Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
ova-events-manager	ova-events-manager	N/A	Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.8.5	1.8.6	June 29, 2026
next-page-not-next-post	next-page-not-next-post	N/A	Next Page, Not Next Post <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.3.0		June 29, 2026
my-auctions-allegro-free-edition	my-auctions-allegro-free-edition	N/A	My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection	LOW	*-3.6.31	3.6.32	June 29, 2026
mstw-csv-exporter	mstw-csv-exporter	N/A	MSTW CSV EXPORTER <= 1.4 - Missing Authorization	LOW	*-1.4		June 29, 2026
gsheetconnector-gravity-forms	gsheetconnector-gravity-forms	93	GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation	LOW	*-1.3.23	1.3.24	June 29, 2026
everest-backup	everest-backup	91	Everest Backup <= 2.3.8 - Missing Authorization	LOW	*-2.3.8	2.3.9	June 29, 2026
everest-backup	everest-backup	91	Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure	LOW	*-2.3.5	2.3.6	June 29, 2026
events-maker	events-maker	91	Events Maker by dFactory <= 1.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.14		June 29, 2026
enable-media-replace	enable-media-replace	93	Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode	LOW	*-4.1.6	4.1.7	June 29, 2026
did-prestashop-display	did-prestashop-display	91	Did Prestashop Display <= 1.0.30 - Cross-Site Request Forgery	LOW	*-1.0.30		June 29, 2026
cm-invitation-codes	cm-invitation-codes	93	CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect	LOW	*-2.5.6	2.5.7	June 29, 2026
blox-lite	blox-lite	91	Blox Lite <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.8		June 29, 2026
artiss-currency-converter	artiss-currency-converter	95	Open Currency Converter <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.0		June 29, 2026
accessibe	accessibe	97	Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery	LOW	*-2.10	2.11	June 29, 2026
wp-jobhunt	wp-jobhunt	N/A	WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’	LOW	*-7.6	7.7	June 29, 2026
wp-jobhunt	wp-jobhunt	N/A	WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass	LOW	*-7.6	7.7	June 29, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 5.4.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.4.1	5.4.2	June 29, 2026
survey-maker	survey-maker	N/A	Survey Maker <= 5.1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-5.1.8.8	5.1.8.9	June 29, 2026
survey-maker	survey-maker	N/A	Survey Maker <= 5.1.8.8 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.1.8.8	5.1.8.9	June 29, 2026
salient-shortcodes	salient-shortcodes	N/A	Salient Shortcodes <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.4	1.5.5	June 29, 2026
reoon-email-verifier	reoon-email-verifier	N/A	Reoon Email Verifier <= 2.0.1 - Missing Authorization	LOW	*-2.0.1	2.1.1	June 29, 2026
post-list-featured-image	post-list-featured-image	N/A	Post List Featured Image <= 0.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.5.9		June 29, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.29 - Missing Authorization	LOW	*-3.29	3.30	June 29, 2026
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress	custom-facebook-feed	66	Smash Balloon Social Post Feed <= 4.3.2 - Missing Authorization	LOW	*-4.3.2	4.3.3	June 29, 2026
change-wp-admin-login	change-wp-admin-login	93	WordPress All In One Login Plugin <= 2.0.8 - IP Sooofing to Protection Mechanism Bypass	LOW	2.0.8	2.0.9	June 29, 2026
appexperts	appexperts	95	AppExperts <= 1.4.5 - Unauthenticated Sensitive Information Exposure	LOW	*-1.4.5		June 29, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software	wp-travel-engine	N/A	WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion	LOW	*-6.6.7	6.6.8	June 29, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software	wp-travel-engine	N/A	WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming	LOW	*-6.6.7	6.6.8	June 29, 2026
lisfinity-core	lisfinity-core	91	Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.4.0	1.5.0	June 29, 2026
cookie-notice-consent	cookie-notice-consent	93	Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.6.5	1.6.6	June 29, 2026
WP Go Maps (formerly WP Google Maps)	wp-google-maps	66	WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-9.0.46	9.0.47	June 29, 2026
community-events	community-events	93	Community Events <= 1.5.1 - Unauthenticated SQL Injection	LOW	*-1.5.1	1.5.2	June 29, 2026
wsanalytics-google-analytics-and-dashboards	wsanalytics-google-analytics-and-dashboards	N/A	WSAnalytics <= 1.1.2 - Reflected Cross-Site Scripting	LOW	*-1.1.2		June 29, 2026
woc-open-close	woc-open-close	N/A	Open Close WooCommerce Store <= 4.9.8 - Missing Authorization	LOW	*-4.9.8		June 29, 2026
simple-finance-calculator	simple-finance-calculator	N/A	Simple Finance Calculator <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 29, 2026
seo-by-rank-math-pro	seo-by-rank-math-pro	N/A	Rank Math SEO PRO <= 3.0.96 - Missing Authorization	LOW	*-3.0.96	3.0.97	June 29, 2026
salient-core	salient-core	N/A	Salient Core <= 3.0.8 - Missing Authorization	LOW	*-3.0.8	3.0.9	June 29, 2026
revslider	revslider	N/A	Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read	LOW	*-6.7.37	6.7.38	June 29, 2026
popup-builder-block	popup-builder-block	N/A	Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id'	LOW	*-2.1.3	2.1.4	June 29, 2026
password-only-login	password-only-login	N/A	Password only login <= 0.2 - Reflected Cross-Site Scripting	LOW	*-0.2		June 29, 2026
fix-multiple-redirects	fix-multiple-redirects	91	Fix Multiple Redirects <= 1.2.3 - Reflected Cross-Site Scripting	LOW	*-1.2.3		June 29, 2026
doppler-form	doppler-form	93	Doppler Forms = 2.5.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install	LOW	*-2.5.1	2.6.0	June 29, 2026
custom-css-editor	custom-css-editor	91	Custom CSS <= 1.4.0 - Missing Authorization	LOW	*-1.4.0		June 29, 2026
anycomment	anycomment	93	AnyComment <= 0.3.6 - Authenticated (Subscriber+) SQL Injection	LOW	*-0.3.6		June 29, 2026
chart-builder	chart-builder	93	Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function	LOW	*-3.5.9	3.6.0	June 29, 2026
custom-registration-form-builder-with-submission-manager	custom-registration-form-builder-with-submission-manager	93	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection	LOW	*-6.0.6.2	6.0.6.3	June 29, 2026
motors-car-dealership-classified-listings	motors-car-dealership-classified-listings	N/A	Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-1.4.89	1.4.90	June 29, 2026
community-events	community-events	93	Community Events <= 1.5.1 - Unauthenticated SQL Injection	LOW	*-1.5.1	1.5.2	June 29, 2026
wp-business-hours	wp-business-hours	N/A	WP Business Hours <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 29, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.11.21 - Authenticated (Author+) SQL Injection via Cookie	LOW	*-2.11.21	2.11.22	June 29, 2026
search-filter	search-filter	N/A	Search & Filter <= 1.2.17 - Cross-Site Request Forgery	LOW	*-1.2.17	1.2.18	June 29, 2026
awesome-testimonials	awesome-testimonials	91	Awesome Testimonials <= 2.2.1 - Cross-Site Request Forgery	LOW	*-2.2.1		June 29, 2026
wp-reset	wp-reset	N/A	WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log	LOW	*-2.05	2.06	June 29, 2026
riovizual	riovizual	N/A	Table Block by RioVizual <= 2.3.2 - Missing Authorization	LOW	*-2.3.2		June 29, 2026
progress-planner	progress-planner	N/A	Progress Planner <= 1.8.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	LOW	*-1.8.0	1.8.1	June 29, 2026
microsoft-start	microsoft-start	91	MSN Partner Hub <= 2.8.7 - Missing Authorization	LOW	*-2.8.7		June 29, 2026
mapsvg-lite-interactive-vector-maps	mapsvg-lite-interactive-vector-maps	93	MapSVG <= 8.7.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.7.22	8.7.23	June 29, 2026
featured-image-from-url	featured-image-from-url	93	Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields	LOW	*-5.2.7	5.2.8	June 29, 2026
cornerstone	cornerstone	91	Cornerstone <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-7.7.3		June 29, 2026
Blocksy Companion	blocksy-companion	N/A	Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.14	2.1.15	June 29, 2026
testimonial	testimonial	N/A	Testimonial Slider <= 2.0.15 - Missing Authorization	LOW	*-2.0.15		June 29, 2026
seo-meta-description-updater	seo-meta-description-updater	N/A	SEO Meta Description Updater <= 1.2.0 - Missing Authorization	LOW	*-1.2.0		June 29, 2026
nelio-content	nelio-content	N/A	Nelio Content <= 4.0.5 - Missing Authorization	LOW	*-4.0.5	4.0.6	June 29, 2026
enhanced-e-commerce-for-woocommerce-store	enhanced-e-commerce-for-woocommerce-store	93	Conversios.io <= 7.2.13 - Missing Authorization	LOW	*-7.2.13	7.2.14	June 29, 2026
current-template-name	current-template-name	89	TempTool [Show Current Template Info] <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.1		June 29, 2026
usercentrics-consent-management-platform	usercentrics-consent-management-platform	N/A	USERCENTRICS CMP <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.9		June 29, 2026
ts-demo-importer	ts-demo-importer	N/A	TS Demo Importer <= 0.1.2 - Missing Authorization	LOW	*-0.1.2		June 29, 2026
post-grid	post-grid	N/A	Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization	LOW	*-2.3.17	2.3.18	June 29, 2026
post-grid	post-grid	N/A	Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization	LOW	*-2.3.17	2.3.18	June 29, 2026
marquee-addons-for-elementor	marquee-addons-for-elementor	93	Marquee Addons for Elementor <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.8.2	3.8.3	June 29, 2026
ignitiondeck	ignitiondeck	91	IgnitionDeck <= 2.0.10 - Missing Authorization	LOW	*-2.0.10		June 29, 2026
export-categories	export-categories	91	Export Categories <= 1.0 - Missing Authorization	LOW	*-1.0		June 29, 2026
bulk-image-title-attribute	bulk-image-title-attribute	91	Bulk Auto Image Title Attribute <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.1		June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-27.0.2	27.0.3	June 29, 2026
trinity-audio	trinity-audio	N/A	Trinity Audio <= 5.20.2 - Reflected Cross-Site Scripting	LOW	*-5.20.2	5.21.0	June 29, 2026
integrate-dynamics-365-crm	integrate-dynamics-365-crm	93	Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization	LOW	*-1.0.9	1.1.0	June 29, 2026
give	give	93	GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure	LOW	*-4.10.0	4.10.1	June 29, 2026
give	give	93	GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association	LOW	*-4.10.0	4.10.1	June 29, 2026
miniorange-login-with-eve-online-google-facebook	miniorange-login-with-eve-online-google-facebook	93	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token()	LOW	*-6.26.12	6.26.13	June 29, 2026
cost-calculator-builder	cost-calculator-builder	93	Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions	LOW	*-3.5.32	3.5.33	June 29, 2026
majestic-before-after-image	majestic-before-after-image	93	Majestic Before After Image <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.2	2.0.3	June 29, 2026
wdesignkit	wdesignkit	N/A	WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function	LOW	*-1.2.16	1.2.17	June 29, 2026
wp-photo-album-plus	wp-photo-album-plus	N/A	WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload	LOW	*-9.0.11.006	9.0.11.007	June 29, 2026
wp-jobsearch	wp-jobsearch	N/A	JobSearch < 3.0.8 - Unauthenticated PHP Object Injection	LOW	[*, 3.0.8)	3.0.8	June 29, 2026
trinity-audio	trinity-audio	N/A	Trinity Audio <= 5.20.2 - Cross-Site Request Forgery	LOW	*-5.20.2	5.21.0	June 29, 2026
themeisle-companion	themeisle-companion	N/A	Orbit Fox by ThemeIsle <= 3.0.1 - Authenticated (Author+) Server-Side Request Forgery	LOW	*-3.0.1	3.0.2	June 29, 2026
jeg-elementor-kit	jeg-elementor-kit	93	Jeg Kit for Elementor – Powerful Elementor Addons, Widgets & Templates for WordPress < 2.6.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	LOW	*-2.6.9	2.7.0	June 29, 2026
fusion-builder	fusion-builder	93	Fusion Builder <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.13.2	3.13.3	June 29, 2026
bluet-keywords-tooltip-generator	bluet-keywords-tooltip-generator	91	Tooltipy <= 5.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.5.9		June 29, 2026
x-addons-elementor	x-addons-elementor	N/A	X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field	LOW	*-1.0.16	1.0.17	June 29, 2026
wprecovery	wprecovery	N/A	WPRecovery <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion	LOW	*-2.0		June 29, 2026
woo-superb-slideshow-transition-gallery-with-random-effect	woo-superb-slideshow-transition-gallery-with-random-effect	N/A	Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection	LOW	*-9.1		June 29, 2026
meks-easy-maps	meks-easy-maps	91	Meks Easy Maps <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.4		June 29, 2026
easy-elementor-addons	easy-elementor-addons	93	Easy Elementor Addons <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.9	2.3.0	June 29, 2026
simple-bar	simple-bar	N/A	Notification Bar <= 2.2 - Cross-Site Request Forgery	LOW	*-2.2		June 29, 2026
smart-docs	smart-docs	N/A	Smart Docs <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.1.1		June 29, 2026
table-creator	table-creator	N/A	TableGen – Data Table Generator <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.3.1		June 29, 2026
optimize-more-css	optimize-more-css	N/A	Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset	LOW	*-1.0.3		June 29, 2026
restrict-user-registration	restrict-user-registration	N/A	Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.1		June 29, 2026
ultimate-multi-design-video-carousel	ultimate-multi-design-video-carousel	N/A	Ultimate Multi Design Video Carousel <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.4		June 29, 2026

LOW

ova-events-manager

Score: N/A Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload Affected: *-1.8.5 Patched: 1.8.6 Updated: June 29, 2026

LOW

next-page-not-next-post

Score: N/A Next Page, Not Next Post <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.0 Patched: Updated: June 29, 2026

LOW

my-auctions-allegro-free-edition

Score: N/A My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection Affected: *-3.6.31 Patched: 3.6.32 Updated: June 29, 2026

LOW

mstw-csv-exporter

Score: N/A MSTW CSV EXPORTER <= 1.4 - Missing Authorization Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

gsheetconnector-gravity-forms

Score: 93/100 GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation Affected: *-1.3.23 Patched: 1.3.24 Updated: June 29, 2026

LOW

everest-backup

Score: 91/100 Everest Backup <= 2.3.8 - Missing Authorization Affected: *-2.3.8 Patched: 2.3.9 Updated: June 29, 2026

LOW

everest-backup

Score: 91/100 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure Affected: *-2.3.5 Patched: 2.3.6 Updated: June 29, 2026

LOW

events-maker

Score: 91/100 Events Maker by dFactory <= 1.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.14 Patched: Updated: June 29, 2026

LOW

enable-media-replace

Score: 93/100 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode Affected: *-4.1.6 Patched: 4.1.7 Updated: June 29, 2026

LOW

did-prestashop-display

Score: 91/100 Did Prestashop Display <= 1.0.30 - Cross-Site Request Forgery Affected: *-1.0.30 Patched: Updated: June 29, 2026

LOW

cm-invitation-codes

Score: 93/100 CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect Affected: *-2.5.6 Patched: 2.5.7 Updated: June 29, 2026

LOW

blox-lite

Score: 91/100 Blox Lite <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: June 29, 2026

LOW

artiss-currency-converter

Score: 95/100 Open Currency Converter <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: Updated: June 29, 2026

LOW

accessibe

Score: 97/100 Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery Affected: *-2.10 Patched: 2.11 Updated: June 29, 2026

LOW

wp-jobhunt

Score: N/A WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’ Affected: *-7.6 Patched: 7.7 Updated: June 29, 2026

LOW

wp-jobhunt

Score: N/A WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass Affected: *-7.6 Patched: 7.7 Updated: June 29, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 5.4.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.4.1 Patched: 5.4.2 Updated: June 29, 2026

LOW

survey-maker

Score: N/A Survey Maker <= 5.1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.1.8.8 Patched: 5.1.8.9 Updated: June 29, 2026

LOW

survey-maker

Score: N/A Survey Maker <= 5.1.8.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.1.8.8 Patched: 5.1.8.9 Updated: June 29, 2026

LOW

salient-shortcodes

Score: N/A Salient Shortcodes <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.4 Patched: 1.5.5 Updated: June 29, 2026

LOW

reoon-email-verifier

Score: N/A Reoon Email Verifier <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: 2.1.1 Updated: June 29, 2026

LOW

post-list-featured-image

Score: N/A Post List Featured Image <= 0.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.5.9 Patched: Updated: June 29, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.29 - Missing Authorization Affected: *-3.29 Patched: 3.30 Updated: June 29, 2026

LOW

Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

custom-facebook-feed

Score: 66/100 Smash Balloon Social Post Feed <= 4.3.2 - Missing Authorization Affected: *-4.3.2 Patched: 4.3.3 Updated: June 29, 2026

LOW

change-wp-admin-login

Score: 93/100 WordPress All In One Login Plugin <= 2.0.8 - IP Sooofing to Protection Mechanism Bypass Affected: 2.0.8 Patched: 2.0.9 Updated: June 29, 2026

LOW

appexperts

Score: 95/100 AppExperts <= 1.4.5 - Unauthenticated Sensitive Information Exposure Affected: *-1.4.5 Patched: Updated: June 29, 2026

LOW

WP Travel Engine – Tour Booking Plugin – Tour Operator Software

wp-travel-engine

Score: N/A WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion Affected: *-6.6.7 Patched: 6.6.8 Updated: June 29, 2026

LOW

WP Travel Engine – Tour Booking Plugin – Tour Operator Software

wp-travel-engine

Score: N/A WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming Affected: *-6.6.7 Patched: 6.6.8 Updated: June 29, 2026

LOW

lisfinity-core

Score: 91/100 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.4.0 Patched: 1.5.0 Updated: June 29, 2026

LOW

cookie-notice-consent

Score: 93/100 Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.6.5 Patched: 1.6.6 Updated: June 29, 2026

LOW

WP Go Maps (formerly WP Google Maps)

wp-google-maps

Score: 66/100 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-9.0.46 Patched: 9.0.47 Updated: June 29, 2026

LOW

community-events

Score: 93/100 Community Events <= 1.5.1 - Unauthenticated SQL Injection Affected: *-1.5.1 Patched: 1.5.2 Updated: June 29, 2026

LOW

wsanalytics-google-analytics-and-dashboards

Score: N/A WSAnalytics <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

woc-open-close

Score: N/A Open Close WooCommerce Store <= 4.9.8 - Missing Authorization Affected: *-4.9.8 Patched: Updated: June 29, 2026

LOW

simple-finance-calculator

Score: N/A Simple Finance Calculator <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

seo-by-rank-math-pro

Score: N/A Rank Math SEO PRO <= 3.0.96 - Missing Authorization Affected: *-3.0.96 Patched: 3.0.97 Updated: June 29, 2026

LOW

salient-core

Score: N/A Salient Core <= 3.0.8 - Missing Authorization Affected: *-3.0.8 Patched: 3.0.9 Updated: June 29, 2026

LOW

revslider

Score: N/A Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read Affected: *-6.7.37 Patched: 6.7.38 Updated: June 29, 2026

LOW

popup-builder-block

Score: N/A Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' Affected: *-2.1.3 Patched: 2.1.4 Updated: June 29, 2026

LOW

password-only-login

Score: N/A Password only login <= 0.2 - Reflected Cross-Site Scripting Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

fix-multiple-redirects

Score: 91/100 Fix Multiple Redirects <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: June 29, 2026

LOW

doppler-form

Score: 93/100 Doppler Forms = 2.5.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install Affected: *-2.5.1 Patched: 2.6.0 Updated: June 29, 2026

LOW

custom-css-editor

Score: 91/100 Custom CSS <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: Updated: June 29, 2026

LOW

anycomment

Score: 93/100 AnyComment <= 0.3.6 - Authenticated (Subscriber+) SQL Injection Affected: *-0.3.6 Patched: Updated: June 29, 2026

LOW

chart-builder

Score: 93/100 Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function Affected: *-3.5.9 Patched: 3.6.0 Updated: June 29, 2026

LOW

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection Affected: *-6.0.6.2 Patched: 6.0.6.3 Updated: June 29, 2026

LOW

motors-car-dealership-classified-listings

Score: N/A Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.4.89 Patched: 1.4.90 Updated: June 29, 2026

LOW

community-events

Score: 93/100 Community Events <= 1.5.1 - Unauthenticated SQL Injection Affected: *-1.5.1 Patched: 1.5.2 Updated: June 29, 2026

LOW

wp-business-hours

Score: N/A WP Business Hours <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.21 - Authenticated (Author+) SQL Injection via Cookie Affected: *-2.11.21 Patched: 2.11.22 Updated: June 29, 2026

LOW

search-filter

Score: N/A Search & Filter <= 1.2.17 - Cross-Site Request Forgery Affected: *-1.2.17 Patched: 1.2.18 Updated: June 29, 2026

LOW

awesome-testimonials

Score: 91/100 Awesome Testimonials <= 2.2.1 - Cross-Site Request Forgery Affected: *-2.2.1 Patched: Updated: June 29, 2026

LOW

wp-reset

Score: N/A WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log Affected: *-2.05 Patched: 2.06 Updated: June 29, 2026

LOW

riovizual

Score: N/A Table Block by RioVizual <= 2.3.2 - Missing Authorization Affected: *-2.3.2 Patched: Updated: June 29, 2026

LOW

progress-planner

Score: N/A Progress Planner <= 1.8.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.8.0 Patched: 1.8.1 Updated: June 29, 2026

LOW

microsoft-start

Score: 91/100 MSN Partner Hub <= 2.8.7 - Missing Authorization Affected: *-2.8.7 Patched: Updated: June 29, 2026

LOW

mapsvg-lite-interactive-vector-maps

Score: 93/100 MapSVG <= 8.7.23 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.7.22 Patched: 8.7.23 Updated: June 29, 2026

LOW

featured-image-from-url

Score: 93/100 Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields Affected: *-5.2.7 Patched: 5.2.8 Updated: June 29, 2026

LOW

cornerstone

Score: 91/100 Cornerstone <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.7.3 Patched: Updated: June 29, 2026

LOW

Blocksy Companion

blocksy-companion

Score: N/A Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.14 Patched: 2.1.15 Updated: June 29, 2026

LOW

testimonial

Score: N/A Testimonial Slider <= 2.0.15 - Missing Authorization Affected: *-2.0.15 Patched: Updated: June 29, 2026

LOW

seo-meta-description-updater

Score: N/A SEO Meta Description Updater <= 1.2.0 - Missing Authorization Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

nelio-content

Score: N/A Nelio Content <= 4.0.5 - Missing Authorization Affected: *-4.0.5 Patched: 4.0.6 Updated: June 29, 2026

LOW

enhanced-e-commerce-for-woocommerce-store

Score: 93/100 Conversios.io <= 7.2.13 - Missing Authorization Affected: *-7.2.13 Patched: 7.2.14 Updated: June 29, 2026

LOW

current-template-name

Score: 89/100 TempTool [Show Current Template Info] <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: June 29, 2026

LOW

usercentrics-consent-management-platform

Score: N/A USERCENTRICS CMP <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: June 29, 2026

LOW

ts-demo-importer

Score: N/A TS Demo Importer <= 0.1.2 - Missing Authorization Affected: *-0.1.2 Patched: Updated: June 29, 2026

LOW

post-grid

Score: N/A Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization Affected: *-2.3.17 Patched: 2.3.18 Updated: June 29, 2026

LOW

post-grid

Score: N/A Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization Affected: *-2.3.17 Patched: 2.3.18 Updated: June 29, 2026

LOW

marquee-addons-for-elementor

Score: 93/100 Marquee Addons for Elementor <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.8.2 Patched: 3.8.3 Updated: June 29, 2026

LOW

ignitiondeck

Score: 91/100 IgnitionDeck <= 2.0.10 - Missing Authorization Affected: *-2.0.10 Patched: Updated: June 29, 2026

LOW

export-categories

Score: 91/100 Export Categories <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

bulk-image-title-attribute

Score: 91/100 Bulk Auto Image Title Attribute <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-27.0.2 Patched: 27.0.3 Updated: June 29, 2026

LOW

trinity-audio

Score: N/A Trinity Audio <= 5.20.2 - Reflected Cross-Site Scripting Affected: *-5.20.2 Patched: 5.21.0 Updated: June 29, 2026

LOW

integrate-dynamics-365-crm

Score: 93/100 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization Affected: *-1.0.9 Patched: 1.1.0 Updated: June 29, 2026

LOW

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure Affected: *-4.10.0 Patched: 4.10.1 Updated: June 29, 2026

LOW

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association Affected: *-4.10.0 Patched: 4.10.1 Updated: June 29, 2026

LOW

miniorange-login-with-eve-online-google-facebook

Score: 93/100 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() Affected: *-6.26.12 Patched: 6.26.13 Updated: June 29, 2026

LOW

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions Affected: *-3.5.32 Patched: 3.5.33 Updated: June 29, 2026

LOW

majestic-before-after-image

Score: 93/100 Majestic Before After Image <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026

LOW

wdesignkit

Score: N/A WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function Affected: *-1.2.16 Patched: 1.2.17 Updated: June 29, 2026

LOW

wp-photo-album-plus

Score: N/A WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload Affected: *-9.0.11.006 Patched: 9.0.11.007 Updated: June 29, 2026

LOW

wp-jobsearch

Score: N/A JobSearch < 3.0.8 - Unauthenticated PHP Object Injection Affected: [*, 3.0.8) Patched: 3.0.8 Updated: June 29, 2026

LOW

trinity-audio

Score: N/A Trinity Audio <= 5.20.2 - Cross-Site Request Forgery Affected: *-5.20.2 Patched: 5.21.0 Updated: June 29, 2026

LOW

themeisle-companion

Score: N/A Orbit Fox by ThemeIsle <= 3.0.1 - Authenticated (Author+) Server-Side Request Forgery Affected: *-3.0.1 Patched: 3.0.2 Updated: June 29, 2026

LOW

jeg-elementor-kit

Score: 93/100 Jeg Kit for Elementor – Powerful Elementor Addons, Widgets & Templates for WordPress < 2.6.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-2.6.9 Patched: 2.7.0 Updated: June 29, 2026

LOW

fusion-builder

Score: 93/100 Fusion Builder <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.13.2 Patched: 3.13.3 Updated: June 29, 2026

LOW

bluet-keywords-tooltip-generator

Score: 91/100 Tooltipy <= 5.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.5.9 Patched: Updated: June 29, 2026

LOW

x-addons-elementor

Score: N/A X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field Affected: *-1.0.16 Patched: 1.0.17 Updated: June 29, 2026

LOW

wprecovery

Score: N/A WPRecovery <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

woo-superb-slideshow-transition-gallery-with-random-effect

Score: N/A Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection Affected: *-9.1 Patched: Updated: June 29, 2026

LOW

meks-easy-maps

Score: 91/100 Meks Easy Maps <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.4 Patched: Updated: June 29, 2026

LOW

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.9 Patched: 2.3.0 Updated: June 29, 2026

LOW

simple-bar

Score: N/A Notification Bar <= 2.2 - Cross-Site Request Forgery Affected: *-2.2 Patched: Updated: June 29, 2026

LOW

smart-docs

Score: N/A Smart Docs <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

table-creator

Score: N/A TableGen – Data Table Generator <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: June 29, 2026

LOW

optimize-more-css

Score: N/A Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

restrict-user-registration

Score: N/A Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

ultimate-multi-design-video-carousel

Score: N/A Ultimate Multi Design Video Carousel <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 29, 2026

Showing 5801 to 5900 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 23:34 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List