Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
code-snippets	code-snippets	93	Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains	LOW	*-3.9.1	3.9.2	June 30, 2026
SiteSEO – SEO Simplified	siteseo	94	SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure	LOW	*-1.3.2	1.3.3	June 30, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder	sureforms	N/A	SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution	LOW	*-1.13.1	1.13.2	June 30, 2026
wp-ultimate-csv-importer	wp-ultimate-csv-importer	N/A	WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import	LOW	*-7.33.1	7.34	June 30, 2026
funnel-builder	funnel-builder	93	FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode	LOW	*-3.13.1.2	3.13.1.3	June 30, 2026
ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form	chat-help	89	Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure	LOW	*-3.1.3	3.1.4	June 30, 2026
SiteSEO – SEO Simplified	siteseo	94	SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset	LOW	*-1.3.2	1.3.3	June 30, 2026
community-events	community-events	93	Community Events <= 1.5.4 - Unauthenticated SQL Injection	LOW	*-1.5.4	1.5.5	June 30, 2026
wschat-live-chat	wschat-live-chat	N/A	WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset	LOW	*-3.1.6	3.1.7	June 30, 2026
timeslot	timeslot	N/A	Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending	LOW	*-1.4.7	1.4.8	June 30, 2026
login-register-using-jwt	login-register-using-jwt	93	WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure	LOW	*-3.0.0	3.1.0	June 30, 2026
responsive-lightbox	responsive-lightbox	N/A	Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery	LOW	*-2.5.3	2.5.4	June 30, 2026
profile-builder	profile-builder	N/A	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.14.8	3.14.9	June 30, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress	email-subscribers	65	Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger	LOW	*-5.9.10	5.9.11	June 30, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure	LOW	*-6.7.0.80	6.7.0.81	June 30, 2026
new-user-approve	new-user-approve	N/A	New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling	LOW	*-3.0.9	3.1.0	June 30, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.1036	1.7.1037	June 30, 2026
yith-woocommerce-wishlist	yith-woocommerce-wishlist	N/A	YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion	LOW	*-4.10.0	4.10.1	June 30, 2026
yith-woocommerce-wishlist	yith-woocommerce-wishlist	N/A	YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename	LOW	*-4.10.0	4.10.1	June 30, 2026
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing	woocommerce-google-adwords-conversion-tracking-tag	93	Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure	LOW	*-1.49.2	1.49.3	June 30, 2026
icon-list-block	icon-list-block	93	Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.2.1	1.2.2	June 30, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress	ai-engine	82	AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery	LOW	*-3.1.8	3.1.9	June 30, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.4.10 - Missing Authorization	LOW	*-2.4.10	2.4.11	June 30, 2026
wpematico	wpematico	N/A	WPeMatico RSS Feed Fetcher <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-2.8.12	2.8.13	June 30, 2026
tier-management-petfinder	tier-management-petfinder	N/A	Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode	LOW	*-3.6.1	3.6.2	June 30, 2026
grandrestaurant-elementor	grandrestaurant-elementor	91	Grand Restaurant Theme Elements for Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.1		June 30, 2026
give	give	93	GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'	LOW	*-4.13.0	4.13.1	June 30, 2026
gf-freshdesk	gf-freshdesk	93	Gravity Forms FreshDesk <= 1.3.5 - Unauthenticated Open Redirect	LOW	*-1.3.5	1.3.6	June 30, 2026
fv-antispam	fv-antispam	93	FV Antispam <= 2.7 - Reflected Cross-Site Scripting	LOW	*-2.7	2.8	June 30, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets	essential-addons-for-elementor-lite	85	Essential Addons for Elementor <= 6.5.5 - Missing Authorization	LOW	*-6.5.5	6.5.6	June 30, 2026
eagle-booking	eagle-booking	87	Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-1.3.4.3		June 30, 2026
eagle-booking	eagle-booking	87	Eagle Booking <= 1.3.4.3 - Missing Authorization to Authenticated (Subscriber+) Settings Change	LOW	*-1.3.4.3		June 30, 2026
directorist	directorist	93	Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update	LOW	*-8.5.2	8.5.3	June 30, 2026
custom-admin-menu	custom-admin-menu	89	Custom Admin Menu <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
csv-to-sorttable	csv-to-sorttable	89	CSV to SortTable <= 4.2 - Authenticated (Contributor+) Local File Inclusion	LOW	*-4.2		June 30, 2026
cbxwpbookmark	cbxwpbookmark	93	CBX Bookmark & Favorite <= 2.0.1 - Missing Authorization	LOW	*-2.0.1	2.0.2	June 30, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Amelia 1.2.18 - 1.2.36 - Unauthenticated Sensitive Information Exposure	LOW	1.2.18-1.2.36	1.2.37	June 30, 2026
wp-migrate-db	wp-migrate-db	N/A	WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery	LOW	*-2.7.6	2.7.7	June 30, 2026
wp-duplicate-page	wp-duplicate-page	N/A	WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure	LOW	*-1.7	1.8	June 30, 2026
enable-svg-webp-ico-upload	enable-svg-webp-ico-upload	93	Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass	LOW	*-1.1.3	1.1.4	June 30, 2026
live-sales-notifications-for-woocommerce	live-sales-notifications-for-woocommerce	93	Live sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure	LOW	*-2.3.39	2.3.40	June 30, 2026
enable-svg-webp-ico-upload	enable-svg-webp-ico-upload	93	Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads	LOW	*-1.1.2	1.1.3	June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget	LOW	*-8.3.4	8.3.5	June 30, 2026
triplea-cryptocurrency-payment-gateway-for-woocommerce	triplea-cryptocurrency-payment-gateway-for-woocommerce	N/A	Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update	LOW	*-2.0.25	2.0.26	June 30, 2026
bp-restrict	bp-restrict	93	Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update	LOW	*-1.5.2	1.5.3	June 30, 2026
a3-user-importer	a3-user-importer	95	Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection	LOW	*-1.1.7		June 30, 2026
catalog-mode-pricing-enquiry-forms-promotions	catalog-mode-pricing-enquiry-forms-promotions	93	wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions \| for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure	LOW	*-1.2.2	1.3	June 30, 2026
twitter-auto-publish	twitter-auto-publish	N/A	WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage	LOW	*-1.7.4	1.7.5	June 30, 2026
meta-display-block	meta-display-block	91	Meta Display Block <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
photonic	photonic	N/A	Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute	LOW	*-3.21	3.22	June 30, 2026
Checkout Files Upload for WooCommerce	checkout-files-upload-woocommerce	98	Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.2.1	2.2.2	June 30, 2026
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links	broken-link-checker-seo	93	Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing	LOW	*-1.2.5	1.2.6	June 30, 2026
gutenify	gutenify	91	Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block	LOW	*-1.5.9		June 30, 2026
coil-web-monetization	coil-web-monetization	91	Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery	LOW	*-2.0.2		June 30, 2026
acf-flexible-layouts-manager	acf-flexible-layouts-manager	95	ACF Flexible Layouts Manager <= 1.1.6 - Missing Authorization to Unauthenticated Custom Field Update	LOW	*-1.1.6		June 30, 2026
everviz	everviz	91	everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
top-friends	top-friends	N/A	Top Friends <= 0.3 - Cross-Site Request Forgery to Settings Update	LOW	*-0.3		June 30, 2026
category-and-product-woocommerce-tabs	category-and-product-woocommerce-tabs	91	Category and Product Woocommerce Tabs <= 1.0 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.0		June 30, 2026
download-panel	download-panel	91	Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification	LOW	*-1.3.3		June 30, 2026
like-it	like-it	91	Like-it <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.2		June 30, 2026
local-syndication	local-syndication	91	Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode	LOW	* - 1.5a		June 30, 2026
artibot	artibot	95	ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage	LOW	*-1.1.7		June 30, 2026
multiple-roles-per-user	multiple-roles-per-user	N/A	Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation	LOW	*-1.0		June 30, 2026
the-permalinks-cascade	the-permalinks-cascade	N/A	The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update	LOW	*-2.2		June 30, 2026
wp-dropzone	wp-dropzone	N/A	WP Dropzone <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.1.0	1.1.1	June 30, 2026
csv-to-sorttable	csv-to-sorttable	89	CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2		June 30, 2026
wp-admin-microblog	wp-admin-microblog	N/A	WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation	LOW	*-3.1.1		June 30, 2026
project-honey-pot-spam-trap	project-honey-pot-spam-trap	N/A	Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
premmerce-woocommerce-wholesale-pricing	premmerce-woocommerce-wholesale-pricing	N/A	Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.1.10	1.1.11	June 30, 2026
pie-forms-for-wp	pie-forms-for-wp	N/A	Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload	LOW	*-1.6		June 30, 2026
rometheme-for-elementor	rometheme-for-elementor	N/A	RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute	LOW	*-1.6.5	1.6.6	June 30, 2026
vk-all-in-one-expansion-unit	vk-all-in-one-expansion-unit	N/A	VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-9.112.1	9.112.2	June 30, 2026
vk-all-in-one-expansion-unit	vk-all-in-one-expansion-unit	N/A	VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-9.112.1	9.112.2	June 30, 2026
post-type-switcher	post-type-switcher	N/A	Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change	LOW	*-4.0.0	4.0.1	June 30, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload	LOW	*-2.9.21.1	2.9.22	June 30, 2026
classified-listing	classified-listing	93	Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description	LOW	*-5.0.3	5.0.4	June 30, 2026
woocommerce-product-addon	woocommerce-product-addon	N/A	PPOM for WooCommerce <= 33.0.16 - Missing Authorization	LOW	*-33.0.16	33.0.17	June 30, 2026
wappointment	wappointment	N/A	Wappointment <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.6.9	2.7.0	June 30, 2026
restropress	restropress	N/A	RestroPress <= 3.2.3.5 - Missing Authorization	LOW	*-3.2.3.5	3.2.3.6	June 30, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search	LOW	*-1.2.35	1.2.36	June 30, 2026
wpfunnels	wpfunnels	N/A	WPFunnels <= 3.6.2 - Missing Authorization	LOW	*-3.6.2	3.6.3	June 30, 2026
contact-form-to-email	contact-form-to-email	93	Contact Form Email <= 1.3.58 - Missing Authorization	LOW	*-1.3.58	1.3.59	June 30, 2026
bookit	bookit	93	Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Settings Update	LOW	*-2.5.0	2.5.1	June 30, 2026
appointment-booking-calendar	appointment-booking-calendar	97	Appointment Booking Calendar <= 1.3.95 - Missing Authorization	LOW	*-1.3.95	1.3.96	June 30, 2026
contest-gallery	contest-gallery	93	Contest Gallery <= 28.0.2 - Missing Authorization	LOW	*-28.0.2	28.0.3	June 30, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion	LOW	*-4.8.9	4.9.0	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move	LOW	*-2.12.28	2.12.29	June 30, 2026
qi-blocks	qi-blocks	N/A	Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize	LOW	*-1.4.3	1.4.4	June 30, 2026
wp-youtube-lyte	wp-youtube-lyte	N/A	YouTube Lyte <= 1.7.28 - Open Redirect	LOW	*-1.7.28	1.7.29	June 30, 2026
WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets	wp-social-reviews	N/A	Social Ninja <= 3.20.1 - Missing Authorization	LOW	*-3.20.1	3.20.2	June 30, 2026
WP Google Review Slider	wp-google-places-review-slider	70	Google Review Slider <= 17.4 - Missing Authorization	LOW	*-17.4	17.6	June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.150 - Missing Authorization	LOW	*-1.2.150	1.2.151	June 30, 2026
woffice-core	woffice-core	N/A	Woffice Core <= 5.4.30 - Missing Authorization	LOW	*-5.4.30	5.4.31	June 30, 2026
wedevs-project-manager	wedevs-project-manager	N/A	WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'	LOW	*-2.6.26	2.6.27	June 30, 2026
survey-maker	survey-maker	N/A	Survey Maker <= 5.1.9.4 - Missing Authorization	LOW	*-5.1.9.4	5.1.9.5	June 30, 2026
stylish-cost-calculator	stylish-cost-calculator	N/A	Stylish Cost Calculator <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.1.5	8.1.6	June 30, 2026
skt-skill-bar	skt-skill-bar	N/A	SKT Skill Bar <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.5	2.6	June 30, 2026
select-core	select-core	N/A	Select Core < 2.6 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 2.6)	2.6	June 30, 2026
select-core	select-core	N/A	Select Core < 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 2.6)	2.6	June 30, 2026
wpschoolpress	wpschoolpress	N/A	School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection	LOW	*-2.2.23	2.2.24	June 30, 2026

LOW

code-snippets

Score: 93/100 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains Affected: *-3.9.1 Patched: 3.9.2 Updated: June 30, 2026

LOW

SiteSEO – SEO Simplified

siteseo

Score: 94/100 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure Affected: *-1.3.2 Patched: 1.3.3 Updated: June 30, 2026

LOW

SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder

sureforms

Score: N/A SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution Affected: *-1.13.1 Patched: 1.13.2 Updated: June 30, 2026

LOW

wp-ultimate-csv-importer

Score: N/A WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import Affected: *-7.33.1 Patched: 7.34 Updated: June 30, 2026

LOW

Score: 93/100 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode Affected: *-3.13.1.2 Patched: 3.13.1.3 Updated: June 30, 2026

LOW

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form

chat-help

Score: 89/100 Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

SiteSEO – SEO Simplified

siteseo

Score: 94/100 SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset Affected: *-1.3.2 Patched: 1.3.3 Updated: June 30, 2026

LOW

community-events

Score: 93/100 Community Events <= 1.5.4 - Unauthenticated SQL Injection Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026

LOW

wschat-live-chat

Score: N/A WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset Affected: *-3.1.6 Patched: 3.1.7 Updated: June 30, 2026

LOW

timeslot

Score: N/A Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

login-register-using-jwt

Score: 93/100 WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure Affected: *-3.0.0 Patched: 3.1.0 Updated: June 30, 2026

LOW

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery Affected: *-2.5.3 Patched: 2.5.4 Updated: June 30, 2026

LOW

profile-builder

Score: N/A User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.14.8 Patched: 3.14.9 Updated: June 30, 2026

LOW

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Score: 65/100 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger Affected: *-5.9.10 Patched: 5.9.11 Updated: June 30, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure Affected: *-6.7.0.80 Patched: 6.7.0.81 Updated: June 30, 2026

LOW

new-user-approve

Score: N/A New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling Affected: *-3.0.9 Patched: 3.1.0 Updated: June 30, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.1036 Patched: 1.7.1037 Updated: June 30, 2026

LOW

yith-woocommerce-wishlist

Score: N/A YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion Affected: *-4.10.0 Patched: 4.10.1 Updated: June 30, 2026

LOW

yith-woocommerce-wishlist

Score: N/A YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename Affected: *-4.10.0 Patched: 4.10.1 Updated: June 30, 2026

LOW

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Score: 93/100 Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure Affected: *-1.49.2 Patched: 1.49.3 Updated: June 30, 2026

LOW

icon-list-block

Score: 93/100 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

Score: 82/100 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery Affected: *-3.1.8 Patched: 3.1.9 Updated: June 30, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.4.10 - Missing Authorization Affected: *-2.4.10 Patched: 2.4.11 Updated: June 30, 2026

LOW

wpematico

Score: N/A WPeMatico RSS Feed Fetcher <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.8.12 Patched: 2.8.13 Updated: June 30, 2026

LOW

tier-management-petfinder

Score: N/A Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode Affected: *-3.6.1 Patched: 3.6.2 Updated: June 30, 2026

LOW

grandrestaurant-elementor

Score: 91/100 Grand Restaurant Theme Elements for Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: June 30, 2026

LOW

give

Score: 93/100 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' Affected: *-4.13.0 Patched: 4.13.1 Updated: June 30, 2026

LOW

gf-freshdesk

Score: 93/100 Gravity Forms FreshDesk <= 1.3.5 - Unauthenticated Open Redirect Affected: *-1.3.5 Patched: 1.3.6 Updated: June 30, 2026

LOW

fv-antispam

Score: 93/100 FV Antispam <= 2.7 - Reflected Cross-Site Scripting Affected: *-2.7 Patched: 2.8 Updated: June 30, 2026

LOW

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Score: 85/100 Essential Addons for Elementor <= 6.5.5 - Missing Authorization Affected: *-6.5.5 Patched: 6.5.6 Updated: June 30, 2026

LOW

eagle-booking

Score: 87/100 Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-1.3.4.3 Patched: Updated: June 30, 2026

LOW

eagle-booking

Score: 87/100 Eagle Booking <= 1.3.4.3 - Missing Authorization to Authenticated (Subscriber+) Settings Change Affected: *-1.3.4.3 Patched: Updated: June 30, 2026

LOW

directorist

Score: 93/100 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update Affected: *-8.5.2 Patched: 8.5.3 Updated: June 30, 2026

LOW

custom-admin-menu

Score: 89/100 Custom Admin Menu <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

csv-to-sorttable

Score: 89/100 CSV to SortTable <= 4.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.2 Patched: Updated: June 30, 2026

LOW

cbxwpbookmark

Score: 93/100 CBX Bookmark & Favorite <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Amelia 1.2.18 - 1.2.36 - Unauthenticated Sensitive Information Exposure Affected: 1.2.18-1.2.36 Patched: 1.2.37 Updated: June 30, 2026

LOW

wp-migrate-db

Score: N/A WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery Affected: *-2.7.6 Patched: 2.7.7 Updated: June 30, 2026

LOW

wp-duplicate-page

Score: N/A WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure Affected: *-1.7 Patched: 1.8 Updated: June 30, 2026

LOW

enable-svg-webp-ico-upload

Score: 93/100 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

live-sales-notifications-for-woocommerce

Score: 93/100 Live sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure Affected: *-2.3.39 Patched: 2.3.40 Updated: June 30, 2026

LOW

enable-svg-webp-ico-upload

Score: 93/100 Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads Affected: *-1.1.2 Patched: 1.1.3 Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget Affected: *-8.3.4 Patched: 8.3.5 Updated: June 30, 2026

LOW

triplea-cryptocurrency-payment-gateway-for-woocommerce

Score: N/A Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update Affected: *-2.0.25 Patched: 2.0.26 Updated: June 30, 2026

LOW

bp-restrict

Score: 93/100 Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

a3-user-importer

Score: 95/100 Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

catalog-mode-pricing-enquiry-forms-promotions

Score: 93/100 wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure Affected: *-1.2.2 Patched: 1.3 Updated: June 30, 2026

LOW

twitter-auto-publish

Score: N/A WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage Affected: *-1.7.4 Patched: 1.7.5 Updated: June 30, 2026

LOW

meta-display-block

Score: 91/100 Meta Display Block <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

photonic

Score: N/A Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute Affected: *-3.21 Patched: 3.22 Updated: June 30, 2026

LOW

Checkout Files Upload for WooCommerce

checkout-files-upload-woocommerce

Score: 98/100 Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

Score: 93/100 Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

gutenify

Score: 91/100 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block Affected: *-1.5.9 Patched: Updated: June 30, 2026

LOW

coil-web-monetization

Score: 91/100 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

acf-flexible-layouts-manager

Score: 95/100 ACF Flexible Layouts Manager <= 1.1.6 - Missing Authorization to Unauthenticated Custom Field Update Affected: *-1.1.6 Patched: Updated: June 30, 2026

LOW

everviz

Score: 91/100 everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

top-friends

Score: N/A Top Friends <= 0.3 - Cross-Site Request Forgery to Settings Update Affected: *-0.3 Patched: Updated: June 30, 2026

LOW

category-and-product-woocommerce-tabs

Score: 91/100 Category and Product Woocommerce Tabs <= 1.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

download-panel

Score: 91/100 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification Affected: *-1.3.3 Patched: Updated: June 30, 2026

LOW

like-it

Score: 91/100 Like-it <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: June 30, 2026

LOW

local-syndication

Score: 91/100 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode Affected: * - 1.5a Patched: Updated: June 30, 2026

LOW

artibot

Score: 95/100 ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage Affected: *-1.1.7 Patched: Updated: June 30, 2026

LOW

multiple-roles-per-user

Score: N/A Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

the-permalinks-cascade

Score: N/A The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update Affected: *-2.2 Patched: Updated: June 30, 2026

LOW

wp-dropzone

Score: N/A WP Dropzone <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

csv-to-sorttable

Score: 89/100 CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2 Patched: Updated: June 30, 2026

LOW

wp-admin-microblog

Score: N/A WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation Affected: *-3.1.1 Patched: Updated: June 30, 2026

LOW

project-honey-pot-spam-trap

Score: N/A Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

premmerce-woocommerce-wholesale-pricing

Score: N/A Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection Affected: *-1.1.10 Patched: 1.1.11 Updated: June 30, 2026

LOW

pie-forms-for-wp

Score: N/A Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

rometheme-for-elementor

Score: N/A RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

vk-all-in-one-expansion-unit

Score: N/A VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-9.112.1 Patched: 9.112.2 Updated: June 30, 2026

LOW

vk-all-in-one-expansion-unit

Score: N/A VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-9.112.1 Patched: 9.112.2 Updated: June 30, 2026

LOW

post-type-switcher

Score: N/A Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change Affected: *-4.0.0 Patched: 4.0.1 Updated: June 30, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload Affected: *-2.9.21.1 Patched: 2.9.22 Updated: June 30, 2026

LOW

classified-listing

Score: 93/100 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description Affected: *-5.0.3 Patched: 5.0.4 Updated: June 30, 2026

LOW

woocommerce-product-addon

Score: N/A PPOM for WooCommerce <= 33.0.16 - Missing Authorization Affected: *-33.0.16 Patched: 33.0.17 Updated: June 30, 2026

LOW

wappointment

Score: N/A Wappointment <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.9 Patched: 2.7.0 Updated: June 30, 2026

LOW

restropress

Score: N/A RestroPress <= 3.2.3.5 - Missing Authorization Affected: *-3.2.3.5 Patched: 3.2.3.6 Updated: June 30, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search Affected: *-1.2.35 Patched: 1.2.36 Updated: June 30, 2026

LOW

wpfunnels

Score: N/A WPFunnels <= 3.6.2 - Missing Authorization Affected: *-3.6.2 Patched: 3.6.3 Updated: June 30, 2026

LOW

contact-form-to-email

Score: 93/100 Contact Form Email <= 1.3.58 - Missing Authorization Affected: *-1.3.58 Patched: 1.3.59 Updated: June 30, 2026

LOW

bookit

Score: 93/100 Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Settings Update Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026

LOW

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.3.95 - Missing Authorization Affected: *-1.3.95 Patched: 1.3.96 Updated: June 30, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery <= 28.0.2 - Missing Authorization Affected: *-28.0.2 Patched: 28.0.3 Updated: June 30, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion Affected: *-4.8.9 Patched: 4.9.0 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move Affected: *-2.12.28 Patched: 2.12.29 Updated: June 30, 2026

LOW

qi-blocks

Score: N/A Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

wp-youtube-lyte

Score: N/A YouTube Lyte <= 1.7.28 - Open Redirect Affected: *-1.7.28 Patched: 1.7.29 Updated: June 30, 2026

LOW

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

Score: N/A Social Ninja <= 3.20.1 - Missing Authorization Affected: *-3.20.1 Patched: 3.20.2 Updated: June 30, 2026

LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 Google Review Slider <= 17.4 - Missing Authorization Affected: *-17.4 Patched: 17.6 Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.150 - Missing Authorization Affected: *-1.2.150 Patched: 1.2.151 Updated: June 30, 2026

LOW

woffice-core

Score: N/A Woffice Core <= 5.4.30 - Missing Authorization Affected: *-5.4.30 Patched: 5.4.31 Updated: June 30, 2026

LOW

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' Affected: *-2.6.26 Patched: 2.6.27 Updated: June 30, 2026

LOW

survey-maker

Score: N/A Survey Maker <= 5.1.9.4 - Missing Authorization Affected: *-5.1.9.4 Patched: 5.1.9.5 Updated: June 30, 2026

LOW

stylish-cost-calculator

Score: N/A Stylish Cost Calculator <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.1.5 Patched: 8.1.6 Updated: June 30, 2026

LOW

skt-skill-bar

Score: N/A SKT Skill Bar <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026

LOW

select-core

Score: N/A Select Core < 2.6 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 2.6) Patched: 2.6 Updated: June 30, 2026

LOW

select-core

Score: N/A Select Core < 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 2.6) Patched: 2.6 Updated: June 30, 2026

LOW

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection Affected: *-2.2.23 Patched: 2.2.24 Updated: June 30, 2026

Showing 5001 to 5100 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 05:21 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List