Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	really-simple-ssl	84	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.10 - Missing Authorization	LOW	*-9.5.10	9.5.10.1	June 28, 2026
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	really-simple-ssl	84	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.9 - Missing Authorization	LOW	*-9.5.9	9.5.10	June 28, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 11.1.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-11.1.2	11.1.3	June 28, 2026
print-invoices-packing-slip-labels-for-woocommerce	print-invoices-packing-slip-labels-for-woocommerce	N/A	WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels <= 4.9.4 - Unauthenticated Information Exposure	LOW	*-4.9.4	4.9.5	June 28, 2026
geo-mashup	geo-mashup	93	Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.13.19	1.13.20	June 28, 2026
funnel-builder	funnel-builder	93	FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.15.0.2	3.15.0.3	June 28, 2026
Drag and Drop Multiple File Upload for Contact Form 7	drag-and-drop-multiple-file-upload-contact-form-7	93	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.3.9.7	1.3.9.8	June 28, 2026
dokan-lite	dokan-lite	93	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 5.0.2 - Authenticated (Customer+) Privilege Escalation	LOW	*-5.0.2	5.0.3	June 28, 2026
automatorwp	automatorwp	93	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.7.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.7.2	5.7.3	June 28, 2026
emergencywp	emergencywp	95	EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-1.4.2		June 28, 2026
passeum-ticketing	passeum-ticketing	N/A	Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting	LOW	*-1.0		June 28, 2026
armember	armember	97	ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation	LOW	*-7.3.1	7.3.2	June 28, 2026
armember	armember	97	ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter	LOW	*-7.3.1	7.3.2	June 28, 2026
armember	armember	97	ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter	LOW	*-7.3.1	7.3.2	June 28, 2026
content-visibility-for-divi-builder	content-visibility-for-divi-builder	N/A	Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution	LOW	*-4.02	5.00	June 28, 2026
wp-time-slots-booking-form	wp-time-slots-booking-form	N/A	WP Time Slots Booking Form <= 1.2.50 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.2.50	1.2.51	June 28, 2026
wp-job-portal	wp-job-portal	N/A	WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-2.5.2	2.5.3	June 28, 2026
wordpress-simple-paypal-shopping-cart	wordpress-simple-paypal-shopping-cart	N/A	Simple Shopping Cart <= 5.2.9 - Unauthenticated Insecure Direct Object Reference	LOW	*-5.2.9	5.3.0	June 28, 2026
visual-link-preview	visual-link-preview	N/A	Visual Link Preview <= 2.4.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.4.1	2.4.2	June 28, 2026
truebooker-appointment-booking	truebooker-appointment-booking	N/A	TrueBooker – Appointment Booking and Scheduler System <= 1.1.9 - Missing Authorization	LOW	*-1.1.9	1.2.0	June 28, 2026
progress-planner	progress-planner	N/A	Progress Planner <= 1.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.9.0	1.9.1	June 28, 2026
montonio-for-woocommerce	montonio-for-woocommerce	N/A	Montonio for WooCommerce <= 10.1.2 - Missing Authorization	LOW	*-10.1.2	10.1.3	June 28, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-51.1.62	51.1.63	June 28, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.9 - Missing Authorization	LOW	*-3.0.9	3.1.0	June 28, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.9 - Unauthenticated SQL Injection	LOW	*-3.0.9	3.1.0	June 28, 2026
jet-smart-filters	jet-smart-filters	93	JetSmartFilters <= 3.8.1 - Unauthenticated SQL Injection	LOW	*-3.8.1	3.8.1.1	June 28, 2026
hr-management	hr-management	93	Employee, Leave and Recruitment Management System – Crew HRM <= 1.2.2 - Missing Authorization	LOW	*-1.2.2	1.2.3	June 28, 2026
holler-box	holler-box	93	HollerBox — Fast & Effective Popups & Lead-Generation <= 2.3.10.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.3.10.1	2.3.11	June 28, 2026
gamipress	gamipress	93	GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.8.7 - Authenticated (Subscriber+) SQL Injection	LOW	*-7.8.7	7.8.8	June 28, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.3.6	3.3.7	June 28, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor Website Builder – more than just a page builder <= 4.1.0 - Missing Authorization	LOW	*-4.1.0	4.1.1	June 28, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Booking for Appointments and Events Calendar – Amelia <= 2.3 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-2.3	2.4	June 28, 2026
tiled-gallery-carousel-without-jetpack	tiled-gallery-carousel-without-jetpack	N/A	Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title'	LOW	*-3.1		June 28, 2026
easy-cart	easy-cart	N/A	Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.8		June 28, 2026
fpw-category-thumbnails	fpw-category-thumbnails	95	FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter	LOW	*-1.9.5		June 28, 2026
zem-stl-viewer	zem-stl-viewer	N/A	ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0		June 28, 2026
birdseed	birdseed	N/A	BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change	LOW	*-2.2.0		June 28, 2026
word-replacer	word-replacer	95	Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter	LOW	*-0.4		June 28, 2026
hiweb-migration-simple	hiweb-migration-simple	89	hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter	LOW	*-2.0.0.1		June 28, 2026
rognone	rognone	N/A	rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter	LOW	*-0.6.2		June 28, 2026
rognone	rognone	N/A	rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter	LOW	*-0.6.2		June 28, 2026
wp-nano-ad	wp-nano-ad	N/A	wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter	LOW	*-1.31		June 28, 2026
demomentsomtres-shortcodes	demomentsomtres-shortcodes	N/A	DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1.1		June 28, 2026
remove-nofollow-commenter-link	remove-nofollow-commenter-link	N/A	Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0		June 28, 2026
google-plus-one-bottom	google-plus-one-bottom	N/A	Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page	LOW	*-0.0.2		June 28, 2026
laiser-tag	laiser-tag	N/A	Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form	LOW	*-1.2.5		June 28, 2026
woo-jtl-connector	woo-jtl-connector	N/A	JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions	LOW	*-2.4.1		June 28, 2026
tectite-forms	tectite-forms	N/A	Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update	LOW	*-1.3		June 28, 2026
remove-meta-boxes-per-user-role	remove-meta-boxes-per-user-role	N/A	Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update	LOW	*-1.01		June 28, 2026
kirki	kirki	N/A	Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'	LOW	6.0.0-6.0.6	6.0.7	June 28, 2026
simple-custom-login-page	simple-custom-login-page	N/A	Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0.3	1.0.4	June 28, 2026
auto-image-attributes-from-filename-with-bulk-updater	auto-image-attributes-from-filename-with-bulk-updater	N/A	Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute	LOW	*-4.9	4.9.1	June 28, 2026
revslider	revslider	N/A	Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation	LOW	6.0.0-6.7.55, 7.0.0-7.0.14	6.7.56	June 28, 2026
revslider	revslider	N/A	Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure	LOW	7.0.0-7.0.14	7.0.15	June 28, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative	wp-statistics	90	WP Statistics – Simple, privacy-friendly Google Analytics alternative <= 14.16.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-14.16.6	14.16.7	June 28, 2026
SlimStat Analytics	wp-slimstat	N/A	SlimStat Analytics < 5.4.0 - Unauthenticated PHP Object Injection	LOW	[*, 5.4.0)	5.4.0	June 28, 2026
WP Google Review Slider	wp-google-places-review-slider	70	WP Google Review Slider <= 18.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-18.0	18.1	June 28, 2026
wp-full-stripe-free	wp-full-stripe-free	N/A	Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions <= 8.4.1 - Missing Authorization	LOW	*-8.4.1	8.4.2	June 28, 2026
woo-product-bundle	woo-product-bundle	N/A	WPC Product Bundles for WooCommerce <= 8.5.3 - Missing Authorization	LOW	*-8.5.3	8.5.4	June 28, 2026
vitepos-lite	vitepos-lite	N/A	Vitepos – Point of Sale (POS) for WooCommerce < 3.4.2 - Authenticated (Outlet Manager+) Privilege Escalation	LOW	[*, 3.4.2)	3.4.2	June 28, 2026
VikBooking Hotel Booking Engine & PMS	vikbooking	95	VikBooking Hotel Booking Engine & PMS <= 1.8.9 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.8.9	1.8.10	June 28, 2026
tour-booking-manager	tour-booking-manager	N/A	Travelly – Tour & Travel Booking Manager for WooCommerce \| Tour & Hotel Booking Solution <= 2.1.7 - Missing Authorization	LOW	*-2.1.7	2.1.8	June 28, 2026
supportboard	supportboard	N/A	Support Board < 3.8.9 - Unauthenticated Privilege Escalation	LOW	[*, 3.8.9)	3.8.9	June 28, 2026
stop-spammer-registrations-plugin	stop-spammer-registrations-plugin	N/A	Stop Spammers Classic <= 2026.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2026.3	2026.4	June 28, 2026
profit-products-tables-for-woocommerce	profit-products-tables-for-woocommerce	N/A	Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.9 - Unauthenticated SQL Injection	LOW	*-1.0.9	1.1.0	June 28, 2026
product-filter-widget-for-elementor	product-filter-widget-for-elementor	N/A	Product Filter Widget for Elementor <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.0.6		June 28, 2026
mw-wp-form	mw-wp-form	N/A	MW WP Form <= 5.1.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.1.3	5.1.4	June 28, 2026
learnpress	learnpress	93	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.6 - Reflected Cross-Site Scripting	LOW	*-4.3.6	4.3.7	June 28, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.10.0.1 - Unauthenticated Arbitrary File Deletion	LOW	*-2.10.0.1	2.10.1	June 28, 2026
EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more	embedpress	69	EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more <= 4.5.2 - Unauthenticated Information Exposure	LOW	*-4.5.2	4.5.3	June 28, 2026
easy-invoice	easy-invoice	93	Easy Invoice – Invoice Generator, PDF Quotes & Payments <= 2.1.19 - Unauthenticated Remote Code Execution	LOW	*-2.1.19	2.1.20	June 28, 2026
cforms2	cforms2	93	cformsII <= 15.1.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-15.1.3	15.1.4	June 28, 2026
booknetic	booknetic	91	Booknetic <= 4.8.5 - Missing Authorization	LOW	*-4.8.5		June 28, 2026
ai-copilot-content-generator	ai-copilot-content-generator	95	AI Chatbot & Workflow Automation by AIWU <= 1.4.17 - Unauthenticated Privilege Escalation	LOW	*-1.4.17	1.4.19	June 28, 2026
advanced-custom-fields	advanced-custom-fields	97	Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters	LOW	*-6.8.1	6.8.2	June 28, 2026
wp-time-capsule	wp-time-capsule	N/A	Backup and Staging by WP Time Capsule <= 1.22.25 - Missing Authorization	LOW	*-1.22.25	1.22.26	June 28, 2026
webinar-ignition	webinar-ignition	N/A	WebinarIgnition – Live, Automated & Evergreen Webinar System also for WooCommerce < 4.08.253 - Unauthenticated Privilege Escalation	LOW	[*, 4.08.253)	4.08.253	June 28, 2026
webinar-ignition	webinar-ignition	N/A	WebinarIgnition – Live, Automated & Evergreen Webinar System also for WooCommerce < 4.08.253 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	[*, 4.08.253)	4.08.253	June 28, 2026
posts-table-filterable	posts-table-filterable	N/A	TableOn – WordPress Posts Table Filterable <= 1.0.5.1 - Unauthenticated SQL Injection	LOW	*-1.0.5.1	1.0.6	June 28, 2026
favicon-by-realfavicongenerator	favicon-by-realfavicongenerator	93	Favicon by RealFaviconGenerator <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.3.46	1.3.47	June 28, 2026
amazonsimpleadmin	amazonsimpleadmin	97	Affiliate Super Assistent <= 1.10.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.10.1	1.10.2	June 28, 2026
geo-my-wp	geo-my-wp	93	GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters	LOW	*-4.5.5	4.5.5.1	June 28, 2026
Simple History – Track, Log, and Audit WordPress Changes	simple-history	77	Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint	LOW	*-5.26.0	5.27.0	June 28, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes	LOW	*-2.19.25	2.19.26	June 28, 2026
wpify-woo	wpify-woo	N/A	WPify Woo – Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce <= 5.4.1 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-5.4.1	5.4.2	June 28, 2026
wpcomplete	wpcomplete	N/A	WPComplete <= 2.9.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-2.9.5.4	2.9.5.5	June 28, 2026
wc-multivendor-membership	wc-multivendor-membership	N/A	WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.10 - Missing Authorization	LOW	*-2.11.10	2.11.11	June 28, 2026
Accept Stripe Payments	stripe-payments	N/A	Accept Stripe Payments <= 2.0.98 - Unauthenticated Payment Bypass	LOW	*-2.0.98	2.0.99	June 28, 2026
comments-plus	comments-plus	N/A	Disable Comments & Delete All Comments <= 1.3.0 - Missing Authorization	LOW	*-1.3.0	1.3.1	June 28, 2026
booking-manager	booking-manager	93	Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar <= 2.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-2.1.18	2.1.19	June 28, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	seo-by-rank-math	85	Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification	LOW	*-1.0.271	1.0.271.1	June 28, 2026
contact-form-7-paypal-add-on	contact-form-7-paypal-add-on	93	Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)	LOW	*-2.4.9	2.4.10	June 28, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter	LOW	*-3.28.8	3.28.29	June 28, 2026
media-library-assistant	media-library-assistant	N/A	Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form	LOW	*-3.35	3.36	June 28, 2026
the-plus-addons-for-elementor-page-builder	the-plus-addons-for-elementor-page-builder	N/A	The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter	LOW	*-6.4.15	6.4.16	June 28, 2026
link-whisper	link-whisper	93	Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-0.9.0	0.9.1	June 28, 2026
login-with-phone-number	login-with-phone-number	93	OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification	LOW	1.8.50-1.8.60	1.8.61	June 28, 2026
official-statcounter-plugin-for-wordpress	official-statcounter-plugin-for-wordpress	N/A	StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nickname	LOW	*-2.1.1	2.1.2	June 28, 2026
simple-divi-shortcode	simple-divi-shortcode	N/A	Simple Divi Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.2	1.2.1	June 28, 2026
wp-google-map-gold	wp-google-map-gold	N/A	WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action	LOW	*-6.1.0	6.1.1	June 28, 2026

LOW

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

Score: 84/100 Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.10 - Missing Authorization Affected: *-9.5.10 Patched: 9.5.10.1 Updated: June 28, 2026

LOW

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

Score: 84/100 Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.9 - Missing Authorization Affected: *-9.5.9 Patched: 9.5.10 Updated: June 28, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 11.1.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-11.1.2 Patched: 11.1.3 Updated: June 28, 2026

LOW

print-invoices-packing-slip-labels-for-woocommerce

Score: N/A WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels <= 4.9.4 - Unauthenticated Information Exposure Affected: *-4.9.4 Patched: 4.9.5 Updated: June 28, 2026

LOW

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection Affected: *-1.13.19 Patched: 1.13.20 Updated: June 28, 2026

LOW

funnel-builder

Score: 93/100 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.15.0.2 Patched: 3.15.0.3 Updated: June 28, 2026

LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.9.7 Patched: 1.3.9.8 Updated: June 28, 2026

LOW

Score: 93/100 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 5.0.2 - Authenticated (Customer+) Privilege Escalation Affected: *-5.0.2 Patched: 5.0.3 Updated: June 28, 2026

LOW

automatorwp

Score: 93/100 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.7.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.7.2 Patched: 5.7.3 Updated: June 28, 2026

LOW

emergencywp

Score: 95/100 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.4.2 Patched: Updated: June 28, 2026

LOW

passeum-ticketing

Score: N/A Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

armember

Score: 97/100 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation Affected: *-7.3.1 Patched: 7.3.2 Updated: June 28, 2026

LOW

armember

Score: 97/100 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter Affected: *-7.3.1 Patched: 7.3.2 Updated: June 28, 2026

LOW

armember

Score: 97/100 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter Affected: *-7.3.1 Patched: 7.3.2 Updated: June 28, 2026

LOW

content-visibility-for-divi-builder

Score: N/A Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution Affected: *-4.02 Patched: 5.00 Updated: June 28, 2026

LOW

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.2.50 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2.50 Patched: 1.2.51 Updated: June 28, 2026

LOW

wp-job-portal

Score: N/A WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.5.3 Updated: June 28, 2026

LOW

wordpress-simple-paypal-shopping-cart

Score: N/A Simple Shopping Cart <= 5.2.9 - Unauthenticated Insecure Direct Object Reference Affected: *-5.2.9 Patched: 5.3.0 Updated: June 28, 2026

LOW

visual-link-preview

Score: N/A Visual Link Preview <= 2.4.1 - Authenticated (Subscriber+) Information Exposure Affected: *-2.4.1 Patched: 2.4.2 Updated: June 28, 2026

LOW

truebooker-appointment-booking

Score: N/A TrueBooker – Appointment Booking and Scheduler System <= 1.1.9 - Missing Authorization Affected: *-1.1.9 Patched: 1.2.0 Updated: June 28, 2026

LOW

progress-planner

Score: N/A Progress Planner <= 1.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.9.0 Patched: 1.9.1 Updated: June 28, 2026

LOW

montonio-for-woocommerce

Score: N/A Montonio for WooCommerce <= 10.1.2 - Missing Authorization Affected: *-10.1.2 Patched: 10.1.3 Updated: June 28, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-51.1.62 Patched: 51.1.63 Updated: June 28, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.9 - Missing Authorization Affected: *-3.0.9 Patched: 3.1.0 Updated: June 28, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.9 - Unauthenticated SQL Injection Affected: *-3.0.9 Patched: 3.1.0 Updated: June 28, 2026

LOW

jet-smart-filters

Score: 93/100 JetSmartFilters <= 3.8.1 - Unauthenticated SQL Injection Affected: *-3.8.1 Patched: 3.8.1.1 Updated: June 28, 2026

LOW

hr-management

Score: 93/100 Employee, Leave and Recruitment Management System – Crew HRM <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: June 28, 2026

LOW

holler-box

Score: 93/100 HollerBox — Fast & Effective Popups & Lead-Generation <= 2.3.10.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.3.10.1 Patched: 2.3.11 Updated: June 28, 2026

LOW

gamipress

Score: 93/100 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.8.7 - Authenticated (Subscriber+) SQL Injection Affected: *-7.8.7 Patched: 7.8.8 Updated: June 28, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 - Authenticated (Subscriber+) SQL Injection Affected: *-3.3.6 Patched: 3.3.7 Updated: June 28, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor Website Builder – more than just a page builder <= 4.1.0 - Missing Authorization Affected: *-4.1.0 Patched: 4.1.1 Updated: June 28, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Booking for Appointments and Events Calendar – Amelia <= 2.3 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.3 Patched: 2.4 Updated: June 28, 2026

LOW

tiled-gallery-carousel-without-jetpack

Score: N/A Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title' Affected: *-3.1 Patched: Updated: June 28, 2026

LOW

easy-cart

Score: N/A Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.8 Patched: Updated: June 28, 2026

LOW

fpw-category-thumbnails

Score: 95/100 FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter Affected: *-1.9.5 Patched: Updated: June 28, 2026

LOW

zem-stl-viewer

Score: N/A ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

birdseed

Score: N/A BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change Affected: *-2.2.0 Patched: Updated: June 28, 2026

LOW

word-replacer

Score: 95/100 Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter Affected: *-0.4 Patched: Updated: June 28, 2026

LOW

hiweb-migration-simple

Score: 89/100 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter Affected: *-2.0.0.1 Patched: Updated: June 28, 2026

LOW

rognone

Score: N/A rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter Affected: *-0.6.2 Patched: Updated: June 28, 2026

LOW

rognone

Score: N/A rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter Affected: *-0.6.2 Patched: Updated: June 28, 2026

LOW

wp-nano-ad

Score: N/A wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter Affected: *-1.31 Patched: Updated: June 28, 2026

LOW

demomentsomtres-shortcodes

Score: N/A DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1.1 Patched: Updated: June 28, 2026

LOW

remove-nofollow-commenter-link

Score: N/A Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

google-plus-one-bottom

Score: N/A Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page Affected: *-0.0.2 Patched: Updated: June 28, 2026

LOW

laiser-tag

Score: N/A Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form Affected: *-1.2.5 Patched: Updated: June 28, 2026

LOW

woo-jtl-connector

Score: N/A JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions Affected: *-2.4.1 Patched: Updated: June 28, 2026

LOW

tectite-forms

Score: N/A Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.3 Patched: Updated: June 28, 2026

LOW

remove-meta-boxes-per-user-role

Score: N/A Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update Affected: *-1.01 Patched: Updated: June 28, 2026

LOW

kirki

Score: N/A Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' Affected: 6.0.0-6.0.6 Patched: 6.0.7 Updated: June 28, 2026

LOW

simple-custom-login-page

Score: N/A Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: June 28, 2026

LOW

auto-image-attributes-from-filename-with-bulk-updater

Score: N/A Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute Affected: *-4.9 Patched: 4.9.1 Updated: June 28, 2026

LOW

revslider

Score: N/A Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation Affected: 6.0.0-6.7.55, 7.0.0-7.0.14 Patched: 6.7.56 Updated: June 28, 2026

LOW

revslider

Score: N/A Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure Affected: 7.0.0-7.0.14 Patched: 7.0.15 Updated: June 28, 2026

LOW

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Score: 90/100 WP Statistics – Simple, privacy-friendly Google Analytics alternative <= 14.16.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-14.16.6 Patched: 14.16.7 Updated: June 28, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A SlimStat Analytics < 5.4.0 - Unauthenticated PHP Object Injection Affected: [*, 5.4.0) Patched: 5.4.0 Updated: June 28, 2026

LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 WP Google Review Slider <= 18.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-18.0 Patched: 18.1 Updated: June 28, 2026

LOW

wp-full-stripe-free

Score: N/A Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions <= 8.4.1 - Missing Authorization Affected: *-8.4.1 Patched: 8.4.2 Updated: June 28, 2026

LOW

woo-product-bundle

Score: N/A WPC Product Bundles for WooCommerce <= 8.5.3 - Missing Authorization Affected: *-8.5.3 Patched: 8.5.4 Updated: June 28, 2026

LOW

vitepos-lite

Score: N/A Vitepos – Point of Sale (POS) for WooCommerce < 3.4.2 - Authenticated (Outlet Manager+) Privilege Escalation Affected: [*, 3.4.2) Patched: 3.4.2 Updated: June 28, 2026

LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.8.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.8.9 Patched: 1.8.10 Updated: June 28, 2026

LOW

tour-booking-manager

Score: N/A Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution <= 2.1.7 - Missing Authorization Affected: *-2.1.7 Patched: 2.1.8 Updated: June 28, 2026

LOW

supportboard

Score: N/A Support Board < 3.8.9 - Unauthenticated Privilege Escalation Affected: [*, 3.8.9) Patched: 3.8.9 Updated: June 28, 2026

LOW

stop-spammer-registrations-plugin

Score: N/A Stop Spammers Classic <= 2026.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-2026.3 Patched: 2026.4 Updated: June 28, 2026

LOW

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.9 - Unauthenticated SQL Injection Affected: *-1.0.9 Patched: 1.1.0 Updated: June 28, 2026

LOW

product-filter-widget-for-elementor

Score: N/A Product Filter Widget for Elementor <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 28, 2026

LOW

mw-wp-form

Score: N/A MW WP Form <= 5.1.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.1.3 Patched: 5.1.4 Updated: June 28, 2026

LOW

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.6 - Reflected Cross-Site Scripting Affected: *-4.3.6 Patched: 4.3.7 Updated: June 28, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.10.0.1 - Unauthenticated Arbitrary File Deletion Affected: *-2.10.0.1 Patched: 2.10.1 Updated: June 28, 2026

LOW

EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

embedpress

Score: 69/100 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more <= 4.5.2 - Unauthenticated Information Exposure Affected: *-4.5.2 Patched: 4.5.3 Updated: June 28, 2026

LOW

easy-invoice

Score: 93/100 Easy Invoice – Invoice Generator, PDF Quotes & Payments <= 2.1.19 - Unauthenticated Remote Code Execution Affected: *-2.1.19 Patched: 2.1.20 Updated: June 28, 2026

LOW

cforms2

Score: 93/100 cformsII <= 15.1.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-15.1.3 Patched: 15.1.4 Updated: June 28, 2026

LOW

booknetic

Score: 91/100 Booknetic <= 4.8.5 - Missing Authorization Affected: *-4.8.5 Patched: Updated: June 28, 2026

LOW

ai-copilot-content-generator

Score: 95/100 AI Chatbot & Workflow Automation by AIWU <= 1.4.17 - Unauthenticated Privilege Escalation Affected: *-1.4.17 Patched: 1.4.19 Updated: June 28, 2026

LOW

advanced-custom-fields

Score: 97/100 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters Affected: *-6.8.1 Patched: 6.8.2 Updated: June 28, 2026

LOW

wp-time-capsule

Score: N/A Backup and Staging by WP Time Capsule <= 1.22.25 - Missing Authorization Affected: *-1.22.25 Patched: 1.22.26 Updated: June 28, 2026

LOW

webinar-ignition

Score: N/A WebinarIgnition – Live, Automated & Evergreen Webinar System also for WooCommerce < 4.08.253 - Unauthenticated Privilege Escalation Affected: [*, 4.08.253) Patched: 4.08.253 Updated: June 28, 2026

LOW

webinar-ignition

Score: N/A WebinarIgnition – Live, Automated & Evergreen Webinar System also for WooCommerce < 4.08.253 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: [*, 4.08.253) Patched: 4.08.253 Updated: June 28, 2026

LOW

posts-table-filterable

Score: N/A TableOn – WordPress Posts Table Filterable <= 1.0.5.1 - Unauthenticated SQL Injection Affected: *-1.0.5.1 Patched: 1.0.6 Updated: June 28, 2026

LOW

favicon-by-realfavicongenerator

Score: 93/100 Favicon by RealFaviconGenerator <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.46 Patched: 1.3.47 Updated: June 28, 2026

LOW

amazonsimpleadmin

Score: 97/100 Affiliate Super Assistent <= 1.10.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.10.1 Patched: 1.10.2 Updated: June 28, 2026

LOW

geo-my-wp

Score: 93/100 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters Affected: *-4.5.5 Patched: 4.5.5.1 Updated: June 28, 2026

LOW

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Score: 77/100 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint Affected: *-5.26.0 Patched: 5.27.0 Updated: June 28, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes Affected: *-2.19.25 Patched: 2.19.26 Updated: June 28, 2026

LOW

wpify-woo

Score: N/A WPify Woo – Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce <= 5.4.1 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-5.4.1 Patched: 5.4.2 Updated: June 28, 2026

LOW

wpcomplete

Score: N/A WPComplete <= 2.9.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.9.5.4 Patched: 2.9.5.5 Updated: June 28, 2026

LOW

wc-multivendor-membership

Score: N/A WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.10 - Missing Authorization Affected: *-2.11.10 Patched: 2.11.11 Updated: June 28, 2026

LOW

Accept Stripe Payments

stripe-payments

Score: N/A Accept Stripe Payments <= 2.0.98 - Unauthenticated Payment Bypass Affected: *-2.0.98 Patched: 2.0.99 Updated: June 28, 2026

LOW

comments-plus

Score: N/A Disable Comments & Delete All Comments <= 1.3.0 - Missing Authorization Affected: *-1.3.0 Patched: 1.3.1 Updated: June 28, 2026

LOW

booking-manager

Score: 93/100 Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar <= 2.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.1.18 Patched: 2.1.19 Updated: June 28, 2026

LOW

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Score: 85/100 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification Affected: *-1.0.271 Patched: 1.0.271.1 Updated: June 28, 2026

LOW

contact-form-7-paypal-add-on

Score: 93/100 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification) Affected: *-2.4.9 Patched: 2.4.10 Updated: June 28, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter Affected: *-3.28.8 Patched: 3.28.29 Updated: June 28, 2026

LOW

media-library-assistant

Score: N/A Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form Affected: *-3.35 Patched: 3.36 Updated: June 28, 2026

LOW

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter Affected: *-6.4.15 Patched: 6.4.16 Updated: June 28, 2026

LOW

link-whisper

Score: 93/100 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.9.0 Patched: 0.9.1 Updated: June 28, 2026

LOW

login-with-phone-number

Score: 93/100 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification Affected: 1.8.50-1.8.60 Patched: 1.8.61 Updated: June 28, 2026

LOW

official-statcounter-plugin-for-wordpress

Score: N/A StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nickname Affected: *-2.1.1 Patched: 2.1.2 Updated: June 28, 2026

LOW

simple-divi-shortcode

Score: N/A Simple Divi Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.2 Patched: 1.2.1 Updated: June 28, 2026

LOW

wp-google-map-gold

Score: N/A WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action Affected: *-6.1.0 Patched: 6.1.1 Updated: June 28, 2026

Showing 401 to 500 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 28, 2026 at 20:58 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List