Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-analytify-pro	wp-analytify-pro	N/A	Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure	LOW	*-7.0.3	7.0.4	June 30, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	woocommerce-jetpack	65	Booster for WooCommerce <= 7.4.0 - Missing Authorization	LOW	*-7.4.0	7.5.0	June 30, 2026
webtoffee-product-feed	webtoffee-product-feed	N/A	Product Feed for WooCommerce <= 2.3.1 - Missing Authorization	LOW	*-2.3.1	2.3.2	June 30, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure	LOW	*-6.15.9	6.15.10	June 30, 2026
order-import-export-for-woocommerce	order-import-export-for-woocommerce	N/A	Order Export & Order Import for WooCommerce <= 2.6.7 - Missing Authorization	LOW	*-2.6.7	2.6.8	June 30, 2026
OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)	oopspam-anti-spam	N/A	OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing	LOW	*-1.2.53	1.2.54	June 30, 2026
ns-maintenance-mode-for-wp	ns-maintenance-mode-for-wp	N/A	NS Maintenance Mode for WP <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.1		June 30, 2026
Frontend File Manager Plugin	nmedia-user-file-uploader	86	Frontend File Manager <= 23.2 - Missing Authorization	LOW	*-23.2	23.3	June 30, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation	LOW	24.12.92-51.1.14	51.1.35	June 30, 2026
k-elements	k-elements	93	K Elements < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 5.5.0)	5.5.0	June 30, 2026
jannah-extensions	jannah-extensions	93	Jannah - Extensions <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.4	1.1.5	June 30, 2026
i-order-terms	i-order-terms	93	I Order Terms <= 1.5.0 - Cross-Site Request Forgery	LOW	*-1.5.0	1.5.1	June 30, 2026
WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer	decorator-woocommerce-email-customizer	87	WebToffee eCommerce Marketing Automation <= 2.1.1 - Missing Authorization	LOW	*-2.1.1	2.1.2	June 30, 2026
attention-bar	attention-bar	91	Attention Bar <= 0.7.2.1 - Authenticated (Contributor+) SQL Injection	LOW	*-0.7.2.1		June 30, 2026
arconix-shortcodes	arconix-shortcodes	95	Arconix Shortcodes <= 2.1.18 - Missing Authorization	LOW	*-2.1.18	2.1.19	June 30, 2026
advanced-database-cleaner	advanced-database-cleaner	97	Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery	LOW	*-3.1.6	3.1.7	June 30, 2026
accessibility-plus	accessibility-plus	97	Accessibility Toolkit by WebYes <= 2.0.4 - Missing Authorization	LOW	*-2.0.4	2.0.5	June 30, 2026
call-now-button	call-now-button	93	Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions	LOW	*-1.5.4	1.5.5	June 30, 2026
WooCommerce	woocommerce	80	WooCommerce <= 10.0.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting	LOW	*-10.0.2	10.0.3	June 30, 2026
Translate WordPress with Weglot – Multilingual AI Translation	weglot	N/A	Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion	LOW	*-5.1	5.2	June 30, 2026
waveplayer	waveplayer	N/A	WavePlayer <= 3.7.0 - Unauthenticated Arbitrary File Upload	LOW	*-3.7.0	3.8.0	June 30, 2026
site-checkup	site-checkup	N/A	Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning	LOW	*-1.47	1.48	June 30, 2026
simple-payment	simple-payment	N/A	Simple Payment <= 2.4.6 - Unauthenticated Local File Inclusion	LOW	*-2.4.6	2.4.7	June 30, 2026
simple-payment	simple-payment	N/A	Simple Payment <= 2.4.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.4.6	2.4.7	June 30, 2026
pdf-creator-lite	pdf-creator-lite	N/A	PDF Creator Lite <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2		June 30, 2026
facebook-for-woocommerce	facebook-for-woocommerce	95	Facebook for WooCommerce <= 3.5.7 - Missing Authorization to Unauthenticated Notification Dismissal	LOW	*-3.5.7	3.5.8	June 30, 2026
eventon	eventon	86	EventON Pro <= 4.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.9.12		June 30, 2026
easy-invoice	easy-invoice	93	Easy Invoice <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.0.9	2.1.0	June 30, 2026
debug-log-viewer	debug-log-viewer	93	Debug Log Viewer <= 2.0.3 - Missing Authorization	LOW	*-2.0.3	2.0.4	June 30, 2026
ays-popup-box	ays-popup-box	93	Popup box <= 5.5.4 - Cross-Site Request Forgery	LOW	*-5.5.4	5.5.5	June 30, 2026
arscode-ninja-popups	arscode-ninja-popups	95	Ninja Popups <= 4.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.7.8		June 30, 2026
apppresser	apppresser	97	AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure	LOW	*-4.5.0	4.5.1	June 30, 2026
call-now-button	call-now-button	93	Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update	LOW	*-1.5.3	1.5.4	June 30, 2026
gotmls	gotmls	93	Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read	LOW	*-4.23.81	4.23.83	June 30, 2026
wp-responsive-slider-with-lightbox	wp-responsive-slider-with-lightbox	N/A	Thumbnail Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection	LOW	*-1.0.4	1.0.5	June 30, 2026
user-toolkit	user-toolkit	N/A	User Toolkit <= 1.2.3 - Unauthenticated Privilege Escalation	LOW	*-1.2.3	1.2.4	June 30, 2026
rtwwcfp-wordpress-contact-form-7-pdf	rtwwcfp-wordpress-contact-form-7-pdf	N/A	Contact Form 7 PDF, Google Sheet & Database <= 3.0.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-3.0.0	3.1.0	June 30, 2026
Polylang	polylang	80	Polylang <= 3.7.3 - Authenticated (Contributor+) PHP Object Injection	LOW	*-3.7.3	3.7.4	June 30, 2026
LiteSpeed Cache	litespeed-cache	69	LiteSpeed Cache <= 7.5.0.1 - Reflected Cross-Site Scripting	LOW	*-7.5.0.1	7.6	June 30, 2026
idonate	idonate	89	IDonate < 2.1.13 - Missing Authorization	LOW	[*, 2.1.13)	2.1.13	June 30, 2026
Elastic Email Sender	elastic-email-sender	94	Elastic Email Sender <= 1.2.20 - Missing Authorization	LOW	*-1.2.20	1.2.21	June 30, 2026
easy-testimonial-rotator	easy-testimonial-rotator	93	Easy Testimonial Slider and Form <= 1.0.2 - Authenticated (Admin+) SQL injection	LOW	*-1.0.2	1.0.3	June 30, 2026
boxberry	boxberry	91	Яндекс Доставка (Boxberry) <= 2.32 - Missing Authorization	LOW	*-2.32		June 30, 2026
woocommerce-products-filter	woocommerce-products-filter	N/A	HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter	LOW	*-1.3.7.1	1.3.7.2	June 30, 2026
wplms_plugin	wplms_plugin	N/A	WPLMS <= 1.9.9.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.9.5.4		June 30, 2026
W3 Total Cache	w3-total-cache	69	W3 Total Cache <= 2.8.12 - Unauthenticated Command Injection	LOW	*-2.8.12	2.8.13	June 30, 2026
ronneby-core	ronneby-core	N/A	Ronneby Theme Core <= 1.5.68 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.5.68		June 30, 2026
ronneby-core	ronneby-core	N/A	Ronneby Theme Core <= 1.5.68 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.68		June 30, 2026
range-slider-addon-for-gravity-forms	range-slider-addon-for-gravity-forms	N/A	Range Slider Addon for Gravity Forms <= 1.1.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1.6	1.1.7	June 30, 2026
media-download	media-download	91	Media Library File Download <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 30, 2026
masterslider	masterslider	86	Master Slider Pro <= 3.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.7.12		June 30, 2026
mailster	mailster	93	Mailster < 4.1.14 - Reflected Cross-Site Scripting	LOW	[*, 4.1.14)	4.1.14	June 30, 2026
insert-php-code-snippet	insert-php-code-snippet	93	Insert PHP Code Snippet <= 1.4.3 - Missing Authorization	LOW	*-1.4.3	1.4.4	June 30, 2026
create-posts-terms	create-posts-terms	91	Create Posts & Terms <= 1.3.1 - Cross-Site Request Forgery	LOW	*-1.3.1		June 30, 2026
consulting-elementor-widgets	consulting-elementor-widgets	93	Consulting Elementor Widgets <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.2	1.4.3	June 30, 2026
consulting-elementor-widgets	consulting-elementor-widgets	93	Consulting Elementor Widgets <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.4.2	1.4.3	June 30, 2026
accessibe	accessibe	97	Web Accessibility By accessiBe <= 2.10 - Missing Authorization	LOW	*-2.10	2.11	June 30, 2026
wpappninja	wpappninja	N/A	WPMobile.App <= 11.71 - Unauthenticated Stored Cross-Site Scripting	LOW	*-11.71	11.72	June 30, 2026
simply-gallery-block	simply-gallery-block	N/A	SimpLy Gallery <= 3.3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.3.2.1	3.3.2.2	June 30, 2026
easy-social-share-buttons3	easy-social-share-buttons3	93	Easy Social Share Buttons < 10.7.1 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 10.7.1)	10.7.1	June 30, 2026
dofollow-case-by-case	dofollow-case-by-case	93	DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery	LOW	*-3.5.1	3.6.0	June 30, 2026
auxin-elements	auxin-elements	89	Shortcodes and extra features for Phlox <= 2.17.12 - Unauthenticated Information Exposure	LOW	*-2.17.12		June 30, 2026
happy-helpdesk-support-ticket-system	happy-helpdesk-support-ticket-system	93	HAPPY <= 1.0.7 - Unauthenticated Remote Code Execution	LOW	*-1.0.7	1.0.8	June 30, 2026
gutenberg	gutenberg	97	Gutenberg <= 21.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-21.8.2	21.9.0	June 30, 2026
filebird-pro	filebird-pro	93	FileBird Pro <= 6.5.1 - Missing Authorization	LOW	*-6.5.1	6.5.2	June 30, 2026
fast-velocity-minify	fast-velocity-minify	93	Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.5.1	3.5.2	June 30, 2026
wp-full-stripe-free	wp-full-stripe-free	N/A	Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection	LOW	*-8.3.1	8.3.2	June 30, 2026
fusewp	fusewp	93	FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation	LOW	*-1.1.23.0	1.1.23.1	June 30, 2026
password-policy-manager	password-policy-manager	N/A	Password Policy Manager \| Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out	LOW	*-2.0.5	2.0.6	June 30, 2026
insta-gallery	insta-gallery	93	Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure	LOW	*-4.9.2	4.9.3	June 30, 2026
charitable	charitable	93	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.8.8.4	1.8.8.5	June 30, 2026
directorist	directorist	93	Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move	LOW	*-8.4.8	8.4.9	June 30, 2026
tutor-pro	tutor-pro	N/A	Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments	LOW	*-3.8.3	3.9.0	June 30, 2026
woo-product-filter	woo-product-filter	N/A	Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update	LOW	*-3.0.0	3.0.1	June 30, 2026
tutor	tutor	N/A	Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure	LOW	*-3.8.3	3.9.0	June 30, 2026
testimonials-carousel-elementor	testimonials-carousel-elementor	N/A	Testimonial Carousel For Elementor <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-11.6.2	11.7.0	June 30, 2026
advanced-gutenberg	advanced-gutenberg	97	Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.3.4	3.4.0	June 30, 2026
userfeedback-lite	userfeedback-lite	N/A	User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure	LOW	*-1.8.0	1.9.0	June 30, 2026
password-protected	password-protected	N/A	Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing	LOW	*-2.7.11	2.7.12	June 30, 2026
watu	watu	N/A	Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer	LOW	*-3.4.4	3.4.5	June 30, 2026
tutor	tutor	N/A	Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update	LOW	*-3.8.3	3.9.0	June 30, 2026
wpvr	wpvr	N/A	WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update	LOW	*-8.5.41	8.5.42	June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons	N/A	ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.2.4	3.2.5	June 30, 2026
BackWPup – WordPress Backup & Restore Plugin	backwpup	96	BackWPup 5 - 5.5.0 - Missing Authorization to Sensitive Information Exposure	LOW	5-5.5.0	5.5.1	June 30, 2026
eroom-zoom-meetings-webinar	eroom-zoom-meetings-webinar	93	eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure	LOW	*-1.5.6	1.5.7	June 30, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function	LOW	*-2.4.8	2.4.9	June 30, 2026
wpcomplete	wpcomplete	N/A	WPComplete <= 2.9.5.3 - Missing Authorization	LOW	*-2.9.5.3	2.9.5.4	June 30, 2026
wp-meta-data-filter-and-taxonomy-filter	wp-meta-data-filter-and-taxonomy-filter	N/A	MDTF <= 1.3.3.9 - Missing Authorization	LOW	*-1.3.3.9	1.3.4	June 30, 2026
wp-discussion-board	wp-discussion-board	N/A	Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	*-2.5.5	2.5.6	June 30, 2026
woocommerce-simple-registration	woocommerce-simple-registration	N/A	Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval	LOW	*-1.5.8	1.5.9	June 30, 2026
woo-product-filter	woo-product-filter	N/A	Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection	LOW	*-2.9.7	2.9.8	June 30, 2026
widget-options	widget-options	N/A	Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1.2	4.1.3	June 30, 2026
themerain-core	themerain-core	N/A	ThemeRain Core <= 1.1.9 - Missing Authorization	LOW	*-1.1.9		June 30, 2026
sprout-invoices	sprout-invoices	N/A	Client Invoicing by Sprout Invoices <= 20.8.7 - Missing Authorization	LOW	*-20.8.7	20.8.8	June 30, 2026
spendeonline	spendeonline	N/A	SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.1	3.0.2	June 30, 2026
slider-templates	slider-templates	N/A	Slider Templates <= 1.0.3 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.0.3		June 30, 2026
shopengine	shopengine	N/A	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update	LOW	*-4.8.4	4.8.5	June 30, 2026
pixelyoursite	pixelyoursite	N/A	PixelYourSite – Your smart PIXEL (TAG) Manager < 11.1.2 - Authenticated (Administrator+) Local File Inclusion	LOW	[*, 11.1.2)	11.1.2	June 30, 2026
generateblocks	generateblocks	93	GenerateBlocks <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure	LOW	*-2.1.1	2.1.2	June 30, 2026
creta-testimonial-showcase	creta-testimonial-showcase	93	Creta Testimonial Showcase <= 1.2.3 - Authenticated (Editor+) Local File Inclusion	LOW	*-1.2.3	1.2.4	June 30, 2026

LOW

wp-analytify-pro

Score: N/A Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure Affected: *-7.0.3 Patched: 7.0.4 Updated: June 30, 2026

LOW

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Score: 65/100 Booster for WooCommerce <= 7.4.0 - Missing Authorization Affected: *-7.4.0 Patched: 7.5.0 Updated: June 30, 2026

LOW

webtoffee-product-feed

Score: N/A Product Feed for WooCommerce <= 2.3.1 - Missing Authorization Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure Affected: *-6.15.9 Patched: 6.15.10 Updated: June 30, 2026

LOW

order-import-export-for-woocommerce

Score: N/A Order Export & Order Import for WooCommerce <= 2.6.7 - Missing Authorization Affected: *-2.6.7 Patched: 2.6.8 Updated: June 30, 2026

LOW

OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)

oopspam-anti-spam

Score: N/A OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing Affected: *-1.2.53 Patched: 1.2.54 Updated: June 30, 2026

LOW

ns-maintenance-mode-for-wp

Score: N/A NS Maintenance Mode for WP <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: June 30, 2026

LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 23.2 - Missing Authorization Affected: *-23.2 Patched: 23.3 Updated: June 30, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation Affected: 24.12.92-51.1.14 Patched: 51.1.35 Updated: June 30, 2026

LOW

k-elements

Score: 93/100 K Elements < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 5.5.0) Patched: 5.5.0 Updated: June 30, 2026

LOW

jannah-extensions

Score: 93/100 Jannah - Extensions <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

i-order-terms

Score: 93/100 I Order Terms <= 1.5.0 - Cross-Site Request Forgery Affected: *-1.5.0 Patched: 1.5.1 Updated: June 30, 2026

LOW

WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer

decorator-woocommerce-email-customizer

Score: 87/100 WebToffee eCommerce Marketing Automation <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

attention-bar

Score: 91/100 Attention Bar <= 0.7.2.1 - Authenticated (Contributor+) SQL Injection Affected: *-0.7.2.1 Patched: Updated: June 30, 2026

LOW

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.18 - Missing Authorization Affected: *-2.1.18 Patched: 2.1.19 Updated: June 30, 2026

LOW

advanced-database-cleaner

Score: 97/100 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery Affected: *-3.1.6 Patched: 3.1.7 Updated: June 30, 2026

LOW

accessibility-plus

Score: 97/100 Accessibility Toolkit by WebYes <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: 2.0.5 Updated: June 30, 2026

LOW

call-now-button

Score: 93/100 Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026

LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 10.0.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: *-10.0.2 Patched: 10.0.3 Updated: June 30, 2026

LOW

Translate WordPress with Weglot – Multilingual AI Translation

weglot

Score: N/A Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion Affected: *-5.1 Patched: 5.2 Updated: June 30, 2026

LOW

waveplayer

Score: N/A WavePlayer <= 3.7.0 - Unauthenticated Arbitrary File Upload Affected: *-3.7.0 Patched: 3.8.0 Updated: June 30, 2026

LOW

site-checkup

Score: N/A Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning Affected: *-1.47 Patched: 1.48 Updated: June 30, 2026

LOW

simple-payment

Score: N/A Simple Payment <= 2.4.6 - Unauthenticated Local File Inclusion Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026

LOW

simple-payment

Score: N/A Simple Payment <= 2.4.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026

LOW

pdf-creator-lite

Score: N/A PDF Creator Lite <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

facebook-for-woocommerce

Score: 95/100 Facebook for WooCommerce <= 3.5.7 - Missing Authorization to Unauthenticated Notification Dismissal Affected: *-3.5.7 Patched: 3.5.8 Updated: June 30, 2026

LOW

eventon

Score: 86/100 EventON Pro <= 4.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.9.12 Patched: Updated: June 30, 2026

LOW

easy-invoice

Score: 93/100 Easy Invoice <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.9 Patched: 2.1.0 Updated: June 30, 2026

LOW

debug-log-viewer

Score: 93/100 Debug Log Viewer <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

ays-popup-box

Score: 93/100 Popup box <= 5.5.4 - Cross-Site Request Forgery Affected: *-5.5.4 Patched: 5.5.5 Updated: June 30, 2026

LOW

arscode-ninja-popups

Score: 95/100 Ninja Popups <= 4.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.7.8 Patched: Updated: June 30, 2026

LOW

apppresser

Score: 97/100 AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure Affected: *-4.5.0 Patched: 4.5.1 Updated: June 30, 2026

LOW

call-now-button

Score: 93/100 Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update Affected: *-1.5.3 Patched: 1.5.4 Updated: June 30, 2026

LOW

gotmls

Score: 93/100 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read Affected: *-4.23.81 Patched: 4.23.83 Updated: June 30, 2026

LOW

wp-responsive-slider-with-lightbox

Score: N/A Thumbnail Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection Affected: *-1.0.4 Patched: 1.0.5 Updated: June 30, 2026

LOW

user-toolkit

Score: N/A User Toolkit <= 1.2.3 - Unauthenticated Privilege Escalation Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

rtwwcfp-wordpress-contact-form-7-pdf

Score: N/A Contact Form 7 PDF, Google Sheet & Database <= 3.0.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-3.0.0 Patched: 3.1.0 Updated: June 30, 2026

LOW

Polylang

polylang

Score: 80/100 Polylang <= 3.7.3 - Authenticated (Contributor+) PHP Object Injection Affected: *-3.7.3 Patched: 3.7.4 Updated: June 30, 2026

LOW

LiteSpeed Cache

litespeed-cache

Score: 69/100 LiteSpeed Cache <= 7.5.0.1 - Reflected Cross-Site Scripting Affected: *-7.5.0.1 Patched: 7.6 Updated: June 30, 2026

LOW

idonate

Score: 89/100 IDonate < 2.1.13 - Missing Authorization Affected: [*, 2.1.13) Patched: 2.1.13 Updated: June 30, 2026

LOW

Elastic Email Sender

elastic-email-sender

Score: 94/100 Elastic Email Sender <= 1.2.20 - Missing Authorization Affected: *-1.2.20 Patched: 1.2.21 Updated: June 30, 2026

LOW

easy-testimonial-rotator

Score: 93/100 Easy Testimonial Slider and Form <= 1.0.2 - Authenticated (Admin+) SQL injection Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

boxberry

Score: 91/100 Яндекс Доставка (Boxberry) <= 2.32 - Missing Authorization Affected: *-2.32 Patched: Updated: June 30, 2026

LOW

woocommerce-products-filter

Score: N/A HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter Affected: *-1.3.7.1 Patched: 1.3.7.2 Updated: June 30, 2026

LOW

wplms_plugin

Score: N/A WPLMS <= 1.9.9.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.9.5.4 Patched: Updated: June 30, 2026

LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 2.8.12 - Unauthenticated Command Injection Affected: *-2.8.12 Patched: 2.8.13 Updated: June 30, 2026

LOW

ronneby-core

Score: N/A Ronneby Theme Core <= 1.5.68 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.5.68 Patched: Updated: June 30, 2026

LOW

ronneby-core

Score: N/A Ronneby Theme Core <= 1.5.68 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.68 Patched: Updated: June 30, 2026

LOW

range-slider-addon-for-gravity-forms

Score: N/A Range Slider Addon for Gravity Forms <= 1.1.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

media-download

Score: 91/100 Media Library File Download <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

masterslider

Score: 86/100 Master Slider Pro <= 3.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.12 Patched: Updated: June 30, 2026

LOW

mailster

Score: 93/100 Mailster < 4.1.14 - Reflected Cross-Site Scripting Affected: [*, 4.1.14) Patched: 4.1.14 Updated: June 30, 2026

LOW

insert-php-code-snippet

Score: 93/100 Insert PHP Code Snippet <= 1.4.3 - Missing Authorization Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

create-posts-terms

Score: 91/100 Create Posts & Terms <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: Updated: June 30, 2026

LOW

consulting-elementor-widgets

Score: 93/100 Consulting Elementor Widgets <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

consulting-elementor-widgets

Score: 93/100 Consulting Elementor Widgets <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.2 Patched: 1.4.3 Updated: June 30, 2026

LOW

accessibe

Score: 97/100 Web Accessibility By accessiBe <= 2.10 - Missing Authorization Affected: *-2.10 Patched: 2.11 Updated: June 30, 2026

LOW

wpappninja

Score: N/A WPMobile.App <= 11.71 - Unauthenticated Stored Cross-Site Scripting Affected: *-11.71 Patched: 11.72 Updated: June 30, 2026

LOW

simply-gallery-block

Score: N/A SimpLy Gallery <= 3.3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.2.1 Patched: 3.3.2.2 Updated: June 30, 2026

LOW

easy-social-share-buttons3

Score: 93/100 Easy Social Share Buttons < 10.7.1 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 10.7.1) Patched: 10.7.1 Updated: June 30, 2026

LOW

dofollow-case-by-case

Score: 93/100 DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery Affected: *-3.5.1 Patched: 3.6.0 Updated: June 30, 2026

LOW

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox <= 2.17.12 - Unauthenticated Information Exposure Affected: *-2.17.12 Patched: Updated: June 30, 2026

LOW

happy-helpdesk-support-ticket-system

Score: 93/100 HAPPY <= 1.0.7 - Unauthenticated Remote Code Execution Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

gutenberg

Score: 97/100 Gutenberg <= 21.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-21.8.2 Patched: 21.9.0 Updated: June 30, 2026

LOW

filebird-pro

Score: 93/100 FileBird Pro <= 6.5.1 - Missing Authorization Affected: *-6.5.1 Patched: 6.5.2 Updated: June 30, 2026

LOW

fast-velocity-minify

Score: 93/100 Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026

LOW

wp-full-stripe-free

Score: N/A Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection Affected: *-8.3.1 Patched: 8.3.2 Updated: June 30, 2026

LOW

fusewp

Score: 93/100 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation Affected: *-1.1.23.0 Patched: 1.1.23.1 Updated: June 30, 2026

LOW

password-policy-manager

Score: N/A Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out Affected: *-2.0.5 Patched: 2.0.6 Updated: June 30, 2026

LOW

insta-gallery

Score: 93/100 Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure Affected: *-4.9.2 Patched: 4.9.3 Updated: June 30, 2026

LOW

charitable

Score: 93/100 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.8.8.4 Patched: 1.8.8.5 Updated: June 30, 2026

LOW

directorist

Score: 93/100 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move Affected: *-8.4.8 Patched: 8.4.9 Updated: June 30, 2026

LOW

tutor-pro

Score: N/A Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments Affected: *-3.8.3 Patched: 3.9.0 Updated: June 30, 2026

LOW

woo-product-filter

Score: N/A Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update Affected: *-3.0.0 Patched: 3.0.1 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure Affected: *-3.8.3 Patched: 3.9.0 Updated: June 30, 2026

LOW

testimonials-carousel-elementor

Score: N/A Testimonial Carousel For Elementor <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-11.6.2 Patched: 11.7.0 Updated: June 30, 2026

LOW

advanced-gutenberg

Score: 97/100 Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.4 Patched: 3.4.0 Updated: June 30, 2026

LOW

userfeedback-lite

Score: N/A User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure Affected: *-1.8.0 Patched: 1.9.0 Updated: June 30, 2026

LOW

password-protected

Score: N/A Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing Affected: *-2.7.11 Patched: 2.7.12 Updated: June 30, 2026

LOW

watu

Score: N/A Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer Affected: *-3.4.4 Patched: 3.4.5 Updated: June 30, 2026

LOW

tutor

Score: N/A Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update Affected: *-3.8.3 Patched: 3.9.0 Updated: June 30, 2026

LOW

wpvr

Score: N/A WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update Affected: *-8.5.41 Patched: 8.5.42 Updated: June 30, 2026

LOW

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

Score: N/A ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026

LOW

BackWPup – WordPress Backup & Restore Plugin

backwpup

Score: 96/100 BackWPup 5 - 5.5.0 - Missing Authorization to Sensitive Information Exposure Affected: 5-5.5.0 Patched: 5.5.1 Updated: June 30, 2026

LOW

eroom-zoom-meetings-webinar

Score: 93/100 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure Affected: *-1.5.6 Patched: 1.5.7 Updated: June 30, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function Affected: *-2.4.8 Patched: 2.4.9 Updated: June 30, 2026

LOW

wpcomplete

Score: N/A WPComplete <= 2.9.5.3 - Missing Authorization Affected: *-2.9.5.3 Patched: 2.9.5.4 Updated: June 30, 2026

LOW

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF <= 1.3.3.9 - Missing Authorization Affected: *-1.3.3.9 Patched: 1.3.4 Updated: June 30, 2026

LOW

wp-discussion-board

Score: N/A Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-2.5.5 Patched: 2.5.6 Updated: June 30, 2026

LOW

woocommerce-simple-registration

Score: N/A Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

woo-product-filter

Score: N/A Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection Affected: *-2.9.7 Patched: 2.9.8 Updated: June 30, 2026

LOW

widget-options

Score: N/A Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.2 Patched: 4.1.3 Updated: June 30, 2026

LOW

themerain-core

Score: N/A ThemeRain Core <= 1.1.9 - Missing Authorization Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

sprout-invoices

Score: N/A Client Invoicing by Sprout Invoices <= 20.8.7 - Missing Authorization Affected: *-20.8.7 Patched: 20.8.8 Updated: June 30, 2026

LOW

spendeonline

Score: N/A SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026

LOW

slider-templates

Score: N/A Slider Templates <= 1.0.3 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

shopengine

Score: N/A ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update Affected: *-4.8.4 Patched: 4.8.5 Updated: June 30, 2026

LOW

pixelyoursite

Score: N/A PixelYourSite – Your smart PIXEL (TAG) Manager < 11.1.2 - Authenticated (Administrator+) Local File Inclusion Affected: [*, 11.1.2) Patched: 11.1.2 Updated: June 30, 2026

LOW

generateblocks

Score: 93/100 GenerateBlocks <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

creta-testimonial-showcase

Score: 93/100 Creta Testimonial Showcase <= 1.2.3 - Authenticated (Editor+) Local File Inclusion Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

Showing 5401 to 5500 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 05:15 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List