Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
buddyforms	buddyforms	89	BuddyForms <= 2.9.0 - Missing Authorization	LOW	*-2.9.0		June 30, 2026
baiduseo	baiduseo	93	百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.1.4 - Missing Authorization	LOW	*-2.1.4	2.1.5	June 30, 2026
attesa-extra	attesa-extra	93	Attesa Extra <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.7	1.4.8	June 30, 2026
wp-last-modified-info	wp-last-modified-info	N/A	WP Last Modified Info <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.2	1.9.3	June 30, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	woocommerce-jetpack	65	Booster for WooCommerce <= 7.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-7.3.2	7.4.0	June 30, 2026
woo-thank-you-page-nextmove-lite	woo-thank-you-page-nextmove-lite	N/A	NextMove Lite <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.23.0	2.24.0	June 30, 2026
stockholm-core	stockholm-core	N/A	Stockholm Core <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.6		June 30, 2026
stockholm-core	stockholm-core	N/A	Stockholm Core <= 2.4.6 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.4.6		June 30, 2026
rometheme-for-elementor	rometheme-for-elementor	N/A	RTMKit <= 1.6.5 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-1.6.5	1.6.6	June 30, 2026
rehub-framework	rehub-framework	N/A	REHub Framework < 19.9.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 19.9.9.7)	19.9.9.7	June 30, 2026
link-whisper	link-whisper	93	Link Whisper Free <= 0.9.2 - Missing Authorization	LOW	*-0.9.2	0.9.3	June 30, 2026
directorypress	directorypress	93	DirectoryPress <= 3.6.25 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.6.25	3.6.26	June 30, 2026
theme-editor	theme-editor	N/A	Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution	LOW	*-3.0	3.1	June 30, 2026
chatbot-chatgpt	chatbot-chatgpt	93	Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing	LOW	*-2.3.5	2.3.6	June 30, 2026
embed-power-bi-reports	embed-power-bi-reports	93	PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure	LOW	*-1.2.0	1.2.1	June 30, 2026
learnpress	learnpress	93	LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation	LOW	*-4.2.9.3	4.2.9.4	June 30, 2026
woo-smart-quick-view	woo-smart-quick-view	N/A	WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure	LOW	*-4.2.5	4.2.6	June 30, 2026
FileBird – WordPress Media Library Folders & File Manager	filebird	80	FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset	LOW	*-6.4.9	6.5.0	June 30, 2026
js_composer	js_composer	93	WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.6	8.7	June 30, 2026
woocommerce-product-addon	woocommerce-product-addon	N/A	PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection	LOW	*-33.0.15	33.0.16	June 30, 2026
woocommerce-product-addon	woocommerce-product-addon	N/A	PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload	LOW	*-33.0.15	33.0.16	June 30, 2026
Event Tickets and Registration	event-tickets	86	Event Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment Bypass	LOW	*-5.26.5	5.26.6	June 30, 2026
optimole-wp	optimole-wp	N/A	Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload	LOW	*-4.1.0	4.1.1	June 30, 2026
WP Go Maps (formerly WP Google Maps)	wp-google-maps	66	WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning	LOW	*-9.0.48	9.0.49	June 30, 2026
Redirection for Contact Form 7	wpcf7-redirect	N/A	Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode	LOW	*-3.2.6	3.2.7	June 30, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.29 - Unauthenticated Limited File Read	LOW	*-3.29	3.30	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery	LOW	*-5.7.1	5.7.2	June 30, 2026
shortpixel-image-optimiser	shortpixel-image-optimiser	N/A	ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export	LOW	*-6.3.4	6.3.5	June 30, 2026
woo-smart-wishlist	woo-smart-wishlist	N/A	WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure	LOW	*-5.0.4	5.0.5	June 30, 2026
related-posts-lite	related-posts-lite	N/A	Related Posts Lite <= 1.12 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.12		June 30, 2026
memberlite-shortcodes	memberlite-shortcodes	91	Memberlite Shortcodes <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.1		June 30, 2026
gspeech	gspeech	93	GSpeech TTS – WordPress Text To Speech Plugin <= 3.17.13 - Authenticated (Admin+) SQL injection	LOW	*-3.17.3	3.18.0	June 30, 2026
gocache-cdn	gocache-cdn	91	GoCache <= 1.3.6 - Missing Authorization	LOW	*-1.3.6		June 30, 2026
fb2wp-integration-tools	fb2wp-integration-tools	93	XX2WP Integration Tools <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.9	2.0.0	June 30, 2026
et-core-plugin	et-core-plugin	93	XStore Core < 5.6 - Reflected Cross-Site Scripting	LOW	[*, 5.6)	5.6	June 30, 2026
essential-blocks	essential-blocks	93	Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.7.1	5.7.2	June 30, 2026
admin-management-xtended	admin-management-xtended	97	Admin Management Xtended <= 2.5.1 - Missing Authorization	LOW	*-2.5.1	2.5.2	June 30, 2026
binary-mlm-plan	binary-mlm-plan	91	Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-5.0		June 30, 2026
wpcasa	wpcasa	N/A	WPCasa <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.1	1.4.2	June 30, 2026
wp-travel-blocks	wp-travel-blocks	N/A	WP Travel Gutenberg Blocks <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.9.2	3.9.3	June 30, 2026
wp-sms	wp-sms	N/A	WP SMS <= 7.0.1 - Missing Authorization	LOW	*-7.0.1	7.0.2	June 30, 2026
wp-meta-data-filter-and-taxonomy-filter	wp-meta-data-filter-and-taxonomy-filter	N/A	MDTF <= 1.3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.3.8	1.3.3.9	June 30, 2026
wp-meta-data-filter-and-taxonomy-filter	wp-meta-data-filter-and-taxonomy-filter	N/A	MDTF <= 1.3.6 - Missing Authorization	LOW	*-1.3.6	1.3.7	June 30, 2026
voice-feedback	voice-feedback	N/A	Voice Feedback – Voice Recorder for Audio Feedback <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0.3	2.0.0	June 30, 2026
upc-ean-barcode-generator	upc-ean-barcode-generator	N/A	UPC/EAN/GTIN Code Generator <= 2.0.2 - Cross-Site Request Forgery	LOW	*-2.0.2	2.0.3	June 30, 2026
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks	uichemy	N/A	UiChemy <= 4.0.0 - Missing Authorization	LOW	*-4.0.0	4.0.1	June 30, 2026
u-design-core	u-design-core	N/A	UDesign Core <= 4.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.14.1	4.14.2	June 30, 2026
thegem-elements	thegem-elements	N/A	TheGem Theme Elements (for WPBakery) <= 5.10.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.10.5.1	5.10.5.2	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.1	5.4.2	June 30, 2026
td-cloud-library	td-cloud-library	N/A	tagDiv Cloud Library < 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 3.9.2)	3.9.2	June 30, 2026
Tab Ultimate	tabs-pro	95	Tab Ultimate <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8	1.9	June 30, 2026
surerank	surerank	N/A	SureRank <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.3.2	1.4.0	June 30, 2026
social-testimonials-and-reviews-widget	social-testimonials-and-reviews-widget	N/A	Social proof testimonials and reviews by Repuso <= 5.29 - Missing Authorization	LOW	*-5.29	5.30	June 30, 2026
SmartCrawl SEO checker, analyzer & optimizer	smartcrawl-seo	90	SmartCrawl <= 3.14.3 - Missing Authorization	LOW	*-3.14.3	3.14.4	June 30, 2026
simple-post-template	simple-post-template	N/A	Simple Content Templates for Blog Posts & Pages <= 2.2.61 - Cross-Site Request Forgery	LOW	*-2.2.61		June 30, 2026
revenue	revenue	N/A	WowRevenue <= 1.2.13 - Missing Authorization	LOW	*-1.2.13	1.2.14	June 30, 2026
product-table-for-woocommerce	product-table-for-woocommerce	N/A	Product Table For WooCommerce <= 1.2.4 - Authenticated (Contributor+) PHP Object Injection	LOW	*-1.2.4	1.2.5	June 30, 2026
ppv-live-webcams	ppv-live-webcams	N/A	Paid Videochat Turnkey Site <= 7.3.23 - Authenticated (Admin+) Remote Code Execution	LOW	*-7.3.23	7.3.24	June 30, 2026
post-type-x	post-type-x	N/A	Product Catalog Simple <= 1.8.4 - Cross-Site Request Forgery	LOW	*-1.8.4	1.8.5	June 30, 2026
pie-calendar	pie-calendar	N/A	Pie Calendar <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.9	1.3.0	June 30, 2026
one-page-express-companion	one-page-express-companion	N/A	One Page Express Companion <= 1.6.43 - Missing Authorization	LOW	*-1.6.43	1.6.44	June 30, 2026
meetinghub	meetinghub	93	MeetingHub <= 1.23.9 - Missing Authorization	LOW	*-1.23.9	1.23.10	June 30, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.6.20 - Authenticated (Instructor+) Sensitive Information Exposure	LOW	*-3.6.20	3.6.21	June 30, 2026
houzez-theme-functionality	houzez-theme-functionality	93	Houzez Theme - Functionality < 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 4.2.0)	4.2.0	June 30, 2026
houzez-theme-functionality	houzez-theme-functionality	93	Houzez Theme - Functionality <= 4.1.8 - Authenticated (Contributor+) Local File Inclusion	LOW	*-4.1.8	4.2.0	June 30, 2026
houzez-theme-functionality	houzez-theme-functionality	93	Houzez Theme - Functionality < 4.2.0 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 4.2.0)	4.2.0	June 30, 2026
front-end-only-users	front-end-only-users	89	Front End Users <= 3.2.33 - Missing Authorization	LOW	*-3.2.33	3.2.34	June 30, 2026
Event Tickets and Registration	event-tickets	86	Event Tickets <= 5.26.3 - Missing Authorization	LOW	*-5.26.3	5.26.4	June 30, 2026
event-post	event-post	91	Event post <= 5.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.10.3	5.10.4	June 30, 2026
estatik	estatik	89	Estatik <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1.13		June 30, 2026
easy-post-submission	easy-post-submission	93	Easy Post Submission <= 1.7.0 - Unauthenticated Sensitive Information Exposure	LOW	*-1.7.0	2.0.0	June 30, 2026
e2pdf	e2pdf	93	e2pdf <= 1.28.09 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.28.09	1.28.10	June 30, 2026
cloud-search	cloud-search	91	CloudSearch <= 3.0.0 - Cross-Site Request Forgery	LOW	*-3.0.0		June 30, 2026
blockspare	blockspare	93	Blockspare <= 3.2.13.2 - Authenticated (Contributor+) Sensitive Information Exposure	LOW	*-3.2.13.2	3.2.14	June 30, 2026
Advanced Coupons for WooCommerce Coupons & Store Credit	advanced-coupons-for-woocommerce-free	80	Advanced Coupons for WooCommerce Coupons <= 4.6.8 - Authenticated (Shop manager+) SQL Injection	LOW	*-4.6.8	4.6.9	June 30, 2026
acknowledgify	acknowledgify	97	Acknowledgify <= 1.1.3 - Missing Authorization	LOW	*-1.1.3	1.1.4	June 30, 2026
felan-framework	felan-framework	87	Felan Framework <= 1.1.4 - Hardcoded Credentials	LOW	*-1.1.4	1.1.5	June 30, 2026
felan-framework	felan-framework	87	Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions	LOW	*-1.1.4	1.1.5	June 30, 2026
truelysell-core	truelysell-core	N/A	Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change	LOW	*-1.8.6	1.8.7	June 30, 2026
pojo-accessibility	pojo-accessibility	N/A	Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-3.8.0	3.8.1	June 30, 2026
wc-reports-lite	wc-reports-lite	N/A	NikanWP WooCommerce Reporting <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0	3.0.0	June 30, 2026
u-design-core	u-design-core	N/A	UDesign Core <= 4.14.0 - Authenticated (Contributor+) Local File Inclusion	LOW	*-4.14.0		June 30, 2026
tuturn	tuturn	N/A	Tuturn < 3.6 - Authenticated (Subscriber+) Arbitrary File Download	LOW	[*, 3.6)	3.6	June 30, 2026
tuturn	tuturn	N/A	Tuturn < 3.6 - Unauthenticated Missing Authorization	LOW	[*, 3.6)	3.6	June 30, 2026
sumomemberships	sumomemberships	N/A	SUMO Memberships for WooCommerce < 7.8.0 - Cross-Site Request Forgery	LOW	[*, 7.8.0)	7.8.0	June 30, 2026
shopmagic-for-woocommerce	shopmagic-for-woocommerce	N/A	Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic <= 4.5.6 - Unauthenticated Information Exposure	LOW	*-4.5.6	4.5.7	June 30, 2026
reloadly-topup-widget	reloadly-topup-widget	N/A	Reloadly <= 2.0.1 - Cross-Site Request Forgery	LOW	*-2.0.1		June 30, 2026
funnel-builder	funnel-builder	93	FunnelKit <= 3.12.0 - Reflected Cross-Site Scripting	LOW	*-3.12.0	3.12.0.1	June 30, 2026
elementinvader-addons-for-elementor	elementinvader-addons-for-elementor	93	Elementinvader Addons for Elementor <= 1.4.0 - Unauthenticated Arbitrary Email Sending	LOW	*-1.4.0	1.4.1	June 30, 2026
download-counter-button	download-counter-button	91	Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download	LOW	*-1.8.6.7		June 30, 2026
cost-calculator-builder	cost-calculator-builder	93	Cost Calculator Builder <= 3.5.32 - Missing Authorization	LOW	*-3.5.32	3.5.33	June 30, 2026
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders	barcode-scanner-lite-pos-to-manage-products-inventory-and-orders	93	Barcode Scanner with Inventory & Order Manager <= 1.10.4 - Authenticated (Shop Manager+) Directory Traversal	LOW	*-1.10.4	1.10.5	June 30, 2026
ace-user-management	ace-user-management	95	Ace User Management <= 2.0.3 - Unauthenticated Privilege Escalation via Password Reset	LOW	*-2.0.3		June 30, 2026
binary-mlm-plan	binary-mlm-plan	91	Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation	LOW	*-3.0	5.0	June 30, 2026
keyy	keyy	91	Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	LOW	*-1.2.3		June 30, 2026
wp-dashboard-chat	wp-dashboard-chat	N/A	WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id	LOW	*-1.0.3		June 30, 2026
docodoco-store-locator	docodoco-store-locator	91	DocoDoco Store Locator <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload	LOW	*-1.0.1		June 30, 2026
find-and-replace-content	find-and-replace-content	91	Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
content-writer	content-writer	93	Content Writer <= 3.6.8 - Unauthenticated Information Exposure via Log File	LOW	*-3.6.8	3.6.9	June 30, 2026
digiseller	digiseller	93	Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3	1.4	June 30, 2026

LOW

buddyforms

Score: 89/100 BuddyForms <= 2.9.0 - Missing Authorization Affected: *-2.9.0 Patched: Updated: June 30, 2026

LOW

baiduseo

Score: 93/100 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.1.4 - Missing Authorization Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

attesa-extra

Score: 93/100 Attesa Extra <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

wp-last-modified-info

Score: N/A WP Last Modified Info <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.2 Patched: 1.9.3 Updated: June 30, 2026

LOW

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Score: 65/100 Booster for WooCommerce <= 7.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.3.2 Patched: 7.4.0 Updated: June 30, 2026

LOW

woo-thank-you-page-nextmove-lite

Score: N/A NextMove Lite <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.23.0 Patched: 2.24.0 Updated: June 30, 2026

LOW

stockholm-core

Score: N/A Stockholm Core <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.6 Patched: Updated: June 30, 2026

LOW

stockholm-core

Score: N/A Stockholm Core <= 2.4.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.4.6 Patched: Updated: June 30, 2026

LOW

rometheme-for-elementor

Score: N/A RTMKit <= 1.6.5 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

rehub-framework

Score: N/A REHub Framework < 19.9.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 19.9.9.7) Patched: 19.9.9.7 Updated: June 30, 2026

LOW

link-whisper

Score: 93/100 Link Whisper Free <= 0.9.2 - Missing Authorization Affected: *-0.9.2 Patched: 0.9.3 Updated: June 30, 2026

LOW

directorypress

Score: 93/100 DirectoryPress <= 3.6.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.25 Patched: 3.6.26 Updated: June 30, 2026

LOW

theme-editor

Score: N/A Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

chatbot-chatgpt

Score: 93/100 Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing Affected: *-2.3.5 Patched: 2.3.6 Updated: June 30, 2026

LOW

embed-power-bi-reports

Score: 93/100 PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation Affected: *-4.2.9.3 Patched: 4.2.9.4 Updated: June 30, 2026

LOW

woo-smart-quick-view

Score: N/A WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure Affected: *-4.2.5 Patched: 4.2.6 Updated: June 30, 2026

LOW

FileBird – WordPress Media Library Folders & File Manager

filebird

Score: 80/100 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset Affected: *-6.4.9 Patched: 6.5.0 Updated: June 30, 2026

LOW

js_composer

Score: 93/100 WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.6 Patched: 8.7 Updated: June 30, 2026

LOW

woocommerce-product-addon

Score: N/A PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection Affected: *-33.0.15 Patched: 33.0.16 Updated: June 30, 2026

LOW

woocommerce-product-addon

Score: N/A PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload Affected: *-33.0.15 Patched: 33.0.16 Updated: June 30, 2026

LOW

Event Tickets and Registration

event-tickets

Score: 86/100 Event Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment Bypass Affected: *-5.26.5 Patched: 5.26.6 Updated: June 30, 2026

LOW

optimole-wp

Score: N/A Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload Affected: *-4.1.0 Patched: 4.1.1 Updated: June 30, 2026

LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning Affected: *-9.0.48 Patched: 9.0.49 Updated: June 30, 2026

LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode Affected: *-3.2.6 Patched: 3.2.7 Updated: June 30, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read Affected: *-3.29 Patched: 3.30 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery Affected: *-5.7.1 Patched: 5.7.2 Updated: June 30, 2026

LOW

shortpixel-image-optimiser

Score: N/A ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export Affected: *-6.3.4 Patched: 6.3.5 Updated: June 30, 2026

LOW

woo-smart-wishlist

Score: N/A WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure Affected: *-5.0.4 Patched: 5.0.5 Updated: June 30, 2026

LOW

related-posts-lite

Score: N/A Related Posts Lite <= 1.12 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.12 Patched: Updated: June 30, 2026

LOW

memberlite-shortcodes

Score: 91/100 Memberlite Shortcodes <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: June 30, 2026

LOW

gspeech

Score: 93/100 GSpeech TTS – WordPress Text To Speech Plugin <= 3.17.13 - Authenticated (Admin+) SQL injection Affected: *-3.17.3 Patched: 3.18.0 Updated: June 30, 2026

LOW

gocache-cdn

Score: 91/100 GoCache <= 1.3.6 - Missing Authorization Affected: *-1.3.6 Patched: Updated: June 30, 2026

LOW

fb2wp-integration-tools

Score: 93/100 XX2WP Integration Tools <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: 2.0.0 Updated: June 30, 2026

LOW

et-core-plugin

Score: 93/100 XStore Core < 5.6 - Reflected Cross-Site Scripting Affected: [*, 5.6) Patched: 5.6 Updated: June 30, 2026

LOW

Score: 93/100 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.7.1 Patched: 5.7.2 Updated: June 30, 2026

LOW

admin-management-xtended

Score: 97/100 Admin Management Xtended <= 2.5.1 - Missing Authorization Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

binary-mlm-plan

Score: 91/100 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-5.0 Patched: Updated: June 30, 2026

LOW

wpcasa

Score: N/A WPCasa <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026

LOW

wp-travel-blocks

Score: N/A WP Travel Gutenberg Blocks <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.9.2 Patched: 3.9.3 Updated: June 30, 2026

LOW

wp-sms

Score: N/A WP SMS <= 7.0.1 - Missing Authorization Affected: *-7.0.1 Patched: 7.0.2 Updated: June 30, 2026

LOW

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF <= 1.3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3.8 Patched: 1.3.3.9 Updated: June 30, 2026

LOW

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF <= 1.3.6 - Missing Authorization Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

voice-feedback

Score: N/A Voice Feedback – Voice Recorder for Audio Feedback <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.3 Patched: 2.0.0 Updated: June 30, 2026

LOW

upc-ean-barcode-generator

Score: N/A UPC/EAN/GTIN Code Generator <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

UiChemy — Figma Converter for Elementor, Gutenberg and Bricks

uichemy

Score: N/A UiChemy <= 4.0.0 - Missing Authorization Affected: *-4.0.0 Patched: 4.0.1 Updated: June 30, 2026

LOW

u-design-core

Score: N/A UDesign Core <= 4.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.14.1 Patched: 4.14.2 Updated: June 30, 2026

LOW

thegem-elements

Score: N/A TheGem Theme Elements (for WPBakery) <= 5.10.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.5.1 Patched: 5.10.5.2 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.1 Patched: 5.4.2 Updated: June 30, 2026

LOW

td-cloud-library

Score: N/A tagDiv Cloud Library < 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.9.2) Patched: 3.9.2 Updated: June 30, 2026

LOW

Tab Ultimate

tabs-pro

Score: 95/100 Tab Ultimate <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: June 30, 2026

LOW

surerank

Score: N/A SureRank <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.4.0 Updated: June 30, 2026

LOW

social-testimonials-and-reviews-widget

Score: N/A Social proof testimonials and reviews by Repuso <= 5.29 - Missing Authorization Affected: *-5.29 Patched: 5.30 Updated: June 30, 2026

LOW

SmartCrawl SEO checker, analyzer & optimizer

smartcrawl-seo

Score: 90/100 SmartCrawl <= 3.14.3 - Missing Authorization Affected: *-3.14.3 Patched: 3.14.4 Updated: June 30, 2026

LOW

simple-post-template

Score: N/A Simple Content Templates for Blog Posts & Pages <= 2.2.61 - Cross-Site Request Forgery Affected: *-2.2.61 Patched: Updated: June 30, 2026

LOW

revenue

Score: N/A WowRevenue <= 1.2.13 - Missing Authorization Affected: *-1.2.13 Patched: 1.2.14 Updated: June 30, 2026

LOW

product-table-for-woocommerce

Score: N/A Product Table For WooCommerce <= 1.2.4 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

ppv-live-webcams

Score: N/A Paid Videochat Turnkey Site <= 7.3.23 - Authenticated (Admin+) Remote Code Execution Affected: *-7.3.23 Patched: 7.3.24 Updated: June 30, 2026

LOW

post-type-x

Score: N/A Product Catalog Simple <= 1.8.4 - Cross-Site Request Forgery Affected: *-1.8.4 Patched: 1.8.5 Updated: June 30, 2026

LOW

pie-calendar

Score: N/A Pie Calendar <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.9 Patched: 1.3.0 Updated: June 30, 2026

LOW

one-page-express-companion

Score: N/A One Page Express Companion <= 1.6.43 - Missing Authorization Affected: *-1.6.43 Patched: 1.6.44 Updated: June 30, 2026

LOW

meetinghub

Score: 93/100 MeetingHub <= 1.23.9 - Missing Authorization Affected: *-1.23.9 Patched: 1.23.10 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.6.20 - Authenticated (Instructor+) Sensitive Information Exposure Affected: *-3.6.20 Patched: 3.6.21 Updated: June 30, 2026

LOW

houzez-theme-functionality

Score: 93/100 Houzez Theme - Functionality < 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 4.2.0) Patched: 4.2.0 Updated: June 30, 2026

LOW

houzez-theme-functionality

Score: 93/100 Houzez Theme - Functionality <= 4.1.8 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.1.8 Patched: 4.2.0 Updated: June 30, 2026

LOW

houzez-theme-functionality

Score: 93/100 Houzez Theme - Functionality < 4.2.0 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 4.2.0) Patched: 4.2.0 Updated: June 30, 2026

LOW

front-end-only-users

Score: 89/100 Front End Users <= 3.2.33 - Missing Authorization Affected: *-3.2.33 Patched: 3.2.34 Updated: June 30, 2026

LOW

Event Tickets and Registration

event-tickets

Score: 86/100 Event Tickets <= 5.26.3 - Missing Authorization Affected: *-5.26.3 Patched: 5.26.4 Updated: June 30, 2026

LOW

event-post

Score: 91/100 Event post <= 5.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.3 Patched: 5.10.4 Updated: June 30, 2026

LOW

estatik

Score: 89/100 Estatik <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.13 Patched: Updated: June 30, 2026

LOW

easy-post-submission

Score: 93/100 Easy Post Submission <= 1.7.0 - Unauthenticated Sensitive Information Exposure Affected: *-1.7.0 Patched: 2.0.0 Updated: June 30, 2026

LOW

e2pdf

Score: 93/100 e2pdf <= 1.28.09 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.28.09 Patched: 1.28.10 Updated: June 30, 2026

LOW

cloud-search

Score: 91/100 CloudSearch <= 3.0.0 - Cross-Site Request Forgery Affected: *-3.0.0 Patched: Updated: June 30, 2026

LOW

blockspare

Score: 93/100 Blockspare <= 3.2.13.2 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-3.2.13.2 Patched: 3.2.14 Updated: June 30, 2026

LOW

Advanced Coupons for WooCommerce Coupons & Store Credit

advanced-coupons-for-woocommerce-free

Score: 80/100 Advanced Coupons for WooCommerce Coupons <= 4.6.8 - Authenticated (Shop manager+) SQL Injection Affected: *-4.6.8 Patched: 4.6.9 Updated: June 30, 2026

LOW

acknowledgify

Score: 97/100 Acknowledgify <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

felan-framework

Score: 87/100 Felan Framework <= 1.1.4 - Hardcoded Credentials Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

felan-framework

Score: 87/100 Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

truelysell-core

Score: N/A Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change Affected: *-1.8.6 Patched: 1.8.7 Updated: June 30, 2026

LOW

pojo-accessibility

Score: N/A Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-3.8.0 Patched: 3.8.1 Updated: June 30, 2026

LOW

wc-reports-lite

Score: N/A NikanWP WooCommerce Reporting <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: 3.0.0 Updated: June 30, 2026

LOW

u-design-core

Score: N/A UDesign Core <= 4.14.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.14.0 Patched: Updated: June 30, 2026

LOW

tuturn

Score: N/A Tuturn < 3.6 - Authenticated (Subscriber+) Arbitrary File Download Affected: [*, 3.6) Patched: 3.6 Updated: June 30, 2026

LOW

tuturn

Score: N/A Tuturn < 3.6 - Unauthenticated Missing Authorization Affected: [*, 3.6) Patched: 3.6 Updated: June 30, 2026

LOW

sumomemberships

Score: N/A SUMO Memberships for WooCommerce < 7.8.0 - Cross-Site Request Forgery Affected: [*, 7.8.0) Patched: 7.8.0 Updated: June 30, 2026

LOW

shopmagic-for-woocommerce

Score: N/A Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic <= 4.5.6 - Unauthenticated Information Exposure Affected: *-4.5.6 Patched: 4.5.7 Updated: June 30, 2026

LOW

reloadly-topup-widget

Score: N/A Reloadly <= 2.0.1 - Cross-Site Request Forgery Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

funnel-builder

Score: 93/100 FunnelKit <= 3.12.0 - Reflected Cross-Site Scripting Affected: *-3.12.0 Patched: 3.12.0.1 Updated: June 30, 2026

LOW

elementinvader-addons-for-elementor

Score: 93/100 Elementinvader Addons for Elementor <= 1.4.0 - Unauthenticated Arbitrary Email Sending Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

download-counter-button

Score: 91/100 Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download Affected: *-1.8.6.7 Patched: Updated: June 30, 2026

LOW

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.5.32 - Missing Authorization Affected: *-3.5.32 Patched: 3.5.33 Updated: June 30, 2026

LOW

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Score: 93/100 Barcode Scanner with Inventory & Order Manager <= 1.10.4 - Authenticated (Shop Manager+) Directory Traversal Affected: *-1.10.4 Patched: 1.10.5 Updated: June 30, 2026

LOW

ace-user-management

Score: 95/100 Ace User Management <= 2.0.3 - Unauthenticated Privilege Escalation via Password Reset Affected: *-2.0.3 Patched: Updated: June 30, 2026

LOW

binary-mlm-plan

Score: 91/100 Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation Affected: *-3.0 Patched: 5.0 Updated: June 30, 2026

LOW

keyy

Score: 91/100 Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

wp-dashboard-chat

Score: N/A WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

docodoco-store-locator

Score: 91/100 DocoDoco Store Locator <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

find-and-replace-content

Score: 91/100 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

content-writer

Score: 93/100 Content Writer <= 3.6.8 - Unauthenticated Information Exposure via Log File Affected: *-3.6.8 Patched: 3.6.9 Updated: June 30, 2026

LOW

digiseller

Score: 93/100 Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: 1.4 Updated: June 30, 2026

Showing 5601 to 5700 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 02:40 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List