Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
advanced-faq-manager	advanced-faq-manager	97	Advanced FAQ Manager <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.2	1.5.3	June 30, 2026
advanced-database-cleaner	advanced-database-cleaner	97	Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation	LOW	*-3.1.6	3.1.7	June 30, 2026
exact-links	exact-links	83	URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation	LOW	*-3.0.7		June 30, 2026
mislider	mislider	91	Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
windows-azure-storage	windows-azure-storage	N/A	Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion	LOW	*-4.5.1	4.5.2	June 30, 2026
disable-contect-editor-for-specific-template	disable-contect-editor-for-specific-template	91	Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update	LOW	*-2.0		June 30, 2026
rapidresult	rapidresult	N/A	RapidResult <= 1.2 - Authenticated (Contributor+) SQL Injection	LOW	*-1.2	1.3	June 30, 2026
nginx-cache-optimizer	nginx-cache-optimizer	N/A	NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update	LOW	*-1.1		June 30, 2026
all-in-one-forms	all-in-one-forms	97	AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import	LOW	*-1.3.18	1.3.19	June 30, 2026
check-plagiarism	check-plagiarism	91	Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-2.0		June 30, 2026
indieauth	indieauth	93	IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens	LOW	*-4.5.4	4.5.5	June 30, 2026
vnpay-for-woocommerce	vnpay-for-woocommerce	N/A	VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
qnotsquiz	qnotsquiz	N/A	qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
supervisor	supervisor	N/A	Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-1.3.2	1.3.3	June 30, 2026
time-clock	time-clock	N/A	Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting	LOW	*-1.3.1	1.3.2	June 30, 2026
simple-excel-pricelist-for-woocommerce	simple-excel-pricelist-for-woocommerce	N/A	Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.13		June 30, 2026
quickcreator	quickcreator	N/A	Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure	LOW	0.0.9-0.1.17	0.1.18	June 30, 2026
originality-ai	originality-ai	N/A	Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table'	LOW	*-1.0.16		June 30, 2026
originality-ai	originality-ai	N/A	Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove'	LOW	*-1.0.15	1.0.16	June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter	LOW	*-5.4.5	5.4.6	June 30, 2026
zoloblocks	zoloblocks	N/A	ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable	LOW	*-2.3.11	2.3.12	June 30, 2026
wc-designer-pro	wc-designer-pro	N/A	WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload	LOW	*-1.9.26		June 30, 2026
sprout-clients	sprout-clients	N/A	Sprout Clients <= 3.2.1 - Reflected Cross-Site Scripting	LOW	*-3.2.1	3.2.2	June 30, 2026
simple-pull-quote	simple-pull-quote	N/A	Simple Pull Quote <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.3	1.6.4	June 30, 2026
real-cookie-banner	real-cookie-banner	N/A	Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint	LOW	*-5.2.4	5.2.5	June 30, 2026
popup-builder-block	popup-builder-block	N/A	Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery	LOW	*-2.1.4	2.1.5	June 30, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.6.27 - Authenticated (Instructor+) SQL Injection	LOW	*-3.6.27	3.6.28	June 30, 2026
llm-hubspot-blog-import	llm-hubspot-blog-import	91	LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import	LOW	*-1.0.1		June 30, 2026
fanbridge-signup	fanbridge-signup	91	FanBridge signup <= 0.6 - Cross-Site Request Forgery	LOW	*-0.6		June 30, 2026
chatbot-ai-free-models	chatbot-ai-free-models	93	AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection	LOW	*-1.6.5	1.6.6	June 30, 2026
builderall-cheetah-for-wp	builderall-cheetah-for-wp	89	Builderall Builder for WordPress <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.1		June 30, 2026
wps-team	wps-team	N/A	Team Members Showcase <= 3.4.0 - Reflected Cross-Site Scripting	LOW	*-3.4.0	3.5.0	June 30, 2026
wpadcenter	wpadcenter	N/A	WP AdCenter <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.6.1		June 30, 2026
posts-by-tag	posts-by-tag	N/A	Posts By Tag <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.1		June 30, 2026
ns-maintenance-mode-for-wp	ns-maintenance-mode-for-wp	N/A	NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Information Exposure	LOW	*-1.3.1		June 30, 2026
MxChat – AI Chatbot & Content Generation for WordPress	mxchat-basic	80	MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery	LOW	*-2.4.6	2.4.7	June 30, 2026
feedzy-rss-feeds	feedzy-rss-feeds	93	Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-5.1.0	5.1.1	June 30, 2026
email-subscribe	email-subscribe	93	Email Subscription Popup <= 1.2.26 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.26	1.2.27	June 30, 2026
bb-plugin	bb-plugin	93	Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play'	LOW	*-2.9.2.1	2.9.3.1	June 30, 2026
aio-time-clock-lite	aio-time-clock-lite	97	All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out	LOW	*-2.0	2.0.1	June 30, 2026
simple-tableau-viz	simple-tableau-viz	N/A	Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0		June 30, 2026
mixlr-shortcode	mixlr-shortcode	91	Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.1		June 30, 2026
smcountdown	smcountdown	N/A	SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2		June 30, 2026
print-button-shortcode	print-button-shortcode	N/A	Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.1		June 30, 2026
cinza-grid	cinza-grid	93	Cinza Grid <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Skin Content Field	LOW	*-1.2.1	1.2.2	June 30, 2026
oboxmedia-ads	oboxmedia-ads	N/A	Oboxmedia Ads <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.8		June 30, 2026
wp-responsive-meet-the-team	wp-responsive-meet-the-team	N/A	WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.1		June 30, 2026
photographers-galleries	photographers-galleries	N/A	Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.8		June 30, 2026
material-design-iconic-font-integration	material-design-iconic-font-integration	91	Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2		June 30, 2026
responsive-iframe-googlemap	responsive-iframe-googlemap	N/A	Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.0.2		June 30, 2026
bg-book-publisher	bg-book-publisher	91	Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.25		June 30, 2026
simple-youtube-shortcode	simple-youtube-shortcode	N/A	Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.3		June 30, 2026
simple-business-data	simple-business-data	N/A	Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
this-or-that	this-or-that	N/A	This-or-That by André Boekhorst <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
jb-news-ticker	jb-news-ticker	91	JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
wp-restaurant-listings	wp-restaurant-listings	N/A	WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 30, 2026
wp-thumbnail	wp-thumbnail	N/A	WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1		June 30, 2026
playerzbr	playerzbr	N/A	Playerzbr <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field	LOW	*-1.6		June 30, 2026
email-tracker	email-tracker	93	Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection	LOW	*-5.3.15	5.3.16	June 30, 2026
st-category-wp	st-category-wp	N/A	ST Categories Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
wp-force-images-download	wp-force-images-download	N/A	WP-Force Images Download <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.8	1.9	June 30, 2026
wp-ad-gallery	wp-ad-gallery	N/A	WP AD Gallery <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3		June 30, 2026
responsive-progress-bar	responsive-progress-bar	N/A	Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
flexible-refund-and-return-order-for-woocommerce	flexible-refund-and-return-order-for-woocommerce	93	Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund	LOW	*-1.0.38	1.0.39	June 30, 2026
pixelyoursite	pixelyoursite	N/A	PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification	LOW	*-11.1.2	11.1.3	June 30, 2026
simple-banner	simple-banner	N/A	Simple Banner <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.0.10	3.1.0	June 30, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail	LOW	*-2.11.22	2.11.23	June 30, 2026
WP Go Maps (formerly WP Google Maps)	wp-google-maps	66	Google Maps <= 9.0.47 - Unauthenticated Stored Cross-Site Scripting	LOW	*-9.0.47	9.0.48	June 30, 2026
VikBooking Hotel Booking Engine & PMS	vikbooking	95	VikBooking Hotel Booking Engine & PMS <= 1.8.2 - Missing Authorization	LOW	*-1.8.2	1.8.3	June 30, 2026
stockie-extra	stockie-extra	N/A	Stockie Extra <= 1.2.11 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-1.2.11	1.2.12	June 30, 2026
stockie-extra	stockie-extra	N/A	Stockie Extra <= 1.2.11 - Cross-Site Request Forgery	LOW	*-1.2.11	1.2.12	June 30, 2026
powerpress	powerpress	N/A	PowerPress Podcasting <= 11.13.12 - Cross-Site Request Forgery	LOW	*-11.13.12	11.14	June 30, 2026
persian-admin-fonts	persian-admin-fonts	N/A	Persian Admnin Fonts <= 4.1.03 - Missing Authorization	LOW	*-4.1.03	4.1.05	June 30, 2026
make-email-customizer-for-woocommerce	make-email-customizer-for-woocommerce	89	Make Email Customizer for WooCommerce <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update	LOW	*-1.0.6		June 30, 2026
litho-addons	litho-addons	91	Litho Addons <= 3.4 - Missing Authorization	LOW	*-3.4		June 30, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.36 - Unauthenticated Arbitrary File Upload	LOW	*-51.1.36	51.1.37	June 30, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.36 - Unauthenticated Privilege Escalation	LOW	*-51.1.36	51.1.37	June 30, 2026
hercules-core	hercules-core	91	Hercules Core <= 7.4 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-7.4		June 30, 2026
gf-zoho	gf-zoho	93	WP Gravity Forms Zoho CRM and Bigin <= 1.2.8 - Open Redirect	LOW	*-1.2.8	1.2.9	June 30, 2026
dynamic-user-directory	dynamic-user-directory	93	Dynamic User Directory <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3	2.4	June 30, 2026
dt-reservation-plugin	dt-reservation-plugin	91	Reservation <= 1.6 - Reflected Cross-Site Scripting	LOW	*-1.6	1.7	June 30, 2026
cookie-notice	cookie-notice	93	Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-2.5.8	2.5.9	June 30, 2026
ajax-search-lite	ajax-search-lite	97	Ajax Search Lite <= 4.13.3 - Authenticated (Administrator+) PHP Object Injection	LOW	*-4.13.3	4.13.4	June 30, 2026
age-restriction	age-restriction	93	Age Restriction <= 3.0.2 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-3.0.2		June 30, 2026
academy-pro	academy-pro	97	Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon	LOW	*-3.3.7	3.3.8	June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery	LOW	*-8.2.5	8.2.6	June 30, 2026
wpc-countdown-timer	wpc-countdown-timer	N/A	WPC Countdown Timer for WooCommerce <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.4	3.1.5	June 30, 2026
wp-whydonate	wp-whydonate	N/A	Whydonate <= 4.0.15 - Missing Authorization	LOW	*-4.0.15	4.0.16	June 30, 2026
wp-rocket	wp-rocket	N/A	Rocket <= 3.19.4 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.19.4	3.20.0.2	June 30, 2026
kiotvietsync	kiotvietsync	83	KiotViet Sync <= 1.8.5 - Missing Authorization	LOW	*-1.8.5		June 30, 2026
acf-to-rest-api	acf-to-rest-api	95	ACF to REST API <= 3.3.4 - Unauthenticated Information Exposure	LOW	*-3.3.4		June 30, 2026
pondol-bbs	pondol-bbs	N/A	Pondol BBS <= 1.1.8.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.1.8.4		June 30, 2026
wp-webinarsystem	wp-webinarsystem	N/A	WebinarPress <= 1.33.28 - Missing Authorization	LOW	*-1.33.28		June 30, 2026
raychat	raychat	N/A	Raychat <= 2.2.1 - Cross-Site Request Forgery	LOW	*-2.2.1		June 30, 2026
official-sendle-shipping-method	official-sendle-shipping-method	N/A	Sendle Shipping <= 6.02 - Missing Authorization	LOW	*-6.02	6.03	June 30, 2026
listingpro-plugin	listingpro-plugin	87	ListingPro <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.9.9		June 30, 2026
listingpro-lead-form	listingpro-lead-form	89	ListingPro Lead Form <= 1.0.2 - Missing Authorization	LOW	*-1.0.2		June 30, 2026
listingpro-lead-form	listingpro-lead-form	89	ListingPro Lead Form <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 30, 2026
headline-analyzer	headline-analyzer	91	Headline Analyzer <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.7		June 30, 2026
business-directory-plugin	business-directory-plugin	93	Business Directory <= 6.4.18 - Missing Authorization	LOW	*-6.4.18	6.4.19	June 30, 2026

LOW

advanced-faq-manager

Score: 97/100 Advanced FAQ Manager <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

advanced-database-cleaner

Score: 97/100 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation Affected: *-3.1.6 Patched: 3.1.7 Updated: June 30, 2026

LOW

exact-links

Score: 83/100 URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation Affected: *-3.0.7 Patched: Updated: June 30, 2026

LOW

mislider

Score: 91/100 Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

windows-azure-storage

Score: N/A Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion Affected: *-4.5.1 Patched: 4.5.2 Updated: June 30, 2026

LOW

disable-contect-editor-for-specific-template

Score: 91/100 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

rapidresult

Score: N/A RapidResult <= 1.2 - Authenticated (Contributor+) SQL Injection Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

nginx-cache-optimizer

Score: N/A NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

all-in-one-forms

Score: 97/100 AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import Affected: *-1.3.18 Patched: 1.3.19 Updated: June 30, 2026

LOW

check-plagiarism

Score: 91/100 Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

indieauth

Score: 93/100 IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens Affected: *-4.5.4 Patched: 4.5.5 Updated: June 30, 2026

LOW

vnpay-for-woocommerce

Score: N/A VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

qnotsquiz

Score: N/A qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

supervisor

Score: N/A Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.3.2 Patched: 1.3.3 Updated: June 30, 2026

LOW

time-clock

Score: N/A Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

simple-excel-pricelist-for-woocommerce

Score: N/A Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.13 Patched: Updated: June 30, 2026

LOW

quickcreator

Score: N/A Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure Affected: 0.0.9-0.1.17 Patched: 0.1.18 Updated: June 30, 2026

LOW

Score: N/A Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table' Affected: *-1.0.16 Patched: Updated: June 30, 2026

LOW

originality-ai

Score: N/A Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove' Affected: *-1.0.15 Patched: 1.0.16 Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter Affected: *-5.4.5 Patched: 5.4.6 Updated: June 30, 2026

LOW

zoloblocks

Score: N/A ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable Affected: *-2.3.11 Patched: 2.3.12 Updated: June 30, 2026

LOW

wc-designer-pro

Score: N/A WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload Affected: *-1.9.26 Patched: Updated: June 30, 2026

LOW

sprout-clients

Score: N/A Sprout Clients <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: June 30, 2026

LOW

simple-pull-quote

Score: N/A Simple Pull Quote <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.3 Patched: 1.6.4 Updated: June 30, 2026

LOW

real-cookie-banner

Score: N/A Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint Affected: *-5.2.4 Patched: 5.2.5 Updated: June 30, 2026

LOW

popup-builder-block

Score: N/A Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.6.27 - Authenticated (Instructor+) SQL Injection Affected: *-3.6.27 Patched: 3.6.28 Updated: June 30, 2026

LOW

llm-hubspot-blog-import

Score: 91/100 LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

fanbridge-signup

Score: 91/100 FanBridge signup <= 0.6 - Cross-Site Request Forgery Affected: *-0.6 Patched: Updated: June 30, 2026

LOW

chatbot-ai-free-models

Score: 93/100 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

builderall-cheetah-for-wp

Score: 89/100 Builderall Builder for WordPress <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

wps-team

Score: N/A Team Members Showcase <= 3.4.0 - Reflected Cross-Site Scripting Affected: *-3.4.0 Patched: 3.5.0 Updated: June 30, 2026

LOW

wpadcenter

Score: N/A WP AdCenter <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.1 Patched: Updated: June 30, 2026

LOW

posts-by-tag

Score: N/A Posts By Tag <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: Updated: June 30, 2026

LOW

ns-maintenance-mode-for-wp

Score: N/A NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Information Exposure Affected: *-1.3.1 Patched: Updated: June 30, 2026

LOW

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

Score: 80/100 MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026

LOW

feedzy-rss-feeds

Score: 93/100 Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-5.1.0 Patched: 5.1.1 Updated: June 30, 2026

LOW

email-subscribe

Score: 93/100 Email Subscription Popup <= 1.2.26 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.26 Patched: 1.2.27 Updated: June 30, 2026

LOW

bb-plugin

Score: 93/100 Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play' Affected: *-2.9.2.1 Patched: 2.9.3.1 Updated: June 30, 2026

LOW

aio-time-clock-lite

Score: 97/100 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out Affected: *-2.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

simple-tableau-viz

Score: N/A Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

mixlr-shortcode

Score: 91/100 Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

smcountdown

Score: N/A SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

print-button-shortcode

Score: N/A Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

cinza-grid

Score: 93/100 Cinza Grid <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Skin Content Field Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

oboxmedia-ads

Score: N/A Oboxmedia Ads <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.8 Patched: Updated: June 30, 2026

LOW

wp-responsive-meet-the-team

Score: N/A WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

photographers-galleries

Score: N/A Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: June 30, 2026

LOW

material-design-iconic-font-integration

Score: 91/100 Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2 Patched: Updated: June 30, 2026

LOW

responsive-iframe-googlemap

Score: N/A Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

bg-book-publisher

Score: 91/100 Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.25 Patched: Updated: June 30, 2026

LOW

simple-youtube-shortcode

Score: N/A Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

simple-business-data

Score: N/A Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

this-or-that

Score: N/A This-or-That by André Boekhorst <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

jb-news-ticker

Score: 91/100 JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-restaurant-listings

Score: N/A WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wp-thumbnail

Score: N/A WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

playerzbr

Score: N/A Playerzbr <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

email-tracker

Score: 93/100 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection Affected: *-5.3.15 Patched: 5.3.16 Updated: June 30, 2026

LOW

st-category-wp

Score: N/A ST Categories Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

wp-force-images-download

Score: N/A WP-Force Images Download <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.8 Patched: 1.9 Updated: June 30, 2026

LOW

wp-ad-gallery

Score: N/A WP AD Gallery <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

responsive-progress-bar

Score: N/A Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

flexible-refund-and-return-order-for-woocommerce

Score: 93/100 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund Affected: *-1.0.38 Patched: 1.0.39 Updated: June 30, 2026

LOW

pixelyoursite

Score: N/A PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification Affected: *-11.1.2 Patched: 11.1.3 Updated: June 30, 2026

LOW

simple-banner

Score: N/A Simple Banner <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.0.10 Patched: 3.1.0 Updated: June 30, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail Affected: *-2.11.22 Patched: 2.11.23 Updated: June 30, 2026

LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 Google Maps <= 9.0.47 - Unauthenticated Stored Cross-Site Scripting Affected: *-9.0.47 Patched: 9.0.48 Updated: June 30, 2026

LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.8.2 - Missing Authorization Affected: *-1.8.2 Patched: 1.8.3 Updated: June 30, 2026

LOW

stockie-extra

Score: N/A Stockie Extra <= 1.2.11 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.2.11 Patched: 1.2.12 Updated: June 30, 2026

LOW

stockie-extra

Score: N/A Stockie Extra <= 1.2.11 - Cross-Site Request Forgery Affected: *-1.2.11 Patched: 1.2.12 Updated: June 30, 2026

LOW

powerpress

Score: N/A PowerPress Podcasting <= 11.13.12 - Cross-Site Request Forgery Affected: *-11.13.12 Patched: 11.14 Updated: June 30, 2026

LOW

persian-admin-fonts

Score: N/A Persian Admnin Fonts <= 4.1.03 - Missing Authorization Affected: *-4.1.03 Patched: 4.1.05 Updated: June 30, 2026

LOW

make-email-customizer-for-woocommerce

Score: 89/100 Make Email Customizer for WooCommerce <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

litho-addons

Score: 91/100 Litho Addons <= 3.4 - Missing Authorization Affected: *-3.4 Patched: Updated: June 30, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.36 - Unauthenticated Arbitrary File Upload Affected: *-51.1.36 Patched: 51.1.37 Updated: June 30, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.36 - Unauthenticated Privilege Escalation Affected: *-51.1.36 Patched: 51.1.37 Updated: June 30, 2026

LOW

hercules-core

Score: 91/100 Hercules Core <= 7.4 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-7.4 Patched: Updated: June 30, 2026

LOW

gf-zoho

Score: 93/100 WP Gravity Forms Zoho CRM and Bigin <= 1.2.8 - Open Redirect Affected: *-1.2.8 Patched: 1.2.9 Updated: June 30, 2026

LOW

dynamic-user-directory

Score: 93/100 Dynamic User Directory <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: 2.4 Updated: June 30, 2026

LOW

dt-reservation-plugin

Score: 91/100 Reservation <= 1.6 - Reflected Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

cookie-notice

Score: 93/100 Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.5.8 Patched: 2.5.9 Updated: June 30, 2026

LOW

ajax-search-lite

Score: 97/100 Ajax Search Lite <= 4.13.3 - Authenticated (Administrator+) PHP Object Injection Affected: *-4.13.3 Patched: 4.13.4 Updated: June 30, 2026

LOW

age-restriction

Score: 93/100 Age Restriction <= 3.0.2 - Authenticated (Subscriber+) Privilege Escalation Affected: *-3.0.2 Patched: Updated: June 30, 2026

LOW

academy-pro

Score: 97/100 Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon Affected: *-3.3.7 Patched: 3.3.8 Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery Affected: *-8.2.5 Patched: 8.2.6 Updated: June 30, 2026

LOW

wpc-countdown-timer

Score: N/A WPC Countdown Timer for WooCommerce <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026

LOW

wp-whydonate

Score: N/A Whydonate <= 4.0.15 - Missing Authorization Affected: *-4.0.15 Patched: 4.0.16 Updated: June 30, 2026

LOW

wp-rocket

Score: N/A Rocket <= 3.19.4 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.19.4 Patched: 3.20.0.2 Updated: June 30, 2026

LOW

kiotvietsync

Score: 83/100 KiotViet Sync <= 1.8.5 - Missing Authorization Affected: *-1.8.5 Patched: Updated: June 30, 2026

LOW

acf-to-rest-api

Score: 95/100 ACF to REST API <= 3.3.4 - Unauthenticated Information Exposure Affected: *-3.3.4 Patched: Updated: June 30, 2026

LOW

pondol-bbs

Score: N/A Pondol BBS <= 1.1.8.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.1.8.4 Patched: Updated: June 30, 2026

LOW

wp-webinarsystem

Score: N/A WebinarPress <= 1.33.28 - Missing Authorization Affected: *-1.33.28 Patched: Updated: June 30, 2026

LOW

raychat

Score: N/A Raychat <= 2.2.1 - Cross-Site Request Forgery Affected: *-2.2.1 Patched: Updated: June 30, 2026

LOW

official-sendle-shipping-method

Score: N/A Sendle Shipping <= 6.02 - Missing Authorization Affected: *-6.02 Patched: 6.03 Updated: June 30, 2026

LOW

listingpro-plugin

Score: 87/100 ListingPro <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.9 Patched: Updated: June 30, 2026

LOW

listingpro-lead-form

Score: 89/100 ListingPro Lead Form <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

listingpro-lead-form

Score: 89/100 ListingPro Lead Form <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

headline-analyzer

Score: 91/100 Headline Analyzer <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.7 Patched: Updated: June 30, 2026

LOW

business-directory-plugin

Score: 93/100 Business Directory <= 6.4.18 - Missing Authorization Affected: *-6.4.18 Patched: 6.4.19 Updated: June 30, 2026

Showing 5501 to 5600 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 04:07 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List