Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36190

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
developer	developer	91	Developer <= 1.2.6 - Cross-Site Request Forgery	LOW	*-1.2.6		June 29, 2026
dethemekit-for-elementor	dethemekit-for-elementor	89	DethemeKit For Elementor <= 2.1.10 - Missing Authorization	LOW	*-2.1.10		June 29, 2026
delucks-seo	delucks-seo	89	DELUCKS SEO <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.0		June 29, 2026
dashboard-notepad	dashboard-notepad	91	Dashboard Notepad <= 1.42 - Cross-Site Request Forgery	LOW	*-1.42		June 29, 2026
custom-post-types-image	custom-post-types-image	91	Custom Post Type Images <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5		June 29, 2026
custom-login-url	custom-login-url	93	Custom Login URL <= 1.0.2 - Missing Authorization	LOW	*-1.0.2	1.0.3	June 29, 2026
custom-iframe	custom-iframe	93	Custom iFrame for Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.13	1.0.14	June 29, 2026
current-age	current-age	93	Current Age Plugin <= 1.6 - Cross-Site Request Forgery	LOW	*-1.6	1.7	June 29, 2026
CubeWP Framework	cubewp-framework	74	CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.26	1.1.27	June 29, 2026
cp-multi-view-calendar	cp-multi-view-calendar	91	CP Multi View Event Calendar <= 1.4.36 - Missing Authorization	LOW	*-1.4.36	1.4.37	June 29, 2026
cozy-addons	cozy-addons	93	Cozy Blocks <= 2.1.29 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-2.1.29	2.1.30	June 29, 2026
coordinadora	coordinadora	91	Envíos Coordinadora Woocommerce <= 1.1.31 - Unauthenticated Sensitive Information Exposure	LOW	*-1.1.31		June 29, 2026
Translate WordPress with ConveyThis – AI Multilingual Plugin	conveythis-translate	86	Language Translate Widget for WordPress – ConveyThis <= 269.1 - Authenticated (Administrator+) PHP Object Injection	LOW	*-269.1	269.2	June 29, 2026
content-protector	content-protector	93	Passster <= 4.2.18 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.2.18	4.2.19	June 29, 2026
content-mask	content-mask	93	Content Mask <= 1.8.5.3 - Authenticated (Author+) Insecure Direct Object Reference	LOW	*-1.8.5.3	1.8.5.4	June 29, 2026
content-mask	content-mask	93	Content Mask <= 1.8.5.2 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-1.8.5.2	1.8.5.3	June 29, 2026
compact-archives	compact-archives	93	Compact Archives <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1.0	4.1.1	June 29, 2026
colibri-page-builder	colibri-page-builder	93	Colibri Page Builder < 1.0.334 - Authenticated (Shop manager+) Stored Cross-Site Scripting	LOW	[*, 1.0.334)	1.0.334	June 29, 2026
classic-widgets-with-block-based-widgets	classic-widgets-with-block-based-widgets	91	Classic Widgets with Block-based Widgets <= 1.0.1 - Missing Authorization	LOW	*-1.0.1		June 29, 2026
clariti	clariti	93	Clariti <= 1.2.1 - Missing Authorization	LOW	*-1.2.1	1.2.2	June 29, 2026
cf7-submissions	cf7-submissions	91	CF7 Submissions <= 0.26 - Missing Authorization	LOW	*-0.26		June 29, 2026
cecabank-woocommerce	cecabank-woocommerce	93	Cecabank WooCommerce Plugin <= 0.3.4 - Missing Authorization	LOW	*-0.3.4	0.3.5	June 29, 2026
category-featured-images-extended	category-featured-images-extended	91	Category Featured Images Extended <= 1.52 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.52		June 29, 2026
category-featured-images	category-featured-images	91	Category Featured Images <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.1.8		June 29, 2026
cashbill-payment-method	cashbill-payment-method	93	CashBill.pl - Płatności WooCommerce <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.1	3.3.0	June 29, 2026
carousel	carousel	89	Carousel Ultimate <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8		June 29, 2026
card-elements-for-wpbakery	card-elements-for-wpbakery	91	Card Elements for WPBakery <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.8		June 29, 2026
buddypress-notifications-widget	buddypress-notifications-widget	91	BuddyPress Notification Widget <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.3		June 29, 2026
buckets	buckets	91	Buckets <= 0.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.3.9		June 29, 2026
bp-disable-activation-reloaded	bp-disable-activation-reloaded	91	BP Disable Activation Reloaded <= 1.2.1 - Cross-Site Request Forgery	LOW	*-1.2.1		June 29, 2026
bot-block-stop-spam-google-analytics-referrals	bot-block-stop-spam-google-analytics-referrals	91	Bot Block – Stop Spam Referrals in Google Analytics <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.6		June 29, 2026
bmi-adultkid-calculator	bmi-adultkid-calculator	89	BMI Adult & Kid Calculator <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.2		June 29, 2026
blog-designer	blog-designer	91	Blog Designer <= 3.1.8 - Missing Authorization	LOW	*-3.1.8		June 29, 2026
bg-church-memos	bg-church-memos	91	Bg Church Memos <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
awesome-support	awesome-support	93	Awesome Support <= 6.3.5 - Authenticated (Support Manager+) PHP Object Injection	LOW	*-6.3.5	6.3.6	June 29, 2026
authorsure	authorsure	89	AuthorSure <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.3		June 29, 2026
auction-feed	auction-feed	91	Auction Feed <= 1.1.3 - Cross-Site Request Forgery	LOW	*-1.1.3		June 29, 2026
appmysite	appmysite	97	AppMySite <= 3.15.0 - Missing Authorization	LOW	*-3.15.0	3.15.1	June 29, 2026
append-link-on-copy	append-link-on-copy	95	Append Link on Copy <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.2		June 29, 2026
append-extensions-on-pages	append-extensions-on-pages	95	Append extensions on Pages <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.2		June 29, 2026
anyclip-media	anyclip-media	95	AnyClip Luminous Studio <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.3		June 29, 2026
anyclip-media	anyclip-media	95	AnyClip Luminous Studio <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.3		June 29, 2026
another-wordpress-classifieds-plugin	another-wordpress-classifieds-plugin	97	AWP Classifieds <= 4.4.3 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-4.4.3	4.4.4	June 29, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All In One SEO Pack <= 4.8.7.1 - Missing Authorization	LOW	*-4.8.7.1	4.8.7.2	June 29, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack	88	All In One SEO Pack <= 4.8.7.1 - Authenticated (Contributor+) Sensitive Information Exposure	LOW	*-4.8.7.1	4.8.7.2	June 29, 2026
ajax-load-more	ajax-load-more	97	Ajax Load More <= 7.6.0.2 - Unauthenticated Sensitive Information Exposure	LOW	*-7.6.0.2	7.6.1	June 29, 2026
agreeme-checkboxes-for-woocommerce	agreeme-checkboxes-for-woocommerce	95	AgreeMe Checkboxes For WooCommerce <= 1.1.3 - Cross-Site Request Forgery	LOW	*-1.1.3		June 29, 2026
affiliatewp-external-referral-links	affiliatewp-external-referral-links	97	AffiliateWP – External Referral Links <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.0	1.2.2	June 29, 2026
adverts-click-tracker	adverts-click-tracker	95	Adverts <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4		June 29, 2026
advanced-appointment-booking-scheduling	advanced-appointment-booking-scheduling	95	Advanced Appointment Booking & Scheduling <= 1.9 - Cross-Site Request Forgery	LOW	*-1.9		June 29, 2026
advance-portfolio-grid	advance-portfolio-grid	97	Advance Portfolio Grid <= 1.07.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.07.6	1.07.7	June 29, 2026
acf-views	acf-views	97	Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI	LOW	*-3.7.19	3.7.20	June 29, 2026
accordions	accordions	97	Accordion <= 2.3.15 - Missing Authorization	LOW	*-2.3.15	2.3.16	June 29, 2026
academy	academy	97	Academy LMS <= 3.3.4 - Authenticated (Academy Instructor+) Insecure Direct Object Reference	LOW	*-3.3.4	3.3.5	June 29, 2026
acf-cpt-options-pages	acf-cpt-options-pages	95	Advanced Custom Fields : CPT Options Pages <= 2.0.9 - Cross-Site Request Forgery	LOW	*-2.0.9		June 29, 2026
wp-registration	wp-registration	N/A	Simple User Registration <= 6.4 - Authenticated (Contributor+) Privilege Escalation	LOW	*-6.4		June 29, 2026
seo-pyramid	seo-pyramid	N/A	SEO Pyramid <= 1.9.8 - Reflected Cross-Site Scripting	LOW	*-1.9.8		June 29, 2026
likert-survey-master	likert-survey-master	91	Likert Survey Master <= 0.8.0.1 - Reflected Cross-Site Scripting	LOW	*-0.8.0.1		June 29, 2026
dokan-lite	dokan-lite	93	Dokan <= 4.1.3 - Authenticated (Shop Manager+) Privilege Escalation	LOW	*-4.1.3	4.1.4	June 29, 2026
booking-and-rental-manager-for-woocommerce	booking-and-rental-manager-for-woocommerce	93	Booking and Rental Manager <= 2.5.4 - Authenticated (Contributor+) PHP Object Injection	LOW	*-2.5.4	2.5.5	June 29, 2026
osticket-wp-bridge	osticket-wp-bridge	N/A	osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.9.2		June 29, 2026
custom-login-and-signup-widget	custom-login-and-signup-widget	89	Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
browser-sniff	browser-sniff	91	Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.3		June 29, 2026
clickwhale	clickwhale	93	ClickWhale <= 2.5.0 - Authenticated (Admin+) SQL injection	LOW	*-2.5.0	2.5.1	June 29, 2026
robcore-netatmo	robcore-netatmo	N/A	Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode	LOW	*-1.7		June 29, 2026
miniorange-firebase-sms-otp-verification	miniorange-firebase-sms-otp-verification	N/A	Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation	LOW	3.1.0-3.6.2	3.6.3	June 29, 2026
wp-private-content-plus	wp-private-content-plus	N/A	WP Private Content Plus <= 3.6.2 - Unauthenticated Information Exposure	LOW	*-3.6.2		June 29, 2026
woocommerce-orders-ei	woocommerce-orders-ei	N/A	WooCommerce Orders & Customers Exporter <= 5.4 - Missing Authorization	LOW	*-5.4		June 29, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder	sureforms	N/A	SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation	LOW	*-1.12.0	1.12.1	June 29, 2026
supportcandy	supportcandy	N/A	SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover	LOW	*-3.3.7	3.3.8	June 29, 2026
simple-draft-list	simple-draft-list	N/A	Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.6	2.6.1	June 29, 2026
seo-automated-link-building	seo-automated-link-building	N/A	Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery	LOW	*-3.0.1	3.0.2	June 29, 2026
secure-passkeys	secure-passkeys	N/A	Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion	LOW	*-1.2.1	1.2.2	June 29, 2026
myshouts-shoutbox	myshouts-shoutbox	N/A	Author: Munzir <= 0.9 - Reflected Cross-Site Scripting	LOW	*-0.9		June 29, 2026
booking-manager	booking-manager	93	Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar <= 2.1.14 - Authenticated (Contributor+) Booking Deletion	LOW	*-2.1.14	2.1.15	June 29, 2026
embed-pdf-wpforms	embed-pdf-wpforms	93	Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.1.5	1.1.6	June 29, 2026
sf-booking	sf-booking	N/A	Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business	LOW	*-6.0		June 29, 2026
Download Manager	download-manager	63	Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter	LOW	*-3.3.23	3.3.24	June 29, 2026
aone-sms	aone-sms	95	Service Finder SMS System <= 2.0.0 - Authentication Bypass	LOW	*-2.0.0		June 29, 2026
kubio	kubio	93	Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation	LOW	*-2.6.3	2.6.5	June 29, 2026
tw-whatsapp-chat-rotator	tw-whatsapp-chat-rotator	N/A	WhatsApp Chat for WordPress and WooCommerce <= 1.2.1 - Reflected Cross-Site Scripting	LOW	*-1.2.1		June 29, 2026
jet-engine	jet-engine	93	JetEngine <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.7.3	3.7.4	June 29, 2026
ghostkit	ghostkit	93	Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4.3	3.4.4	June 29, 2026
wplegalpages	wplegalpages	N/A	Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation	LOW	*-3.4.3	3.4.4	June 29, 2026
quantities-and-units-for-woocommerce	quantities-and-units-for-woocommerce	N/A	Quantities and Units for WooCommerce <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.13		June 29, 2026
find-me-on	find-me-on	91	Find Me On <= 2.0.9.1 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.0.9.1		June 29, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets	essential-addons-for-elementor-lite	85	Essential Addons for Elementor <= 6.2.4 - Missing Authorization	LOW	*-6.2.4	6.3.0	June 29, 2026
chained-quiz	chained-quiz	93	Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie	LOW	*-1.3.5	1.3.6	June 29, 2026
media-player-addons-for-elementor	media-player-addons-for-elementor	93	Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields	LOW	*-1.0.5	1.0.6	June 29, 2026
Blocksy Companion	blocksy-companion	N/A	Blocksy Companion <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode	LOW	*-2.1.10	2.1.11	June 29, 2026
wp-ultimate-csv-importer	wp-ultimate-csv-importer	N/A	WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection	LOW	7.20-7.28	7.29	June 29, 2026
wp-ultimate-csv-importer	wp-ultimate-csv-importer	N/A	WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-7.27	7.28	June 29, 2026
memberlite-shortcodes	memberlite-shortcodes	91	Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4	1.4.1	June 29, 2026
user-sync	user-sync	N/A	User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation	LOW	*-1.0.2	1.0.3	June 29, 2026
social-media-shortcodes	social-media-shortcodes	N/A	Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.1	1.3.2	June 29, 2026
wp-tactical-popup	wp-tactical-popup	N/A	Tactical Popup <= 1.1 - Reflected Cross-Site Scripting	LOW	*-1.1		June 29, 2026
wide-banner	wide-banner	N/A	Wide Banner <= 1.0.4 - Missing Authorization	LOW	*-1.0.4		June 29, 2026
uss-upyun	uss-upyun	N/A	USS Upyun <= 1.5.0 - Cross-Site Request Forgery	LOW	*-1.5.0	1.5.1	June 29, 2026
storeengine	storeengine	N/A	StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download	LOW	*-1.5.0	1.5.1	June 29, 2026
storeengine	storeengine	N/A	StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.5.0	1.5.1	June 29, 2026

LOW

developer

Score: 91/100 Developer <= 1.2.6 - Cross-Site Request Forgery Affected: *-1.2.6 Patched: Updated: June 29, 2026

LOW

dethemekit-for-elementor

Score: 89/100 DethemeKit For Elementor <= 2.1.10 - Missing Authorization Affected: *-2.1.10 Patched: Updated: June 29, 2026

LOW

delucks-seo

Score: 89/100 DELUCKS SEO <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.0 Patched: Updated: June 29, 2026

LOW

dashboard-notepad

Score: 91/100 Dashboard Notepad <= 1.42 - Cross-Site Request Forgery Affected: *-1.42 Patched: Updated: June 29, 2026

LOW

custom-post-types-image

Score: 91/100 Custom Post Type Images <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: Updated: June 29, 2026

LOW

custom-login-url

Score: 93/100 Custom Login URL <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

custom-iframe

Score: 93/100 Custom iFrame for Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: 1.0.14 Updated: June 29, 2026

LOW

current-age

Score: 93/100 Current Age Plugin <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: 1.7 Updated: June 29, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.26 Patched: 1.1.27 Updated: June 29, 2026

LOW

cp-multi-view-calendar

Score: 91/100 CP Multi View Event Calendar <= 1.4.36 - Missing Authorization Affected: *-1.4.36 Patched: 1.4.37 Updated: June 29, 2026

LOW

cozy-addons

Score: 93/100 Cozy Blocks <= 2.1.29 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.1.29 Patched: 2.1.30 Updated: June 29, 2026

LOW

coordinadora

Score: 91/100 Envíos Coordinadora Woocommerce <= 1.1.31 - Unauthenticated Sensitive Information Exposure Affected: *-1.1.31 Patched: Updated: June 29, 2026

LOW

Translate WordPress with ConveyThis – AI Multilingual Plugin

conveythis-translate

Score: 86/100 Language Translate Widget for WordPress – ConveyThis <= 269.1 - Authenticated (Administrator+) PHP Object Injection Affected: *-269.1 Patched: 269.2 Updated: June 29, 2026

LOW

content-protector

Score: 93/100 Passster <= 4.2.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.18 Patched: 4.2.19 Updated: June 29, 2026

LOW

content-mask

Score: 93/100 Content Mask <= 1.8.5.3 - Authenticated (Author+) Insecure Direct Object Reference Affected: *-1.8.5.3 Patched: 1.8.5.4 Updated: June 29, 2026

LOW

content-mask

Score: 93/100 Content Mask <= 1.8.5.2 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.8.5.2 Patched: 1.8.5.3 Updated: June 29, 2026

LOW

compact-archives

Score: 93/100 Compact Archives <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.1.1 Updated: June 29, 2026

LOW

colibri-page-builder

Score: 93/100 Colibri Page Builder < 1.0.334 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: [*, 1.0.334) Patched: 1.0.334 Updated: June 29, 2026

LOW

classic-widgets-with-block-based-widgets

Score: 91/100 Classic Widgets with Block-based Widgets <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

clariti

Score: 93/100 Clariti <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

cf7-submissions

Score: 91/100 CF7 Submissions <= 0.26 - Missing Authorization Affected: *-0.26 Patched: Updated: June 29, 2026

LOW

cecabank-woocommerce

Score: 93/100 Cecabank WooCommerce Plugin <= 0.3.4 - Missing Authorization Affected: *-0.3.4 Patched: 0.3.5 Updated: June 29, 2026

LOW

category-featured-images-extended

Score: 91/100 Category Featured Images Extended <= 1.52 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.52 Patched: Updated: June 29, 2026

LOW

category-featured-images

Score: 91/100 Category Featured Images <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: June 29, 2026

LOW

cashbill-payment-method

Score: 93/100 CashBill.pl - Płatności WooCommerce <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.3.0 Updated: June 29, 2026

LOW

carousel

Score: 89/100 Carousel Ultimate <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: June 29, 2026

LOW

card-elements-for-wpbakery

Score: 91/100 Card Elements for WPBakery <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: June 29, 2026

LOW

buddypress-notifications-widget

Score: 91/100 BuddyPress Notification Widget <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: June 29, 2026

LOW

buckets

Score: 91/100 Buckets <= 0.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.9 Patched: Updated: June 29, 2026

LOW

bp-disable-activation-reloaded

Score: 91/100 BP Disable Activation Reloaded <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

bot-block-stop-spam-google-analytics-referrals

Score: 91/100 Bot Block – Stop Spam Referrals in Google Analytics <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6 Patched: Updated: June 29, 2026

LOW

bmi-adultkid-calculator

Score: 89/100 BMI Adult & Kid Calculator <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: June 29, 2026

LOW

blog-designer

Score: 91/100 Blog Designer <= 3.1.8 - Missing Authorization Affected: *-3.1.8 Patched: Updated: June 29, 2026

LOW

bg-church-memos

Score: 91/100 Bg Church Memos <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

awesome-support

Score: 93/100 Awesome Support <= 6.3.5 - Authenticated (Support Manager+) PHP Object Injection Affected: *-6.3.5 Patched: 6.3.6 Updated: June 29, 2026

LOW

authorsure

Score: 89/100 AuthorSure <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

auction-feed

Score: 91/100 Auction Feed <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: Updated: June 29, 2026

LOW

appmysite

Score: 97/100 AppMySite <= 3.15.0 - Missing Authorization Affected: *-3.15.0 Patched: 3.15.1 Updated: June 29, 2026

LOW

append-link-on-copy

Score: 95/100 Append Link on Copy <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

append-extensions-on-pages

Score: 95/100 Append extensions on Pages <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

anyclip-media

Score: 95/100 AnyClip Luminous Studio <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: June 29, 2026

LOW

anyclip-media

Score: 95/100 AnyClip Luminous Studio <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: June 29, 2026

LOW

another-wordpress-classifieds-plugin

Score: 97/100 AWP Classifieds <= 4.4.3 - Unauthenticated Arbitrary Shortcode Execution Affected: *-4.4.3 Patched: 4.4.4 Updated: June 29, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All In One SEO Pack <= 4.8.7.1 - Missing Authorization Affected: *-4.8.7.1 Patched: 4.8.7.2 Updated: June 29, 2026

LOW

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Score: 88/100 All In One SEO Pack <= 4.8.7.1 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-4.8.7.1 Patched: 4.8.7.2 Updated: June 29, 2026

LOW

ajax-load-more

Score: 97/100 Ajax Load More <= 7.6.0.2 - Unauthenticated Sensitive Information Exposure Affected: *-7.6.0.2 Patched: 7.6.1 Updated: June 29, 2026

LOW

agreeme-checkboxes-for-woocommerce

Score: 95/100 AgreeMe Checkboxes For WooCommerce <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: Updated: June 29, 2026

LOW

affiliatewp-external-referral-links

Score: 97/100 AffiliateWP – External Referral Links <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.2 Updated: June 29, 2026

LOW

adverts-click-tracker

Score: 95/100 Adverts <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

advanced-appointment-booking-scheduling

Score: 95/100 Advanced Appointment Booking & Scheduling <= 1.9 - Cross-Site Request Forgery Affected: *-1.9 Patched: Updated: June 29, 2026

LOW

advance-portfolio-grid

Score: 97/100 Advance Portfolio Grid <= 1.07.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.07.6 Patched: 1.07.7 Updated: June 29, 2026

LOW

acf-views

Score: 97/100 Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI Affected: *-3.7.19 Patched: 3.7.20 Updated: June 29, 2026

LOW

accordions

Score: 97/100 Accordion <= 2.3.15 - Missing Authorization Affected: *-2.3.15 Patched: 2.3.16 Updated: June 29, 2026

LOW

academy

Score: 97/100 Academy LMS <= 3.3.4 - Authenticated (Academy Instructor+) Insecure Direct Object Reference Affected: *-3.3.4 Patched: 3.3.5 Updated: June 29, 2026

LOW

acf-cpt-options-pages

Score: 95/100 Advanced Custom Fields : CPT Options Pages <= 2.0.9 - Cross-Site Request Forgery Affected: *-2.0.9 Patched: Updated: June 29, 2026

LOW

wp-registration

Score: N/A Simple User Registration <= 6.4 - Authenticated (Contributor+) Privilege Escalation Affected: *-6.4 Patched: Updated: June 29, 2026

LOW

seo-pyramid

Score: N/A SEO Pyramid <= 1.9.8 - Reflected Cross-Site Scripting Affected: *-1.9.8 Patched: Updated: June 29, 2026

LOW

likert-survey-master

Score: 91/100 Likert Survey Master <= 0.8.0.1 - Reflected Cross-Site Scripting Affected: *-0.8.0.1 Patched: Updated: June 29, 2026

LOW

dokan-lite

Score: 93/100 Dokan <= 4.1.3 - Authenticated (Shop Manager+) Privilege Escalation Affected: *-4.1.3 Patched: 4.1.4 Updated: June 29, 2026

LOW

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 2.5.4 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.5.4 Patched: 2.5.5 Updated: June 29, 2026

LOW

osticket-wp-bridge

Score: N/A osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.9.2 Patched: Updated: June 29, 2026

LOW

custom-login-and-signup-widget

Score: 89/100 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

browser-sniff

Score: 91/100 Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

clickwhale

Score: 93/100 ClickWhale <= 2.5.0 - Authenticated (Admin+) SQL injection Affected: *-2.5.0 Patched: 2.5.1 Updated: June 29, 2026

LOW

robcore-netatmo

Score: N/A Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

miniorange-firebase-sms-otp-verification

Score: N/A Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation Affected: 3.1.0-3.6.2 Patched: 3.6.3 Updated: June 29, 2026

LOW

wp-private-content-plus

Score: N/A WP Private Content Plus <= 3.6.2 - Unauthenticated Information Exposure Affected: *-3.6.2 Patched: Updated: June 29, 2026

LOW

woocommerce-orders-ei

Score: N/A WooCommerce Orders & Customers Exporter <= 5.4 - Missing Authorization Affected: *-5.4 Patched: Updated: June 29, 2026

LOW

SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder

sureforms

Score: N/A SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation Affected: *-1.12.0 Patched: 1.12.1 Updated: June 29, 2026

LOW

supportcandy

Score: N/A SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover Affected: *-3.3.7 Patched: 3.3.8 Updated: June 29, 2026

LOW

simple-draft-list

Score: N/A Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6 Patched: 2.6.1 Updated: June 29, 2026

LOW

seo-automated-link-building

Score: N/A Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery Affected: *-3.0.1 Patched: 3.0.2 Updated: June 29, 2026

LOW

secure-passkeys

Score: N/A Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

myshouts-shoutbox

Score: N/A Author: Munzir <= 0.9 - Reflected Cross-Site Scripting Affected: *-0.9 Patched: Updated: June 29, 2026

LOW

booking-manager

Score: 93/100 Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar <= 2.1.14 - Authenticated (Contributor+) Booking Deletion Affected: *-2.1.14 Patched: 2.1.15 Updated: June 29, 2026

LOW

embed-pdf-wpforms

Score: 93/100 Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026

LOW

sf-booking

Score: N/A Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business Affected: *-6.0 Patched: Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter Affected: *-3.3.23 Patched: 3.3.24 Updated: June 29, 2026

LOW

aone-sms

Score: 95/100 Service Finder SMS System <= 2.0.0 - Authentication Bypass Affected: *-2.0.0 Patched: Updated: June 29, 2026

LOW

kubio

Score: 93/100 Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation Affected: *-2.6.3 Patched: 2.6.5 Updated: June 29, 2026

LOW

tw-whatsapp-chat-rotator

Score: N/A WhatsApp Chat for WordPress and WooCommerce <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.3 Patched: 3.7.4 Updated: June 29, 2026

LOW

ghostkit

Score: 93/100 Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.3 Patched: 3.4.4 Updated: June 29, 2026

LOW

wplegalpages

Score: N/A Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation Affected: *-3.4.3 Patched: 3.4.4 Updated: June 29, 2026

LOW

quantities-and-units-for-woocommerce

Score: N/A Quantities and Units for WooCommerce <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: Updated: June 29, 2026

LOW

find-me-on

Score: 91/100 Find Me On <= 2.0.9.1 - Authenticated (Subscriber+) SQL Injection Affected: *-2.0.9.1 Patched: Updated: June 29, 2026

LOW

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Score: 85/100 Essential Addons for Elementor <= 6.2.4 - Missing Authorization Affected: *-6.2.4 Patched: 6.3.0 Updated: June 29, 2026

LOW

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Affected: *-1.3.5 Patched: 1.3.6 Updated: June 29, 2026

LOW

media-player-addons-for-elementor

Score: 93/100 Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields Affected: *-1.0.5 Patched: 1.0.6 Updated: June 29, 2026

LOW

Blocksy Companion

blocksy-companion

Score: N/A Blocksy Companion <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode Affected: *-2.1.10 Patched: 2.1.11 Updated: June 29, 2026

LOW

wp-ultimate-csv-importer

Score: N/A WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection Affected: 7.20-7.28 Patched: 7.29 Updated: June 29, 2026

LOW

wp-ultimate-csv-importer

Score: N/A WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-7.27 Patched: 7.28 Updated: June 29, 2026

LOW

memberlite-shortcodes

Score: 91/100 Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: 1.4.1 Updated: June 29, 2026

LOW

user-sync

Score: N/A User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

social-media-shortcodes

Score: N/A Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: June 29, 2026

LOW

wp-tactical-popup

Score: N/A Tactical Popup <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

wide-banner

Score: N/A Wide Banner <= 1.0.4 - Missing Authorization Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

uss-upyun

Score: N/A USS Upyun <= 1.5.0 - Cross-Site Request Forgery Affected: *-1.5.0 Patched: 1.5.1 Updated: June 29, 2026

LOW

storeengine

Score: N/A StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-1.5.0 Patched: 1.5.1 Updated: June 29, 2026

LOW

storeengine

Score: N/A StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.5.0 Patched: 1.5.1 Updated: June 29, 2026

Showing 6301 to 6400 of 36190 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 16:12 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List