Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-crm-system	wp-crm-system	N/A	WP-CRM System <= 3.4.5 - Missing Authorization	LOW	*-3.4.5	3.4.6	June 30, 2026
rey-core	rey-core	N/A	Rey Core <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.8	3.1.9	June 30, 2026
ohio-extra	ohio-extra	N/A	Ohio Extra <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.6.0	3.6.1	June 30, 2026
kiotvietsync	kiotvietsync	83	KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure	LOW	*-1.8.5		June 30, 2026
kiotvietsync	kiotvietsync	83	KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.8.5		June 30, 2026
coschedule-by-todaymade	coschedule-by-todaymade	93	CoSchedule <= 3.4.0 - Missing Authorization	LOW	*-3.4.0	3.4.1	June 30, 2026
booking-manager	booking-manager	93	Booking Manager <= 2.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.17	2.1.18	June 30, 2026
affs	affs	97	SUMO Affiliates Pro <= 11.0.0 - Authenticated (Subscriber+) Information Exposure	LOW	*-11.0.0	11.1.0	June 30, 2026
lmbbox-smileys	lmbbox-smileys	91	LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.2		June 30, 2026
footnotes-made-easy	footnotes-made-easy	93	Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.0.7	3.0.8	June 30, 2026
reuse-builder	reuse-builder	N/A	Reuse Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.7		June 30, 2026
visit-counter	visit-counter	N/A	Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	1.0		June 30, 2026
aio-time-clock-lite	aio-time-clock-lite	97	All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure	LOW	*-2.0.3	2.0.4	June 30, 2026
bootstrap-multi-language-responsive-portfolio	bootstrap-multi-language-responsive-portfolio	91	Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
import-export-for-woocommerce	import-export-for-woocommerce	87	Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-1.6.2		June 30, 2026
crypto-payment-gateway-with-payeer-for-woocommerce	crypto-payment-gateway-with-payeer-for-woocommerce	91	Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass	LOW	*-1.0.3		June 30, 2026
free-quotation	free-quotation	91	Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.1.6		June 30, 2026
ultimate-blocks-for-gutenberg	ultimate-blocks-for-gutenberg	N/A	Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload	LOW	*-1.4.1.3	1.4.1.4	June 30, 2026
image-hover-effects-elementor-addon	image-hover-effects-elementor-addon	93	Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload	LOW	*-1.0.2.3	1.0.2.4	June 30, 2026
image-comparison-elementor-addon	image-comparison-elementor-addon	93	Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload	LOW	*-1.0.2.2	1.0.2.3	June 30, 2026
content-locker-for-elementor	content-locker-for-elementor	93	Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload	LOW	*-1.0.3	1.0.4	June 30, 2026
centangle-team	centangle-team	91	Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
clubmember	clubmember	91	Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-0.2		June 30, 2026
ai-auto-tool	ai-auto-tool	95	Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Post Creation	LOW	2.0.7-2.3.0		June 30, 2026
sh-contextual-help	sh-contextual-help	N/A	SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.2.1		June 30, 2026
linkedin-resume	linkedin-resume	91	LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.00		June 30, 2026
pagerank-tools	pagerank-tools	N/A	Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.1.5		June 30, 2026
wpcf7-stop-words	wpcf7-stop-words	N/A	Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update	LOW	*-1.1.3		June 30, 2026
em-beer-manager	em-beer-manager	91	EM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-3.2.3		June 30, 2026
elegance-menu	elegance-menu	93	Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.9	1.9.1	June 30, 2026
mapmap	mapmap	91	MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
simple-user-capabilities	simple-user-capabilities	N/A	Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0		June 30, 2026
simple-user-capabilities	simple-user-capabilities	N/A	Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset	LOW	*-1.0		June 30, 2026
extensions-leaflet-map	extensions-leaflet-map	93	Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.7	4.8	June 30, 2026
top-bar-notification	top-bar-notification	N/A	Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.12		June 30, 2026
nari-accountant	nari-accountant	N/A	Nari Accountant <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.0.12		June 30, 2026
meeting-list	meeting-list	91	MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-0.11		June 30, 2026
brzon	brzon	91	Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.8		June 30, 2026
dominokit	dominokit	91	DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.1.0		June 30, 2026
posts-navigation-links-for-sections-and-headings-free-by-wp-masters	posts-navigation-links-for-sections-and-headings-free-by-wp-masters	N/A	Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.1		June 30, 2026
wp-carticon	wp-carticon	N/A	WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
label-plugins	label-plugins	91	Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.5		June 30, 2026
ce21-suite	ce21-suite	86	CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation	LOW	*-2.3.1		June 30, 2026
ce21-suite	ce21-suite	86	CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update	LOW	2.2.1-2.3.1		June 30, 2026
viaads	viaads	N/A	ViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key Update	LOW	*-2.1.2	2.1.3	June 30, 2026
wp-global-screen-options	wp-global-screen-options	N/A	WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update	LOW	*-0.2		June 30, 2026
TablePress – Tables in WordPress made easy	tablepress	86	TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-3.2.4	3.2.5	June 30, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes	LOW	*-12.2.7	12.2.8	June 30, 2026
wp-snow-effect	wp-snow-effect	N/A	Snow Effect <= 1.1.15 - Missing Authorization	LOW	*-1.1.15		June 30, 2026
wp-2fa	wp-2fa	N/A	WP 2FA – Two-factor authentication for WordPress <= 2.9.3 - 2-Factor Authentication Bypass	LOW	*-2.9.3	3.0.0	June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons	N/A	ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'	LOW	*-3.2.5	3.2.6	June 30, 2026
themeisle-companion	themeisle-companion	N/A	Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy	LOW	*-3.0.2	3.0.3	June 30, 2026
studiocart	studiocart	N/A	Studiocart <= 2.9.0 - Reflected Cross-Site Scripting	LOW	*-2.9.0		June 30, 2026
north-plugin	north-plugin	N/A	North <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.4.2		June 30, 2026
front-editor	front-editor	89	Front User Submit <= 4.9.5 - Open Redirect	LOW	*-4.9.5	5.0.0	June 30, 2026
easy-upload-files-during-checkout	easy-upload-files-during-checkout	93	Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload	LOW	*-2.9.8	2.9.9	June 30, 2026
broken-link-manager	broken-link-manager	89	Broken Link Manager <= 0.6.5 - Reflected Cross-Site Scripting	LOW	*-0.6.5		June 30, 2026
Backup Migration	backup-backup	61	Backup Migration <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download	LOW	*-1.4.9	2.0.0	June 30, 2026
yop-poll	yop-poll	N/A	YOP Poll <= 6.5.38 - Missing Authorization	LOW	*-6.5.38	6.5.39	June 30, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters	wp-google-map-plugin	74	Maps <= 4.8.6 - Authenticated (Administrator+) PHP Object Injection	LOW	*-4.8.6	4.8.7	June 30, 2026
booking-and-rental-manager-for-woocommerce	booking-and-rental-manager-for-woocommerce	93	Booking and Rental Manager <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.5.3	2.5.4	June 30, 2026
doccure	doccure	93	Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation	LOW	[*, 1.5.4)	1.5.4	June 30, 2026
sf-booking	sf-booking	N/A	Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	LOW	[*, 6.1)	6.1	June 30, 2026
delicious-recipes	delicious-recipes	93	Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-1.9.0	1.9.1	June 30, 2026
jc-importer	jc-importer	93	Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read	LOW	*-2.14.16	2.14.17	June 30, 2026
wp-discourse	wp-discourse	N/A	WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure	LOW	*-2.5.9	2.6.0	June 30, 2026
qi-blocks	qi-blocks	N/A	Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update	LOW	*-1.4.3	1.4.4	June 30, 2026
folderly	folderly	93	Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion	LOW	*-0.3	0.3.1	June 30, 2026
employee-spotlight	employee-spotlight	93	Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.1.2	5.1.3	June 30, 2026
sf-booking	sf-booking	N/A	Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password	LOW	*-6.0	6.1	June 30, 2026
community-events	community-events	93	Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.5.2	1.5.3	June 30, 2026
SiteSEO – SEO Simplified	siteseo	94	SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update	LOW	*-1.3.1	1.3.2	June 30, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp	87	Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure	LOW	*-3.6.0	3.6.1	June 30, 2026
wplegalpages	wplegalpages	N/A	Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect	LOW	*-3.5.1	3.5.2	June 30, 2026
wpcom-member	wpcom-member	N/A	WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode	LOW	*-1.7.14	1.7.15	June 30, 2026
document-library-lite	document-library-lite	93	Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure	LOW	*-1.1.6	1.1.7	June 30, 2026
inactive-logout	inactive-logout	93	Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.5.5	3.6.0	June 30, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection	LOW	*-2.4.9	2.4.10	June 30, 2026
woo-mstoreapp-mobile-app	woo-mstoreapp-mobile-app	N/A	Mstoreapp Mobile <= 2.08 & <= 9.0.1 - Unauthenticated Privilege Escalation	LOW	*-2.08		June 30, 2026
tablesome	tablesome	N/A	Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload	LOW	*-1.1.32	1.3.33	June 30, 2026
schema-scalpel	schema-scalpel	N/A	Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema	LOW	*-1.6.1	1.6.2	June 30, 2026
schema-and-structured-data-for-wp	schema-and-structured-data-for-wp	N/A	Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.51	1.52	June 30, 2026
restful-syndication	restful-syndication	N/A	RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload	LOW	1.1.0-1.5.0	1.6.0	June 30, 2026
popup-addon-for-ninja-forms	popup-addon-for-ninja-forms	N/A	Popup addon for Ninja Forms <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.5.1	3.5.2	June 30, 2026
nazy-load	nazy-load	N/A	Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.4.14	2.4.15	June 30, 2026
mstoreapp-mobile-app	mstoreapp-mobile-app	N/A	Mstoreapp Mobile <= 2.08 & <= 9.0.1 - Unauthenticated Privilege Escalation	LOW	*-9.0.1		June 30, 2026
List category posts	list-category-posts	94	List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure	LOW	*-0.92.0	0.93.0	June 30, 2026
groundhogg	groundhogg	93	Groundhogg <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2.6	4.2.6.1	June 30, 2026
XML Sitemap Generator for Google	google-sitemap-generator	86	Google XML Sitemaps <= 4.1.22 - Missing Authorization	LOW	*-4.1.22	4.1.23	June 30, 2026
css-javascript-toolbox	css-javascript-toolbox	93	CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-12.0.5	12.0.6	June 30, 2026
Advanced Ads – Ad Manager & AdSense	advanced-ads	80	Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution	LOW	*-2.0.12	2.0.13	June 30, 2026
eri-file-library	eri-file-library	93	ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download	LOW	*-1.1.0	1.1.1	June 30, 2026
Depicter — Popup & Slider Builder	depicter	95	Depicter <= 4.0.4 - Cross-Site Request Forgery	LOW	*-4.0.4	4.0.5	June 30, 2026
wc-designer-pro	wc-designer-pro	N/A	WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read	LOW	*-1.9.28	1.9.31	June 30, 2026
wp-user-extra-fields	wp-user-extra-fields	N/A	WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function	LOW	*-16.7	16.8	June 30, 2026
qzzr-shortcode	qzzr-shortcode	N/A	Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.1		June 30, 2026
fusewp	fusewp	93	FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation	LOW	*-1.1.23.0	1.1.23.1	June 30, 2026
zombify	zombify	N/A	Zombify <= 1.7.5 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read	LOW	*-1.7.5	1.7.6	June 30, 2026
wt-smart-coupons-for-woocommerce	wt-smart-coupons-for-woocommerce	N/A	Smart Coupons for WooCommerce <= 2.2.3 - Missing Authorization	LOW	*-2.2.3	2.2.4	June 30, 2026
wpc-name-your-price	wpc-name-your-price	N/A	WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration	LOW	*-2.1.9	2.2.0	June 30, 2026

LOW

wp-crm-system

Score: N/A WP-CRM System <= 3.4.5 - Missing Authorization Affected: *-3.4.5 Patched: 3.4.6 Updated: June 30, 2026

LOW

rey-core

Score: N/A Rey Core <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.8 Patched: 3.1.9 Updated: June 30, 2026

LOW

ohio-extra

Score: N/A Ohio Extra <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.0 Patched: 3.6.1 Updated: June 30, 2026

LOW

kiotvietsync

Score: 83/100 KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure Affected: *-1.8.5 Patched: Updated: June 30, 2026

LOW

kiotvietsync

Score: 83/100 KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload Affected: *-1.8.5 Patched: Updated: June 30, 2026

LOW

coschedule-by-todaymade

Score: 93/100 CoSchedule <= 3.4.0 - Missing Authorization Affected: *-3.4.0 Patched: 3.4.1 Updated: June 30, 2026

LOW

booking-manager

Score: 93/100 Booking Manager <= 2.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.17 Patched: 2.1.18 Updated: June 30, 2026

LOW

affs

Score: 97/100 SUMO Affiliates Pro <= 11.0.0 - Authenticated (Subscriber+) Information Exposure Affected: *-11.0.0 Patched: 11.1.0 Updated: June 30, 2026

LOW

lmbbox-smileys

Score: 91/100 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 30, 2026

LOW

footnotes-made-easy

Score: 93/100 Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.0.7 Patched: 3.0.8 Updated: June 30, 2026

LOW

reuse-builder

Score: N/A Reuse Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

visit-counter

Score: N/A Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: 1.0 Patched: Updated: June 30, 2026

LOW

Score: 97/100 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

bootstrap-multi-language-responsive-portfolio

Score: 91/100 Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

import-export-for-woocommerce

Score: 87/100 Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.6.2 Patched: Updated: June 30, 2026

LOW

crypto-payment-gateway-with-payeer-for-woocommerce

Score: 91/100 Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

free-quotation

Score: 91/100 Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.6 Patched: Updated: June 30, 2026

LOW

ultimate-blocks-for-gutenberg

Score: N/A Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload Affected: *-1.4.1.3 Patched: 1.4.1.4 Updated: June 30, 2026

LOW

image-hover-effects-elementor-addon

Score: 93/100 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload Affected: *-1.0.2.3 Patched: 1.0.2.4 Updated: June 30, 2026

LOW

image-comparison-elementor-addon

Score: 93/100 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload Affected: *-1.0.2.2 Patched: 1.0.2.3 Updated: June 30, 2026

LOW

content-locker-for-elementor

Score: 93/100 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

centangle-team

Score: 91/100 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

clubmember

Score: 91/100 Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: June 30, 2026

LOW

ai-auto-tool

Score: 95/100 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Post Creation Affected: 2.0.7-2.3.0 Patched: Updated: June 30, 2026

LOW

sh-contextual-help

Score: N/A SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2.1 Patched: Updated: June 30, 2026

LOW

linkedin-resume

Score: 91/100 LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.00 Patched: Updated: June 30, 2026

LOW

pagerank-tools

Score: N/A Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

wpcf7-stop-words

Score: N/A Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

em-beer-manager

Score: 91/100 EM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-3.2.3 Patched: Updated: June 30, 2026

LOW

elegance-menu

Score: 93/100 Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.9 Patched: 1.9.1 Updated: June 30, 2026

LOW

mapmap

Score: 91/100 MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

simple-user-capabilities

Score: N/A Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

simple-user-capabilities

Score: N/A Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

extensions-leaflet-map

Score: 93/100 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.7 Patched: 4.8 Updated: June 30, 2026

LOW

top-bar-notification

Score: N/A Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.12 Patched: Updated: June 30, 2026

LOW

nari-accountant

Score: N/A Nari Accountant <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.12 Patched: Updated: June 30, 2026

LOW

meeting-list

Score: 91/100 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.11 Patched: Updated: June 30, 2026

LOW

brzon

Score: 91/100 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.8 Patched: Updated: June 30, 2026

LOW

dominokit

Score: 91/100 DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

posts-navigation-links-for-sections-and-headings-free-by-wp-masters

Score: N/A Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

wp-carticon

Score: N/A WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

label-plugins

Score: 91/100 Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5 Patched: Updated: June 30, 2026

LOW

ce21-suite

Score: 86/100 CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation Affected: *-2.3.1 Patched: Updated: June 30, 2026

LOW

ce21-suite

Score: 86/100 CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update Affected: 2.2.1-2.3.1 Patched: Updated: June 30, 2026

LOW

viaads

Score: N/A ViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key Update Affected: *-2.1.2 Patched: 2.1.3 Updated: June 30, 2026

LOW

wp-global-screen-options

Score: N/A WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update Affected: *-0.2 Patched: Updated: June 30, 2026

LOW

TablePress – Tables in WordPress made easy

tablepress

Score: 86/100 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes Affected: *-12.2.7 Patched: 12.2.8 Updated: June 30, 2026

LOW

wp-snow-effect

Score: N/A Snow Effect <= 1.1.15 - Missing Authorization Affected: *-1.1.15 Patched: Updated: June 30, 2026

LOW

wp-2fa

Score: N/A WP 2FA – Two-factor authentication for WordPress <= 2.9.3 - 2-Factor Authentication Bypass Affected: *-2.9.3 Patched: 3.0.0 Updated: June 30, 2026

LOW

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

Score: N/A ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template' Affected: *-3.2.5 Patched: 3.2.6 Updated: June 30, 2026

LOW

themeisle-companion

Score: N/A Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy Affected: *-3.0.2 Patched: 3.0.3 Updated: June 30, 2026

LOW

studiocart

Score: N/A Studiocart <= 2.9.0 - Reflected Cross-Site Scripting Affected: *-2.9.0 Patched: Updated: June 30, 2026

LOW

north-plugin

Score: N/A North <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

front-editor

Score: 89/100 Front User Submit <= 4.9.5 - Open Redirect Affected: *-4.9.5 Patched: 5.0.0 Updated: June 30, 2026

LOW

easy-upload-files-during-checkout

Score: 93/100 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload Affected: *-2.9.8 Patched: 2.9.9 Updated: June 30, 2026

LOW

broken-link-manager

Score: 89/100 Broken Link Manager <= 0.6.5 - Reflected Cross-Site Scripting Affected: *-0.6.5 Patched: Updated: June 30, 2026

LOW

Backup Migration

backup-backup

Score: 61/100 Backup Migration <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download Affected: *-1.4.9 Patched: 2.0.0 Updated: June 30, 2026

LOW

yop-poll

Score: N/A YOP Poll <= 6.5.38 - Missing Authorization Affected: *-6.5.38 Patched: 6.5.39 Updated: June 30, 2026

LOW

WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

wp-google-map-plugin

Score: 74/100 Maps <= 4.8.6 - Authenticated (Administrator+) PHP Object Injection Affected: *-4.8.6 Patched: 4.8.7 Updated: June 30, 2026

LOW

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.5.3 Patched: 2.5.4 Updated: June 30, 2026

LOW

doccure

Score: 93/100 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation Affected: [*, 1.5.4) Patched: 1.5.4 Updated: June 30, 2026

LOW

sf-booking

Score: N/A Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: [*, 6.1) Patched: 6.1 Updated: June 30, 2026

LOW

delicious-recipes

Score: 93/100 Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.9.0 Patched: 1.9.1 Updated: June 30, 2026

LOW

jc-importer

Score: 93/100 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read Affected: *-2.14.16 Patched: 2.14.17 Updated: June 30, 2026

LOW

wp-discourse

Score: N/A WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure Affected: *-2.5.9 Patched: 2.6.0 Updated: June 30, 2026

LOW

qi-blocks

Score: N/A Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

folderly

Score: 93/100 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion Affected: *-0.3 Patched: 0.3.1 Updated: June 30, 2026

LOW

employee-spotlight

Score: 93/100 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.2 Patched: 5.1.3 Updated: June 30, 2026

LOW

sf-booking

Score: N/A Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password Affected: *-6.0 Patched: 6.1 Updated: June 30, 2026

LOW

community-events

Score: 93/100 Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

SiteSEO – SEO Simplified

siteseo

Score: 94/100 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Score: 87/100 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure Affected: *-3.6.0 Patched: 3.6.1 Updated: June 30, 2026

LOW

wplegalpages

Score: N/A Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026

LOW

wpcom-member

Score: N/A WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode Affected: *-1.7.14 Patched: 1.7.15 Updated: June 30, 2026

LOW

document-library-lite

Score: 93/100 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

inactive-logout

Score: 93/100 Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.5.5 Patched: 3.6.0 Updated: June 30, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection Affected: *-2.4.9 Patched: 2.4.10 Updated: June 30, 2026

LOW

woo-mstoreapp-mobile-app

Score: N/A Mstoreapp Mobile <= 2.08 & <= 9.0.1 - Unauthenticated Privilege Escalation Affected: *-2.08 Patched: Updated: June 30, 2026

LOW

tablesome

Score: N/A Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload Affected: *-1.1.32 Patched: 1.3.33 Updated: June 30, 2026

LOW

schema-scalpel

Score: N/A Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema Affected: *-1.6.1 Patched: 1.6.2 Updated: June 30, 2026

LOW

schema-and-structured-data-for-wp

Score: N/A Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.51 Patched: 1.52 Updated: June 30, 2026

LOW

restful-syndication

Score: N/A RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload Affected: 1.1.0-1.5.0 Patched: 1.6.0 Updated: June 30, 2026

LOW

popup-addon-for-ninja-forms

Score: N/A Popup addon for Ninja Forms <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026

LOW

nazy-load

Score: N/A Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.4.14 Patched: 2.4.15 Updated: June 30, 2026

LOW

mstoreapp-mobile-app

Score: N/A Mstoreapp Mobile <= 2.08 & <= 9.0.1 - Unauthenticated Privilege Escalation Affected: *-9.0.1 Patched: Updated: June 30, 2026

LOW

List category posts

list-category-posts

Score: 94/100 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure Affected: *-0.92.0 Patched: 0.93.0 Updated: June 30, 2026

LOW

groundhogg

Score: 93/100 Groundhogg <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.6 Patched: 4.2.6.1 Updated: June 30, 2026

LOW

XML Sitemap Generator for Google

google-sitemap-generator

Score: 86/100 Google XML Sitemaps <= 4.1.22 - Missing Authorization Affected: *-4.1.22 Patched: 4.1.23 Updated: June 30, 2026

LOW

css-javascript-toolbox

Score: 93/100 CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-12.0.5 Patched: 12.0.6 Updated: June 30, 2026

LOW

Advanced Ads – Ad Manager & AdSense

advanced-ads

Score: 80/100 Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution Affected: *-2.0.12 Patched: 2.0.13 Updated: June 30, 2026

LOW

eri-file-library

Score: 93/100 ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

Depicter — Popup & Slider Builder

depicter

Score: 95/100 Depicter <= 4.0.4 - Cross-Site Request Forgery Affected: *-4.0.4 Patched: 4.0.5 Updated: June 30, 2026

LOW

wc-designer-pro

Score: N/A WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read Affected: *-1.9.28 Patched: 1.9.31 Updated: June 30, 2026

LOW

wp-user-extra-fields

Score: N/A WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function Affected: *-16.7 Patched: 16.8 Updated: June 30, 2026

LOW

qzzr-shortcode

Score: N/A Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

fusewp

Score: 93/100 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation Affected: *-1.1.23.0 Patched: 1.1.23.1 Updated: June 30, 2026

LOW

zombify

Score: N/A Zombify <= 1.7.5 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read Affected: *-1.7.5 Patched: 1.7.6 Updated: June 30, 2026

LOW

wt-smart-coupons-for-woocommerce

Score: N/A Smart Coupons for WooCommerce <= 2.2.3 - Missing Authorization Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

wpc-name-your-price

Score: N/A WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration Affected: *-2.1.9 Patched: 2.2.0 Updated: June 30, 2026

Showing 5301 to 5400 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 03:55 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List