, 2026

LOW

webcake

Score: N/A Webcake – Landing Page Builder <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.1 Patched: 1.2 Updated: June 30, 2026

Showing 4601 to 4700 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 11:26 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List