Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
onpay-io-for-woocommerce	onpay-io-for-woocommerce	N/A	OnPay.io for WooCommerce <= 1.0.47 - Missing Authorization	LOW	*-1.0.47	1.0.48	June 30, 2026
Notification for Telegram	notification-for-telegram	97	Notification for Telegram <= 3.5.1 - Missing Authorization	LOW	*-3.5.1	3.5.2	June 30, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder <= 3.5.3 - Missing Authorization	LOW	*-3.5.3	3.5.4	June 30, 2026
flexmls-idx	flexmls-idx	93	Flexmls® IDX <= 3.15.7 - Unauthenticated Open Redirect	LOW	*-3.15.7	3.15.8	June 30, 2026
duplicate-content-cure	duplicate-content-cure	91	Duplicate Content Cure <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
Translate WordPress with ConveyThis – AI Multilingual Plugin	conveythis-translate	86	ConveyThis <= 269.2 - Missing Authorization	LOW	*-269.2	269.3	June 30, 2026
bertha-ai-free	bertha-ai-free	89	BERTHA AI <= 1.13 - Missing Authorization	LOW	*-1.13		June 30, 2026
woo-show-single-variations-shop-category	woo-show-single-variations-shop-category	N/A	Show Variations as Single Products Woocommerce <= 2.0 - Missing Authorization	LOW	*-2.0	3.0	June 30, 2026
virtuaria-pagseguro	virtuaria-pagseguro	N/A	Virtuaria PagBank / PagSeguro para Woocommerce <= 3.6.3 - Missing Authorization	LOW	*-3.6.3	3.6.4	June 30, 2026
subscriptions-memberships-for-paypal	subscriptions-memberships-for-paypal	N/A	Subscriptions & Memberships for PayPal <= 1.1.7 - Missing Authorization	LOW	*-1.1.7	1.1.8	June 30, 2026
sermon-manager-for-wordpress	sermon-manager-for-wordpress	N/A	Sermon Manager <= 2.30.0 - Missing Authorization	LOW	*-2.30.0		June 30, 2026
pure-wc-variations-swatches	pure-wc-variations-swatches	N/A	Pure WC Variation Swatches <= 1.1.7 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.1.7		June 30, 2026
ocean-modal-window	ocean-modal-window	N/A	Ocean Modal Window <= 2.3.2 - Authenticated (Editor+) Remote Code Execution	LOW	*-2.3.2	2.3.3	June 30, 2026
gutenverse-form	gutenverse-form	93	Gutenverse Form <= 2.2.0 - Missing Authorization	LOW	*-2.2.0	2.3.0	June 30, 2026
gutenverse	gutenverse	93	Gutenverse <= 3.2.1 - Missing Authorization	LOW	*-3.2.1	3.3.0	June 30, 2026
ga-germanized	ga-germanized	93	Analytics Germanized for Google Analytics <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.2	1.6.3	June 30, 2026
fluent-community	fluent-community	93	FluentCommunity <= 2.0.0 - Missing Authorization	LOW	*-2.0.0	2.1.0	June 30, 2026
easy-form	easy-form	93	Easy Form <= 2.7.8 - Missing Authorization	LOW	*-2.7.8	2.7.9	June 30, 2026
nextend-facebook-connect	nextend-facebook-connect	N/A	Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login	LOW	*-3.1.21	3.1.22	June 30, 2026
ultimate-member-widgets-for-elementor	ultimate-member-widgets-for-elementor	N/A	Ultimate Member Widgets for Elementor <= 2.3 - Unauthenticated Information Exposure	LOW	*-2.3	2.4	June 30, 2026
kivicare-clinic-management-system	kivicare-clinic-management-system	93	KiviCare <= 3.6.13 - Authenticated (Patient+) SQL Injection	LOW	*-3.6.13	3.6.14	June 30, 2026
hydra-booking	hydra-booking	93	Hydra Booking <= 1.1.32 - Authenticated (Custom role+) SQL Injection	LOW	*-1.1.32	1.1.33	June 30, 2026
hostel	hostel	93	Hostel <= 1.1.5.9 - Reflected Cross-Site Scripting	LOW	*-1.1.5.9	1.1.6	June 30, 2026
firebox	firebox	93	FireBox <= 3.1.0-free - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	* - 3.1.0-free	3.1.1-free	June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.5.2	5.5.3	June 30, 2026
WP Fastest Cache – WordPress Cache Plugin	wp-fastest-cache	78	WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions	LOW	*-1.4.0	1.4.1	June 30, 2026
ays-chatgpt-assistant	ays-chatgpt-assistant	93	AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter	LOW	*-2.7.0	2.7.1	June 30, 2026
hide-category-by-user-role-for-woocommerce	hide-category-by-user-role-for-woocommerce	93	Hide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing	LOW	*-2.3.1	2.3.2	June 30, 2026
social-polls-by-opinionstage	social-polls-by-opinionstage	N/A	Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection	LOW	*-19.12.0	19.12.1	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter	LOW	*-1.4.5	1.4.6	June 30, 2026
stafflist	stafflist	N/A	StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.2.6	3.2.7	June 30, 2026
customer-reviews-collector-for-woocommerce	customer-reviews-collector-for-woocommerce	93	Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting	LOW	*-4.6.1	4.7	June 30, 2026
simple-folio	simple-folio	N/A	Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.1.0	1.1.1	June 30, 2026
skt-paypal-for-woocommerce	skt-paypal-for-woocommerce	N/A	SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass	LOW	*-1.4	1.5	June 30, 2026
tiare-membership	tiare-membership	N/A	Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation	LOW	*-1.2	1.3	June 30, 2026
findall-membership	findall-membership	93	FindAll Membership <= 1.0.4 - Authentication Bypass via Social Login	LOW	*-1.0.4	1.1	June 30, 2026
findall-listing	findall-listing	93	FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation	LOW	*-1.0.5	1.1	June 30, 2026
sorttable-post	sorttable-post	N/A	SortTable Post <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-4.2		June 30, 2026
shouty	shouty	N/A	Shouty <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes	LOW	*-0.2.1		June 30, 2026
reuters-direct	reuters-direct	N/A	Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset	LOW	*-3.0.0		June 30, 2026
reuters-direct	reuters-direct	N/A	Reuters Direct <= 3.0.0 - Cross-Site Request Forgery to Settings Reset	LOW	*-3.0.0		June 30, 2026
google-drive-upload-and-download-link	google-drive-upload-and-download-link	91	Google Drive upload and download link <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
soundslides	soundslides	N/A	Soundslides <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Shortcode	LOW	*-1.4.2		June 30, 2026
wp-twitpic	wp-twitpic	N/A	wp-twitpic <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
wp-webhooks	wp-webhooks	N/A	Webhooks <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection	LOW	*-3.3.8	3.3.9	June 30, 2026
woo-quickview	woo-quickview	N/A	Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure	LOW	*-2.2.17	2.2.18	June 30, 2026
unlimited-elements-for-elementor-premium	unlimited-elements-for-elementor-premium	N/A	Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload	LOW	*-2.0	2.0.1	June 30, 2026
unlimited-elements-for-elementor	unlimited-elements-for-elementor	N/A	Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload	LOW	*-2.0	2.0.1	June 30, 2026
travelfic-toolkit	travelfic-toolkit	N/A	Travelfic Toolkit <= 1.3.3 - Missing Authorization	LOW	*-1.3.3	1.3.4	June 30, 2026
qode-wishlist-for-woocommerce	qode-wishlist-for-woocommerce	N/A	QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update	LOW	*-1.2.7	1.2.8	June 30, 2026
powerpress	powerpress	N/A	Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post'	LOW	*-11.15.2	11.15.3	June 30, 2026
oik	oik	N/A	oik <= 4.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.15.3	4.15.4	June 30, 2026
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager	folders	86	Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation	LOW	*-3.1.5	3.1.6	June 30, 2026
featured-post-creative	featured-post-creative	93	Featured Post Creative <= 1.5.5 - Missing Authorization	LOW	*-1.5.5	1.5.6	June 30, 2026
essential-widgets	essential-widgets	93	Essential Widgets <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.2	2.3	June 30, 2026
erp	erp	93	ERP <= 1.16.6 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.16.6	1.16.7	June 30, 2026
eroom-zoom-meetings-webinar	eroom-zoom-meetings-webinar	93	eRoom <= 1.5.6 - Unauthenticated Information Exposure	LOW	*-1.5.6	1.5.7	June 30, 2026
donation-thermometer	donation-thermometer	93	Donation Thermometer <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.6	2.2.7	June 30, 2026
ays-chatgpt-assistant	ays-chatgpt-assistant	93	AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads	LOW	*-2.7.0	2.7.1	June 30, 2026
anac-xml-viewer	anac-xml-viewer	97	ANAC XML Viewer <= 1.8.2 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-1.8.2	1.8.3	June 30, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All In One SEO Pack <= 4.8.6.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-4.8.6.1	4.8.7	June 30, 2026
ai-feeds	ai-feeds	97	AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload	LOW	*-1.0.11	1.0.12	June 30, 2026
cibeles-ai	cibeles-ai	93	CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload	LOW	*-1.10.8	1.10.9	June 30, 2026
userswp	userswp	N/A	UsersWP <= 1.2.47 - Missing Authorization	LOW	*-1.2.47	1.2.48	June 30, 2026
quick-contact-form	quick-contact-form	N/A	Quick Contact Form <= 8.2.5 - Cross-Site Request Forgery	LOW	*-8.2.5	8.2.6	June 30, 2026
MotoPress Hotel Booking	motopress-hotel-booking-lite	N/A	Hotel Booking Lite <= 5.2.3 - Authenticated (Hotel Worker+) Remote Code Execution	LOW	*-5.2.3	5.2.4	June 30, 2026
Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution	fluent-booking	96	Fluent Booking <= 1.9.11 - Missing Authorization	LOW	*-1.9.11	1.10.0	June 30, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor Website Builder <= 3.33.0 - Missing Authorization	LOW	*-3.33.0	3.33.1	June 30, 2026
admin-and-client-message-after-order-for-woocommerce	admin-and-client-message-after-order-for-woocommerce	97	Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure	LOW	*-14	15	June 30, 2026
admin-and-client-message-after-order-for-woocommerce	admin-and-client-message-after-order-for-woocommerce	97	Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages	LOW	*-14	15	June 30, 2026
chamber-dashboard-business-directory	chamber-dashboard-business-directory	89	Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export	LOW	*-3.3.11		June 30, 2026
refund-request-for-woocommerce	refund-request-for-woocommerce	N/A	Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update	LOW	*-1.0		June 30, 2026
locker-content	locker-content	93	Locker Content <= 1.0.0 - Unauthenticated Information Exposure	LOW	*-1.0.0	1.0.1	June 30, 2026
th-wishlist	th-wishlist	N/A	Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation	LOW	*-1.1.3	1.1.4	June 30, 2026
Frontend File Manager Plugin	nmedia-user-file-uploader	86	Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming	LOW	*-23.4	23.5	June 30, 2026
auyautochat-for-wp	auyautochat-for-wp	89	Autochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.1.9		June 30, 2026
maintenance-mode-based-on-user-roles	maintenance-mode-based-on-user-roles	93	Conditional Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0	2.0.0	June 30, 2026
easy-youtube-subscribe	easy-youtube-subscribe	91	YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID	LOW	*-3.0.0		June 30, 2026
just-highlight	just-highlight	91	Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting	LOW	*-1.0.3		June 30, 2026
social-images-widget	social-images-widget	N/A	Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion	LOW	*-2.1		June 30, 2026
projectlist	projectlist	N/A	ProjectList <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter	LOW	*-0.3.0		June 30, 2026
projectlist	projectlist	N/A	ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload	LOW	*-0.3.0		June 30, 2026
inline-frame-iframe	inline-frame-iframe	91	Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.1		June 30, 2026
job-board	job-board	93	Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage	LOW	*-1.2.1	1.2.2	June 30, 2026
bookme-free-appointment-booking-system	bookme-free-appointment-booking-system	91	Bookme <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter	LOW	*-4.2		June 30, 2026
liquid-chatgpt	liquid-chatgpt	91	AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read	LOW	*-1.0.1		June 30, 2026
zweb-social-mobile	zweb-social-mobile	N/A	ZWeb - Social Mobile <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
ace-post-type-builder	ace-post-type-builder	97	Ace Post Type Builder <= 1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter	LOW	*-1.9	2.0	June 30, 2026
peer-publish	peer-publish	N/A	Peer Publish <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
atec-duplicate-page-post	atec-duplicate-page-post	93	atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure	LOW	*-1.2.20	1.2.21	June 30, 2026
telegram-bot	telegram-bot	N/A	Telegram Bot & Channel <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username	LOW	*-4.1	4.1.1	June 30, 2026
edukart-pro	edukart-pro	91	EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation	LOW	*-1.0.3		June 30, 2026
blog2social	blog2social	93	Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing	LOW	*-8.7.0	8.7.1	June 30, 2026
search-exclude	search-exclude	N/A	Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API	LOW	*-2.5.7	2.5.8	June 30, 2026
sneeit-framework	sneeit-framework	N/A	Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback	LOW	*-8.3	8.4	June 30, 2026
perfect-woocommerce-brands	perfect-woocommerce-brands	N/A	Perfect Brands for WooCommerce <= 3.6.2 - Authenticated (Contributor+) SQL Injection	LOW	*-3.6.2	3.6.3	June 30, 2026
url-shortify	url-shortify	N/A	URL Shortify <= 1.11.3 - Reflected Cross-Site Scripting	LOW	*-1.11.3	1.11.4	June 30, 2026
url-shortify	url-shortify	N/A	URL Shortify <= 1.11.2 - Reflected Cross-Site Scripting	LOW	*-1.11.2	1.11.3	June 30, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Elementor Addons and Templates <= 1.7.1036 - Missing Authorization to Unauthenticated Media File Upload	LOW	*-1.7.1036	1.7.1037	June 30, 2026
propertyhive	propertyhive	N/A	PropertyHive <= 2.1.12 - Missing Authorization	LOW	*-2.1.12	2.1.13	June 30, 2026

LOW

onpay-io-for-woocommerce

Score: N/A OnPay.io for WooCommerce <= 1.0.47 - Missing Authorization Affected: *-1.0.47 Patched: 1.0.48 Updated: June 30, 2026

LOW

Notification for Telegram

notification-for-telegram

Score: 97/100 Notification for Telegram <= 3.5.1 - Missing Authorization Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder <= 3.5.3 - Missing Authorization Affected: *-3.5.3 Patched: 3.5.4 Updated: June 30, 2026

LOW

flexmls-idx

Score: 93/100 Flexmls® IDX <= 3.15.7 - Unauthenticated Open Redirect Affected: *-3.15.7 Patched: 3.15.8 Updated: June 30, 2026

LOW

duplicate-content-cure

Score: 91/100 Duplicate Content Cure <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

Translate WordPress with ConveyThis – AI Multilingual Plugin

conveythis-translate

Score: 86/100 ConveyThis <= 269.2 - Missing Authorization Affected: *-269.2 Patched: 269.3 Updated: June 30, 2026

LOW

bertha-ai-free

Score: 89/100 BERTHA AI <= 1.13 - Missing Authorization Affected: *-1.13 Patched: Updated: June 30, 2026

LOW

woo-show-single-variations-shop-category

Score: N/A Show Variations as Single Products Woocommerce <= 2.0 - Missing Authorization Affected: *-2.0 Patched: 3.0 Updated: June 30, 2026

LOW

virtuaria-pagseguro

Score: N/A Virtuaria PagBank / PagSeguro para Woocommerce <= 3.6.3 - Missing Authorization Affected: *-3.6.3 Patched: 3.6.4 Updated: June 30, 2026

LOW

subscriptions-memberships-for-paypal

Score: N/A Subscriptions & Memberships for PayPal <= 1.1.7 - Missing Authorization Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

sermon-manager-for-wordpress

Score: N/A Sermon Manager <= 2.30.0 - Missing Authorization Affected: *-2.30.0 Patched: Updated: June 30, 2026

LOW

pure-wc-variations-swatches

Score: N/A Pure WC Variation Swatches <= 1.1.7 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

ocean-modal-window

Score: N/A Ocean Modal Window <= 2.3.2 - Authenticated (Editor+) Remote Code Execution Affected: *-2.3.2 Patched: 2.3.3 Updated: June 30, 2026

LOW

gutenverse-form

Score: 93/100 Gutenverse Form <= 2.2.0 - Missing Authorization Affected: *-2.2.0 Patched: 2.3.0 Updated: June 30, 2026

LOW

gutenverse

Score: 93/100 Gutenverse <= 3.2.1 - Missing Authorization Affected: *-3.2.1 Patched: 3.3.0 Updated: June 30, 2026

LOW

ga-germanized

Score: 93/100 Analytics Germanized for Google Analytics <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

fluent-community

Score: 93/100 FluentCommunity <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: 2.1.0 Updated: June 30, 2026

LOW

easy-form

Score: 93/100 Easy Form <= 2.7.8 - Missing Authorization Affected: *-2.7.8 Patched: 2.7.9 Updated: June 30, 2026

LOW

nextend-facebook-connect

Score: N/A Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login Affected: *-3.1.21 Patched: 3.1.22 Updated: June 30, 2026

LOW

ultimate-member-widgets-for-elementor

Score: N/A Ultimate Member Widgets for Elementor <= 2.3 - Unauthenticated Information Exposure Affected: *-2.3 Patched: 2.4 Updated: June 30, 2026

LOW

kivicare-clinic-management-system

Score: 93/100 KiviCare <= 3.6.13 - Authenticated (Patient+) SQL Injection Affected: *-3.6.13 Patched: 3.6.14 Updated: June 30, 2026

LOW

hydra-booking

Score: 93/100 Hydra Booking <= 1.1.32 - Authenticated (Custom role+) SQL Injection Affected: *-1.1.32 Patched: 1.1.33 Updated: June 30, 2026

LOW

hostel

Score: 93/100 Hostel <= 1.1.5.9 - Reflected Cross-Site Scripting Affected: *-1.1.5.9 Patched: 1.1.6 Updated: June 30, 2026

LOW

firebox

Score: 93/100 FireBox <= 3.1.0-free - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: * - 3.1.0-free Patched: 3.1.1-free Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.5.2 Patched: 5.5.3 Updated: June 30, 2026

LOW

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

Score: 78/100 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

Score: 93/100 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter Affected: *-2.7.0 Patched: 2.7.1 Updated: June 30, 2026

LOW

hide-category-by-user-role-for-woocommerce

Score: 93/100 Hide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

social-polls-by-opinionstage

Score: N/A Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection Affected: *-19.12.0 Patched: 19.12.1 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

stafflist

Score: N/A StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.6 Patched: 3.2.7 Updated: June 30, 2026

LOW

customer-reviews-collector-for-woocommerce

Score: 93/100 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting Affected: *-4.6.1 Patched: 4.7 Updated: June 30, 2026

LOW

simple-folio

Score: N/A Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

skt-paypal-for-woocommerce

Score: N/A SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

tiare-membership

Score: N/A Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

findall-membership

Score: 93/100 FindAll Membership <= 1.0.4 - Authentication Bypass via Social Login Affected: *-1.0.4 Patched: 1.1 Updated: June 30, 2026

LOW

findall-listing

Score: 93/100 FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation Affected: *-1.0.5 Patched: 1.1 Updated: June 30, 2026

LOW

sorttable-post

Score: N/A SortTable Post <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.2 Patched: Updated: June 30, 2026

LOW

shouty

Score: N/A Shouty <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes Affected: *-0.2.1 Patched: Updated: June 30, 2026

LOW

reuters-direct

Score: N/A Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

reuters-direct

Score: N/A Reuters Direct <= 3.0.0 - Cross-Site Request Forgery to Settings Reset Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

google-drive-upload-and-download-link

Score: 91/100 Google Drive upload and download link <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

soundslides

Score: N/A Soundslides <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Shortcode Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

wp-twitpic

Score: N/A wp-twitpic <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-webhooks

Score: N/A Webhooks <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection Affected: *-3.3.8 Patched: 3.3.9 Updated: June 30, 2026

LOW

woo-quickview

Score: N/A Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure Affected: *-2.2.17 Patched: 2.2.18 Updated: June 30, 2026

LOW

unlimited-elements-for-elementor-premium

Score: N/A Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload Affected: *-2.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

unlimited-elements-for-elementor

LOW

travelfic-toolkit

Score: N/A Travelfic Toolkit <= 1.3.3 - Missing Authorization Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

qode-wishlist-for-woocommerce

Score: N/A QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

powerpress

Score: N/A Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' Affected: *-11.15.2 Patched: 11.15.3 Updated: June 30, 2026

LOW

oik

Score: N/A oik <= 4.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.15.3 Patched: 4.15.4 Updated: June 30, 2026

LOW

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

Score: 86/100 Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation Affected: *-3.1.5 Patched: 3.1.6 Updated: June 30, 2026

LOW

featured-post-creative

Score: 93/100 Featured Post Creative <= 1.5.5 - Missing Authorization Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

essential-widgets

Score: 93/100 Essential Widgets <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.3 Updated: June 30, 2026

LOW

erp

Score: 93/100 ERP <= 1.16.6 - Authenticated (Subscriber+) Information Exposure Affected: *-1.16.6 Patched: 1.16.7 Updated: June 30, 2026

LOW

eroom-zoom-meetings-webinar

Score: 93/100 eRoom <= 1.5.6 - Unauthenticated Information Exposure Affected: *-1.5.6 Patched: 1.5.7 Updated: June 30, 2026

LOW

donation-thermometer

Score: 93/100 Donation Thermometer <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.6 Patched: 2.2.7 Updated: June 30, 2026

LOW

ays-chatgpt-assistant

Score: 93/100 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads Affected: *-2.7.0 Patched: 2.7.1 Updated: June 30, 2026

LOW

anac-xml-viewer

Score: 97/100 ANAC XML Viewer <= 1.8.2 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.8.2 Patched: 1.8.3 Updated: June 30, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All In One SEO Pack <= 4.8.6.1 - Authenticated (Subscriber+) Information Exposure Affected: *-4.8.6.1 Patched: 4.8.7 Updated: June 30, 2026

LOW

ai-feeds

Score: 97/100 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload Affected: *-1.0.11 Patched: 1.0.12 Updated: June 30, 2026

LOW

cibeles-ai

Score: 93/100 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload Affected: *-1.10.8 Patched: 1.10.9 Updated: June 30, 2026

LOW

userswp

Score: N/A UsersWP <= 1.2.47 - Missing Authorization Affected: *-1.2.47 Patched: 1.2.48 Updated: June 30, 2026

LOW

quick-contact-form

Score: N/A Quick Contact Form <= 8.2.5 - Cross-Site Request Forgery Affected: *-8.2.5 Patched: 8.2.6 Updated: June 30, 2026

LOW

MotoPress Hotel Booking

motopress-hotel-booking-lite

Score: N/A Hotel Booking Lite <= 5.2.3 - Authenticated (Hotel Worker+) Remote Code Execution Affected: *-5.2.3 Patched: 5.2.4 Updated: June 30, 2026

LOW

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution

fluent-booking

Score: 96/100 Fluent Booking <= 1.9.11 - Missing Authorization Affected: *-1.9.11 Patched: 1.10.0 Updated: June 30, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor Website Builder <= 3.33.0 - Missing Authorization Affected: *-3.33.0 Patched: 3.33.1 Updated: June 30, 2026

LOW

admin-and-client-message-after-order-for-woocommerce

Score: 97/100 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure Affected: *-14 Patched: 15 Updated: June 30, 2026

LOW

admin-and-client-message-after-order-for-woocommerce

Score: 97/100 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages Affected: *-14 Patched: 15 Updated: June 30, 2026

LOW

chamber-dashboard-business-directory

Score: 89/100 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export Affected: *-3.3.11 Patched: Updated: June 30, 2026

LOW

refund-request-for-woocommerce

Score: N/A Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

locker-content

Score: 93/100 Locker Content <= 1.0.0 - Unauthenticated Information Exposure Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

th-wishlist

Score: N/A Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming Affected: *-23.4 Patched: 23.5 Updated: June 30, 2026

LOW

auyautochat-for-wp

Score: 89/100 Autochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

maintenance-mode-based-on-user-roles

Score: 93/100 Conditional Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: 2.0.0 Updated: June 30, 2026

LOW

easy-youtube-subscribe

Score: 91/100 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

just-highlight

Score: 91/100 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

social-images-widget

Score: N/A Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

projectlist

Score: N/A ProjectList <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter Affected: *-0.3.0 Patched: Updated: June 30, 2026

LOW

projectlist

Score: N/A ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload Affected: *-0.3.0 Patched: Updated: June 30, 2026

LOW

inline-frame-iframe

Score: 91/100 Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

job-board

Score: 93/100 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

bookme-free-appointment-booking-system

Score: 91/100 Bookme <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter Affected: *-4.2 Patched: Updated: June 30, 2026

LOW

liquid-chatgpt

Score: 91/100 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

zweb-social-mobile

Score: N/A ZWeb - Social Mobile <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

ace-post-type-builder

Score: 97/100 Ace Post Type Builder <= 1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter Affected: *-1.9 Patched: 2.0 Updated: June 30, 2026

LOW

peer-publish

Score: N/A Peer Publish <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

atec-duplicate-page-post

Score: 93/100 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure Affected: *-1.2.20 Patched: 1.2.21 Updated: June 30, 2026

LOW

telegram-bot

Score: N/A Telegram Bot & Channel <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username Affected: *-4.1 Patched: 4.1.1 Updated: June 30, 2026

LOW

edukart-pro

Score: 91/100 EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

blog2social

Score: 93/100 Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing Affected: *-8.7.0 Patched: 8.7.1 Updated: June 30, 2026

LOW

search-exclude

Score: N/A Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API Affected: *-2.5.7 Patched: 2.5.8 Updated: June 30, 2026

LOW

sneeit-framework

Score: N/A Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback Affected: *-8.3 Patched: 8.4 Updated: June 30, 2026

LOW

perfect-woocommerce-brands

Score: N/A Perfect Brands for WooCommerce <= 3.6.2 - Authenticated (Contributor+) SQL Injection Affected: *-3.6.2 Patched: 3.6.3 Updated: June 30, 2026

LOW

url-shortify

Score: N/A URL Shortify <= 1.11.3 - Reflected Cross-Site Scripting Affected: *-1.11.3 Patched: 1.11.4 Updated: June 30, 2026

LOW

url-shortify

Score: N/A URL Shortify <= 1.11.2 - Reflected Cross-Site Scripting Affected: *-1.11.2 Patched: 1.11.3 Updated: June 30, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Elementor Addons and Templates <= 1.7.1036 - Missing Authorization to Unauthenticated Media File Upload Affected: *-1.7.1036 Patched: 1.7.1037 Updated: June 30, 2026

LOW

propertyhive

Score: N/A PropertyHive <= 2.1.12 - Missing Authorization Affected: *-2.1.12 Patched: 2.1.13 Updated: June 30, 2026

Showing 4801 to 4900 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 08:19 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List