Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
bread-butter	bread-butter	91	Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents <= 7.11.1374 - Cross-Site Request Forgery to Arbitrary File Upload	LOW	*-7.11.1374	8.0.1398	June 30, 2026
omnipress	omnipress	N/A	Omnipress <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.6.5	1.6.6	June 30, 2026
feedback-modal-for-website	feedback-modal-for-website	91	Feedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter	LOW	*-1.0.1		June 30, 2026
tw-image-hover-share	tw-image-hover-share	N/A	Quantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.8		June 30, 2026
pdf-catalog-for-woocommerce	pdf-catalog-for-woocommerce	N/A	PDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.1.18		June 30, 2026
hide-categories-or-products-on-shop-page	hide-categories-or-products-on-shop-page	91	Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.7		June 30, 2026
surveyfunnel-lite	surveyfunnel-lite	N/A	SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure	LOW	*-1.1.5		June 30, 2026
surveyfunnel-lite	surveyfunnel-lite	N/A	SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.5		June 30, 2026
ssp-debugging	ssp-debugging	N/A	SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure	LOW	*-1.0.0		June 30, 2026
crm-memberships	crm-memberships	91	CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint	LOW	*-2.6	2.7	June 30, 2026
crm-memberships	crm-memberships	91	CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action	LOW	*-2.5		June 30, 2026
norby-ai	norby-ai	N/A	Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.3		June 30, 2026
demo-importer-plus	demo-importer-plus	93	Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass	LOW	*-2.0.6	2.0.7	June 30, 2026
xcloner-backup-and-restore	xcloner-backup-and-restore	N/A	Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()	LOW	*-4.8.2	4.8.3	June 30, 2026
Booking Calendar	booking	71	Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode	LOW	*-10.14.6	10.14.7	June 30, 2026
postgallery	postgallery	N/A	PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.12.5		June 30, 2026
Xagio SEO – AI Powered SEO	xagio-seo	64	Xagio SEO <= 7.1.0.37 - Missing Authorization	LOW	*-7.1.0.37	7.1.0.38	June 30, 2026
wp-google-analytics-events	wp-google-analytics-events	N/A	Google Analytics Events <= 2.8.2 - Unauthenticated Information Exposure	LOW	*-2.8.2		June 30, 2026
woo-payment-gateway-paysera	woo-payment-gateway-paysera	N/A	WooCommerce Payment Gateway – Paysera <= 3.10.0 - Missing Authorization	LOW	*-3.10.0	3.11.0	June 30, 2026
user-spam-remover	user-spam-remover	N/A	User Spam Remover <= 1.1 - Unauthenticated Information Exposure	LOW	*-1.1		June 30, 2026
smtp-mail	smtp-mail	N/A	SMTP Mail <= 1.3.49 - Cross-Site Request Forgery	LOW	*-1.3.49		June 30, 2026
premium-addons-for-elementor	premium-addons-for-elementor	N/A	Premium Addons for Elementor <= 4.11.53 - Unauthenticated Information Exposure	LOW	*-4.11.53	4.11.54	June 30, 2026
pico	pico	N/A	Hype <= 1.0.5 - Missing Authorization	LOW	*-1.0.5		June 30, 2026
media-library-downloader	media-library-downloader	93	Media Library Downloader <= 1.4.0 - Cross-Site Request Forgery	LOW	*-1.4.0	1.4.1	June 30, 2026
Event Booking Manager for WooCommerce	mage-eventpress	82	WpEvently <= 5.0.4 - Missing Authorization	LOW	*-5.0.4	5.0.5	June 30, 2026
image-cleanup	image-cleanup	87	Image Cleanup <= 1.9.2 - Unauthenticated Information Exposure	LOW	*-1.9.2		June 30, 2026
image-cleanup	image-cleanup	87	Image Cleanup <= 1.9.2 - Missing Authorization	LOW	*-1.9.2		June 30, 2026
happy-elementor-addons	happy-elementor-addons	93	Happy Addons for Elementor <= 3.20.3 - Missing Authorization	LOW	*-3.20.3	3.20.4	June 30, 2026
gsheetconnector-wpforms	gsheetconnector-wpforms	93	WPForms Google Sheet Connector <= 4.0.0 - Missing Authorization	LOW	*-4.0.0	4.0.1	June 30, 2026
erp	erp	93	ERP <= 1.16.7 - Missing Authorization	LOW	*-1.16.7	1.16.8	June 30, 2026
custom-sidebars-by-proteusthemes	custom-sidebars-by-proteusthemes	91	Custom Sidebars by ProteusThemes <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3		June 30, 2026
ai-co-pilot-for-wp	ai-co-pilot-for-wp	97	AI CoPilot <= 1.2.7 - Authenticated (Contributor+) Information Exposure	LOW	*-1.2.7	1.2.8	June 30, 2026
custom-post-type-ui	custom-post-type-ui	93	Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification	LOW	*-1.18.0	1.18.1	June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering	LOW	*-2.9.4	2.9.4.1	June 30, 2026
clikstats	clikstats	91	Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']	LOW	*-0.8		June 30, 2026
codistoconnect	codistoconnect	89	Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.3.65		June 30, 2026
webp-express	webp-express	N/A	WebP Express <= 0.25.9 - Unauthenticated Information Exposure	LOW	*-0.25.9	0.25.11	June 30, 2026
Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution	fluent-booking	96	Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management	LOW	*-1.9.11	1.10.0	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover	LOW	1.4.0-1.4.4	1.4.5	June 30, 2026
Autoptimize	autoptimize	87	Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.13	3.1.14	June 30, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation	LOW	*-3.40.1	3.41.0	June 30, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection	LOW	*-3.40.1	3.41.0	June 30, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update	LOW	*-3.28.20	3.28.21	June 30, 2026
woocommerce-products-filter	woocommerce-products-filter	N/A	HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'	LOW	*-1.3.7.2	1.3.7.3	June 30, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp	87	Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update	LOW	*-3.6.1	3.6.2	June 30, 2026
post-grid	post-grid	N/A	Post Grid and Gutenberg Blocks <= 2.3.19 - Unauthenticated Insecure Direct Object Reference	LOW	*-2.3.19		June 30, 2026
order-delivery-date-for-woocommerce	order-delivery-date-for-woocommerce	N/A	Order Delivery Date for WooCommerce <= 4.3.1 - Missing Authorization	LOW	*-4.3.1	4.3.2	June 30, 2026
gutenverse-news	gutenverse-news	93	Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons <= 3.0.2 - Missing Authorization	LOW	*-3.0.2	3.1.0	June 30, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.9.23.0 - Unauthenticated Arbitrary File Upload	LOW	*-2.9.23.0	2.9.23.1	June 30, 2026
chart-builder	chart-builder	93	Chartify <= 3.6.3 - Cross-Site Request Forgery	LOW	*-3.6.3	3.6.4	June 30, 2026
business-directory-plugin	business-directory-plugin	93	Business Directory <= 6.4.19 - Cross-Site Request Forgery	LOW	*-6.4.19	6.4.20	June 30, 2026
shopengine	shopengine	N/A	ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation	LOW	*-4.8.5	4.8.6	June 30, 2026
acf-extended	acf-extended	97	Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form	LOW	0.9.0.5-0.9.1.1	0.9.2	June 30, 2026
everest-backup	everest-backup	91	Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure	LOW	*-2.3.8	2.3.9	June 30, 2026
fluent-cart	fluent-cart	93	FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter	LOW	*-1.3.1	1.3.2	June 30, 2026
MxChat – AI Chatbot & Content Generation for WordPress	mxchat-basic	80	MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure	LOW	*-2.5.5	2.5.6	June 30, 2026
cssigniter-shortcodes	cssigniter-shortcodes	93	CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute	LOW	*-2.4.1	2.4.2	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition	LOW	2.13.1-2.13.2	2.13.3	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion	LOW	2.13.1-2.13.2	2.13.3	June 30, 2026
designthemes-lms	designthemes-lms	93	DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation	LOW	*-1.0.4	1.0.5	June 30, 2026
wps-bidouille	wps-bidouille	N/A	WPS Bidouille <= 1.33.1 - Missing Authorization	LOW	*-1.33.1	1.33.2	June 30, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.7.0.82 - Cross-Site Request Forgery	LOW	*-6.7.0.82	6.7.0.83	June 30, 2026
projectopia-core	projectopia-core	N/A	Projectopia <= 5.1.22 - Authenticated (Custom+) Insecure Direct Object Reference	LOW	*-5.1.22		June 30, 2026
b-tiktok-feed	b-tiktok-feed	93	Tiktok Feed <= 1.0.23 - Missing Authorization	LOW	*-1.0.23	1.0.24	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection	LOW	*-1.4.6	1.4.7	June 30, 2026
suremails	suremails	N/A	SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload	LOW	*-1.9.0	1.9.1	June 30, 2026
vikrentcar	vikrentcar	N/A	VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter	LOW	*-1.4.4	1.4.5	June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification	LOW	*-2.9.4	2.9.4.1	June 30, 2026
zigaform-calculator-cost-estimation-form-builder-lite	zigaform-calculator-cost-estimation-form-builder-lite	N/A	Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint	LOW	*-7.6.5	7.6.7	June 30, 2026
gallery-photo-gallery	gallery-photo-gallery	93	Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions	LOW	*-6.4.8	6.4.9	June 30, 2026
surveyjs	surveyjs	N/A	SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion	LOW	*-1.12.20	1.20.27	June 30, 2026
visualizer	visualizer	N/A	Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection	LOW	*-3.11.12	3.11.13	June 30, 2026
WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets	wp-social-reviews	N/A	WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import	LOW	*-3.20.3	4.0.0	June 30, 2026
wp-ultimate-exporter	wp-ultimate-exporter	N/A	Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure	LOW	*-2.19	2.20	June 30, 2026
Kadence WooCommerce Email Designer	kadence-woocommerce-email-designer	90	Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.5.17	1.5.18	June 30, 2026
blockart-blocks	blockart-blocks	93	BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute	LOW	*-2.2.13	2.2.14	June 30, 2026
cost-calculator-builder	cost-calculator-builder	93	Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion	LOW	*-3.6.3	3.6.4	June 30, 2026
nexter-extension	nexter-extension	N/A	Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.4.1	4.4.2	June 30, 2026
get-cash	get-cash	89	Get Cash <= 3.2.3 - Missing Authorization	LOW	*-3.2.3		June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action	LOW	*-3.3.2	3.3.3	June 30, 2026
contact-form-to-email	contact-form-to-email	93	Contact Form Email <= 1.3.60 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.3.60	1.3.61	June 30, 2026
arconix-shortcodes	arconix-shortcodes	95	Arconix Shortcodes <= 2.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.19		June 30, 2026
Payment Gateway for PayPal on WooCommerce	woo-paypal-gateway	N/A	Payment Gateway for PayPal on WooCommerce <= 9.0.53 - Missing Authorization	LOW	*-9.0.53	9.0.54	June 30, 2026
woo-cart-weight	woo-cart-weight	N/A	Cart Weight for WooCommerce <= 1.9.11 - Missing Authorization	LOW	*-1.9.11	1.9.12	June 30, 2026
werkstatt-plugin	werkstatt-plugin	N/A	WerkStatt <= 1.6.6 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.6.6	1.6.7	June 30, 2026
tutor-lms-elementor-addons	tutor-lms-elementor-addons	N/A	Tutor LMS Elementor Addons <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.1	3.0.2	June 30, 2026
traderunner	traderunner	N/A	Trade Runner <= 3.14 - Cross-Site Request Forgery	LOW	*-3.14		June 30, 2026
stylish-price-list	stylish-price-list	N/A	Stylish Price List <= 7.2.2 - Missing Authorization	LOW	*-7.2.2	7.2.3	June 30, 2026
Security Optimizer – The All-In-One Protection Plugin	sg-security	83	SiteGround Security <= 1.5.8 - Missing Authorization	LOW	*-1.5.8	1.5.9	June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 10.3.2 - Missing Authorization	LOW	*-10.3.2	10.3.3	June 30, 2026
Event Booking Manager for WooCommerce	mage-eventpress	82	WpEvently <= 5.0.4 - Missing Authorization	LOW	*-5.0.4	5.0.5	June 30, 2026
learnpress	learnpress	93	LearnPress <= 4.2.9.4 - Missing Authorization	LOW	*-4.2.9.4	4.3.0	June 30, 2026
learning-management-system	learning-management-system	93	Masteriyo - LMS <= 2.0.3 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-2.0.3	2.0.4	June 30, 2026
catfolders	catfolders	93	CatFolders <= 2.5.3 - Missing Authorization	LOW	*-2.5.3	2.5.4	June 30, 2026
streamtube-core	streamtube-core	N/A	StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change	LOW	*-4.78	4.79	June 30, 2026
wp-sifr	wp-sifr	N/A	sIFR <= 0.6.8.1 - Cross-Site Request Forgery	LOW	*-0.6.8.1		June 30, 2026
wp-compress-mainwp	wp-compress-mainwp	N/A	Compress for MainWP <= 6.50.07 - Missing Authorization	LOW	*-6.50.07		June 30, 2026
TNC Toolbox: Web Performance	tnc-toolbox	98	TNC Toolbox: Web Performance <= 2.0.4 - Missing Authorization	LOW	*-2.0.4	2.0.5	June 30, 2026
quick-interest-slider	quick-interest-slider	N/A	Quick Interest Slider <= 3.1.5 - Cross-Site Request Forgery	LOW	*-3.1.5	3.1.6	June 30, 2026
quick-interest-slider	quick-interest-slider	N/A	Quick Interest Slider <= 3.1.5 - Missing Authorization	LOW	*-3.1.5		June 30, 2026

LOW

bread-butter

Score: 91/100 Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents <= 7.11.1374 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-7.11.1374 Patched: 8.0.1398 Updated: June 30, 2026

LOW

omnipress

Score: N/A Omnipress <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

feedback-modal-for-website

Score: 91/100 Feedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

tw-image-hover-share

Score: N/A Quantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

pdf-catalog-for-woocommerce

Score: N/A PDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1.18 Patched: Updated: June 30, 2026

LOW

hide-categories-or-products-on-shop-page

Score: 91/100 Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.7 Patched: Updated: June 30, 2026

LOW

surveyfunnel-lite

Score: N/A SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

surveyfunnel-lite

Score: N/A SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

ssp-debugging

Score: N/A SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

crm-memberships

Score: 91/100 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint Affected: *-2.6 Patched: 2.7 Updated: June 30, 2026

LOW

crm-memberships

Score: 91/100 CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action Affected: *-2.5 Patched: Updated: June 30, 2026

LOW

norby-ai

Score: N/A Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

demo-importer-plus

Score: 93/100 Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass Affected: *-2.0.6 Patched: 2.0.7 Updated: June 30, 2026

LOW

xcloner-backup-and-restore

Score: N/A Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() Affected: *-4.8.2 Patched: 4.8.3 Updated: June 30, 2026

LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode Affected: *-10.14.6 Patched: 10.14.7 Updated: June 30, 2026

LOW

postgallery

Score: N/A PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.12.5 Patched: Updated: June 30, 2026

LOW

Xagio SEO – AI Powered SEO

xagio-seo

Score: 64/100 Xagio SEO <= 7.1.0.37 - Missing Authorization Affected: *-7.1.0.37 Patched: 7.1.0.38 Updated: June 30, 2026

LOW

wp-google-analytics-events

Score: N/A Google Analytics Events <= 2.8.2 - Unauthenticated Information Exposure Affected: *-2.8.2 Patched: Updated: June 30, 2026

LOW

woo-payment-gateway-paysera

Score: N/A WooCommerce Payment Gateway – Paysera <= 3.10.0 - Missing Authorization Affected: *-3.10.0 Patched: 3.11.0 Updated: June 30, 2026

LOW

user-spam-remover

Score: N/A User Spam Remover <= 1.1 - Unauthenticated Information Exposure Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

smtp-mail

Score: N/A SMTP Mail <= 1.3.49 - Cross-Site Request Forgery Affected: *-1.3.49 Patched: Updated: June 30, 2026

LOW

premium-addons-for-elementor

Score: N/A Premium Addons for Elementor <= 4.11.53 - Unauthenticated Information Exposure Affected: *-4.11.53 Patched: 4.11.54 Updated: June 30, 2026

LOW

pico

Score: N/A Hype <= 1.0.5 - Missing Authorization Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

media-library-downloader

Score: 93/100 Media Library Downloader <= 1.4.0 - Cross-Site Request Forgery Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 5.0.4 - Missing Authorization Affected: *-5.0.4 Patched: 5.0.5 Updated: June 30, 2026

LOW

image-cleanup

Score: 87/100 Image Cleanup <= 1.9.2 - Unauthenticated Information Exposure Affected: *-1.9.2 Patched: Updated: June 30, 2026

LOW

image-cleanup

Score: 87/100 Image Cleanup <= 1.9.2 - Missing Authorization Affected: *-1.9.2 Patched: Updated: June 30, 2026

LOW

happy-elementor-addons

Score: 93/100 Happy Addons for Elementor <= 3.20.3 - Missing Authorization Affected: *-3.20.3 Patched: 3.20.4 Updated: June 30, 2026

LOW

gsheetconnector-wpforms

Score: 93/100 WPForms Google Sheet Connector <= 4.0.0 - Missing Authorization Affected: *-4.0.0 Patched: 4.0.1 Updated: June 30, 2026

LOW

erp

Score: 93/100 ERP <= 1.16.7 - Missing Authorization Affected: *-1.16.7 Patched: 1.16.8 Updated: June 30, 2026

LOW

custom-sidebars-by-proteusthemes

Score: 91/100 Custom Sidebars by ProteusThemes <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

ai-co-pilot-for-wp

Score: 97/100 AI CoPilot <= 1.2.7 - Authenticated (Contributor+) Information Exposure Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

custom-post-type-ui

Score: 93/100 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification Affected: *-1.18.0 Patched: 1.18.1 Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering Affected: *-2.9.4 Patched: 2.9.4.1 Updated: June 30, 2026

LOW

clikstats

Score: 91/100 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] Affected: *-0.8 Patched: Updated: June 30, 2026

LOW

codistoconnect

Score: 89/100 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.65 Patched: Updated: June 30, 2026

LOW

webp-express

Score: N/A WebP Express <= 0.25.9 - Unauthenticated Information Exposure Affected: *-0.25.9 Patched: 0.25.11 Updated: June 30, 2026

LOW

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution

fluent-booking

Score: 96/100 Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management Affected: *-1.9.11 Patched: 1.10.0 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover Affected: 1.4.0-1.4.4 Patched: 1.4.5 Updated: June 30, 2026

LOW

Autoptimize

autoptimize

Score: 87/100 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.13 Patched: 3.1.14 Updated: June 30, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation Affected: *-3.40.1 Patched: 3.41.0 Updated: June 30, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection Affected: *-3.40.1 Patched: 3.41.0 Updated: June 30, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update Affected: *-3.28.20 Patched: 3.28.21 Updated: June 30, 2026

LOW

woocommerce-products-filter

Score: N/A HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' Affected: *-1.3.7.2 Patched: 1.3.7.3 Updated: June 30, 2026

LOW

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Score: 87/100 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update Affected: *-3.6.1 Patched: 3.6.2 Updated: June 30, 2026

LOW

post-grid

Score: N/A Post Grid and Gutenberg Blocks <= 2.3.19 - Unauthenticated Insecure Direct Object Reference Affected: *-2.3.19 Patched: Updated: June 30, 2026

LOW

order-delivery-date-for-woocommerce

Score: N/A Order Delivery Date for WooCommerce <= 4.3.1 - Missing Authorization Affected: *-4.3.1 Patched: 4.3.2 Updated: June 30, 2026

LOW

gutenverse-news

Score: 93/100 Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons <= 3.0.2 - Missing Authorization Affected: *-3.0.2 Patched: 3.1.0 Updated: June 30, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.9.23.0 - Unauthenticated Arbitrary File Upload Affected: *-2.9.23.0 Patched: 2.9.23.1 Updated: June 30, 2026

LOW

chart-builder

Score: 93/100 Chartify <= 3.6.3 - Cross-Site Request Forgery Affected: *-3.6.3 Patched: 3.6.4 Updated: June 30, 2026

LOW

business-directory-plugin

Score: 93/100 Business Directory <= 6.4.19 - Cross-Site Request Forgery Affected: *-6.4.19 Patched: 6.4.20 Updated: June 30, 2026

LOW

shopengine

Score: N/A ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation Affected: *-4.8.5 Patched: 4.8.6 Updated: June 30, 2026

LOW

acf-extended

Score: 97/100 Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form Affected: 0.9.0.5-0.9.1.1 Patched: 0.9.2 Updated: June 30, 2026

LOW

everest-backup

Score: 91/100 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure Affected: *-2.3.8 Patched: 2.3.9 Updated: June 30, 2026

LOW

fluent-cart

Score: 93/100 FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

Score: 80/100 MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure Affected: *-2.5.5 Patched: 2.5.6 Updated: June 30, 2026

LOW

cssigniter-shortcodes

Score: 93/100 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute Affected: *-2.4.1 Patched: 2.4.2 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition Affected: 2.13.1-2.13.2 Patched: 2.13.3 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion Affected: 2.13.1-2.13.2 Patched: 2.13.3 Updated: June 30, 2026

LOW

designthemes-lms

Score: 93/100 DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation Affected: *-1.0.4 Patched: 1.0.5 Updated: June 30, 2026

LOW

wps-bidouille

Score: N/A WPS Bidouille <= 1.33.1 - Missing Authorization Affected: *-1.33.1 Patched: 1.33.2 Updated: June 30, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.7.0.82 - Cross-Site Request Forgery Affected: *-6.7.0.82 Patched: 6.7.0.83 Updated: June 30, 2026

LOW

projectopia-core

Score: N/A Projectopia <= 5.1.22 - Authenticated (Custom+) Insecure Direct Object Reference Affected: *-5.1.22 Patched: Updated: June 30, 2026

LOW

b-tiktok-feed

Score: 93/100 Tiktok Feed <= 1.0.23 - Missing Authorization Affected: *-1.0.23 Patched: 1.0.24 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection Affected: *-1.4.6 Patched: 1.4.7 Updated: June 30, 2026

LOW

suremails

Score: N/A SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload Affected: *-1.9.0 Patched: 1.9.1 Updated: June 30, 2026

LOW

vikrentcar

Score: N/A VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter Affected: *-1.4.4 Patched: 1.4.5 Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification Affected: *-2.9.4 Patched: 2.9.4.1 Updated: June 30, 2026

LOW

zigaform-calculator-cost-estimation-form-builder-lite

Score: N/A Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint Affected: *-7.6.5 Patched: 7.6.7 Updated: June 30, 2026

LOW

gallery-photo-gallery

Score: 93/100 Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions Affected: *-6.4.8 Patched: 6.4.9 Updated: June 30, 2026

LOW

surveyjs

Score: N/A SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion Affected: *-1.12.20 Patched: 1.20.27 Updated: June 30, 2026

LOW

visualizer

Score: N/A Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection Affected: *-3.11.12 Patched: 3.11.13 Updated: June 30, 2026

LOW

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

Score: N/A WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import Affected: *-3.20.3 Patched: 4.0.0 Updated: June 30, 2026

LOW

wp-ultimate-exporter

Score: N/A Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure Affected: *-2.19 Patched: 2.20 Updated: June 30, 2026

LOW

Kadence WooCommerce Email Designer

kadence-woocommerce-email-designer

Score: 90/100 Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.5.17 Patched: 1.5.18 Updated: June 30, 2026

LOW

blockart-blocks

Score: 93/100 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute Affected: *-2.2.13 Patched: 2.2.14 Updated: June 30, 2026

LOW

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion Affected: *-3.6.3 Patched: 3.6.4 Updated: June 30, 2026

LOW

nexter-extension

Score: N/A Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.4.1 Patched: 4.4.2 Updated: June 30, 2026

LOW

get-cash

Score: 89/100 Get Cash <= 3.2.3 - Missing Authorization Affected: *-3.2.3 Patched: Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action Affected: *-3.3.2 Patched: 3.3.3 Updated: June 30, 2026

LOW

contact-form-to-email

Score: 93/100 Contact Form Email <= 1.3.60 - Unauthenticated Insecure Direct Object Reference Affected: *-1.3.60 Patched: 1.3.61 Updated: June 30, 2026

LOW

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.19 Patched: Updated: June 30, 2026

LOW

Payment Gateway for PayPal on WooCommerce

woo-paypal-gateway

Score: N/A Payment Gateway for PayPal on WooCommerce <= 9.0.53 - Missing Authorization Affected: *-9.0.53 Patched: 9.0.54 Updated: June 30, 2026

LOW

woo-cart-weight

Score: N/A Cart Weight for WooCommerce <= 1.9.11 - Missing Authorization Affected: *-1.9.11 Patched: 1.9.12 Updated: June 30, 2026

LOW

werkstatt-plugin

Score: N/A WerkStatt <= 1.6.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.6.6 Patched: 1.6.7 Updated: June 30, 2026

LOW

tutor-lms-elementor-addons

Score: N/A Tutor LMS Elementor Addons <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026

LOW

traderunner

Score: N/A Trade Runner <= 3.14 - Cross-Site Request Forgery Affected: *-3.14 Patched: Updated: June 30, 2026

LOW

stylish-price-list

Score: N/A Stylish Price List <= 7.2.2 - Missing Authorization Affected: *-7.2.2 Patched: 7.2.3 Updated: June 30, 2026

LOW

Security Optimizer – The All-In-One Protection Plugin

sg-security

Score: 83/100 SiteGround Security <= 1.5.8 - Missing Authorization Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 10.3.2 - Missing Authorization Affected: *-10.3.2 Patched: 10.3.3 Updated: June 30, 2026

LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 5.0.4 - Missing Authorization Affected: *-5.0.4 Patched: 5.0.5 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.2.9.4 - Missing Authorization Affected: *-4.2.9.4 Patched: 4.3.0 Updated: June 30, 2026

LOW

learning-management-system

Score: 93/100 Masteriyo - LMS <= 2.0.3 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

catfolders

Score: 93/100 CatFolders <= 2.5.3 - Missing Authorization Affected: *-2.5.3 Patched: 2.5.4 Updated: June 30, 2026

LOW

streamtube-core

Score: N/A StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change Affected: *-4.78 Patched: 4.79 Updated: June 30, 2026

LOW

wp-sifr

Score: N/A sIFR <= 0.6.8.1 - Cross-Site Request Forgery Affected: *-0.6.8.1 Patched: Updated: June 30, 2026

LOW

wp-compress-mainwp

Score: N/A Compress for MainWP <= 6.50.07 - Missing Authorization Affected: *-6.50.07 Patched: Updated: June 30, 2026

LOW

TNC Toolbox: Web Performance

tnc-toolbox

Score: 98/100 TNC Toolbox: Web Performance <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: 2.0.5 Updated: June 30, 2026

LOW

quick-interest-slider

Score: N/A Quick Interest Slider <= 3.1.5 - Cross-Site Request Forgery Affected: *-3.1.5 Patched: 3.1.6 Updated: June 30, 2026

LOW

quick-interest-slider

Score: N/A Quick Interest Slider <= 3.1.5 - Missing Authorization Affected: *-3.1.5 Patched: Updated: June 30, 2026

Showing 4701 to 4800 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 09:49 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List