Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36194

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
penci-recipe	penci-recipe	N/A	Penci Recipe <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.0	4.1	June 29, 2026
penci-portfolio	penci-portfolio	N/A	Penci Portfolio <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5	3.6	June 29, 2026
penci-podcast	penci-podcast	N/A	Penci Podcast <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6	1.7	June 29, 2026
penci-filter-everything	penci-filter-everything	N/A	Penci Filter Everything < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 1.7)	1.7	June 29, 2026
pdpa-thailand	pdpa-thailand	N/A	Designil PDPA Thailand <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 29, 2026
payos	payos	N/A	payOS <= 1.0.61 - Cross-Site Request Forgery	LOW	*-1.0.61		June 29, 2026
participants-database	participants-database	N/A	Participants Database <= 2.7.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.6.3	2.7.7	June 29, 2026
page-list	page-list	N/A	Page-list <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.8	5.9	June 29, 2026
oshine-core	oshine-core	N/A	Oshine Core <= 1.5.5 - Missing Authorization	LOW	*-1.5.5		June 29, 2026
open-user-map	open-user-map	N/A	Open User Map <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.14	1.4.15	June 29, 2026
online-booking-engine	online-booking-engine	N/A	eZee Online Hotel Booking Engine <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
ongkoskirim-id	ongkoskirim-id	N/A	Ongkoskirim.id <= 1.0.6 - Missing Authorization	LOW	*-1.0.6		June 29, 2026
Frontend File Manager Plugin	nmedia-user-file-uploader	86	Frontend File Manager <= 23.2 - Missing Authorization	LOW	*-23.2	23.4	June 29, 2026
nix-anti-spam-light	nix-anti-spam-light	N/A	NIX Anti-Spam Light <= 0.0.4 - Cross-Site Request Forgery	LOW	*-0.0.4		June 29, 2026
ngg-smart-image-search	ngg-smart-image-search	N/A	NGG Smart Image Search <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.3		June 29, 2026
nextend-facebook-connect	nextend-facebook-connect	N/A	Nextend Facebook Connect <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.19	3.1.20	June 29, 2026
mobi2go	mobi2go	N/A	Mobi2Go <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
mihdan-no-external-links	mihdan-no-external-links	N/A	No External Links <= 5.1.6.2 - Cross-Site Request Forgery	LOW	*-5.1.6.2	5.1.7	June 29, 2026
metasync	metasync	N/A	Search Atlas SEO <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.5.4	2.5.5	June 29, 2026
memberful-wp	memberful-wp	93	Memberful <= 1.75.0 - Missing Authorization	LOW	*-1.75.0	1.76.0	June 29, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.28 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.28	3.29	June 29, 2026
maxi-blocks	maxi-blocks	93	MaxiBlocks <= 2.1.3 - Missing Authorization	LOW	*-2.1.3	2.1.4	June 29, 2026
mavis-https-to-http-redirect	mavis-https-to-http-redirect	91	Mavis HTTPS to HTTP Redirection <= 1.4.3 - Cross-Site Request Forgery	LOW	*-1.4.3		June 29, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.6.20 - Authenticated (Subscriber+) Race Condition to Multiple Reviews	LOW	*-3.6.20	3.6.21	June 29, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.6.20 - Missing Authorization	LOW	*-3.6.20	3.6.21	June 29, 2026
Master Slider – Responsive Touch Slider	master-slider	86	Master Slider <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.11.1	3.11.2	June 29, 2026
marketking-multivendor-marketplace-for-woocommerce	marketking-multivendor-marketplace-for-woocommerce	93	MarketKing <= 2.0.92 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.92	2.1.00	June 29, 2026
maps-for-wp	maps-for-wp	91	Maps for WP <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.5		June 29, 2026
makestories-helper	makestories-helper	91	MakeStories (for Google Web Stories) <= 3.0.4 - Authenticated (Author+) Server-Side Request Forgery	LOW	*-3.0.4		June 29, 2026
make-column-clickable-elementor	make-column-clickable-elementor	93	Make Column Clickable Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.0	1.6.1	June 29, 2026
mail-subscribe-list	mail-subscribe-list	91	Mail Subscribe List <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.10		June 29, 2026
mail-mint	mail-mint	93	Mail Mint <= 1.18.6 - Authenticated (Administrator+) SQL Injection	LOW	*-1.18.6	1.18.7	June 29, 2026
mail-baby-smtp	mail-baby-smtp	93	Mail Baby SMTP <= 2.8 - Cross-Site Request Forgery	LOW	*-2.8	3.2.12	June 29, 2026
m2wp	m2wp	91	Magento 2 WordPress Integration <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.1		June 29, 2026
lws-affiliation	lws-affiliation	91	LWS Affiliation <= 2.3.6 - Cross-Site Request Forgery	LOW	*-2.3.6		June 29, 2026
logo-showcase	logo-showcase	93	Logo Showcase <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.0.2	4.0.3	June 29, 2026
login-logout	login-logout	91	Login-Logout <= 3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.8		June 29, 2026
listingpro-reviews	listingpro-reviews	93	ListingPro Reviews < 2.9.11 - Missing Authorization	LOW	[*, 2.9.11)	2.9.11	June 29, 2026
list-child-pages-shortcode	list-child-pages-shortcode	93	List Child Pages Shortcode <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.1	1.4.0	June 29, 2026
linkedinclude	linkedinclude	91	LinkedInclude <= 3.0.4 - Cross-Site Request Forgery	LOW	*-3.0.4		June 29, 2026
library-bookshelves	library-bookshelves	91	Library Bookshelves <= 5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.11		June 29, 2026
Custom Block Builder – Lazy Blocks	lazy-blocks	96	Lazy Blocks <= 4.1.0 - Missing Authorization	LOW	*-4.1.0	4.1.1	June 29, 2026
last-updated-shortcode	last-updated-shortcode	91	Last Updated Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
kama-clic-counter	kama-clic-counter	93	Kama Click Counter <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.0.4	4.1.0	June 29, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core <= 4.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.11.0	4.11.1	June 29, 2026
js-jobs	js-jobs	81	JS Job Manager <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.2		June 29, 2026
javo-core	javo-core	86	Javo Core <= 3.0.0.266 - Missing Authorization	LOW	*-3.0.0.266		June 29, 2026
ip-based-login	ip-based-login	93	IP Based Login <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.4.3	2.4.4	June 29, 2026
invition-print-ship	invition-print-ship	89	Printeers Print & Ship <= 1.17.0 - Cross-Site Request Forgery	LOW	*-1.17.0		June 29, 2026
interactive-3d-flipbook-powered-physics-engine	interactive-3d-flipbook-powered-physics-engine	93	3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.16 - Unauthenticated Sensitive Information Exposure	LOW	*-1.16.16	1.16.17	June 29, 2026
interact-quiz-embed	interact-quiz-embed	93	Interact: Embed A Quiz On Your Site <= 3.1 - Cross-Site Request Forgery	LOW	*-3.1	3.2	June 29, 2026
immonex-kickstart-team	immonex-kickstart-team	93	immonex Kickstart Team <= 1.6.9 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.6.9	1.7.0	June 29, 2026
image-hover-effects-addon-for-elementor	image-hover-effects-addon-for-elementor	91	Image Hover Effects – Elementor Addon <= 1.4.4 - Missing Authorization	LOW	*-1.4.4		June 29, 2026
image-editor-by-pixo	image-editor-by-pixo	91	Image Editor by Pixo <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.8		June 29, 2026
image-compare-block	image-compare-block	91	Beaf <= 1.6.2 - Authenticated (Admin+) Server-Side Request Forgery	LOW	*-1.6.2		June 29, 2026
ibtana-visual-editor	ibtana-visual-editor	91	Ibtana <= 1.2.5.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion	LOW	*-1.2.5.3	1.2.5.4	June 29, 2026
ht-mega-for-wpbakery	ht-mega-for-wpbakery	93	HT Mega – Absolute Addons for WPBakery Page Builder <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.9	1.1.0	June 29, 2026
horizontal-slider	horizontal-slider	91	HORIZONTAL SLIDER <= 2.4 - Cross-Site Request Forgery	LOW	*-2.4		June 29, 2026
highlight-and-share	highlight-and-share	93	Highlight and Share – Social Text and Image Sharing <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.1.1	5.2.0	June 29, 2026
hide-wp-toolbar	hide-wp-toolbar	91	Hide WP Toolbar <= 2.7 - Missing Authorization	LOW	*-2.7		June 29, 2026
heureka	heureka	91	Heureka <= 1.1.0 - Missing Authorization	LOW	*-1.1.0		June 29, 2026
helpie-faq	helpie-faq	93	Helpie FAQ <= 1.45 - Unauthenticated Sensitive Information Exposure	LOW	*-1.45	1.46	June 29, 2026
gutentor	gutentor	91	Gutentor <= 3.5.2 - Missing Authorization	LOW	*-3.5.2	3.5.3	June 29, 2026
gutenkit-blocks-addon	gutenkit-blocks-addon	93	GutenKit <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.2	2.4.3	June 29, 2026
grid	grid	93	Grid <= 2.3.1 - Cross-Site Request Forgery	LOW	*-2.3.1	2.3.2	June 29, 2026
gravitate-automated-tester	gravitate-automated-tester	91	Gravitate Automated Tester <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.5		June 29, 2026
goracash	goracash	91	Goracash <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
gianism	gianism	91	Gianism <= 5.2.2 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-5.2.2		June 29, 2026
ghl-wizard	ghl-wizard	91	LC Wizard <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.0		June 29, 2026
gf-infusionsoft	gf-infusionsoft	93	WP Gravity Forms Keap/Infusionsoft <= 1.2.6 - Open Redirect	LOW	*-1.2.6	1.2.7	June 29, 2026
getwid	getwid	93	Getwid <= 2.1.2 - Authenticated (Contributor+) Sensitive Information Exposure	LOW	*-2.1.2	2.1.3	June 29, 2026
getresponse	getresponse	93	GetResponse Forms <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.6.0	2.6.1	June 29, 2026
geoip-detect	geoip-detect	93	Geolocation IP Detection <= 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.5.0	5.6.0	June 29, 2026
genesis-club-lite	genesis-club-lite	91	Genesis Club Lite <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.17		June 29, 2026
genealogical-tree	genealogical-tree	91	Genealogical Tree <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.5		June 29, 2026
gd-bbpress-tools	gd-bbpress-tools	93	GD bbPress Tools <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5.3	4.0	June 29, 2026
gallery-photo-gallery	gallery-photo-gallery	93	Photo Gallery by Ays <= 6.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.3.8	6.3.9	June 29, 2026
gallery-lightbox-slider	gallery-lightbox-slider	93	Gallery Lightbox <= 1.0.0.41 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0.41	1.0.0.43	June 29, 2026
fusion-extension-gallery	fusion-extension-gallery	93	Fusion Page Builder : Extension - Gallery <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.6	1.7.7	June 29, 2026
full-site-builder-for-elementor	full-site-builder-for-elementor	91	StylePress for Elementor <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.1		June 29, 2026
front-end-only-users	front-end-only-users	89	Front End Users <= 3.2.33 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.33		June 29, 2026
form-generator-powered-by-jotform	form-generator-powered-by-jotform	91	Form Generator for WordPress <= 1.52 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.52		June 29, 2026
force-update-translations	force-update-translations	93	Force Update Translations <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5	0.6.0	June 29, 2026
flexible-invoices	flexible-invoices	93	Flexible PDF Invoices for WooCommerce & WordPress <= 6.0.13 - Cross-Site Request Forgery	LOW	*-6.0.13	6.0.14	June 29, 2026
flexible-faq	flexible-faq	91	Flexible FAQ <= 0.2 - Cross-Site Request Forgery	LOW	*-0.2		June 29, 2026
fastly	fastly	93	Fastly <= 1.2.28 - Cross-Site Request Forgery	LOW	*-1.2.28	1.2.29	June 29, 2026
extended-widget-options	extended-widget-options	93	Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.2.1	5.2.2	June 29, 2026
event-rocket	event-rocket	91	Event Rocket <= 3.3 - Missing Authorization	LOW	*-3.3		June 29, 2026
estonian-shipping-methods-for-woocommerce	estonian-shipping-methods-for-woocommerce	91	Estonian Shipping Methods for WooCommerce <= 1.7.2 - Unauthenticated Sensitive Information Exposure	LOW	*-1.7.2		June 29, 2026
Epeken All Kurir for Woocommerce	epeken-all-kurir	67	Epeken All Kurir <= 2.0.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting	LOW	*-2.0.2		June 29, 2026
emergency-password-reset	emergency-password-reset	93	Emergency Password Reset <= 9.3 - Cross-Site Request Forgery	LOW	*-9.3	9.4	June 29, 2026
editor-custom-color-palette	editor-custom-color-palette	91	Editor Custom Color Palette <= 3.4.8 - Missing Authorization	LOW	*-3.4.8		June 29, 2026
easy-quotes	easy-quotes	93	Easy Quotes <= 1.2.4 - Missing Authorization	LOW	*-1.2.4	1.2.5	June 29, 2026
easy-pricing-table-wp	easy-pricing-table-wp	91	Easy Pricing Table WP <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.1.3		June 29, 2026
easy-hotel	easy-hotel	91	Easy Hotel Booking <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.6	1.9.7	June 29, 2026
easy-elementor-addons	easy-elementor-addons	93	Easy Elementor Addons <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.2.8	2.2.9	June 29, 2026
e-namad-shamed-logo-manager	e-namad-shamed-logo-manager	91	E-namad & Shamed Logo Manager <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2		June 29, 2026
double-the-donation	double-the-donation	93	Double the Donation <= 2.0.0 - Cross-Site Request Forgery	LOW	*-2.0.0	3.0.0	June 29, 2026
double-the-donation	double-the-donation	93	Double the Donation <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.0	3.0.0	June 29, 2026
doliconnect	doliconnect	93	Doliconnect <= 9.5.7 - Cross-Site Request Forgery	LOW	*-9.5.7	9.6.2	June 29, 2026

LOW

penci-recipe

Score: N/A Penci Recipe <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: June 29, 2026

LOW

penci-portfolio

Score: N/A Penci Portfolio <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5 Patched: 3.6 Updated: June 29, 2026

LOW

penci-podcast

Score: N/A Penci Podcast <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: June 29, 2026

LOW

penci-filter-everything

Score: N/A Penci Filter Everything < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 1.7) Patched: 1.7 Updated: June 29, 2026

LOW

pdpa-thailand

Score: N/A Designil PDPA Thailand <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

payos

Score: N/A payOS <= 1.0.61 - Cross-Site Request Forgery Affected: *-1.0.61 Patched: Updated: June 29, 2026

LOW

participants-database

Score: N/A Participants Database <= 2.7.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.6.3 Patched: 2.7.7 Updated: June 29, 2026

LOW

page-list

Score: N/A Page-list <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.8 Patched: 5.9 Updated: June 29, 2026

LOW

oshine-core

Score: N/A Oshine Core <= 1.5.5 - Missing Authorization Affected: *-1.5.5 Patched: Updated: June 29, 2026

LOW

open-user-map

Score: N/A Open User Map <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.14 Patched: 1.4.15 Updated: June 29, 2026

LOW

online-booking-engine

Score: N/A eZee Online Hotel Booking Engine <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

ongkoskirim-id

Score: N/A Ongkoskirim.id <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 23.2 - Missing Authorization Affected: *-23.2 Patched: 23.4 Updated: June 29, 2026

LOW

nix-anti-spam-light

Score: N/A NIX Anti-Spam Light <= 0.0.4 - Cross-Site Request Forgery Affected: *-0.0.4 Patched: Updated: June 29, 2026

LOW

ngg-smart-image-search

Score: N/A NGG Smart Image Search <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.3 Patched: Updated: June 29, 2026

LOW

nextend-facebook-connect

Score: N/A Nextend Facebook Connect <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.19 Patched: 3.1.20 Updated: June 29, 2026

LOW

mobi2go

Score: N/A Mobi2Go <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

mihdan-no-external-links

Score: N/A No External Links <= 5.1.6.2 - Cross-Site Request Forgery Affected: *-5.1.6.2 Patched: 5.1.7 Updated: June 29, 2026

LOW

metasync

Score: N/A Search Atlas SEO <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.4 Patched: 2.5.5 Updated: June 29, 2026

LOW

memberful-wp

Score: 93/100 Memberful <= 1.75.0 - Missing Authorization Affected: *-1.75.0 Patched: 1.76.0 Updated: June 29, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.28 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.28 Patched: 3.29 Updated: June 29, 2026

LOW

maxi-blocks

Score: 93/100 MaxiBlocks <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: 2.1.4 Updated: June 29, 2026

LOW

mavis-https-to-http-redirect

Score: 91/100 Mavis HTTPS to HTTP Redirection <= 1.4.3 - Cross-Site Request Forgery Affected: *-1.4.3 Patched: Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.6.20 - Authenticated (Subscriber+) Race Condition to Multiple Reviews Affected: *-3.6.20 Patched: 3.6.21 Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.6.20 - Missing Authorization Affected: *-3.6.20 Patched: 3.6.21 Updated: June 29, 2026

LOW

Master Slider – Responsive Touch Slider

master-slider

Score: 86/100 Master Slider <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.11.1 Patched: 3.11.2 Updated: June 29, 2026

LOW

marketking-multivendor-marketplace-for-woocommerce

Score: 93/100 MarketKing <= 2.0.92 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.92 Patched: 2.1.00 Updated: June 29, 2026

LOW

maps-for-wp

Score: 91/100 Maps for WP <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: June 29, 2026

LOW

makestories-helper

Score: 91/100 MakeStories (for Google Web Stories) <= 3.0.4 - Authenticated (Author+) Server-Side Request Forgery Affected: *-3.0.4 Patched: Updated: June 29, 2026

LOW

make-column-clickable-elementor

Score: 93/100 Make Column Clickable Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.6.1 Updated: June 29, 2026

LOW

mail-subscribe-list

Score: 91/100 Mail Subscribe List <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.10 Patched: Updated: June 29, 2026

LOW

mail-mint

Score: 93/100 Mail Mint <= 1.18.6 - Authenticated (Administrator+) SQL Injection Affected: *-1.18.6 Patched: 1.18.7 Updated: June 29, 2026

LOW

mail-baby-smtp

Score: 93/100 Mail Baby SMTP <= 2.8 - Cross-Site Request Forgery Affected: *-2.8 Patched: 3.2.12 Updated: June 29, 2026

LOW

m2wp

Score: 91/100 Magento 2 WordPress Integration <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: June 29, 2026

LOW

lws-affiliation

Score: 91/100 LWS Affiliation <= 2.3.6 - Cross-Site Request Forgery Affected: *-2.3.6 Patched: Updated: June 29, 2026

LOW

logo-showcase

Score: 93/100 Logo Showcase <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.2 Patched: 4.0.3 Updated: June 29, 2026

LOW

login-logout

Score: 91/100 Login-Logout <= 3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.8 Patched: Updated: June 29, 2026

LOW

listingpro-reviews

Score: 93/100 ListingPro Reviews < 2.9.11 - Missing Authorization Affected: [*, 2.9.11) Patched: 2.9.11 Updated: June 29, 2026

LOW

list-child-pages-shortcode

Score: 93/100 List Child Pages Shortcode <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.4.0 Updated: June 29, 2026

LOW

linkedinclude

Score: 91/100 LinkedInclude <= 3.0.4 - Cross-Site Request Forgery Affected: *-3.0.4 Patched: Updated: June 29, 2026

LOW

library-bookshelves

Score: 91/100 Library Bookshelves <= 5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.11 Patched: Updated: June 29, 2026

LOW

Custom Block Builder – Lazy Blocks

lazy-blocks

Score: 96/100 Lazy Blocks <= 4.1.0 - Missing Authorization Affected: *-4.1.0 Patched: 4.1.1 Updated: June 29, 2026

LOW

last-updated-shortcode

Score: 91/100 Last Updated Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

kama-clic-counter

Score: 93/100 Kama Click Counter <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.4 Patched: 4.1.0 Updated: June 29, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core <= 4.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.11.0 Patched: 4.11.1 Updated: June 29, 2026

LOW

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 29, 2026

LOW

javo-core

Score: 86/100 Javo Core <= 3.0.0.266 - Missing Authorization Affected: *-3.0.0.266 Patched: Updated: June 29, 2026

LOW

ip-based-login

Score: 93/100 IP Based Login <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.3 Patched: 2.4.4 Updated: June 29, 2026

LOW

invition-print-ship

Score: 89/100 Printeers Print & Ship <= 1.17.0 - Cross-Site Request Forgery Affected: *-1.17.0 Patched: Updated: June 29, 2026

LOW

interactive-3d-flipbook-powered-physics-engine

Score: 93/100 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.16 - Unauthenticated Sensitive Information Exposure Affected: *-1.16.16 Patched: 1.16.17 Updated: June 29, 2026

LOW

interact-quiz-embed

Score: 93/100 Interact: Embed A Quiz On Your Site <= 3.1 - Cross-Site Request Forgery Affected: *-3.1 Patched: 3.2 Updated: June 29, 2026

LOW

immonex-kickstart-team

Score: 93/100 immonex Kickstart Team <= 1.6.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.6.9 Patched: 1.7.0 Updated: June 29, 2026

LOW

image-hover-effects-addon-for-elementor

Score: 91/100 Image Hover Effects – Elementor Addon <= 1.4.4 - Missing Authorization Affected: *-1.4.4 Patched: Updated: June 29, 2026

LOW

image-editor-by-pixo

Score: 91/100 Image Editor by Pixo <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.8 Patched: Updated: June 29, 2026

LOW

image-compare-block

Score: 91/100 Beaf <= 1.6.2 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-1.6.2 Patched: Updated: June 29, 2026

LOW

ibtana-visual-editor

Score: 91/100 Ibtana <= 1.2.5.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion Affected: *-1.2.5.3 Patched: 1.2.5.4 Updated: June 29, 2026

LOW

ht-mega-for-wpbakery

Score: 93/100 HT Mega – Absolute Addons for WPBakery Page Builder <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: June 29, 2026

LOW

horizontal-slider

Score: 91/100 HORIZONTAL SLIDER <= 2.4 - Cross-Site Request Forgery Affected: *-2.4 Patched: Updated: June 29, 2026

LOW

highlight-and-share

Score: 93/100 Highlight and Share – Social Text and Image Sharing <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.1 Patched: 5.2.0 Updated: June 29, 2026

LOW

hide-wp-toolbar

Score: 91/100 Hide WP Toolbar <= 2.7 - Missing Authorization Affected: *-2.7 Patched: Updated: June 29, 2026

LOW

heureka

Score: 91/100 Heureka <= 1.1.0 - Missing Authorization Affected: *-1.1.0 Patched: Updated: June 29, 2026

LOW

helpie-faq

Score: 93/100 Helpie FAQ <= 1.45 - Unauthenticated Sensitive Information Exposure Affected: *-1.45 Patched: 1.46 Updated: June 29, 2026

LOW

gutentor

Score: 91/100 Gutentor <= 3.5.2 - Missing Authorization Affected: *-3.5.2 Patched: 3.5.3 Updated: June 29, 2026

LOW

gutenkit-blocks-addon

Score: 93/100 GutenKit <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.2 Patched: 2.4.3 Updated: June 29, 2026

LOW

grid

Score: 93/100 Grid <= 2.3.1 - Cross-Site Request Forgery Affected: *-2.3.1 Patched: 2.3.2 Updated: June 29, 2026

LOW

gravitate-automated-tester

Score: 91/100 Gravitate Automated Tester <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: June 29, 2026

LOW

goracash

Score: 91/100 Goracash <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

gianism

Score: 91/100 Gianism <= 5.2.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-5.2.2 Patched: Updated: June 29, 2026

LOW

ghl-wizard

Score: 91/100 LC Wizard <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: June 29, 2026

LOW

gf-infusionsoft

Score: 93/100 WP Gravity Forms Keap/Infusionsoft <= 1.2.6 - Open Redirect Affected: *-1.2.6 Patched: 1.2.7 Updated: June 29, 2026

LOW

getwid

Score: 93/100 Getwid <= 2.1.2 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-2.1.2 Patched: 2.1.3 Updated: June 29, 2026

LOW

getresponse

Score: 93/100 GetResponse Forms <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: 2.6.1 Updated: June 29, 2026

LOW

geoip-detect

Score: 93/100 Geolocation IP Detection <= 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.5.0 Patched: 5.6.0 Updated: June 29, 2026

LOW

genesis-club-lite

Score: 91/100 Genesis Club Lite <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.17 Patched: Updated: June 29, 2026

LOW

genealogical-tree

Score: 91/100 Genealogical Tree <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.5 Patched: Updated: June 29, 2026

LOW

gd-bbpress-tools

Score: 93/100 GD bbPress Tools <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.3 Patched: 4.0 Updated: June 29, 2026

LOW

gallery-photo-gallery

Score: 93/100 Photo Gallery by Ays <= 6.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.3.8 Patched: 6.3.9 Updated: June 29, 2026

LOW

gallery-lightbox-slider

Score: 93/100 Gallery Lightbox <= 1.0.0.41 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0.41 Patched: 1.0.0.43 Updated: June 29, 2026

LOW

fusion-extension-gallery

Score: 93/100 Fusion Page Builder : Extension - Gallery <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.6 Patched: 1.7.7 Updated: June 29, 2026

LOW

full-site-builder-for-elementor

Score: 91/100 StylePress for Elementor <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

front-end-only-users

Score: 89/100 Front End Users <= 3.2.33 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.33 Patched: Updated: June 29, 2026

LOW

form-generator-powered-by-jotform

Score: 91/100 Form Generator for WordPress <= 1.52 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.52 Patched: Updated: June 29, 2026

LOW

force-update-translations

Score: 93/100 Force Update Translations <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: 0.6.0 Updated: June 29, 2026

LOW

flexible-invoices

Score: 93/100 Flexible PDF Invoices for WooCommerce & WordPress <= 6.0.13 - Cross-Site Request Forgery Affected: *-6.0.13 Patched: 6.0.14 Updated: June 29, 2026

LOW

flexible-faq

Score: 91/100 Flexible FAQ <= 0.2 - Cross-Site Request Forgery Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

fastly

Score: 93/100 Fastly <= 1.2.28 - Cross-Site Request Forgery Affected: *-1.2.28 Patched: 1.2.29 Updated: June 29, 2026

LOW

extended-widget-options

Score: 93/100 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2.1 Patched: 5.2.2 Updated: June 29, 2026

LOW

event-rocket

Score: 91/100 Event Rocket <= 3.3 - Missing Authorization Affected: *-3.3 Patched: Updated: June 29, 2026

LOW

estonian-shipping-methods-for-woocommerce

Score: 91/100 Estonian Shipping Methods for WooCommerce <= 1.7.2 - Unauthenticated Sensitive Information Exposure Affected: *-1.7.2 Patched: Updated: June 29, 2026

LOW

Epeken All Kurir for Woocommerce

epeken-all-kurir

Score: 67/100 Epeken All Kurir <= 2.0.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 29, 2026

LOW

emergency-password-reset

Score: 93/100 Emergency Password Reset <= 9.3 - Cross-Site Request Forgery Affected: *-9.3 Patched: 9.4 Updated: June 29, 2026

LOW

editor-custom-color-palette

Score: 91/100 Editor Custom Color Palette <= 3.4.8 - Missing Authorization Affected: *-3.4.8 Patched: Updated: June 29, 2026

LOW

easy-quotes

Score: 93/100 Easy Quotes <= 1.2.4 - Missing Authorization Affected: *-1.2.4 Patched: 1.2.5 Updated: June 29, 2026

LOW

easy-pricing-table-wp

Score: 91/100 Easy Pricing Table WP <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.3 Patched: Updated: June 29, 2026

LOW

easy-hotel

Score: 91/100 Easy Hotel Booking <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.6 Patched: 1.9.7 Updated: June 29, 2026

LOW

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.8 Patched: 2.2.9 Updated: June 29, 2026

LOW

e-namad-shamed-logo-manager

Score: 91/100 E-namad & Shamed Logo Manager <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: June 29, 2026

LOW

double-the-donation

Score: 93/100 Double the Donation <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: 3.0.0 Updated: June 29, 2026

LOW

double-the-donation

Score: 93/100 Double the Donation <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 3.0.0 Updated: June 29, 2026

LOW

doliconnect

Score: 93/100 Doliconnect <= 9.5.7 - Cross-Site Request Forgery Affected: *-9.5.7 Patched: 9.6.2 Updated: June 29, 2026

Showing 6201 to 6300 of 36194 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 17:34 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List