Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
appy-pie-connect-for-woocommerce	appy-pie-connect-for-woocommerce	97	Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password	LOW	*-1.1.2	1.1.3	June 29, 2026
wp-cycle-text-announcement	wp-cycle-text-announcement	N/A	Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection	LOW	*-8.1		June 29, 2026
ird-slider	ird-slider	91	Ird Slider <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
mobile-site-redirect	mobile-site-redirect	N/A	Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.2.1		June 29, 2026
wp-dispatcher	wp-dispatcher	N/A	WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.2.0		June 29, 2026
wp-dispatcher	wp-dispatcher	N/A	WP Dispatcher <= 1.2.0 - Authenticated (Contributor+) SQL Injection	LOW	*-1.2.0		June 29, 2026
contentmx-content-publisher	contentmx-content-publisher	93	ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery	LOW	*-1.0.6	1.0.7	June 29, 2026
joomsport-sports-league-results-management	joomsport-sports-league-results-management	93	JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion	LOW	*-5.7.3	5.7.4	June 29, 2026
restropress	restropress	N/A	RestroPress – Online Food Ordering System 3.0.0 - 3.2.1 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT	LOW	3.0.0-3.2.1	3.2.2	June 29, 2026
flexi	flexi	89	Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode	LOW	*-4.28		June 29, 2026
comment-info-detector	comment-info-detector	91	Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.5		June 29, 2026
ut-elementor-addons-lite	ut-elementor-addons-lite	N/A	Ultra Addons Lite for Elementor <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field	LOW	*-1.1.9	1.2.0	June 29, 2026
textbuilder	textbuilder	N/A	TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover	LOW	1.0.0-1.1.1	1.2.0	June 29, 2026
yournewsapp	yournewsapp	N/A	Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection	LOW	*-0.8.8.8		June 29, 2026
fintelligence-calculator	fintelligence-calculator	89	Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.3		June 29, 2026
wp-structured-data-schema	wp-structured-data-schema	N/A	Schema Plugin For Divi, Gutenberg & Shortcodes <= 4.3.2 - Authenticated (Contributor+) Object Instantiation	LOW	*-4.3.2		June 29, 2026
paypal-forms	paypal-forms	N/A	PayPal Forms <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3		June 29, 2026
epic-bootstrap-buttons	epic-bootstrap-buttons	91	Epic Bootstrap Buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter	LOW	*-1.0		June 29, 2026
wp-sinotype	wp-sinotype	N/A	WP SinoType <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
ticket-spot	ticket-spot	N/A	Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2	1.0.3	June 29, 2026
wp-photo-effects	wp-photo-effects	N/A	WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.2.4		June 29, 2026
unify	unify	N/A	Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode	LOW	*-3.4.7	3.4.8	June 29, 2026
generic-elements-for-elementor	generic-elements-for-elementor	89	Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.8		June 29, 2026
ultimate-viral-quiz	ultimate-viral-quiz	N/A	Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0		June 29, 2026
my-wp-health-check	my-wp-health-check	N/A	SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure	LOW	*-1.9.8		June 29, 2026
auto-bulb-finder-for-wp-wc	auto-bulb-finder-for-wp-wc	93	Auto Bulb Finder for WordPress <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.8.0	2.9.0	June 29, 2026
a-simple-multilanguage	a-simple-multilanguage	95	A Simple Multilanguage Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
mpwizard	mpwizard	N/A	MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion	LOW	*-1.2.1		June 29, 2026
ap-background	ap-background	93	AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.8.2		June 29, 2026
ap-background	ap-background	93	AP Background <= 3.8.2 - Cross-Site Request Forgery	LOW	*-3.8.2		June 29, 2026
ap-background	ap-background	93	AP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function	LOW	3.8.1-3.8.2		June 29, 2026
spirit-framework	spirit-framework	N/A	Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation	LOW	*-1.2.14	1.2.15	June 29, 2026
wp_attractivedonationssystem	wp_attractivedonationssystem	N/A	Attractive Donations System - Easy Stripe & Paypal donations <= 1.25 - Cross-Site Request Forgery	LOW	*-1.25		June 29, 2026
wordpress-seo-premium	wordpress-seo-premium	N/A	Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	25.7-25.9	26.0	June 29, 2026
joan	joan	93	Jock On Air Now (JOAN) <= 6.0.4 - Missing Authorization	LOW	*-6.0.4	6.0.5	June 29, 2026
interactive-medical-drawing-of-human-body	interactive-medical-drawing-of-human-body	91	Interactive Medical Drawing of Human Body <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.6		June 29, 2026
backup-bolt	backup-bolt	91	Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download	LOW	*-1.4.1	1.5.0	June 29, 2026
woo-vehicle-parts-finder	woo-vehicle-parts-finder	N/A	WooCommerce Vehicle Parts Finder <= 3.7 - Unauthenticated PHP Object Injection	LOW	*-3.7	3.8	June 29, 2026
s2member	s2member	N/A	s2Member <= 250905 - Unauthenticated Remote Code Execution	LOW	*-250905	251005	June 29, 2026
nex-forms-lite	nex-forms-lite	N/A	NEX-Forms LITE < 8.2 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 8.2)	8.2	June 29, 2026
meta-tag-manager	meta-tag-manager	93	Meta Tag Manager <= 3.2 - Open Redirect	LOW	*-3.2	3.3	June 29, 2026
zoloblocks	zoloblocks	N/A	ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.10	2.3.11	June 29, 2026
woo-vehicle-parts-finder	woo-vehicle-parts-finder	N/A	WooCommerce Vehicle Parts Finder <= 3.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.7	3.8	June 29, 2026
taskbot	taskbot	N/A	Taskbot <= 6.4 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-6.4	6.5	June 29, 2026
softdiscover-db-file-manager	softdiscover-db-file-manager	N/A	File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure	LOW	*-1.6.1	1.6.2	June 29, 2026
siteground-email-marketing	siteground-email-marketing	N/A	SiteGround Email Marketing <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.1	1.7.2	June 29, 2026
rock-convert	rock-convert	N/A	Rock Convert <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.1		June 29, 2026
opal-service	opal-service	N/A	Opal Service <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.1		June 29, 2026
indeed-learning-pro	indeed-learning-pro	87	Ultimate Learning Pro <= 3.9.3 - Authenticated (Instructor+) Arbitrary Content Deletion	LOW	*-3.9.3		June 29, 2026
huzzaz-video-gallery	huzzaz-video-gallery	91	Video Gallery by Huzzaz <= 10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-10.5		June 29, 2026
formgent	formgent	91	FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More < 1.0.4 - Unauthenticated Arbitrary File Deletion	LOW	*-1.0.3	1.0.4	June 29, 2026
effect-maker	effect-maker	89	Effect Maker <= 1.2.1 - Missing Authorization	LOW	*-1.2.1		June 29, 2026
Download Manager	download-manager	63	Download Manager <= 3.3.32 - Authenticated (Subscriber+) Information Exposure	LOW	*-3.3.32	3.3.33	June 29, 2026
clicksend-contactform7	clicksend-contactform7	91	SMS Contact Form 7 Notifications by ClickSend <= 1.4.0 - Missing Authorization	LOW	*-1.4.0		June 29, 2026
cf7-autoresponder-addon	cf7-autoresponder-addon	93	CF7 Auto Responder Addon <= 2.4 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.4	2.5	June 29, 2026
block-for-mailchimp	block-for-mailchimp	93	Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery	LOW	*-1.1.12	1.1.13	June 29, 2026
adiaha-hotel	adiaha-hotel	95	Flights & Hotels Booking WP Plugin <= 3.1 - Missing Authorization	LOW	*-3.1		June 29, 2026
affiliate-wp	affiliate-wp	97	AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection	LOW	*-2.28.2	2.29.0	June 29, 2026
SmartCrawl SEO checker, analyzer & optimizer	smartcrawl-seo	90	SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update	LOW	*-3.14.3	3.14.4	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.1.94	5.2.0	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function	LOW	*-5.1.94	5.2.0	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function	LOW	*-5.1.94	5.2.0	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-5.1.94	5.2.0	June 29, 2026
all-social-share-options	all-social-share-options	95	All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
lockerpress-wordpress-security	lockerpress-wordpress-security	91	LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
mihdan-elementor-yandex-maps	mihdan-elementor-yandex-maps	93	Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins	LOW	*-1.6.11	1.7.0	June 29, 2026
layers	layers	93	Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.5	1.0	June 29, 2026
momoyoga-integration	momoyoga-integration	N/A	Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.9.0	2.9.1	June 29, 2026
bei-fen	bei-fen	91	Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-1.4.2		June 29, 2026
post-by-email	post-by-email	N/A	Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments	LOW	* - 1.0.4b		June 29, 2026
all-in-one-music-player	all-in-one-music-player	95	All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter	LOW	*-1.3.1		June 29, 2026
planetcalc	planetcalc	N/A	planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter	LOW	*-2.2		June 29, 2026
bp-direct-menus	bp-direct-menus	91	BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
gutenbee	gutenbee	93	GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.18.0	2.18.1	June 29, 2026
alleaktien-quantitativ	alleaktien-quantitativ	95	Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.0.1		June 29, 2026
any-news-ticker	any-news-ticker	95	Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.1		June 29, 2026
tiny-bootstrap-elements-light	tiny-bootstrap-elements-light	N/A	Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion	LOW	*-4.3.34		June 29, 2026
copypress-rest-api	copypress-rest-api	91	Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution	LOW	1.1-1.2		June 29, 2026
nexa-blocks	nexa-blocks	N/A	Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget	LOW	*-1.1.0	1.1.1	June 29, 2026
the-pack-addon	the-pack-addon	N/A	The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget	LOW	*-2.1.5	2.1.6	June 29, 2026
surveyanyplace	surveyanyplace	N/A	SurveyAnyplace Plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
fancytabs	fancytabs	91	FancyTabs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter	LOW	*-1.1.0		June 29, 2026
weedmaps-menu-embed	weedmaps-menu-embed	N/A	WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode	LOW	*-1.2.0		June 29, 2026
dbview	dbview	91	dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.5.5		June 29, 2026
qyrr-code	qyrr-code	N/A	Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-2.0.7	2.0.8	June 29, 2026
my-askai	my-askai	N/A	My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
chatwee	chatwee	89	Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update	LOW	*-2.1.3		June 29, 2026
woo-bigpost-shipping	woo-bigpost-shipping	N/A	Big Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.2	2.1.3	June 29, 2026
upload-am-file-hosting-vpn	upload-am-file-hosting-vpn	N/A	Upload.am File Hosting VPN <= 1.0.0 - Authenticated (Contributor+) Arbitrary Options Disclosure	LOW	*-1.0.0	1.0.1	June 29, 2026
smart-wetransfer	smart-wetransfer	N/A	Smart WeTransfer <= 1.3 - Missing Authorization	LOW	*-1.3		June 29, 2026
custom-post-type-pdf-attachment	custom-post-type-pdf-attachment	91	Custom Post Type Attachment <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.6		June 29, 2026
WPC Smart Messages for WooCommerce	wpc-smart-messages	N/A	WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2.8	4.2.9	June 29, 2026
wp-geo	wp-geo	N/A	WP Geo <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5.1		June 29, 2026
user-avatar-reloaded	user-avatar-reloaded	N/A	User Avatar - Reloaded <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.2		June 29, 2026
referral-link-tracker	referral-link-tracker	N/A	Referral Link Tracker <= 1.1.4 - Missing Authorization	LOW	*-1.1.4		June 29, 2026
query-posts	query-posts	N/A	Query Posts <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.3.2		June 29, 2026
miniorange-login-openid	miniorange-login-openid	91	Social Login and Register <= 7.7.0 - Authenticated (Administrator+) Local File Inclusion	LOW	*-7.7.0		June 29, 2026
lbg_zoominoutslider	lbg_zoominoutslider	87	LBG Zoominoutslider <= 5.4.4 - Authenticated (Contributor+) SQL Injection	LOW	*-5.4.4	5.4.5	June 29, 2026
lbg_fullscreen_fullwidth_slider	lbg_fullscreen_fullwidth_slider	89	Image&Video FullScreen Background <= 1.6.7 - Authenticated (Contributor+) SQL Injection	LOW	*-1.6.7		June 29, 2026
add-search-to-menu	add-search-to-menu	97	Ivory Search <= 5.5.12 - Missing Authorization	LOW	*-5.5.12	5.5.13	June 29, 2026

LOW

appy-pie-connect-for-woocommerce

Score: 97/100 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password Affected: *-1.1.2 Patched: 1.1.3 Updated: June 29, 2026

LOW

wp-cycle-text-announcement

Score: N/A Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection Affected: *-8.1 Patched: Updated: June 29, 2026

LOW

ird-slider

Score: 91/100 Ird Slider <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

mobile-site-redirect

Score: N/A Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

wp-dispatcher

Score: N/A WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

wp-dispatcher

Score: N/A WP Dispatcher <= 1.2.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

contentmx-content-publisher

Score: 93/100 ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery Affected: *-1.0.6 Patched: 1.0.7 Updated: June 29, 2026

LOW

joomsport-sports-league-results-management

Score: 93/100 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion Affected: *-5.7.3 Patched: 5.7.4 Updated: June 29, 2026

LOW

Score: N/A RestroPress – Online Food Ordering System 3.0.0 - 3.2.1 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT Affected: 3.0.0-3.2.1 Patched: 3.2.2 Updated: June 29, 2026

LOW

flexi

Score: 89/100 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode Affected: *-4.28 Patched: Updated: June 29, 2026

LOW

comment-info-detector

Score: 91/100 Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.5 Patched: Updated: June 29, 2026

LOW

ut-elementor-addons-lite

Score: N/A Ultra Addons Lite for Elementor <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field Affected: *-1.1.9 Patched: 1.2.0 Updated: June 29, 2026

LOW

textbuilder

Score: N/A TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover Affected: 1.0.0-1.1.1 Patched: 1.2.0 Updated: June 29, 2026

LOW

yournewsapp

Score: N/A Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection Affected: *-0.8.8.8 Patched: Updated: June 29, 2026

LOW

fintelligence-calculator

Score: 89/100 Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

wp-structured-data-schema

Score: N/A Schema Plugin For Divi, Gutenberg & Shortcodes <= 4.3.2 - Authenticated (Contributor+) Object Instantiation Affected: *-4.3.2 Patched: Updated: June 29, 2026

LOW

paypal-forms

Score: N/A PayPal Forms <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

epic-bootstrap-buttons

Score: 91/100 Epic Bootstrap Buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

wp-sinotype

Score: N/A WP SinoType <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

ticket-spot

Score: N/A Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

wp-photo-effects

Score: N/A WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.4 Patched: Updated: June 29, 2026

LOW

unify

Score: N/A Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode Affected: *-3.4.7 Patched: 3.4.8 Updated: June 29, 2026

LOW

generic-elements-for-elementor

Score: 89/100 Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: June 29, 2026

LOW

ultimate-viral-quiz

Score: N/A Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

my-wp-health-check

Score: N/A SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure Affected: *-1.9.8 Patched: Updated: June 29, 2026

LOW

auto-bulb-finder-for-wp-wc

Score: 93/100 Auto Bulb Finder for WordPress <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.0 Patched: 2.9.0 Updated: June 29, 2026

LOW

a-simple-multilanguage

Score: 95/100 A Simple Multilanguage Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

mpwizard

Score: N/A MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

ap-background

Score: 93/100 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.8.2 Patched: Updated: June 29, 2026

LOW

ap-background

Score: 93/100 AP Background <= 3.8.2 - Cross-Site Request Forgery Affected: *-3.8.2 Patched: Updated: June 29, 2026

LOW

ap-background

Score: 93/100 AP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function Affected: 3.8.1-3.8.2 Patched: Updated: June 29, 2026

LOW

spirit-framework

Score: N/A Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation Affected: *-1.2.14 Patched: 1.2.15 Updated: June 29, 2026

LOW

wp_attractivedonationssystem

Score: N/A Attractive Donations System - Easy Stripe & Paypal donations <= 1.25 - Cross-Site Request Forgery Affected: *-1.25 Patched: Updated: June 29, 2026

LOW

wordpress-seo-premium

Score: N/A Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: 25.7-25.9 Patched: 26.0 Updated: June 29, 2026

LOW

joan

Score: 93/100 Jock On Air Now (JOAN) <= 6.0.4 - Missing Authorization Affected: *-6.0.4 Patched: 6.0.5 Updated: June 29, 2026

LOW

interactive-medical-drawing-of-human-body

Score: 91/100 Interactive Medical Drawing of Human Body <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.6 Patched: Updated: June 29, 2026

LOW

backup-bolt

Score: 91/100 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download Affected: *-1.4.1 Patched: 1.5.0 Updated: June 29, 2026

LOW

woo-vehicle-parts-finder

Score: N/A WooCommerce Vehicle Parts Finder <= 3.7 - Unauthenticated PHP Object Injection Affected: *-3.7 Patched: 3.8 Updated: June 29, 2026

LOW

s2member

Score: N/A s2Member <= 250905 - Unauthenticated Remote Code Execution Affected: *-250905 Patched: 251005 Updated: June 29, 2026

LOW

nex-forms-lite

Score: N/A NEX-Forms LITE < 8.2 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 8.2) Patched: 8.2 Updated: June 29, 2026

LOW

meta-tag-manager

Score: 93/100 Meta Tag Manager <= 3.2 - Open Redirect Affected: *-3.2 Patched: 3.3 Updated: June 29, 2026

LOW

zoloblocks

Score: N/A ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.10 Patched: 2.3.11 Updated: June 29, 2026

LOW

woo-vehicle-parts-finder

Score: N/A WooCommerce Vehicle Parts Finder <= 3.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.7 Patched: 3.8 Updated: June 29, 2026

LOW

taskbot

Score: N/A Taskbot <= 6.4 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-6.4 Patched: 6.5 Updated: June 29, 2026

LOW

softdiscover-db-file-manager

Score: N/A File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure Affected: *-1.6.1 Patched: 1.6.2 Updated: June 29, 2026

LOW

siteground-email-marketing

Score: N/A SiteGround Email Marketing <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.1 Patched: 1.7.2 Updated: June 29, 2026

LOW

rock-convert

Score: N/A Rock Convert <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: June 29, 2026

LOW

opal-service

Score: N/A Opal Service <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: June 29, 2026

LOW

indeed-learning-pro

Score: 87/100 Ultimate Learning Pro <= 3.9.3 - Authenticated (Instructor+) Arbitrary Content Deletion Affected: *-3.9.3 Patched: Updated: June 29, 2026

LOW

huzzaz-video-gallery

Score: 91/100 Video Gallery by Huzzaz <= 10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-10.5 Patched: Updated: June 29, 2026

LOW

formgent

Score: 91/100 FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More < 1.0.4 - Unauthenticated Arbitrary File Deletion Affected: *-1.0.3 Patched: 1.0.4 Updated: June 29, 2026

LOW

effect-maker

Score: 89/100 Effect Maker <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.32 - Authenticated (Subscriber+) Information Exposure Affected: *-3.3.32 Patched: 3.3.33 Updated: June 29, 2026

LOW

clicksend-contactform7

Score: 91/100 SMS Contact Form 7 Notifications by ClickSend <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: Updated: June 29, 2026

LOW

cf7-autoresponder-addon

Score: 93/100 CF7 Auto Responder Addon <= 2.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.4 Patched: 2.5 Updated: June 29, 2026

LOW

block-for-mailchimp

Score: 93/100 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery Affected: *-1.1.12 Patched: 1.1.13 Updated: June 29, 2026

LOW

adiaha-hotel

Score: 95/100 Flights & Hotels Booking WP Plugin <= 3.1 - Missing Authorization Affected: *-3.1 Patched: Updated: June 29, 2026

LOW

affiliate-wp

Score: 97/100 AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection Affected: *-2.28.2 Patched: 2.29.0 Updated: June 29, 2026

LOW

SmartCrawl SEO checker, analyzer & optimizer

smartcrawl-seo

Score: 90/100 SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update Affected: *-3.14.3 Patched: 3.14.4 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.1.94 Patched: 5.2.0 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function Affected: *-5.1.94 Patched: 5.2.0 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function Affected: *-5.1.94 Patched: 5.2.0 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.1.94 Patched: 5.2.0 Updated: June 29, 2026

LOW

all-social-share-options

Score: 95/100 All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

lockerpress-wordpress-security

Score: 91/100 LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

mihdan-elementor-yandex-maps

Score: 93/100 Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins Affected: *-1.6.11 Patched: 1.7.0 Updated: June 29, 2026

LOW

layers

Score: 93/100 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.5 Patched: 1.0 Updated: June 29, 2026

LOW

momoyoga-integration

Score: N/A Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.0 Patched: 2.9.1 Updated: June 29, 2026

LOW

bei-fen

Score: 91/100 Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.4.2 Patched: Updated: June 29, 2026

LOW

post-by-email

Score: N/A Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments Affected: * - 1.0.4b Patched: Updated: June 29, 2026

LOW

all-in-one-music-player

Score: 95/100 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter Affected: *-1.3.1 Patched: Updated: June 29, 2026

LOW

planetcalc

Score: N/A planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter Affected: *-2.2 Patched: Updated: June 29, 2026

LOW

bp-direct-menus

Score: 91/100 BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

gutenbee

Score: 93/100 GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.18.0 Patched: 2.18.1 Updated: June 29, 2026

LOW

alleaktien-quantitativ

Score: 95/100 Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: June 29, 2026

LOW

any-news-ticker

Score: 95/100 Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.1 Patched: Updated: June 29, 2026

LOW

tiny-bootstrap-elements-light

Score: N/A Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion Affected: *-4.3.34 Patched: Updated: June 29, 2026

LOW

copypress-rest-api

Score: 91/100 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution Affected: 1.1-1.2 Patched: Updated: June 29, 2026

LOW

nexa-blocks

Score: N/A Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget Affected: *-1.1.0 Patched: 1.1.1 Updated: June 29, 2026

LOW

the-pack-addon

Score: N/A The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget Affected: *-2.1.5 Patched: 2.1.6 Updated: June 29, 2026

LOW

surveyanyplace

Score: N/A SurveyAnyplace Plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

fancytabs

Score: 91/100 FancyTabs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter Affected: *-1.1.0 Patched: Updated: June 29, 2026

LOW

weedmaps-menu-embed

Score: N/A WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

dbview

Score: 91/100 dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.5.5 Patched: Updated: June 29, 2026

LOW

qyrr-code

Score: N/A Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-2.0.7 Patched: 2.0.8 Updated: June 29, 2026

LOW

my-askai

Score: N/A My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

chatwee

Score: 89/100 Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update Affected: *-2.1.3 Patched: Updated: June 29, 2026

LOW

woo-bigpost-shipping

Score: N/A Big Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: June 29, 2026

LOW

upload-am-file-hosting-vpn

Score: N/A Upload.am File Hosting VPN <= 1.0.0 - Authenticated (Contributor+) Arbitrary Options Disclosure Affected: *-1.0.0 Patched: 1.0.1 Updated: June 29, 2026

LOW

smart-wetransfer

Score: N/A Smart WeTransfer <= 1.3 - Missing Authorization Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

custom-post-type-pdf-attachment

Score: 91/100 Custom Post Type Attachment <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.6 Patched: Updated: June 29, 2026

LOW

WPC Smart Messages for WooCommerce

wpc-smart-messages

Score: N/A WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.8 Patched: 4.2.9 Updated: June 29, 2026

LOW

wp-geo

Score: N/A WP Geo <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.1 Patched: Updated: June 29, 2026

LOW

user-avatar-reloaded

Score: N/A User Avatar - Reloaded <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: June 29, 2026

LOW

referral-link-tracker

Score: N/A Referral Link Tracker <= 1.1.4 - Missing Authorization Affected: *-1.1.4 Patched: Updated: June 29, 2026

LOW

query-posts

Score: N/A Query Posts <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.2 Patched: Updated: June 29, 2026

LOW

miniorange-login-openid

Score: 91/100 Social Login and Register <= 7.7.0 - Authenticated (Administrator+) Local File Inclusion Affected: *-7.7.0 Patched: Updated: June 29, 2026

LOW

lbg_zoominoutslider

Score: 87/100 LBG Zoominoutslider <= 5.4.4 - Authenticated (Contributor+) SQL Injection Affected: *-5.4.4 Patched: 5.4.5 Updated: June 29, 2026

LOW

lbg_fullscreen_fullwidth_slider

Score: 89/100 Image&Video FullScreen Background <= 1.6.7 - Authenticated (Contributor+) SQL Injection Affected: *-1.6.7 Patched: Updated: June 29, 2026

LOW

add-search-to-menu

Score: 97/100 Ivory Search <= 5.5.12 - Missing Authorization Affected: *-5.5.12 Patched: 5.5.13 Updated: June 29, 2026

Showing 5901 to 6000 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 21:58 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List