Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
accordion-panel-for-category-and-products	accordion-panel-for-category-and-products	95	Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.0		June 30, 2026
wp-bookwidgets	wp-bookwidgets	N/A	WP BookWidgets <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.9	0.10	June 30, 2026
tariffuxx	tariffuxx	N/A	TARIFFUXX <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode	LOW	*-1.4	1.5	June 30, 2026
orion-sms-otp-verification	orion-sms-otp-verification	N/A	Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover	LOW	*-1.1.7	2.0.0	June 30, 2026
library-management-system	library-management-system	93	Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation	LOW	*-3.1	3.2	June 30, 2026
create-temporary-login	create-temporary-login	93	WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0.7	1.0.8	June 30, 2026
external-login	external-login	89	External Login <= 1.11.2 - Unauthenticated SQL Injection via log	LOW	*-1.11.2		June 30, 2026
external-login	external-login	89	External Login <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection	LOW	*-1.11.2		June 30, 2026
login-with-yourmembership	login-with-yourmembership	93	Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes'	LOW	*-1.1.7	1.1.8	June 30, 2026
dhivehi-text	dhivehi-text	91	Dhivehi Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1		June 30, 2026
wp-google-map	wp-google-map	N/A	WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection	LOW	*-1.0		June 30, 2026
urlyar	urlyar	N/A	URLYar <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
onoffice-for-wp-websites	onoffice-for-wp-websites	N/A	onOffice for WP-Websites <= 6.5.1 - Authenticated (Editor+) SQL Injection	LOW	*-6.5.1	6.10	June 30, 2026
easysnippet	easysnippet	91	Rich Snippet Site Report <= 2.0.0105 - Authenticated (Admin+) SQL Injection	LOW	*-2.0.0105		June 30, 2026
theme-importer	theme-importer	N/A	Theme Importer <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
wp-whydonate	wp-whydonate	N/A	WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion	LOW	*-4.0.15	4.0.16	June 30, 2026
funkitools	funkitools	91	FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.2		June 30, 2026
wp-jquery-pdf-paged	wp-jquery-pdf-paged	N/A	WP jQuery Pager <= 1.4.0 - Authenticated (Contributor+) SQL Injection via Shortcode	LOW	*-1.4.0		June 30, 2026
outdoor	outdoor	N/A	Outdoor <= 1.3.2 - Unauthenticated SQL Injection	LOW	*-1.3.2		June 30, 2026
task-scheduler	task-scheduler	N/A	Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery	LOW	*-1.6.3		June 30, 2026
wp-tabber-widget	wp-tabber-widget	N/A	Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection	LOW	*-4.0		June 30, 2026
demo-import-kit	demo-import-kit	91	Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.1.0		June 30, 2026
wp-viewstl	wp-viewstl	N/A	WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
topbar	topbar	N/A	TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.0		June 30, 2026
oceanpayment-creditcard-gateway	oceanpayment-creditcard-gateway	N/A	Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update	LOW	*-6.0		June 30, 2026
shortcode-button	shortcode-button	N/A	Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.9		June 30, 2026
zip-attachments	zip-attachments	N/A	Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure	LOW	*-1.6		June 30, 2026
zip-attachments	zip-attachments	N/A	Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion	LOW	*-1.6		June 30, 2026
quick-login	quick-login	N/A	Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.6		June 30, 2026
flex-qr-code-generator	flex-qr-code-generator	91	Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.2.5	1.2.6	June 30, 2026
ownid-passwordless-login	ownid-passwordless-login	N/A	OwnID Passwordless Login <= 1.3.4 - Authentication Bypass	LOW	*-1.3.4		June 30, 2026
dynamically-display-posts	dynamically-display-posts	91	Dynamically Display Posts <= 1.1 - Unauthenticated SQL Injection	LOW	*-1.1		June 30, 2026
js_composer	js_composer	93	WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode	LOW	*-8.6.1	8.7	June 30, 2026
js_composer	js_composer	93	WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module	LOW	*-8.6.1	8.7	June 30, 2026
quick-featured-images	quick-featured-images	N/A	Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation	LOW	*-13.7.2	13.7.3	June 30, 2026
ova-advent	ova-advent	N/A	Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1.7	1.1.8	June 30, 2026
lisfinity-core	lisfinity-core	91	Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor	LOW	*-1.4.0	1.5.0	June 30, 2026
wp-rest-headless	wp-rest-headless	N/A	WP Headless CMS Framework <= 1.15 - Unauthenticated Protection Mechanism Bypass	LOW	*-1.15		June 30, 2026
wp-emember	wp-emember	N/A	eMember <= 10.2.2 - Missing Authorization	LOW	*-10.2.2		June 30, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.11.24 - Missing Authorization	LOW	*-2.11.24	2.11.25	June 30, 2026
tweet-old-post	tweet-old-post	N/A	Revive Old Posts <= 9.3.3 - Missing Authorization	LOW	*-9.3.3	9.3.4	June 30, 2026
simple-job-board	simple-job-board	N/A	Simple Job Board <= 2.13.7 - Unauthenticated Sensitive Information Exposure	LOW	*-2.13.7	2.13.8	June 30, 2026
replymail	replymail	N/A	replyMail <= 1.2.0 - Cross-Site Request Forgery	LOW	*-1.2.0		June 30, 2026
penci-bookmark-follow	penci-bookmark-follow	N/A	Penci Bookmark & Follow < 2.4 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 2.4)	2.4	June 30, 2026
current-template-name	current-template-name	89	TempTool [Show Current Template Info] <= 1.3.1 - Authenticated (Contributor+) Information Exposure	LOW	*-1.3.1		June 30, 2026
case-addons	case-addons	93	Case Addons < 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	[*, 1.3.0)	1.3.0	June 30, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder	sureforms	N/A	SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure	LOW	*-1.12.1	1.12.2	June 30, 2026
wpnamedusers	wpnamedusers	N/A	wpNamedUsers <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5		June 30, 2026
thegem-importer	thegem-importer	N/A	TheGem Demo Import (for WPBakery) <= 5.10.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion	LOW	*-5.10.5	5.10.5.2	June 30, 2026
thegem-elements	thegem-elements	N/A	TheGem Theme Elements (for WPBakery) <= 5.10.5.1 - Unauthenticated Local File Inclusion	LOW	*-5.10.5.1	5.10.5.2	June 30, 2026
slick-google-map	slick-google-map	N/A	Slick Google Map <= 0.3 - Cross-Site Request Forgery	LOW	*-0.3	1.0.0	June 30, 2026
simple-stripe	simple-stripe	N/A	Simple Stripe <= 0.9.17 - Cross-Site Request Forgery	LOW	*-0.9.17		June 30, 2026
h5p	h5p	93	Interactive Content – H5P <= 1.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.16.0	1.16.1	June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	ChatBot <= 7.7.3 - Missing Authorization	LOW	*-7.7.3	7.7.4	June 30, 2026
block-country	block-country	91	Block Country <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
yop-poll	yop-poll	N/A	YOP Poll <= 6.5.37 - Unauthenticated Stored Cross-Site Scripting	LOW	*-6.5.37	6.5.38	June 30, 2026
thegem-elements-elementor	thegem-elements-elementor	N/A	TheGem Theme Elements (for Elementor) <= 5.10.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.10.5.1	5.10.5.2	June 30, 2026
thegem-elements-elementor	thegem-elements-elementor	N/A	TheGem Theme Elements (for Elementor) <= 5.10.5.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-5.10.5.1	5.10.5.2	June 30, 2026
porto-functionality	porto-functionality	N/A	Porto Theme - Functionality < 3.7.3 - Missing Authorization	LOW	[*, 3.7.3)	3.7.3	June 30, 2026
masterstudy-lms-learning-management-system-pro	masterstudy-lms-learning-management-system-pro	93	MasterStudy LMS Pro < 4.7.16 - Missing Authorization	LOW	[*, 4.7.16)	4.7.16	June 30, 2026
masterstudy-lms-learning-management-system-pro	masterstudy-lms-learning-management-system-pro	93	MasterStudy LMS Pro < 4.7.16 - Authenticated (Subscriber+) Information Exposure	LOW	[*, 4.7.16)	4.7.16	June 30, 2026
masterstudy-lms-learning-management-system-pro	masterstudy-lms-learning-management-system-pro	93	MasterStudy LMS Pro < 4.7.16 - Missing Authorization to Unauthenticated Arbitrary Content Deletion	LOW	[*, 4.7.16)	4.7.16	June 30, 2026
masterstudy-elementor-widgets	masterstudy-elementor-widgets	93	Masterstudy Elementor Widgets <= 1.2.4 - Missing Authorization	LOW	*-1.2.4	1.2.5	June 30, 2026
masterstudy-elementor-widgets	masterstudy-elementor-widgets	93	Masterstudy Elementor Widgets <= 1.2.4 - Missing Authorization	LOW	*-1.2.4	1.2.5	June 30, 2026
contest-gallery	contest-gallery	93	Contest Gallery <= 28.0.0 - Cross-Site Request Forgery	LOW	*-28.0.0	28.0.1	June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	ChatBot <= 7.3.9 - Missing Authorization	LOW	*-7.3.9	7.4.0	June 30, 2026
bp-activity-plus-reloaded	bp-activity-plus-reloaded	89	Activity Plus Reloaded for BuddyPress <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.2		June 30, 2026
porto-functionality	porto-functionality	N/A	Porto Theme - Functionality < 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 3.7.3)	3.7.3	June 30, 2026
meetinghub	meetinghub	93	MeetingHub <= 1.23.9 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.23.9	1.23.10	June 30, 2026
emails-catch-all	emails-catch-all	93	Emails Catch <= 3.5.3 - Authenticated (Subscriber+) Information Exposure to Password Reset and Privilege Escalation	LOW	*-3.5.3	3.5.4	June 30, 2026
date-counter	date-counter	91	Date counter <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.3		June 30, 2026
ays-chatgpt-assistant	ays-chatgpt-assistant	93	AI ChatBot with ChatGPT and Content Generator by AYS <= 2.6.6 - Unauthenticated Information Exposure	LOW	*-2.6.6	2.6.7	June 30, 2026
advanced-scrollbar	advanced-scrollbar	97	Advanced scrollbar <= 1.1.8 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.1.8	1.1.9	June 30, 2026
gsheetconnector-gravity-forms	gsheetconnector-gravity-forms	93	GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation	LOW	*-1.3.27	1.3.28	June 30, 2026
stock-snapshot-for-woocommerce	stock-snapshot-for-woocommerce	N/A	Stock History & Reports Manager for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.2	2.2.3	June 30, 2026
widgetpack-comment-system	widgetpack-comment-system	N/A	WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery	LOW	*-1.6.1		June 30, 2026
page-blocks	page-blocks	N/A	Page Blocks <= 1.1.0 - Cross-Site Request Forgery	LOW	*-1.1.0		June 30, 2026
wp-links-page	wp-links-page	N/A	WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection	LOW	*-4.9.6	5.0	June 30, 2026
wp-scraper	wp-scraper	N/A	WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-5.8.1	5.8.2	June 30, 2026
error-log-viewer	error-log-viewer	93	Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read	LOW	*-1.1.6	1.1.7	June 30, 2026
custom-404-pro	custom-404-pro	91	Custom 404 Pro <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter	LOW	*-3.12.0		June 30, 2026
wp-easy-toggles	wp-easy-toggles	N/A	WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.0		June 30, 2026
wp-webcam-widget-shortcode	wp-webcam-widget-shortcode	N/A	WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2		June 30, 2026
wc-designer-pro	wc-designer-pro	N/A	WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion	LOW	*-1.9.26		June 30, 2026
code-quality-control-tool	code-quality-control-tool	93	Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files	LOW	*-2.1	2.2	June 30, 2026
course-redirects-for-learndash	course-redirects-for-learndash	91	Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery	LOW	*-0.4		June 30, 2026
easy-plugin-stats	easy-plugin-stats	91	Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.1		June 30, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection	LOW	*-27.0.3	28.0.0	June 30, 2026
woo-smart-wishlist	woo-smart-wishlist	N/A	WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation	LOW	*-5.0.3	5.0.4	June 30, 2026
trinity-audio	trinity-audio	N/A	Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure	LOW	*-5.21.0	5.22.0	June 30, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection	LOW	*-9.1.6	9.1.7	June 30, 2026
simple-draft-list	simple-draft-list	N/A	Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.6.1	2.6.2	June 30, 2026
colibri-page-builder	colibri-page-builder	93	Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode	LOW	*-1.0.334	1.0.335	June 30, 2026
wp-mapbox-gl-js	wp-mapbox-gl-js	N/A	WP Mapbox GL JS Maps <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.1		June 30, 2026
wp-gmail-smtp	wp-gmail-smtp	N/A	WP Gmail SMTP <= 1.0.7 - Sensitive Information Exposure	LOW	*-1.0.7		June 30, 2026
wp-freeio	wp-freeio	N/A	WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation	LOW	*-1.2.21	1.2.22	June 30, 2026
ultimate_vc_addons	ultimate_vc_addons	N/A	Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 3.21.1)	3.21.1	June 30, 2026
ultimate_vc_addons	ultimate_vc_addons	N/A	Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 3.21.1)	3.21.1	June 30, 2026
realpress	realpress	N/A	RealPress <= 1.0.9 - Missing Authorization to Unauthenticated Page Creation and Email Sending	LOW	*-1.0.9	1.1.0	June 30, 2026
publitio	publitio	N/A	Publitio <= 2.2.3 - Authenticated (Contributor+) Information Exposure	LOW	*-2.2.3		June 30, 2026

LOW

accordion-panel-for-category-and-products

Score: 95/100 Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-bookwidgets

Score: N/A WP BookWidgets <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9 Patched: 0.10 Updated: June 30, 2026

LOW

tariffuxx

Score: N/A TARIFFUXX <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

orion-sms-otp-verification

Score: N/A Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover Affected: *-1.1.7 Patched: 2.0.0 Updated: June 30, 2026

LOW

library-management-system

Score: 93/100 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation Affected: *-3.1 Patched: 3.2 Updated: June 30, 2026

LOW

Score: 93/100 WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

external-login

Score: 89/100 External Login <= 1.11.2 - Unauthenticated SQL Injection via log Affected: *-1.11.2 Patched: Updated: June 30, 2026

LOW

external-login

Score: 89/100 External Login <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection Affected: *-1.11.2 Patched: Updated: June 30, 2026

LOW

login-with-yourmembership

Score: 93/100 Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

dhivehi-text

Score: 91/100 Dhivehi Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

wp-google-map

Score: N/A WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

urlyar

Score: N/A URLYar <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

onoffice-for-wp-websites

Score: N/A onOffice for WP-Websites <= 6.5.1 - Authenticated (Editor+) SQL Injection Affected: *-6.5.1 Patched: 6.10 Updated: June 30, 2026

LOW

easysnippet

Score: 91/100 Rich Snippet Site Report <= 2.0.0105 - Authenticated (Admin+) SQL Injection Affected: *-2.0.0105 Patched: Updated: June 30, 2026

LOW

theme-importer

Score: N/A Theme Importer <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-whydonate

Score: N/A WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion Affected: *-4.0.15 Patched: 4.0.16 Updated: June 30, 2026

LOW

funkitools

Score: 91/100 FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wp-jquery-pdf-paged

Score: N/A WP jQuery Pager <= 1.4.0 - Authenticated (Contributor+) SQL Injection via Shortcode Affected: *-1.4.0 Patched: Updated: June 30, 2026

LOW

outdoor

Score: N/A Outdoor <= 1.3.2 - Unauthenticated SQL Injection Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

task-scheduler

Score: N/A Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery Affected: *-1.6.3 Patched: Updated: June 30, 2026

LOW

wp-tabber-widget

Score: N/A Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection Affected: *-4.0 Patched: Updated: June 30, 2026

LOW

demo-import-kit

Score: 91/100 Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

wp-viewstl

Score: N/A WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

topbar

Score: N/A TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

oceanpayment-creditcard-gateway

Score: N/A Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update Affected: *-6.0 Patched: Updated: June 30, 2026

LOW

shortcode-button

Score: N/A Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.9 Patched: Updated: June 30, 2026

LOW

zip-attachments

Score: N/A Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

zip-attachments

Score: N/A Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

quick-login

Score: N/A Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: Updated: June 30, 2026

LOW

flex-qr-code-generator

Score: 91/100 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

ownid-passwordless-login

Score: N/A OwnID Passwordless Login <= 1.3.4 - Authentication Bypass Affected: *-1.3.4 Patched: Updated: June 30, 2026

LOW

dynamically-display-posts

Score: 91/100 Dynamically Display Posts <= 1.1 - Unauthenticated SQL Injection Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

js_composer

Score: 93/100 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode Affected: *-8.6.1 Patched: 8.7 Updated: June 30, 2026

LOW

js_composer

Score: 93/100 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module Affected: *-8.6.1 Patched: 8.7 Updated: June 30, 2026

LOW

quick-featured-images

Score: N/A Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation Affected: *-13.7.2 Patched: 13.7.3 Updated: June 30, 2026

LOW

ova-advent

Score: N/A Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

lisfinity-core

Score: 91/100 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor Affected: *-1.4.0 Patched: 1.5.0 Updated: June 30, 2026

LOW

wp-rest-headless

Score: N/A WP Headless CMS Framework <= 1.15 - Unauthenticated Protection Mechanism Bypass Affected: *-1.15 Patched: Updated: June 30, 2026

LOW

wp-emember

Score: N/A eMember <= 10.2.2 - Missing Authorization Affected: *-10.2.2 Patched: Updated: June 30, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.24 - Missing Authorization Affected: *-2.11.24 Patched: 2.11.25 Updated: June 30, 2026

LOW

tweet-old-post

Score: N/A Revive Old Posts <= 9.3.3 - Missing Authorization Affected: *-9.3.3 Patched: 9.3.4 Updated: June 30, 2026

LOW

simple-job-board

Score: N/A Simple Job Board <= 2.13.7 - Unauthenticated Sensitive Information Exposure Affected: *-2.13.7 Patched: 2.13.8 Updated: June 30, 2026

LOW

replymail

Score: N/A replyMail <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

penci-bookmark-follow

Score: N/A Penci Bookmark & Follow < 2.4 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 2.4) Patched: 2.4 Updated: June 30, 2026

LOW

current-template-name

Score: 89/100 TempTool [Show Current Template Info] <= 1.3.1 - Authenticated (Contributor+) Information Exposure Affected: *-1.3.1 Patched: Updated: June 30, 2026

LOW

case-addons

Score: 93/100 Case Addons < 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: [*, 1.3.0) Patched: 1.3.0 Updated: June 30, 2026

LOW

SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder

sureforms

Score: N/A SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure Affected: *-1.12.1 Patched: 1.12.2 Updated: June 30, 2026

LOW

wpnamedusers

Score: N/A wpNamedUsers <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: Updated: June 30, 2026

LOW

thegem-importer

Score: N/A TheGem Demo Import (for WPBakery) <= 5.10.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-5.10.5 Patched: 5.10.5.2 Updated: June 30, 2026

LOW

thegem-elements

Score: N/A TheGem Theme Elements (for WPBakery) <= 5.10.5.1 - Unauthenticated Local File Inclusion Affected: *-5.10.5.1 Patched: 5.10.5.2 Updated: June 30, 2026

LOW

slick-google-map

Score: N/A Slick Google Map <= 0.3 - Cross-Site Request Forgery Affected: *-0.3 Patched: 1.0.0 Updated: June 30, 2026

LOW

simple-stripe

Score: N/A Simple Stripe <= 0.9.17 - Cross-Site Request Forgery Affected: *-0.9.17 Patched: Updated: June 30, 2026

LOW

h5p

Score: 93/100 Interactive Content – H5P <= 1.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.16.0 Patched: 1.16.1 Updated: June 30, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 ChatBot <= 7.7.3 - Missing Authorization Affected: *-7.7.3 Patched: 7.7.4 Updated: June 30, 2026

LOW

block-country

Score: 91/100 Block Country <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

yop-poll

Score: N/A YOP Poll <= 6.5.37 - Unauthenticated Stored Cross-Site Scripting Affected: *-6.5.37 Patched: 6.5.38 Updated: June 30, 2026

LOW

thegem-elements-elementor

Score: N/A TheGem Theme Elements (for Elementor) <= 5.10.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.5.1 Patched: 5.10.5.2 Updated: June 30, 2026

LOW

thegem-elements-elementor

Score: N/A TheGem Theme Elements (for Elementor) <= 5.10.5.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-5.10.5.1 Patched: 5.10.5.2 Updated: June 30, 2026

LOW

porto-functionality

Score: N/A Porto Theme - Functionality < 3.7.3 - Missing Authorization Affected: [*, 3.7.3) Patched: 3.7.3 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system-pro

Score: 93/100 MasterStudy LMS Pro < 4.7.16 - Missing Authorization Affected: [*, 4.7.16) Patched: 4.7.16 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system-pro

Score: 93/100 MasterStudy LMS Pro < 4.7.16 - Authenticated (Subscriber+) Information Exposure Affected: [*, 4.7.16) Patched: 4.7.16 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system-pro

Score: 93/100 MasterStudy LMS Pro < 4.7.16 - Missing Authorization to Unauthenticated Arbitrary Content Deletion Affected: [*, 4.7.16) Patched: 4.7.16 Updated: June 30, 2026

LOW

masterstudy-elementor-widgets

Score: 93/100 Masterstudy Elementor Widgets <= 1.2.4 - Missing Authorization Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

masterstudy-elementor-widgets

Score: 93/100 Masterstudy Elementor Widgets <= 1.2.4 - Missing Authorization Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery <= 28.0.0 - Cross-Site Request Forgery Affected: *-28.0.0 Patched: 28.0.1 Updated: June 30, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 ChatBot <= 7.3.9 - Missing Authorization Affected: *-7.3.9 Patched: 7.4.0 Updated: June 30, 2026

LOW

bp-activity-plus-reloaded

Score: 89/100 Activity Plus Reloaded for BuddyPress <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 30, 2026

LOW

porto-functionality

Score: N/A Porto Theme - Functionality < 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.7.3) Patched: 3.7.3 Updated: June 30, 2026

LOW

meetinghub

Score: 93/100 MeetingHub <= 1.23.9 - Authenticated (Subscriber+) Information Exposure Affected: *-1.23.9 Patched: 1.23.10 Updated: June 30, 2026

LOW

emails-catch-all

Score: 93/100 Emails Catch <= 3.5.3 - Authenticated (Subscriber+) Information Exposure to Password Reset and Privilege Escalation Affected: *-3.5.3 Patched: 3.5.4 Updated: June 30, 2026

LOW

date-counter

Score: 91/100 Date counter <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: June 30, 2026

LOW

ays-chatgpt-assistant

Score: 93/100 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.6.6 - Unauthenticated Information Exposure Affected: *-2.6.6 Patched: 2.6.7 Updated: June 30, 2026

LOW

advanced-scrollbar

Score: 97/100 Advanced scrollbar <= 1.1.8 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.1.8 Patched: 1.1.9 Updated: June 30, 2026

LOW

gsheetconnector-gravity-forms

Score: 93/100 GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-1.3.27 Patched: 1.3.28 Updated: June 30, 2026

LOW

stock-snapshot-for-woocommerce

Score: N/A Stock History & Reports Manager for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026

LOW

widgetpack-comment-system

Score: N/A WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery Affected: *-1.6.1 Patched: Updated: June 30, 2026

LOW

page-blocks

Score: N/A Page Blocks <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

wp-links-page

Score: N/A WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection Affected: *-4.9.6 Patched: 5.0 Updated: June 30, 2026

LOW

wp-scraper

Score: N/A WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-5.8.1 Patched: 5.8.2 Updated: June 30, 2026

LOW

error-log-viewer

Score: 93/100 Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

custom-404-pro

Score: 91/100 Custom 404 Pro <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter Affected: *-3.12.0 Patched: Updated: June 30, 2026

LOW

wp-easy-toggles

Score: N/A WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.0 Patched: Updated: June 30, 2026

LOW

wp-webcam-widget-shortcode

Score: N/A WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

wc-designer-pro

Score: N/A WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion Affected: *-1.9.26 Patched: Updated: June 30, 2026

LOW

code-quality-control-tool

Score: 93/100 Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files Affected: *-2.1 Patched: 2.2 Updated: June 30, 2026

LOW

course-redirects-for-learndash

Score: 91/100 Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery Affected: *-0.4 Patched: Updated: June 30, 2026

LOW

easy-plugin-stats

Score: 91/100 Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection Affected: *-27.0.3 Patched: 28.0.0 Updated: June 30, 2026

LOW

woo-smart-wishlist

Score: N/A WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation Affected: *-5.0.3 Patched: 5.0.4 Updated: June 30, 2026

LOW

trinity-audio

Score: N/A Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure Affected: *-5.21.0 Patched: 5.22.0 Updated: June 30, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection Affected: *-9.1.6 Patched: 9.1.7 Updated: June 30, 2026

LOW

simple-draft-list

Score: N/A Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.1 Patched: 2.6.2 Updated: June 30, 2026

LOW

colibri-page-builder

Score: 93/100 Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode Affected: *-1.0.334 Patched: 1.0.335 Updated: June 30, 2026

LOW

wp-mapbox-gl-js

Score: N/A WP Mapbox GL JS Maps <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

wp-gmail-smtp

Score: N/A WP Gmail SMTP <= 1.0.7 - Sensitive Information Exposure Affected: *-1.0.7 Patched: Updated: June 30, 2026

LOW

wp-freeio

Score: N/A WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation Affected: *-1.2.21 Patched: 1.2.22 Updated: June 30, 2026

LOW

ultimate_vc_addons

Score: N/A Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.21.1) Patched: 3.21.1 Updated: June 30, 2026

LOW

ultimate_vc_addons

Score: N/A Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.21.1) Patched: 3.21.1 Updated: June 30, 2026

LOW

realpress

Score: N/A RealPress <= 1.0.9 - Missing Authorization to Unauthenticated Page Creation and Email Sending Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026

LOW

publitio

Score: N/A Publitio <= 2.2.3 - Authenticated (Contributor+) Information Exposure Affected: *-2.2.3 Patched: Updated: June 30, 2026

Showing 5701 to 5800 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 01:06 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List