Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36280

Across tracked plugins

Affected Plugins

89

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-image-shrinker wp-image-shrinker N/A Image shrinker <= 1.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-1.1.0 June 29, 2026
popular-posts-by-webline popular-posts-by-webline N/A Popular Posts by Webline <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 June 29, 2026
photospace-responsive photospace-responsive N/A Photospace Responsive <= 2.2.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.2.0 June 29, 2026
links-shortcode links-shortcode
91
 Links shortcode <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.3 June 29, 2026
buddypress buddypress
93
 BuddyPress <= 14.3.4 - Missing Authorization LOW *-14.3.4 14.4.0 June 29, 2026
professional-contact-form professional-contact-form N/A Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending LOW *-1.0.0 June 29, 2026
cforms-plugin cforms-plugin
91
 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery LOW *-3.0.0 June 29, 2026
sync-feedly sync-feedly N/A Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger LOW *-1.0.1 June 29, 2026
trust-reviews trust-reviews N/A Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery LOW *-1.0 June 29, 2026
vm-menu-reorder vm-menu-reorder N/A VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update LOW *-1.0.0 June 29, 2026
hidepost hidepost
89
 HidePost <= 2.3.8 - Cross-Site Request Forgery LOW *-2.3.8 June 29, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header LOW *-14.15.4 14.15.5 June 29, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update LOW *-3.12.0 3.12.1 June 29, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion LOW *-3.12.0 3.12.1 June 29, 2026
team-members team-members N/A Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.3.5 5.3.6 June 29, 2026
zoloblocks zoloblocks N/A ZoloBlocks <= 2.3.11 - Unauthenticated Sever-Side Request Forgery LOW *-2.3.11 2.3.12 June 29, 2026
yourplugins-wc-conditional-cart-notices yourplugins-wc-conditional-cart-notices N/A Conditional Cart Messages for WooCommerce – YourPlugins.com <= 1.2.10 - Cross-Site Request Forgery LOW *-1.2.10 June 29, 2026
yext yext N/A Yext <= 1.1.3 - Missing Authorization LOW *-1.1.3 June 29, 2026
yaycurrency yaycurrency N/A YayCurrency <= 3.2 - Authenticated (Administrator+) Remote Code Execution LOW *-3.2 3.3.2 June 29, 2026
wpfront-user-role-editor wpfront-user-role-editor N/A WPFront User Role Editor <= 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.3 4.2.4 June 29, 2026
wpdirectorykit wpdirectorykit N/A WP Directory Kit <= 1.4.0 - Missing Authorization LOW *-1.4.0 1.4.1 June 29, 2026
wp-ticket wp-ticket N/A WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0.2 6.0.3 June 29, 2026
wp-tesseract wp-tesseract N/A WP Tesseract <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.2 June 29, 2026
wp-subscription-forms-pro wp-subscription-forms-pro N/A WP Subscription Forms PRO <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-2.0.5 June 29, 2026
wp-recipe-maker wp-recipe-maker N/A WP Recipe Maker < 10.1.0 - Unauthenticated Arbitrary Shortcode Execution LOW [*, 10.1.0) 10.1.0 June 29, 2026
wp-mpdf wp-mpdf N/A wp-mpdf <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.9.1 3.9.2 June 29, 2026
wp-media-categories wp-media-categories N/A WP Media Categories <= 2.1.0 - Cross-Site Request Forgery LOW *-2.1.0 June 29, 2026
wp-copysafe-web wp-copysafe-web N/A CopySafe Web Protection <= 5.1 - Missing Authorization LOW *-5.1 5.3 June 29, 2026
workreap workreap N/A Workreap <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-3.3.5 3.3.6 June 29, 2026
woo-events woo-events N/A WooEvents <= 4.1.7 - Missing Authorization LOW *-4.1.7 4.1.8 June 29, 2026
wgpwpp wgpwpp N/A WEDOS Global <= 1.2.2 - Missing Authorization LOW *-1.2.2 2.0.0 June 29, 2026
werk-aan-de-muur werk-aan-de-muur N/A Werk aan de Muur <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5 1.5.1 June 29, 2026
w3s-cf7-zoho w3s-cf7-zoho N/A W3SCloud Contact Form 7 to Zoho CRM <= 3.0 - Cross-Site Request Forgery LOW *-3.0 June 29, 2026
virtualassistant virtualassistant N/A WP Virtual Assistant <= 3.0 - Missing Authorization LOW *-3.0 June 29, 2026
video-blogster-lite video-blogster-lite N/A Video Blogster Lite <= 1.2 - Cross-Site Request Forgery LOW *-1.2 June 29, 2026
vehica-core vehica-core N/A Vehica Core <= 1.0.100 - Cross-Site Request Forgery LOW *-1.0.100 1.0.101 June 29, 2026
user-notes user-notes N/A User Notes <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.2 1.0.3 June 29, 2026
theme-my-login theme-my-login N/A Theme My Login <= 7.1.12 - Missing Authorization LOW *-7.1.12 7.1.13 June 29, 2026
the-tech-tribe the-tech-tribe N/A The Tribal <= 1.3.3 - Unauthenticated Sensitive Information Exposure LOW *-1.3.3 1.3.4 June 29, 2026
the-tech-tribe the-tech-tribe N/A The Tribal <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3.3 1.3.4 June 29, 2026
testimonial-add testimonial-add N/A Testimonial Slider <= 3.5.8.6 - Authenticated (Contributor+) Local File Inclusion LOW *-3.5.8.6 June 29, 2026
subscribe-to-unlock subscribe-to-unlock N/A Subscribe To Unlock <= 1.1.5 - Missing Authorization LOW *-1.1.5 June 29, 2026
subscribe-to-unlock subscribe-to-unlock N/A Subscribe To Unlock <= 1.1.5 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1.5 June 29, 2026
subscribe-to-download subscribe-to-download N/A Subscribe to Download <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion LOW *-2.0.9 2.1.0 June 29, 2026
subscribe-to-download subscribe-to-download N/A Subscribe to Download <= 2.0.9 - Missing Authorization LOW *-2.0.9 2.1.0 June 29, 2026
stackable-ultimate-gutenberg-blocks stackable-ultimate-gutenberg-blocks N/A Stackable <= 3.18.1 - Authenticated (Contributor+) Sensitive Information Exposure LOW *-3.18.1 3.19.0 June 29, 2026
stackable-ultimate-gutenberg-blocks stackable-ultimate-gutenberg-blocks N/A Stackable <= 3.18.1 - Missing Authorization LOW *-3.18.1 3.19.0 June 29, 2026
skt-blocks skt-blocks N/A SKT Blocks <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5 June 29, 2026
simple-meta-tags simple-meta-tags N/A Simple Meta Tags <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 June 29, 2026
simple-colorbox simple-colorbox N/A Simple Colorbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.1 June 29, 2026
seo-search-permalink seo-search-permalink N/A SEO Search Permalink <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.3 June 29, 2026
recaptcha-wp recaptcha-wp N/A Recaptcha – wp <= 0.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.2.6 June 29, 2026
post-featured-video post-featured-video N/A Post Featured Video <= 1.7 - Cross-Site Request Forgery LOW *-1.7 June 29, 2026
popad popad N/A PopAd <= 1.0.4 - Authenticated (Admin+) Server-Side Request Forgery LOW *-1.0.4 June 29, 2026
pgs-core pgs-core N/A PGS Core <= 5.9.0 - Authenticated (Contributor+) SQL Injection LOW *-5.9.0 June 29, 2026
pe-easy-slider pe-easy-slider N/A PE Easy Slider <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.0 June 29, 2026
page-manager-for-elementor page-manager-for-elementor N/A Page Manager for Elementor <= 2.0.5 - Authenticated (Subscriber+) Sensitive Information Exposure LOW *-2.0.5 June 29, 2026
official-sendle-shipping-method official-sendle-shipping-method N/A Sendle Shipping <= 6.02 - Cross-Site Request Forgery LOW *-6.02 6.03 June 29, 2026
notely notely N/A Notely <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.8.0 1.9.0 June 29, 2026
nota-fiscal-eletronica-woocommerce nota-fiscal-eletronica-woocommerce N/A Nota Fiscal Eletrônica WooCommerce <= 3.4.0.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting LOW *-3.4.0.9 3.4.1.0 June 29, 2026
nota-fiscal-eletronica-woocommerce nota-fiscal-eletronica-woocommerce N/A Nota Fiscal Eletrônica WooCommerce <= 3.4.0.9 - Missing Authorization LOW *-3.4.0.9 3.4.1.0 June 29, 2026
norebro-extra norebro-extra N/A Norebro Extra <= 1.6.8 - Unauthenticated Arbitrary Shortcode Execution LOW *-1.6.8 June 29, 2026
newsmanapp newsmanapp N/A NewsmanApp <= 2.7.7 - Cross-Site Request Forgery LOW *-2.7.7 3.0.0 June 29, 2026
netgsm netgsm N/A Netgsm <= 2.9.71 - Missing Authorization LOW *-2.9.71 2.9.72 June 29, 2026
mww-disclaimer-buttons mww-disclaimer-buttons N/A MWW Disclaimer Buttons <= 3.41 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW 3.41 3.5 June 29, 2026
multilang-contact-form multilang-contact-form N/A Multilang Contact Form <= 1.5 - Cross-Site Request Forgery LOW *-1.5 June 29, 2026
map-categories-to-pages map-categories-to-pages
91
 Map Categories to Pages <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3.2 June 29, 2026
listingpro-plugin listingpro-plugin
87
 ListingPro <= 2.9.8 - Missing Authorization LOW *-2.9.8 June 29, 2026
lenix-scss-compiler lenix-scss-compiler
89
 Lenix scss compiler <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2 June 29, 2026
lenix-scss-compiler lenix-scss-compiler
89
 Lenix scss compiler <= 1.2 - Cross-Site Request Forgery LOW *-1.2 June 29, 2026
kontur-admin-style kontur-admin-style
93
 kontur Admin Style <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.4 1.0.5 June 29, 2026
job-board-manager job-board-manager
83
 Job Board Manager <= 2.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.61 June 29, 2026
javo-core javo-core
86
 Javo Core <= 3.0.0.266 - Cross-Site Request Forgery LOW *-3.0.0.266 June 29, 2026
Instapage Plugin instapage
90
 Instapage Plugin <= 3.7.0 - Cross-Site Request Forgery LOW *-3.7.0 3.7.1 June 29, 2026
htaccess-ip-blocker htaccess-ip-blocker
91
 HTACCESS IP Blocker <= 1.0 - Cross-Site Request Forgery LOW *-1.0 June 29, 2026
ht-instagram ht-instagram
93
 HT Feed <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.0 1.3.1 June 29, 2026
hotelrunner hotelrunner
89
 HotelRunner Booking Widget <= 1.6 - Cross-Site Request Forgery LOW *-1.6 June 29, 2026
hivepress-claim-listings hivepress-claim-listings
91
 HivePress Claim Listings <= 1.1.3 - Missing Authorization LOW *-1.1.3 1.1.4 June 29, 2026
hivepress-claim-listings hivepress-claim-listings
91
 HivePress Claim Listings <= 1.1.3 - Missing Authorization LOW *-1.1.3 June 29, 2026
gst-for-woocommerce gst-for-woocommerce
91
 GST for WooCommerce <= 2.0 - Cross-Site Request Forgery LOW *-2.0 June 29, 2026
groovy-menu-free groovy-menu-free
91
 Groovy Menu <= 1.4.3 - Cross-Site Request Forgery LOW *-1.4.3 June 29, 2026
grandconference-custom-post grandconference-custom-post
93
 Grand Conference Theme Custom Post Type < 2.6.4 - Missing Authorization LOW [*, 2.6.4) 2.6.4 June 29, 2026
google-plus-comments google-plus-comments
91
 Google+ Comments <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 June 29, 2026
gf-hubspot gf-hubspot
93
 WP Gravity Forms HubSpot <= 1.2.5 - Open Redirect LOW *-1.2.5 1.2.6 June 29, 2026
gallery-custom-links gallery-custom-links
93
 Gallery Custom Links <= 2.2.5 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.2.5 2.2.6 June 29, 2026
flytedesk-digital flytedesk-digital
91
 Flytedesk Digital <= 20181101 - Cross-Site Request Forgery LOW *-20181101 June 29, 2026
external-rss-reader external-rss-reader
87
 Silencesoft RSS Reader <= 0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.6 June 29, 2026
external-rss-reader external-rss-reader
87
 Silencesoft RSS Reader <= 0.6 - Unauthenticated Server-Side Request Forgery LOW *-0.6 June 29, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
 Everest Forms <= 3.4.1 - Unauthenticated Arbitrary Shortcode Execution LOW *-3.4.1 3.4.2 June 29, 2026
embed-any-document embed-any-document
93
 Embed Any Document <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.7 2.7.8 June 29, 2026
emailkit emailkit
93
 EmailKit <= 1.6.0 - Missing Authorization to Authenticated (Author+) Arbitrary Content Deletion LOW *-1.6.0 1.6.1 June 29, 2026
email-subscribers-premium email-subscribers-premium
93
 Icegram Express Pro <= 5.9.13 - Authenticated (Administrator+) PHP Object Injection LOW [*, 5.9.14) 5.9.14 June 29, 2026
email-subscribers-premium email-subscribers-premium
93
 Icegram Express Pro <= 5.9.5 - Authenticated (Admin+) Server-Side Request Forgery LOW *-5.9.5 5.9.6 June 29, 2026
e-mailit e-mailit
91
 WeShare Buttons <= 13.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-13.0.0 June 29, 2026
dr-widgets-blocks dr-widgets-blocks
93
 Delisho <= 1.1.3 - Missing Authorization LOW *-1.1.3 1.1.4 June 29, 2026
Download Manager download-manager
63
 Download Manager <= 3.3.25 - Unauthenticated Sensitive Information Exposure LOW *-3.3.25 3.3.26 June 29, 2026
Download Manager download-manager
63
 Download Manager <= 3.3.24 - Cross-Site Request Forgery LOW *-3.3.24 3.3.25 June 29, 2026
ditty-news-ticker ditty-news-ticker
93
 Ditty <= 3.1.58 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.58 3.1.59 June 29, 2026
coschedule-by-todaymade coschedule-by-todaymade
93
 CoSchedule <= 3.3.11 - Unauthenticated Sensitive Information Exposure LOW *-3.3.11 3.4.0 June 29, 2026
Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension
96
 Contact Form 7 – Dynamic Text Extension <= 5.0.5 - Unauthenticated Arbitrary Shortcode Execution LOW *-5.0.5 June 29, 2026
LOW

wp-image-shrinker

wp-image-shrinker

Score: N/A Image shrinker <= 1.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.1.0 Patched: Updated: June 29, 2026
LOW

popular-posts-by-webline

popular-posts-by-webline

Score: N/A Popular Posts by Webline <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 29, 2026
LOW

photospace-responsive

photospace-responsive

Score: N/A Photospace Responsive <= 2.2.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: June 29, 2026
LOW

links-shortcode

links-shortcode

Score: 91/100 Links shortcode <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.3 Patched: Updated: June 29, 2026
LOW

buddypress

buddypress

Score: 93/100 BuddyPress <= 14.3.4 - Missing Authorization Affected: *-14.3.4 Patched: 14.4.0 Updated: June 29, 2026
LOW

professional-contact-form

professional-contact-form

Score: N/A Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending Affected: *-1.0.0 Patched: Updated: June 29, 2026
LOW

cforms-plugin

cforms-plugin

Score: 91/100 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery Affected: *-3.0.0 Patched: Updated: June 29, 2026
LOW

sync-feedly

sync-feedly

Score: N/A Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger Affected: *-1.0.1 Patched: Updated: June 29, 2026
LOW

trust-reviews

trust-reviews

Score: N/A Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

vm-menu-reorder

vm-menu-reorder

Score: N/A VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.0 Patched: Updated: June 29, 2026
LOW

hidepost

hidepost

Score: 89/100 HidePost <= 2.3.8 - Cross-Site Request Forgery Affected: *-2.3.8 Patched: Updated: June 29, 2026
LOW

team-members

team-members

Score: N/A Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.3.5 Patched: 5.3.6 Updated: June 29, 2026
LOW

zoloblocks

zoloblocks

Score: N/A ZoloBlocks <= 2.3.11 - Unauthenticated Sever-Side Request Forgery Affected: *-2.3.11 Patched: 2.3.12 Updated: June 29, 2026
LOW

yourplugins-wc-conditional-cart-notices

yourplugins-wc-conditional-cart-notices

Score: N/A Conditional Cart Messages for WooCommerce – YourPlugins.com <= 1.2.10 - Cross-Site Request Forgery Affected: *-1.2.10 Patched: Updated: June 29, 2026
LOW

yext

yext

Score: N/A Yext <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: June 29, 2026
LOW

yaycurrency

yaycurrency

Score: N/A YayCurrency <= 3.2 - Authenticated (Administrator+) Remote Code Execution Affected: *-3.2 Patched: 3.3.2 Updated: June 29, 2026
LOW

wpfront-user-role-editor

wpfront-user-role-editor

Score: N/A WPFront User Role Editor <= 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.3 Patched: 4.2.4 Updated: June 29, 2026
LOW

wpdirectorykit

wpdirectorykit

Score: N/A WP Directory Kit <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: 1.4.1 Updated: June 29, 2026
LOW

wp-ticket

wp-ticket

Score: N/A WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.0.2 Patched: 6.0.3 Updated: June 29, 2026
LOW

wp-tesseract

wp-tesseract

Score: N/A WP Tesseract <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026
LOW

wp-subscription-forms-pro

wp-subscription-forms-pro

Score: N/A WP Subscription Forms PRO <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-2.0.5 Patched: Updated: June 29, 2026
LOW

wp-recipe-maker

wp-recipe-maker

Score: N/A WP Recipe Maker < 10.1.0 - Unauthenticated Arbitrary Shortcode Execution Affected: [*, 10.1.0) Patched: 10.1.0 Updated: June 29, 2026
LOW

wp-mpdf

wp-mpdf

Score: N/A wp-mpdf <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.9.1 Patched: 3.9.2 Updated: June 29, 2026
LOW

wp-media-categories

wp-media-categories

Score: N/A WP Media Categories <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: Updated: June 29, 2026
LOW

wp-copysafe-web

wp-copysafe-web

Score: N/A CopySafe Web Protection <= 5.1 - Missing Authorization Affected: *-5.1 Patched: 5.3 Updated: June 29, 2026
LOW

workreap

workreap

Score: N/A Workreap <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-3.3.5 Patched: 3.3.6 Updated: June 29, 2026
LOW

woo-events

woo-events

Score: N/A WooEvents <= 4.1.7 - Missing Authorization Affected: *-4.1.7 Patched: 4.1.8 Updated: June 29, 2026
LOW

wgpwpp

wgpwpp

Score: N/A WEDOS Global <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 2.0.0 Updated: June 29, 2026
LOW

werk-aan-de-muur

werk-aan-de-muur

Score: N/A Werk aan de Muur <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.5.1 Updated: June 29, 2026
LOW

w3s-cf7-zoho

w3s-cf7-zoho

Score: N/A W3SCloud Contact Form 7 to Zoho CRM <= 3.0 - Cross-Site Request Forgery Affected: *-3.0 Patched: Updated: June 29, 2026
LOW

virtualassistant

virtualassistant

Score: N/A WP Virtual Assistant <= 3.0 - Missing Authorization Affected: *-3.0 Patched: Updated: June 29, 2026
LOW

video-blogster-lite

video-blogster-lite

Score: N/A Video Blogster Lite <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 29, 2026
LOW

vehica-core

vehica-core

Score: N/A Vehica Core <= 1.0.100 - Cross-Site Request Forgery Affected: *-1.0.100 Patched: 1.0.101 Updated: June 29, 2026
LOW

user-notes

user-notes

Score: N/A User Notes <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026
LOW

theme-my-login

theme-my-login

Score: N/A Theme My Login <= 7.1.12 - Missing Authorization Affected: *-7.1.12 Patched: 7.1.13 Updated: June 29, 2026
LOW

the-tech-tribe

the-tech-tribe

Score: N/A The Tribal <= 1.3.3 - Unauthenticated Sensitive Information Exposure Affected: *-1.3.3 Patched: 1.3.4 Updated: June 29, 2026
LOW

the-tech-tribe

the-tech-tribe

Score: N/A The Tribal <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: 1.3.4 Updated: June 29, 2026
LOW

testimonial-add

testimonial-add

Score: N/A Testimonial Slider <= 3.5.8.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.5.8.6 Patched: Updated: June 29, 2026
LOW

subscribe-to-unlock

subscribe-to-unlock

Score: N/A Subscribe To Unlock <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: Updated: June 29, 2026
LOW

subscribe-to-unlock

subscribe-to-unlock

Score: N/A Subscribe To Unlock <= 1.1.5 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.5 Patched: Updated: June 29, 2026
LOW

subscribe-to-download

subscribe-to-download

Score: N/A Subscribe to Download <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.9 Patched: 2.1.0 Updated: June 29, 2026
LOW

subscribe-to-download

subscribe-to-download

Score: N/A Subscribe to Download <= 2.0.9 - Missing Authorization Affected: *-2.0.9 Patched: 2.1.0 Updated: June 29, 2026
LOW

stackable-ultimate-gutenberg-blocks

stackable-ultimate-gutenberg-blocks

Score: N/A Stackable <= 3.18.1 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-3.18.1 Patched: 3.19.0 Updated: June 29, 2026
LOW

stackable-ultimate-gutenberg-blocks

stackable-ultimate-gutenberg-blocks

Score: N/A Stackable <= 3.18.1 - Missing Authorization Affected: *-3.18.1 Patched: 3.19.0 Updated: June 29, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5 Patched: Updated: June 29, 2026
LOW

simple-meta-tags

simple-meta-tags

Score: N/A Simple Meta Tags <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 29, 2026
LOW

simple-colorbox

simple-colorbox

Score: N/A Simple Colorbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: June 29, 2026
LOW

seo-search-permalink

seo-search-permalink

Score: N/A SEO Search Permalink <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 29, 2026
LOW

recaptcha-wp

recaptcha-wp

Score: N/A Recaptcha – wp <= 0.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2.6 Patched: Updated: June 29, 2026
LOW

post-featured-video

post-featured-video

Score: N/A Post Featured Video <= 1.7 - Cross-Site Request Forgery Affected: *-1.7 Patched: Updated: June 29, 2026
LOW

popad

popad

Score: N/A PopAd <= 1.0.4 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-1.0.4 Patched: Updated: June 29, 2026
LOW

pgs-core

pgs-core

Score: N/A PGS Core <= 5.9.0 - Authenticated (Contributor+) SQL Injection Affected: *-5.9.0 Patched: Updated: June 29, 2026
LOW

pe-easy-slider

pe-easy-slider

Score: N/A PE Easy Slider <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 29, 2026
LOW

page-manager-for-elementor

page-manager-for-elementor

Score: N/A Page Manager for Elementor <= 2.0.5 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-2.0.5 Patched: Updated: June 29, 2026
LOW

official-sendle-shipping-method

official-sendle-shipping-method

Score: N/A Sendle Shipping <= 6.02 - Cross-Site Request Forgery Affected: *-6.02 Patched: 6.03 Updated: June 29, 2026
LOW

notely

notely

Score: N/A Notely <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.0 Patched: 1.9.0 Updated: June 29, 2026
LOW

nota-fiscal-eletronica-woocommerce

nota-fiscal-eletronica-woocommerce

Score: N/A Nota Fiscal Eletrônica WooCommerce <= 3.4.0.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: *-3.4.0.9 Patched: 3.4.1.0 Updated: June 29, 2026
LOW

nota-fiscal-eletronica-woocommerce

nota-fiscal-eletronica-woocommerce

Score: N/A Nota Fiscal Eletrônica WooCommerce <= 3.4.0.9 - Missing Authorization Affected: *-3.4.0.9 Patched: 3.4.1.0 Updated: June 29, 2026
LOW

norebro-extra

norebro-extra

Score: N/A Norebro Extra <= 1.6.8 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.6.8 Patched: Updated: June 29, 2026
LOW

newsmanapp

newsmanapp

Score: N/A NewsmanApp <= 2.7.7 - Cross-Site Request Forgery Affected: *-2.7.7 Patched: 3.0.0 Updated: June 29, 2026
LOW

netgsm

netgsm

Score: N/A Netgsm <= 2.9.71 - Missing Authorization Affected: *-2.9.71 Patched: 2.9.72 Updated: June 29, 2026
LOW

mww-disclaimer-buttons

mww-disclaimer-buttons

Score: N/A MWW Disclaimer Buttons <= 3.41 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: 3.41 Patched: 3.5 Updated: June 29, 2026
LOW

multilang-contact-form

multilang-contact-form

Score: N/A Multilang Contact Form <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: June 29, 2026
LOW

map-categories-to-pages

map-categories-to-pages

Score: 91/100 Map Categories to Pages <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: June 29, 2026
LOW

listingpro-plugin

listingpro-plugin

Score: 87/100 ListingPro <= 2.9.8 - Missing Authorization Affected: *-2.9.8 Patched: Updated: June 29, 2026
LOW

lenix-scss-compiler

lenix-scss-compiler

Score: 89/100 Lenix scss compiler <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026
LOW

lenix-scss-compiler

lenix-scss-compiler

Score: 89/100 Lenix scss compiler <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 29, 2026
LOW

kontur-admin-style

kontur-admin-style

Score: 93/100 kontur Admin Style <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.0.5 Updated: June 29, 2026
LOW

job-board-manager

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.61 Patched: Updated: June 29, 2026
LOW

javo-core

javo-core

Score: 86/100 Javo Core <= 3.0.0.266 - Cross-Site Request Forgery Affected: *-3.0.0.266 Patched: Updated: June 29, 2026
LOW

Instapage Plugin

instapage

Score: 90/100 Instapage Plugin <= 3.7.0 - Cross-Site Request Forgery Affected: *-3.7.0 Patched: 3.7.1 Updated: June 29, 2026
LOW

htaccess-ip-blocker

htaccess-ip-blocker

Score: 91/100 HTACCESS IP Blocker <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

ht-instagram

ht-instagram

Score: 93/100 HT Feed <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 29, 2026
LOW

hotelrunner

hotelrunner

Score: 89/100 HotelRunner Booking Widget <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: Updated: June 29, 2026
LOW

hivepress-claim-listings

hivepress-claim-listings

Score: 91/100 HivePress Claim Listings <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026
LOW

hivepress-claim-listings

hivepress-claim-listings

Score: 91/100 HivePress Claim Listings <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: June 29, 2026
LOW

gst-for-woocommerce

gst-for-woocommerce

Score: 91/100 GST for WooCommerce <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: Updated: June 29, 2026
LOW

groovy-menu-free

groovy-menu-free

Score: 91/100 Groovy Menu <= 1.4.3 - Cross-Site Request Forgery Affected: *-1.4.3 Patched: Updated: June 29, 2026
LOW

grandconference-custom-post

grandconference-custom-post

Score: 93/100 Grand Conference Theme Custom Post Type < 2.6.4 - Missing Authorization Affected: [*, 2.6.4) Patched: 2.6.4 Updated: June 29, 2026
LOW

google-plus-comments

google-plus-comments

Score: 91/100 Google+ Comments <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

gf-hubspot

gf-hubspot

Score: 93/100 WP Gravity Forms HubSpot <= 1.2.5 - Open Redirect Affected: *-1.2.5 Patched: 1.2.6 Updated: June 29, 2026
LOW

gallery-custom-links

gallery-custom-links

Score: 93/100 Gallery Custom Links <= 2.2.5 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.2.5 Patched: 2.2.6 Updated: June 29, 2026
LOW

flytedesk-digital

flytedesk-digital

Score: 91/100 Flytedesk Digital <= 20181101 - Cross-Site Request Forgery Affected: *-20181101 Patched: Updated: June 29, 2026
LOW

external-rss-reader

external-rss-reader

Score: 87/100 Silencesoft RSS Reader <= 0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.6 Patched: Updated: June 29, 2026
LOW

external-rss-reader

external-rss-reader

Score: 87/100 Silencesoft RSS Reader <= 0.6 - Unauthenticated Server-Side Request Forgery Affected: *-0.6 Patched: Updated: June 29, 2026
LOW

embed-any-document

embed-any-document

Score: 93/100 Embed Any Document <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.7 Patched: 2.7.8 Updated: June 29, 2026
LOW

emailkit

emailkit

Score: 93/100 EmailKit <= 1.6.0 - Missing Authorization to Authenticated (Author+) Arbitrary Content Deletion Affected: *-1.6.0 Patched: 1.6.1 Updated: June 29, 2026
LOW

email-subscribers-premium

email-subscribers-premium

Score: 93/100 Icegram Express Pro <= 5.9.13 - Authenticated (Administrator+) PHP Object Injection Affected: [*, 5.9.14) Patched: 5.9.14 Updated: June 29, 2026
LOW

email-subscribers-premium

email-subscribers-premium

Score: 93/100 Icegram Express Pro <= 5.9.5 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-5.9.5 Patched: 5.9.6 Updated: June 29, 2026
LOW

e-mailit

e-mailit

Score: 91/100 WeShare Buttons <= 13.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-13.0.0 Patched: Updated: June 29, 2026
LOW

dr-widgets-blocks

dr-widgets-blocks

Score: 93/100 Delisho <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.25 - Unauthenticated Sensitive Information Exposure Affected: *-3.3.25 Patched: 3.3.26 Updated: June 29, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.24 - Cross-Site Request Forgery Affected: *-3.3.24 Patched: 3.3.25 Updated: June 29, 2026
LOW

ditty-news-ticker

ditty-news-ticker

Score: 93/100 Ditty <= 3.1.58 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.58 Patched: 3.1.59 Updated: June 29, 2026
LOW

coschedule-by-todaymade

coschedule-by-todaymade

Score: 93/100 CoSchedule <= 3.3.11 - Unauthenticated Sensitive Information Exposure Affected: *-3.3.11 Patched: 3.4.0 Updated: June 29, 2026
LOW

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

Score: 96/100 Contact Form 7 – Dynamic Text Extension <= 5.0.5 - Unauthenticated Arbitrary Shortcode Execution Affected: *-5.0.5 Patched: Updated: June 29, 2026

Showing 6001 to 6100 of 36280 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 20:32 UTC.