Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36231

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
gutenify	gutenify	91	Gutenify <= 1.5.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.5.7	1.5.8	June 29, 2026
goodlayers-core	goodlayers-core	93	Goodlayers Core < 2.1.7 - Authenticated (Contributor+) Privilege Escalation	LOW	[*, 2.1.7)	2.1.7	June 29, 2026
employee-spotlight	employee-spotlight	93	Multiple Plugins by eMarket Design <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.1.0	5.1.1	June 29, 2026
Simple SEO	cds-simple-seo	92	Simple SEO <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.31	2.0.32	June 29, 2026
bm-builder	bm-builder	93	BM Content Builder < 3.16.3.3 - Authenticated (Contributor+) Arbitrary File Deletion	LOW	[*, 3.16.3.3)	3.16.3.3	June 29, 2026
zoloblocks	zoloblocks	N/A	ZoloBlocks <= 2.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.12	2.3.13	June 29, 2026
zoho-subscriptions	zoho-subscriptions	N/A	Zoho Billing <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1		June 29, 2026
zoho-flow	zoho-flow	N/A	Zoho Flow <= 2.14.1 - Cross-Site Request Forgery	LOW	*-2.14.1	2.14.2	June 29, 2026
xili-tidy-tags	xili-tidy-tags	N/A	xili-tidy-tags <= 1.12.06 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.12.06		June 29, 2026
xili-language	xili-language	N/A	xili-language <= 2.21.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.21.3		June 29, 2026
wte-elementor-widgets	wte-elementor-widgets	N/A	WP Travel Engine <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.2	1.4.3	June 29, 2026
wpmk-pdf-generator	wpmk-pdf-generator	N/A	WPMK PDF Generator <= 1.0.1 - Cross-Site Request Forgery	LOW	*-1.0.1		June 29, 2026
wpkoi-templates-for-elementor	wpkoi-templates-for-elementor	N/A	WPKoi Templates for Elementor <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.3	3.4.4	June 29, 2026
wpematico	wpematico	N/A	WPeMatico RSS Feed Fetcher <= 2.8.10 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-2.8.10	2.8.11	June 29, 2026
wpdiscuz	wpdiscuz	N/A	wpDiscuz <= 7.6.33 - Missing Authorization	LOW	*-7.6.33	7.6.34	June 29, 2026
wpcomplete	wpcomplete	N/A	WPComplete <= 2.9.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.9.5.2	2.9.5.3	June 29, 2026
wpcasa	wpcasa	N/A	WPCasa <= 1.4.1 - Unauthenticated Code Injection	LOW	*-1.4.1	1.4.2	June 29, 2026
wp-widgets-shortcode	wp-widgets-shortcode	N/A	WordPress Widgets Shortcode <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.3		June 29, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	wp-user-frontend	N/A	WP User Frontend <= 4.1.12 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	*-4.1.12	4.1.13	June 29, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	wp-user-frontend	N/A	WP User Frontend <= 4.1.12 - Missing Authorization	LOW	*-4.1.12	4.1.13	June 29, 2026
wp-team-manager	wp-team-manager	N/A	Team Manager <= 2.3.16 - Missing Authorization	LOW	*-2.3.16		June 29, 2026
wp-tabber-widget	wp-tabber-widget	N/A	Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection	LOW	*-4.0		June 29, 2026
wp-system-info	wp-system-info	N/A	WP System Information <= 1.5 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-1.5		June 29, 2026
wp-subtitle	wp-subtitle	N/A	WP Subtitle <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.1	3.4.2	June 29, 2026
wp-sri	wp-sri	N/A	Subresource Integrity (SRI) Manager <= 0.4.0 - Missing Authorization	LOW	*-0.4.0		June 29, 2026
wp-social-widget	wp-social-widget	N/A	WP Social Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.1		June 29, 2026
wp-proposals	wp-proposals	N/A	WP Proposals <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3		June 29, 2026
wp-members	wp-members	N/A	WP-Members <= 3.5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5.4.2	3.5.4.3	June 29, 2026
wp-mailto-links	wp-mailto-links	N/A	WP Mailto Links <= 3.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.1.4		June 29, 2026
wp-file-get-contents	wp-file-get-contents	N/A	JSM file_get_contents() Shortcode <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.1		June 29, 2026
wp-events-manager	wp-events-manager	N/A	WP Events Manager <= 2.2.1 - Missing Authorization	LOW	*-2.2.1	2.2.2	June 29, 2026
wp-delete-user-accounts	wp-delete-user-accounts	N/A	WP Delete User Accounts <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.4		June 29, 2026
wp-content-protection	wp-content-protection	N/A	WP Content Protection <= 1.3 - Cross-Site Request Forgery	LOW	*-1.3		June 29, 2026
WP Compress – Instant Performance & Speed Optimization	wp-compress-image-optimizer	61	WP Compress <= 6.50.54 - Missing Authorization	LOW	*-6.50.54	6.50.55	June 29, 2026
wp-compiler	wp-compiler	N/A	WP Compiler <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 29, 2026
wp-category-dropdown	wp-category-dropdown	N/A	WP Category Dropdown <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9		June 29, 2026
wp-bitly	wp-bitly	N/A	Bitly <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.4		June 29, 2026
wp-attractive-donations-system-easy-stripe-paypal-donations	wp-attractive-donations-system-easy-stripe-paypal-donations	N/A	WP Attractive Donations System < 1.29 - Cross-Site Request Forgery	LOW	[*, 1.29)	1.29	June 29, 2026
wp-advanced-pdf	wp-advanced-pdf	N/A	WP Advanced PDF <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.7		June 29, 2026
workscout-core	workscout-core	N/A	WorkScout-Core < 1.7.06 - Cross-Site Request Forgery	LOW	[*, 1.7.06)	1.7.06	June 29, 2026
wooms	wooms	N/A	WooMS <= 9.12 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-9.12		June 29, 2026
wooms	wooms	N/A	WooMS <= 9.12 - Missing Authorization	LOW	*-9.12		June 29, 2026
woolementor	woolementor	N/A	CoDesigner <= 4.30 - Missing Authorization	LOW	*-4.30	4.31	June 29, 2026
woocommerce-lightbox	woocommerce-lightbox	N/A	WPB Quick View for WooCommerce <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.8	2.2	June 29, 2026
woo-quickview	woo-quickview	N/A	Quick View for WooCommerce <= 2.2.16 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.16	2.2.17	June 29, 2026
woo-payrexx-gateway	woo-payrexx-gateway	N/A	Payrexx Payment Gateway for WooCommerce <= 3.1.5 - Missing Authorization	LOW	*-3.1.5	3.1.6	June 29, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates <= 6.8.0 - Missing Authorization	LOW	*-6.8.0	6.8.1	June 29, 2026
woo-cardcom-payment-gateway	woo-cardcom-payment-gateway	N/A	CardCom Payment Gateway <= 3.5.0.4 - Missing Authorization	LOW	*-3.5.0.4		June 29, 2026
woo-additional-fees-on-checkout-wordpress	woo-additional-fees-on-checkout-wordpress	N/A	WooCommerce Additional Fees On Checkout (Free) <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.2	1.5.3	June 29, 2026
wedevs-project-manager	wedevs-project-manager	N/A	WP Project Manager <= 2.6.25 - Unauthenticated Sensitive Information Exposure	LOW	*-2.6.25	2.6.26	June 29, 2026
website-chat-button-kommo-integration	website-chat-button-kommo-integration	N/A	Website Chat Button: Kommo integration <= 1.3.1 - Missing Authorization	LOW	*-1.3.1		June 29, 2026
website-builder	website-builder	N/A	Draft <= 3.0.9 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-3.0.9		June 29, 2026
wc-shipos-delivery	wc-shipos-delivery	N/A	Deliver via Shipos for WooCommerce <= 3.0.2 - Cross-Site Request Forgery	LOW	*-3.0.2	3.1.0	June 29, 2026
wc-sales-count-manager	wc-sales-count-manager	N/A	Sales Count Manager for WooCommerce <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.5		June 29, 2026
voucherpress	voucherpress	N/A	VoucherPress <= 1.5.7 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.5.7		June 29, 2026
vikrestaurants	vikrestaurants	N/A	VikRestaurants Table Reservations and Take-Away <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5	1.5.1	June 29, 2026
vikrestaurants	vikrestaurants	N/A	VikRestaurants Table Reservations and Take-Away <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.1	1.5.2	June 29, 2026
verowa-connect	verowa-connect	N/A	Verowa Connect <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.3	3.3.0	June 29, 2026
v-form	v-form	N/A	VPSUForm <= 3.2.20 - Missing Authorization	LOW	*-3.2.20	3.2.21	June 29, 2026
Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.	upsell-order-bump-offer-for-woocommerce	N/A	Upsell Order Bump Offer for WooCommerce <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.7	3.0.8	June 29, 2026
upcoming-events-lists	upcoming-events-lists	N/A	Upcoming Events Lists <= 1.4.0 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-1.4.0		June 29, 2026
uni-woo-custom-product-options-premium	uni-woo-custom-product-options-premium	N/A	Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'	LOW	*-4.9.55	4.9.56	June 29, 2026
uncanny-learndash-toolkit	uncanny-learndash-toolkit	N/A	Uncanny Toolkit for LearnDash <= 3.7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.7.0.3	3.7.0.4	June 29, 2026
ultimate-wp-mail	ultimate-wp-mail	N/A	Ultimate WP Mail <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.8	1.3.9	June 29, 2026
ultimate-watermark	ultimate-watermark	N/A	Ultimate Watermark <= 1.1 - Missing Authorization	LOW	*-1.1	1.1.1	June 29, 2026
ultimate-store-kit	ultimate-store-kit	N/A	Ultimate Store Kit Elementor Addons <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.8.6	2.8.7	June 29, 2026
uk-address-postcode-validation	uk-address-postcode-validation	N/A	UK Address Postcode Validation <= 3.9.2 - Unauthenticated Sensitive Information Exposure	LOW	*-3.9.2	3.10.0	June 29, 2026
tz-plus-gallery	tz-plus-gallery	N/A	TZ PlusGallery <= 1.5.5 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.5.5		June 29, 2026
trustpilot-reviews	trustpilot-reviews	N/A	Trustpilot Reviews <= 2.5.925 - Missing Authorization	LOW	*-2.5.925	3.6.0	June 29, 2026
travelmap-blog	travelmap-blog	N/A	Travel Map <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3	1.0.4	June 29, 2026
tochat-be	tochat-be	N/A	TOCHAT.BE <= 1.3.4 - Cross-Site Request Forgery	LOW	*-1.3.4		June 29, 2026
tlp-team	tlp-team	N/A	Team <= 5.0.6 - Missing Authorization	LOW	*-5.0.6	5.0.7	June 29, 2026
ti-woocommerce-wishlist	ti-woocommerce-wishlist	N/A	TI WooCommerce Wishlist <= 2.10.0 - Missing Authorization	LOW	*-2.10.0	2.11.0	June 29, 2026
theatre	theatre	N/A	Theater for WordPress <= 0.18.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.18.8	0.19	June 29, 2026
the-plus-addons-for-elementor-page-builder	the-plus-addons-for-elementor-page-builder	N/A	The Plus Addons for Elementor <= 6.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	LOW	*-6.3.15	6.3.16	June 29, 2026
the-casengo-chat-widget	the-casengo-chat-widget	N/A	Casengo Live Chat Support <= 2.1.4 - Cross-Site Request Forgery	LOW	*-2.1.4		June 29, 2026
text-to-audio	text-to-audio	N/A	Text To Speech TTS Accessibility <= 1.9.30 - Missing Authorization	LOW	*-1.9.30	1.9.31	June 29, 2026
termageddon-usercentrics	termageddon-usercentrics	N/A	Termageddon: Cookie Consent & Privacy Compliance <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.1	1.8.2	June 29, 2026
tapfiliate	tapfiliate	N/A	Tapfiliate <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.2	3.2.3	June 29, 2026
sweet-energy-efficiency	sweet-energy-efficiency	N/A	Sweet Energy Efficiency <= 1.0.8 - Cross-Site Request Forgery	LOW	*-1.0.8	1.0.9	June 29, 2026
sv-provenexpert	sv-provenexpert	N/A	SV Proven Expert <= 2.0.06 - Cross-Site Request Forgery	LOW	*-2.0.06		June 29, 2026
support-ticket-system-for-woocommerce	support-ticket-system-for-woocommerce	N/A	Helpdesk Support Ticket System for WooCommerce <= 2.1.1 - Missing Authorization	LOW	*-2.1.1	2.1.2	June 29, 2026
stonehenge-em-osm	stonehenge-em-osm	N/A	Events Manager – OpenStreetMaps <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2.1		June 29, 2026
stock-message	stock-message	N/A	Stock Message <= 1.1.0 - Cross-Site Request Forgery	LOW	*-1.1.0		June 29, 2026
sticky-header-effects-for-elementor	sticky-header-effects-for-elementor	N/A	Sticky Header Effects for Elementor <= 2.1.3 - Missing Authorization	LOW	*-2.1.2	2.1.3	June 29, 2026
sql-chart-builder	sql-chart-builder	N/A	SQL Chart Builder <= 2.3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.7.2		June 29, 2026
social-pug	social-pug	N/A	Hubbub Lite <= 1.35.1 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-1.35.1	1.36.0	June 29, 2026
snapwidget-wp-instagram-widget	snapwidget-wp-instagram-widget	N/A	SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 29, 2026
smart-blocks	smart-blocks	N/A	Smart Blocks <= 2.4 - Missing Authorization	LOW	*-2.4	2.5	June 29, 2026
slightly-troublesome-permalink	slightly-troublesome-permalink	N/A	Slightly troublesome permalink <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.0		June 29, 2026
skyword-plugin	skyword-plugin	N/A	Skyword API Plugin <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.5.3		June 29, 2026
skimlinks	skimlinks	N/A	Skimlinks Affiliate Marketing Tool <= 1.3 - Missing Authorization	LOW	*-1.3	1.3.1	June 29, 2026
skimlinks	skimlinks	N/A	Skimlinks Affiliate Marketing Tool <= 1.3 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-1.3		June 29, 2026
sitespeaker-widget	sitespeaker-widget	N/A	SiteNarrator Text-to-Speech Widget <= 1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.9		June 29, 2026
sitekit	sitekit	N/A	Sitekit <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0		June 29, 2026
simple-restaurant-menu	simple-restaurant-menu	N/A	Simple Restaurant Menu <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2		June 29, 2026
simple-jwt-login	simple-jwt-login	N/A	Simple JWT Login <= 3.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.6.4	3.6.5	June 29, 2026
shrinktheweb-website-preview-plugin	shrinktheweb-website-preview-plugin	N/A	ShrinkTheWeb (STW) Website Previews <= 2.8.5 - Cross-Site Request Forgery	LOW	*-2.8.5		June 29, 2026
show-pages-list	show-pages-list	N/A	Show Pages List <= 1.2.0 - Cross-Site Request Forgery	LOW	*-1.2.0		June 29, 2026
shortcode	shortcode	N/A	Shortcode <= 0.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.8.1		June 29, 2026

LOW

gutenify

Score: 91/100 Gutenify <= 1.5.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.5.7 Patched: 1.5.8 Updated: June 29, 2026

LOW

goodlayers-core

Score: 93/100 Goodlayers Core < 2.1.7 - Authenticated (Contributor+) Privilege Escalation Affected: [*, 2.1.7) Patched: 2.1.7 Updated: June 29, 2026

LOW

employee-spotlight

Score: 93/100 Multiple Plugins by eMarket Design <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.0 Patched: 5.1.1 Updated: June 29, 2026

LOW

Simple SEO

cds-simple-seo

Score: 92/100 Simple SEO <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.31 Patched: 2.0.32 Updated: June 29, 2026

LOW

bm-builder

Score: 93/100 BM Content Builder < 3.16.3.3 - Authenticated (Contributor+) Arbitrary File Deletion Affected: [*, 3.16.3.3) Patched: 3.16.3.3 Updated: June 29, 2026

LOW

zoloblocks

Score: N/A ZoloBlocks <= 2.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.12 Patched: 2.3.13 Updated: June 29, 2026

LOW

zoho-subscriptions

Score: N/A Zoho Billing <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1 Patched: Updated: June 29, 2026

LOW

zoho-flow

Score: N/A Zoho Flow <= 2.14.1 - Cross-Site Request Forgery Affected: *-2.14.1 Patched: 2.14.2 Updated: June 29, 2026

LOW

xili-tidy-tags

Score: N/A xili-tidy-tags <= 1.12.06 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.12.06 Patched: Updated: June 29, 2026

LOW

xili-language

Score: N/A xili-language <= 2.21.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.21.3 Patched: Updated: June 29, 2026

LOW

wte-elementor-widgets

Score: N/A WP Travel Engine <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

wpmk-pdf-generator

Score: N/A WPMK PDF Generator <= 1.0.1 - Cross-Site Request Forgery Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

wpkoi-templates-for-elementor

Score: N/A WPKoi Templates for Elementor <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.3 Patched: 3.4.4 Updated: June 29, 2026

LOW

wpematico

Score: N/A WPeMatico RSS Feed Fetcher <= 2.8.10 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-2.8.10 Patched: 2.8.11 Updated: June 29, 2026

LOW

wpdiscuz

Score: N/A wpDiscuz <= 7.6.33 - Missing Authorization Affected: *-7.6.33 Patched: 7.6.34 Updated: June 29, 2026

LOW

wpcomplete

Score: N/A WPComplete <= 2.9.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.5.2 Patched: 2.9.5.3 Updated: June 29, 2026

LOW

wpcasa

Score: N/A WPCasa <= 1.4.1 - Unauthenticated Code Injection Affected: *-1.4.1 Patched: 1.4.2 Updated: June 29, 2026

LOW

wp-widgets-shortcode

Score: N/A WordPress Widgets Shortcode <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

wp-user-frontend

Score: N/A WP User Frontend <= 4.1.12 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-4.1.12 Patched: 4.1.13 Updated: June 29, 2026

LOW

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

wp-user-frontend

Score: N/A WP User Frontend <= 4.1.12 - Missing Authorization Affected: *-4.1.12 Patched: 4.1.13 Updated: June 29, 2026

LOW

wp-team-manager

Score: N/A Team Manager <= 2.3.16 - Missing Authorization Affected: *-2.3.16 Patched: Updated: June 29, 2026

LOW

wp-tabber-widget

Score: N/A Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection Affected: *-4.0 Patched: Updated: June 29, 2026

LOW

wp-system-info

Score: N/A WP System Information <= 1.5 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

wp-subtitle

Score: N/A WP Subtitle <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: June 29, 2026

LOW

wp-sri

Score: N/A Subresource Integrity (SRI) Manager <= 0.4.0 - Missing Authorization Affected: *-0.4.0 Patched: Updated: June 29, 2026

LOW

wp-social-widget

Score: N/A WP Social Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: June 29, 2026

LOW

wp-proposals

Score: N/A WP Proposals <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

wp-members

Score: N/A WP-Members <= 3.5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.4.2 Patched: 3.5.4.3 Updated: June 29, 2026

LOW

wp-mailto-links

Score: N/A WP Mailto Links <= 3.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.4 Patched: Updated: June 29, 2026

LOW

wp-file-get-contents

Score: N/A JSM file_get_contents() Shortcode <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.1 Patched: Updated: June 29, 2026

LOW

wp-events-manager

Score: N/A WP Events Manager <= 2.2.1 - Missing Authorization Affected: *-2.2.1 Patched: 2.2.2 Updated: June 29, 2026

LOW

wp-delete-user-accounts

Score: N/A WP Delete User Accounts <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: June 29, 2026

LOW

wp-content-protection

Score: N/A WP Content Protection <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Score: 61/100 WP Compress <= 6.50.54 - Missing Authorization Affected: *-6.50.54 Patched: 6.50.55 Updated: June 29, 2026

LOW

wp-compiler

Score: N/A WP Compiler <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

wp-category-dropdown

Score: N/A WP Category Dropdown <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: June 29, 2026

LOW

wp-bitly

Score: N/A Bitly <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.4 Patched: Updated: June 29, 2026

LOW

wp-attractive-donations-system-easy-stripe-paypal-donations

Score: N/A WP Attractive Donations System < 1.29 - Cross-Site Request Forgery Affected: [*, 1.29) Patched: 1.29 Updated: June 29, 2026

LOW

wp-advanced-pdf

Score: N/A WP Advanced PDF <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: June 29, 2026

LOW

workscout-core

Score: N/A WorkScout-Core < 1.7.06 - Cross-Site Request Forgery Affected: [*, 1.7.06) Patched: 1.7.06 Updated: June 29, 2026

LOW

wooms

Score: N/A WooMS <= 9.12 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-9.12 Patched: Updated: June 29, 2026

LOW

wooms

Score: N/A WooMS <= 9.12 - Missing Authorization Affected: *-9.12 Patched: Updated: June 29, 2026

LOW

woolementor

Score: N/A CoDesigner <= 4.30 - Missing Authorization Affected: *-4.30 Patched: 4.31 Updated: June 29, 2026

LOW

woocommerce-lightbox

Score: N/A WPB Quick View for WooCommerce <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.8 Patched: 2.2 Updated: June 29, 2026

LOW

woo-quickview

Score: N/A Quick View for WooCommerce <= 2.2.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.16 Patched: 2.2.17 Updated: June 29, 2026

LOW

woo-payrexx-gateway

Score: N/A Payrexx Payment Gateway for WooCommerce <= 3.1.5 - Missing Authorization Affected: *-3.1.5 Patched: 3.1.6 Updated: June 29, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates <= 6.8.0 - Missing Authorization Affected: *-6.8.0 Patched: 6.8.1 Updated: June 29, 2026

LOW

woo-cardcom-payment-gateway

Score: N/A CardCom Payment Gateway <= 3.5.0.4 - Missing Authorization Affected: *-3.5.0.4 Patched: Updated: June 29, 2026

LOW

woo-additional-fees-on-checkout-wordpress

Score: N/A WooCommerce Additional Fees On Checkout (Free) <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: June 29, 2026

LOW

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.25 - Unauthenticated Sensitive Information Exposure Affected: *-2.6.25 Patched: 2.6.26 Updated: June 29, 2026

LOW

website-chat-button-kommo-integration

Score: N/A Website Chat Button: Kommo integration <= 1.3.1 - Missing Authorization Affected: *-1.3.1 Patched: Updated: June 29, 2026

LOW

website-builder

Score: N/A Draft <= 3.0.9 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.0.9 Patched: Updated: June 29, 2026

LOW

wc-shipos-delivery

Score: N/A Deliver via Shipos for WooCommerce <= 3.0.2 - Cross-Site Request Forgery Affected: *-3.0.2 Patched: 3.1.0 Updated: June 29, 2026

LOW

wc-sales-count-manager

Score: N/A Sales Count Manager for WooCommerce <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.5 Patched: Updated: June 29, 2026

LOW

voucherpress

Score: N/A VoucherPress <= 1.5.7 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: June 29, 2026

LOW

vikrestaurants

Score: N/A VikRestaurants Table Reservations and Take-Away <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.5.1 Updated: June 29, 2026

LOW

vikrestaurants

Score: N/A VikRestaurants Table Reservations and Take-Away <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: June 29, 2026

LOW

verowa-connect

Score: N/A Verowa Connect <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.3 Patched: 3.3.0 Updated: June 29, 2026

LOW

v-form

Score: N/A VPSUForm <= 3.2.20 - Missing Authorization Affected: *-3.2.20 Patched: 3.2.21 Updated: June 29, 2026

LOW

Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.

upsell-order-bump-offer-for-woocommerce

Score: N/A Upsell Order Bump Offer for WooCommerce <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.7 Patched: 3.0.8 Updated: June 29, 2026

LOW

upcoming-events-lists

Score: N/A Upcoming Events Lists <= 1.4.0 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-1.4.0 Patched: Updated: June 29, 2026

LOW

uni-woo-custom-product-options-premium

Score: N/A Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file' Affected: *-4.9.55 Patched: 4.9.56 Updated: June 29, 2026

LOW

uncanny-learndash-toolkit

Score: N/A Uncanny Toolkit for LearnDash <= 3.7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0.3 Patched: 3.7.0.4 Updated: June 29, 2026

LOW

ultimate-wp-mail

Score: N/A Ultimate WP Mail <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.8 Patched: 1.3.9 Updated: June 29, 2026

LOW

ultimate-watermark

Score: N/A Ultimate Watermark <= 1.1 - Missing Authorization Affected: *-1.1 Patched: 1.1.1 Updated: June 29, 2026

LOW

ultimate-store-kit

Score: N/A Ultimate Store Kit Elementor Addons <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.6 Patched: 2.8.7 Updated: June 29, 2026

LOW

uk-address-postcode-validation

Score: N/A UK Address Postcode Validation <= 3.9.2 - Unauthenticated Sensitive Information Exposure Affected: *-3.9.2 Patched: 3.10.0 Updated: June 29, 2026

LOW

tz-plus-gallery

Score: N/A TZ PlusGallery <= 1.5.5 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.5.5 Patched: Updated: June 29, 2026

LOW

trustpilot-reviews

Score: N/A Trustpilot Reviews <= 2.5.925 - Missing Authorization Affected: *-2.5.925 Patched: 3.6.0 Updated: June 29, 2026

LOW

travelmap-blog

Score: N/A Travel Map <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: 1.0.4 Updated: June 29, 2026

LOW

tochat-be

Score: N/A TOCHAT.BE <= 1.3.4 - Cross-Site Request Forgery Affected: *-1.3.4 Patched: Updated: June 29, 2026

LOW

tlp-team

Score: N/A Team <= 5.0.6 - Missing Authorization Affected: *-5.0.6 Patched: 5.0.7 Updated: June 29, 2026

LOW

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist <= 2.10.0 - Missing Authorization Affected: *-2.10.0 Patched: 2.11.0 Updated: June 29, 2026

LOW

theatre

Score: N/A Theater for WordPress <= 0.18.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.18.8 Patched: 0.19 Updated: June 29, 2026

LOW

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor <= 6.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-6.3.15 Patched: 6.3.16 Updated: June 29, 2026

LOW

the-casengo-chat-widget

Score: N/A Casengo Live Chat Support <= 2.1.4 - Cross-Site Request Forgery Affected: *-2.1.4 Patched: Updated: June 29, 2026

LOW

text-to-audio

Score: N/A Text To Speech TTS Accessibility <= 1.9.30 - Missing Authorization Affected: *-1.9.30 Patched: 1.9.31 Updated: June 29, 2026

LOW

termageddon-usercentrics

Score: N/A Termageddon: Cookie Consent & Privacy Compliance <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.1 Patched: 1.8.2 Updated: June 29, 2026

LOW

tapfiliate

Score: N/A Tapfiliate <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.2 Patched: 3.2.3 Updated: June 29, 2026

LOW

sweet-energy-efficiency

Score: N/A Sweet Energy Efficiency <= 1.0.8 - Cross-Site Request Forgery Affected: *-1.0.8 Patched: 1.0.9 Updated: June 29, 2026

LOW

sv-provenexpert

Score: N/A SV Proven Expert <= 2.0.06 - Cross-Site Request Forgery Affected: *-2.0.06 Patched: Updated: June 29, 2026

LOW

support-ticket-system-for-woocommerce

Score: N/A Helpdesk Support Ticket System for WooCommerce <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: 2.1.2 Updated: June 29, 2026

LOW

stonehenge-em-osm

Score: N/A Events Manager – OpenStreetMaps <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: Updated: June 29, 2026

LOW

stock-message

Score: N/A Stock Message <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: Updated: June 29, 2026

LOW

sticky-header-effects-for-elementor

Score: N/A Sticky Header Effects for Elementor <= 2.1.3 - Missing Authorization Affected: *-2.1.2 Patched: 2.1.3 Updated: June 29, 2026

LOW

sql-chart-builder

Score: N/A SQL Chart Builder <= 2.3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.7.2 Patched: Updated: June 29, 2026

LOW

social-pug

Score: N/A Hubbub Lite <= 1.35.1 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-1.35.1 Patched: 1.36.0 Updated: June 29, 2026

LOW

snapwidget-wp-instagram-widget

Score: N/A SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 29, 2026

LOW

smart-blocks

Score: N/A Smart Blocks <= 2.4 - Missing Authorization Affected: *-2.4 Patched: 2.5 Updated: June 29, 2026

LOW

slightly-troublesome-permalink

Score: N/A Slightly troublesome permalink <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

skyword-plugin

Score: N/A Skyword API Plugin <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.3 Patched: Updated: June 29, 2026

LOW

skimlinks

Score: N/A Skimlinks Affiliate Marketing Tool <= 1.3 - Missing Authorization Affected: *-1.3 Patched: 1.3.1 Updated: June 29, 2026

LOW

skimlinks

Score: N/A Skimlinks Affiliate Marketing Tool <= 1.3 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

sitespeaker-widget

Score: N/A SiteNarrator Text-to-Speech Widget <= 1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: June 29, 2026

LOW

sitekit

Score: N/A Sitekit <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

simple-restaurant-menu

Score: N/A Simple Restaurant Menu <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

simple-jwt-login

Score: N/A Simple JWT Login <= 3.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.4 Patched: 3.6.5 Updated: June 29, 2026

LOW

shrinktheweb-website-preview-plugin

Score: N/A ShrinkTheWeb (STW) Website Previews <= 2.8.5 - Cross-Site Request Forgery Affected: *-2.8.5 Patched: Updated: June 29, 2026

LOW

show-pages-list

Score: N/A Show Pages List <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

shortcode

Score: N/A Shortcode <= 0.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.8.1 Patched: Updated: June 29, 2026

Showing 6101 to 6200 of 36231 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 18:57 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List