Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
propertyhive	propertyhive	N/A	PropertyHive <= 2.1.12 - Missing Authorization	LOW	*-2.1.12	2.1.13	June 30, 2026
avcp	avcp	93	ANAC XML Bandi di Gara <= 7.7 - Reflected Cross-Site Scripting	LOW	*-7.7	7.7.1	June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id	LOW	*-4.95		June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-7.4.5	7.4.6	June 30, 2026
external-media	external-media	89	External Media <= 1.0.36 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-1.0.36		June 30, 2026
extensions-leaflet-map	extensions-leaflet-map	93	Extensions for Leaflet Map <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.8	4.9	June 30, 2026
artplacer-widget	artplacer-widget	97	ArtPlacer Widget <= 2.22.9.2 - Authenticated (Contributor+) SQL Injection	LOW	*-2.22.9.2	2.23	June 30, 2026
accordion-slider	accordion-slider	97	Accordion Slider <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.13	1.9.14	June 30, 2026
better-search	better-search	93	Better Search <= 4.2.1 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-4.2.1	4.2.2	June 30, 2026
timetics	timetics	N/A	Timetics <= 1.0.44 - Missing Authorization	LOW	*-1.0.44	1.0.45	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Modula Image Gallery <= 2.13.6 - Missing Authorization	LOW	*-2.13.6	2.13.7	June 30, 2026
hls-crm-form-shortcode	hls-crm-form-shortcode	91	HelloLeads CRM Form Shortcode <= 1.0 - Missing Authorization to Unauthenticated Settings Reset	LOW	*-1.0		June 30, 2026
custom-order-numbers-for-woocommerce	custom-order-numbers-for-woocommerce	93	Custom Order Numbers for WooCommerce <= 1.11.0 - Missing Authorization	LOW	*-1.11.0	1.11.1	June 30, 2026
OneClick Chat to Order	oneclick-whatsapp-order	99	OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure	LOW	*-1.0.8	1.0.9	June 30, 2026
booking-calendar-contact-form	booking-calendar-contact-form	93	Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter	LOW	*-1.2.60	1.2.61	June 30, 2026
gsheetconnector-ninja-forms	gsheetconnector-ninja-forms	93	GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure	LOW	*-2.0.1	2.0.2	June 30, 2026
idonate	idonate	89	IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion	LOW	*-2.1.14	2.1.16	June 30, 2026
appointment-booking-calendar	appointment-booking-calendar	97	Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter	LOW	*-1.3.96	1.3.97	June 30, 2026
cp-contact-form-with-paypal	cp-contact-form-with-paypal	93	CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation	LOW	*-1.3.56	1.3.57	June 30, 2026
subscriptions-memberships-for-paypal	subscriptions-memberships-for-paypal	N/A	Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation	LOW	*-1.1.7	1.1.8	June 30, 2026
cookie-notice	cookie-notice	93	Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.5.8	2.5.9	June 30, 2026
zegen-core	zegen-core	N/A	Zegen Core <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File Upload	LOW	*-2.0.1	2.0.2	June 30, 2026
wps-visitor-counter	wps-visitor-counter	N/A	WPS Visitor Counter <= 1.4.8 - Reflected Cross-Site Scripting	LOW	*-1.4.8		June 30, 2026
wp-record	wp-record	N/A	Construction Light <= 1.6.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation	LOW	*-1.6.7	1.6.8	June 30, 2026
ti-woocommerce-wishlist	ti-woocommerce-wishlist	N/A	TI WooCommerce Wishlist <= 2.10.0 - Missing Authorization	LOW	*-2.10.0	2.11.0	June 30, 2026
supportcandy	supportcandy	N/A	SupportCandy <= 3.4.1 - Cross-Site Request Forgery	LOW	*-3.4.1	3.4.2	June 30, 2026
rafflepress	rafflepress	N/A	Giveaways and Contests by RafflePress <= 1.12.20 - Cross-Site Request Forgery	LOW	*-1.12.20	1.12.21	June 30, 2026
popup-builder-block	popup-builder-block	N/A	PopupKit <= 2.1.5 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.1.5	2.2.0	June 30, 2026
legal-pages	legal-pages	93	Legal Pages <= 1.4.6 - Missing Authorization	LOW	*-1.4.6	1.4.7	June 30, 2026
godam	godam	93	GoDAM <= 1.4.6 - Missing Authorization	LOW	*-1.4.6	1.4.7	June 30, 2026
forumwp	forumwp	93	ForumWP <= 2.1.4 - Missing Authorization	LOW	*-2.1.4	2.1.5	June 30, 2026
Magical Shop Builder – WooCommerce Template Builder for Elementor \| Shop, Cart, Checkout & Product Page Builder	magical-products-display	90	Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget	LOW	*-1.1.29	1.1.30	June 30, 2026
groundhogg	groundhogg	93	Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection	LOW	*-4.2.6.1	4.2.7	June 30, 2026
etruel-del-post-copies	etruel-del-post-copies	93	WP Delete Post Copies <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-6.0.2	6.0.3	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function	LOW	*-1.4.3	1.4.4	June 30, 2026
bigbuy-wc-dropshipping-connector	bigbuy-wc-dropshipping-connector	91	BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure	LOW	*-2.0.5		June 30, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection	LOW	*-3.0.0	3.0.1	June 30, 2026
post-expirator	post-expirator	N/A	Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification	LOW	*-4.9.1	4.9.2	June 30, 2026
vitepos-lite	vitepos-lite	N/A	Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution	LOW	*-3.3.0	3.3.1	June 30, 2026
wp-google-street-view-shortcode	wp-google-street-view-shortcode	N/A	Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.5.7		June 30, 2026
wp-company-info	wp-company-info	N/A	WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.9.0		June 30, 2026
wpsite-shortcode	wpsite-shortcode	N/A	WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2		June 30, 2026
keydatas	keydatas	93	简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read	LOW	*-2.6.3	2.6.4	June 30, 2026
echbay-admin-security	echbay-admin-security	93	EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting	LOW	*-1.3.0	1.3.1	June 30, 2026
flo-forms	flo-forms	89	Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload	LOW	*-1.0.43		June 30, 2026
display-pages-shortcode	display-pages-shortcode	91	Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
hotelrunner	hotelrunner	89	HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.2.4		June 30, 2026
realty-portal	realty-portal	N/A	Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	LOW	0.1-0.4.1		June 30, 2026
stock-tools	stock-tools	N/A	Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
custom-post-type	custom-post-type	91	Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion	LOW	*-1.0		June 30, 2026
wallwisher-shortcode	wallwisher-shortcode	N/A	Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.3		June 30, 2026
brighttalk-wp-shortcode	brighttalk-wp-shortcode	91	BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.0		June 30, 2026
surbma-minicrm-shortcode	surbma-minicrm-shortcode	N/A	Surbma \| MiniCRM Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0	2.0.1	June 30, 2026
bulma-shortcodes	bulma-shortcodes	91	Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
pollcaster-shortcode	pollcaster-shortcode	N/A	Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0		June 30, 2026
shortcodes-bootstrap	shortcodes-bootstrap	N/A	Shortcodes Bootstrap <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
authorsure	authorsure	89	AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.3		June 30, 2026
audiotube	audiotube	91	AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.0.3		June 30, 2026
tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop	tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop	N/A	Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authorization to Authenticated (Subscriber+) Contract Address Update	LOW	*-2.4.7	2.4.8	June 30, 2026
tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop	tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop	N/A	Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authentication to Unauthenticated Presale Update	LOW	*-2.4.7	2.4.8	June 30, 2026
wp-audio-gallery	wp-audio-gallery	N/A	WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter	LOW	*-2.0		June 30, 2026
tips-shortcode	tips-shortcode	N/A	Tips Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.2.1		June 30, 2026
uipress-lite	uipress-lite	N/A	UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-3.5.08		June 30, 2026
uipress-lite	uipress-lite	N/A	UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.5.08		June 30, 2026
uipress-lite	uipress-lite	N/A	UiPress lite \| Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update	LOW	*-3.5.08	3.5.09	June 30, 2026
islamic-phrases	islamic-phrases	91	Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.12.2015		June 30, 2026
woo-refund-and-exchange-lite	woo-refund-and-exchange-lite	N/A	Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation	LOW	*-4.5.5	4.5.6	June 30, 2026
woo-refund-and-exchange-lite	woo-refund-and-exchange-lite	N/A	Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read	LOW	*-4.5.5	4.5.6	June 30, 2026
jc-importer	jc-importer	93	Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure	LOW	*-2.14.17	2.14.18	June 30, 2026
checkbox	checkbox	93	Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing	LOW	*-2.8.10	2.8.11	June 30, 2026
url-image-importer	url-image-importer	N/A	URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload	LOW	1.0-1.0.6	1.0.7	June 30, 2026
tainacan	tainacan	N/A	Tainacan <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0	1.0.1	June 30, 2026
wpbookit	wpbookit	N/A	WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.0.6	1.0.7	June 30, 2026
affiliate-ai-lite	affiliate-ai-lite	97	Affiliate AI Lite <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1	1.0.2	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload	LOW	*-3.3.1	3.3.2	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore	LOW	*-3.3.1	3.3.2	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty	LOW	*-3.3.1	3.3.2	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore	LOW	*-3.3.1	3.3.2	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion	LOW	*-3.3.0	3.3.1	June 30, 2026
learnpress	learnpress	93	LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure	LOW	*-4.2.9.4	4.3.0	June 30, 2026
s2b-ai-assistant	s2b-ai-assistant	N/A	S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload	LOW	*-1.7.8	1.7.9	June 30, 2026
woo-payment-bkash	woo-payment-bkash	N/A	Payment Gateway bKash for WC <= 3.1.0 - Missing Authorization	LOW	*-3.1.0		June 30, 2026
wp-registration	wp-registration	N/A	Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-6.6	6.7	June 30, 2026
tainacan	tainacan	N/A	Tainacan <= 1.0.0 - Unauthenticated Information Exposure	LOW	*-1.0.0	1.0.1	June 30, 2026
fluent-crm	fluent-crm	93	FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode	LOW	*-2.9.84	2.9.85	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal	LOW	*-3.3.1	3.3.2	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'	LOW	*-3.2.9	3.3.0	June 30, 2026
cf-images	cf-images	93	Offload, AI & Optimize with Cloudflare Images <= 1.9.5 - Missing Authorization	LOW	*-1.9.5	1.9.6	June 30, 2026
better-chat-support	better-chat-support	93	Better Chat Support for Messenger <= 1.2.18 - Missing Authorization	LOW	*-1.2.18	1.2.19	June 30, 2026
ultimate-member-widgets-for-elementor	ultimate-member-widgets-for-elementor	N/A	Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure	LOW	*-2.3	2.4	June 30, 2026
walker-core	walker-core	N/A	Walker Core <= 1.3.17 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.17	1.3.18	June 30, 2026
tp-woocommerce-product-gallery	tp-woocommerce-product-gallery	N/A	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-1.1.9	2.0.0	June 30, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-1.7.1031	1.7.1032	June 30, 2026
portfolio-wp	portfolio-wp	N/A	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-2.2.1	2.2.2	June 30, 2026
lightgallerywp	lightgallerywp	91	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-1.0.5		June 30, 2026
image-hover-effects-ultimate	image-hover-effects-ultimate	91	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-9.10.5		June 30, 2026
ibtana-visual-editor	ibtana-visual-editor	91	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-1.2.5.1	1.2.5.2	June 30, 2026
handl-utm-grabber	handl-utm-grabber	93	HandL UTM Grabber / Tracker <= 2.8.0 - Reflected Cross-Site Scripting	LOW	*-2.8.0	2.8.1	June 30, 2026
handl-utm-grabber	handl-utm-grabber	93	HandL UTM Grabber / Tracker <= 2.8.0 - Reflected Cross-Site Scripting	LOW	*-2.8.0	2.8.1	June 30, 2026
gallery-with-thumbnail-slider	gallery-with-thumbnail-slider	91	Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	LOW	*-7.8		June 30, 2026

LOW

propertyhive

Score: N/A PropertyHive <= 2.1.12 - Missing Authorization Affected: *-2.1.12 Patched: 2.1.13 Updated: June 30, 2026

LOW

avcp

Score: 93/100 ANAC XML Bandi di Gara <= 7.7 - Reflected Cross-Site Scripting Affected: *-7.7 Patched: 7.7.1 Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id Affected: *-4.95 Patched: Updated: June 30, 2026

LOW

shortcodes-ultimate

Score: N/A WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-7.4.5 Patched: 7.4.6 Updated: June 30, 2026

LOW

external-media

Score: 89/100 External Media <= 1.0.36 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.0.36 Patched: Updated: June 30, 2026

LOW

extensions-leaflet-map

Score: 93/100 Extensions for Leaflet Map <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.8 Patched: 4.9 Updated: June 30, 2026

LOW

artplacer-widget

Score: 97/100 ArtPlacer Widget <= 2.22.9.2 - Authenticated (Contributor+) SQL Injection Affected: *-2.22.9.2 Patched: 2.23 Updated: June 30, 2026

LOW

accordion-slider

Score: 97/100 Accordion Slider <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.13 Patched: 1.9.14 Updated: June 30, 2026

LOW

better-search

Score: 93/100 Better Search <= 4.2.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

timetics

Score: N/A Timetics <= 1.0.44 - Missing Authorization Affected: *-1.0.44 Patched: 1.0.45 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Modula Image Gallery <= 2.13.6 - Missing Authorization Affected: *-2.13.6 Patched: 2.13.7 Updated: June 30, 2026

LOW

hls-crm-form-shortcode

Score: 91/100 HelloLeads CRM Form Shortcode <= 1.0 - Missing Authorization to Unauthenticated Settings Reset Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

custom-order-numbers-for-woocommerce

Score: 93/100 Custom Order Numbers for WooCommerce <= 1.11.0 - Missing Authorization Affected: *-1.11.0 Patched: 1.11.1 Updated: June 30, 2026

LOW

OneClick Chat to Order

oneclick-whatsapp-order

Score: 99/100 OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

LOW

Score: 93/100 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter Affected: *-1.2.60 Patched: 1.2.61 Updated: June 30, 2026

LOW

gsheetconnector-ninja-forms

Score: 93/100 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

idonate

Score: 89/100 IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion Affected: *-2.1.14 Patched: 2.1.16 Updated: June 30, 2026

LOW

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter Affected: *-1.3.96 Patched: 1.3.97 Updated: June 30, 2026

LOW

cp-contact-form-with-paypal

Score: 93/100 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation Affected: *-1.3.56 Patched: 1.3.57 Updated: June 30, 2026

LOW

subscriptions-memberships-for-paypal

Score: N/A Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

cookie-notice

Score: 93/100 Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.5.8 Patched: 2.5.9 Updated: June 30, 2026

LOW

zegen-core

Score: N/A Zegen Core <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

wps-visitor-counter

Score: N/A WPS Visitor Counter <= 1.4.8 - Reflected Cross-Site Scripting Affected: *-1.4.8 Patched: Updated: June 30, 2026

LOW

wp-record

Score: N/A Construction Light <= 1.6.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation Affected: *-1.6.7 Patched: 1.6.8 Updated: June 30, 2026

LOW

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist <= 2.10.0 - Missing Authorization Affected: *-2.10.0 Patched: 2.11.0 Updated: June 30, 2026

LOW

supportcandy

Score: N/A SupportCandy <= 3.4.1 - Cross-Site Request Forgery Affected: *-3.4.1 Patched: 3.4.2 Updated: June 30, 2026

LOW

rafflepress

Score: N/A Giveaways and Contests by RafflePress <= 1.12.20 - Cross-Site Request Forgery Affected: *-1.12.20 Patched: 1.12.21 Updated: June 30, 2026

LOW

popup-builder-block

Score: N/A PopupKit <= 2.1.5 - Authenticated (Subscriber+) SQL Injection Affected: *-2.1.5 Patched: 2.2.0 Updated: June 30, 2026

LOW

legal-pages

Score: 93/100 Legal Pages <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: 1.4.7 Updated: June 30, 2026

LOW

godam

Score: 93/100 GoDAM <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: 1.4.7 Updated: June 30, 2026

LOW

forumwp

Score: 93/100 ForumWP <= 2.1.4 - Missing Authorization Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder

magical-products-display

Score: 90/100 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget Affected: *-1.1.29 Patched: 1.1.30 Updated: June 30, 2026

LOW

groundhogg

Score: 93/100 Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection Affected: *-4.2.6.1 Patched: 4.2.7 Updated: June 30, 2026

LOW

etruel-del-post-copies

Score: 93/100 WP Delete Post Copies <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-6.0.2 Patched: 6.0.3 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

bigbuy-wc-dropshipping-connector

Score: 91/100 BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure Affected: *-2.0.5 Patched: Updated: June 30, 2026

LOW

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection Affected: *-3.0.0 Patched: 3.0.1 Updated: June 30, 2026

LOW

post-expirator

Score: N/A Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification Affected: *-4.9.1 Patched: 4.9.2 Updated: June 30, 2026

LOW

vitepos-lite

Score: N/A Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026

LOW

wp-google-street-view-shortcode

Score: N/A Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.5.7 Patched: Updated: June 30, 2026

LOW

wp-company-info

Score: N/A WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.9.0 Patched: Updated: June 30, 2026

LOW

wpsite-shortcode

Score: N/A WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

keydatas

Score: 93/100 简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read Affected: *-2.6.3 Patched: 2.6.4 Updated: June 30, 2026

LOW

echbay-admin-security

Score: 93/100 EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

flo-forms

Score: 89/100 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload Affected: *-1.0.43 Patched: Updated: June 30, 2026

LOW

display-pages-shortcode

Score: 91/100 Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

hotelrunner

Score: 89/100 HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2.4 Patched: Updated: June 30, 2026

LOW

realty-portal

Score: N/A Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: 0.1-0.4.1 Patched: Updated: June 30, 2026

LOW

stock-tools

Score: N/A Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

custom-post-type

Score: 91/100 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wallwisher-shortcode

Score: N/A Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

brighttalk-wp-shortcode

Score: 91/100 BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.0 Patched: Updated: June 30, 2026

LOW

surbma-minicrm-shortcode

Score: N/A Surbma | MiniCRM Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

bulma-shortcodes

Score: 91/100 Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

pollcaster-shortcode

Score: N/A Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

shortcodes-bootstrap

Score: N/A Shortcodes Bootstrap <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

authorsure

Score: 89/100 AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

audiotube

Score: 91/100 AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.3 Patched: Updated: June 30, 2026

LOW

tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop

Score: N/A Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authorization to Authenticated (Subscriber+) Contract Address Update Affected: *-2.4.7 Patched: 2.4.8 Updated: June 30, 2026

LOW

tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop

Score: N/A Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authentication to Unauthenticated Presale Update Affected: *-2.4.7 Patched: 2.4.8 Updated: June 30, 2026

LOW

wp-audio-gallery

Score: N/A WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

tips-shortcode

Score: N/A Tips Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.1 Patched: Updated: June 30, 2026

LOW

uipress-lite

Score: N/A UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-3.5.08 Patched: Updated: June 30, 2026

LOW

uipress-lite

Score: N/A UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.5.08 Patched: Updated: June 30, 2026

LOW

uipress-lite

Score: N/A UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Affected: *-3.5.08 Patched: 3.5.09 Updated: June 30, 2026

LOW

islamic-phrases

Score: 91/100 Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.12.2015 Patched: Updated: June 30, 2026

LOW

woo-refund-and-exchange-lite

Score: N/A Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation Affected: *-4.5.5 Patched: 4.5.6 Updated: June 30, 2026

LOW

woo-refund-and-exchange-lite

Score: N/A Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read Affected: *-4.5.5 Patched: 4.5.6 Updated: June 30, 2026

LOW

jc-importer

Score: 93/100 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure Affected: *-2.14.17 Patched: 2.14.18 Updated: June 30, 2026

LOW

checkbox

Score: 93/100 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing Affected: *-2.8.10 Patched: 2.8.11 Updated: June 30, 2026

LOW

url-image-importer

Score: N/A URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload Affected: 1.0-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

tainacan

Score: N/A Tainacan <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

wpbookit

Score: N/A WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

affiliate-ai-lite

Score: 97/100 Affiliate AI Lite <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure Affected: *-4.2.9.4 Patched: 4.3.0 Updated: June 30, 2026

LOW

s2b-ai-assistant

Score: N/A S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload Affected: *-1.7.8 Patched: 1.7.9 Updated: June 30, 2026

LOW

woo-payment-bkash

Score: N/A Payment Gateway bKash for WC <= 3.1.0 - Missing Authorization Affected: *-3.1.0 Patched: Updated: June 30, 2026

LOW

wp-registration

Score: N/A Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-6.6 Patched: 6.7 Updated: June 30, 2026

LOW

tainacan

Score: N/A Tainacan <= 1.0.0 - Unauthenticated Information Exposure Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

fluent-crm

Score: 93/100 FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode Affected: *-2.9.84 Patched: 2.9.85 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' Affected: *-3.2.9 Patched: 3.3.0 Updated: June 30, 2026

LOW

cf-images

Score: 93/100 Offload, AI & Optimize with Cloudflare Images <= 1.9.5 - Missing Authorization Affected: *-1.9.5 Patched: 1.9.6 Updated: June 30, 2026

LOW

better-chat-support

Score: 93/100 Better Chat Support for Messenger <= 1.2.18 - Missing Authorization Affected: *-1.2.18 Patched: 1.2.19 Updated: June 30, 2026

LOW

ultimate-member-widgets-for-elementor

Score: N/A Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure Affected: *-2.3 Patched: 2.4 Updated: June 30, 2026

LOW

walker-core

Score: N/A Walker Core <= 1.3.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.17 Patched: 1.3.18 Updated: June 30, 2026

LOW

tp-woocommerce-product-gallery

Score: N/A Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library Affected: *-1.1.9 Patched: 2.0.0 Updated: June 30, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

LOW

portfolio-wp

LOW

lightgallerywp

Score: 91/100 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

image-hover-effects-ultimate

LOW

ibtana-visual-editor

LOW

handl-utm-grabber

Score: 93/100 HandL UTM Grabber / Tracker <= 2.8.0 - Reflected Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: June 30, 2026

LOW

handl-utm-grabber

Score: 93/100 HandL UTM Grabber / Tracker <= 2.8.0 - Reflected Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: June 30, 2026

LOW

gallery-with-thumbnail-slider

Showing 4901 to 5000 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 06:54 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List