Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36190

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.7.0.56 - Unauthenticated SQL Injection	LOW	*-6.7.0.56	6.7.0.57	June 29, 2026
productive-style	productive-style	N/A	Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode	LOW	*-1.1.23	1.1.25	June 29, 2026
hackrepair-plugin-archiver	hackrepair-plugin-archiver	93	The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-content	LOW	*-2.0.4	3.1.1	June 29, 2026
falang	falang	93	Falang multilanguage <= 1.3.65 - Unauthenticated PHP Object Injection	LOW	*-1.3.65	1.3.66	June 29, 2026
developer-loggers-for-simple-history	developer-loggers-for-simple-history	93	Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion	LOW	*-0.5	0.5.1	June 29, 2026
catch-dark-mode	catch-dark-mode	93	Catch Dark Mode <= 2.0 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.0	2.0.1	June 29, 2026
appointmind	appointmind	97	Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1.0	4.2.0	June 29, 2026
admin-and-client-message-after-order-for-woocommerce	admin-and-client-message-after-order-for-woocommerce	97	Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 13.5 - Unauthenticated Arbitrary File Read	LOW	*-13.5	14	June 29, 2026
accordions	accordions	97	Accordion <= 2.3.14 - Missing Authorization	LOW	*-2.3.14	2.3.16	June 29, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure	LOW	*-6.15.2	6.15.3	June 29, 2026
responsive-lightbox	responsive-lightbox	N/A	Responsive Lightbox & Gallery <= 2.5.2 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.5.2	2.5.3	June 29, 2026
header-footer-elementor	header-footer-elementor	93	Ultimate Addons for Elementor Lite <= 2.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload	LOW	*-2.4.9	2.5.0	June 29, 2026
email-template-customizer-for-woo	email-template-customizer-for-woo	93	Email Template Customizer for WooCommerce <= 1.2.17 - Authenticated (Shop manager+) Stored Cross-Site Scripting	LOW	*-1.2.17	1.2.18	June 29, 2026
blaze-demo-importer	blaze-demo-importer	93	Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install	LOW	*-1.0.12	1.0.13	June 29, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 4.2.1 - Unauthenticated Information Exposure	LOW	*-4.2.1	4.2.2	June 29, 2026
wplms_plugin	wplms_plugin	N/A	WPLMS <= 1.9.9.7 - Missing Authorization	LOW	*-1.9.9.7	1.9.9.8	June 29, 2026
wplms_plugin	wplms_plugin	N/A	WPLMS <= 1.9.9.8 - Reflected Cross-Site Scripting	LOW	*-1.9.9.8		June 29, 2026
grid-plus	grid-plus	89	Grid Plus <= 3.3 - Reflected Cross-Site Scripting	LOW	*-3.3		June 29, 2026
hackrepair-plugin-archiver	hackrepair-plugin-archiver	93	The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deletion	LOW	*-2.0.4	3.1.1	June 29, 2026
wp-sendgrid-smtp	wp-sendgrid-smtp	N/A	Multiple Plugins and Themes by inkthemes <= 1.1.8 - Unauthenticated Information Exposure	LOW	*-1.0.6		June 29, 2026
wp-mailgun-smtp	wp-mailgun-smtp	N/A	Multiple Plugins and Themes by inkthemes <= 1.1.8 - Unauthenticated Information Exposure	LOW	*-1.0.7		June 29, 2026
thebing-snippet	thebing-snippet	N/A	Fidelo Snippet <= 1.12 - Reflected Cross-Site Scripting	LOW	*-1.12		June 29, 2026
calendar-plus	calendar-plus	91	Calendar Plus <= 1.2.4 - Reflected Cross-Site Scripting	LOW	*-1.2.4		June 29, 2026
spotify-embed-creator	spotify-embed-creator	N/A	Spotify Embed Creator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.5		June 29, 2026
ultimate-blogroll	ultimate-blogroll	N/A	Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.5.2		June 29, 2026
embed-google-data-studio	embed-google-data-studio	91	Embed Google Datastudio <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
side-slide-responsive-menu	side-slide-responsive-menu	N/A	Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection	LOW	*-6.15.1	6.15.1.1	June 29, 2026
wooenvato	wooenvato	N/A	Woocommerce Envato Affiliates <= 1.2.1 - Reflected Cross-Site Scripting	LOW	*-1.2.1		June 29, 2026
woocommerce-fortnox-integration	woocommerce-fortnox-integration	N/A	WooCommerce Fortnox Integration <= 4.5.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-4.5.6	4.5.7	June 29, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	seo-by-rank-math	85	Rank Math SEO <= 1.0.252.1 - Missing Authorization	LOW	*-1.0.252.1	1.0.253	June 29, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	seo-by-rank-math	85	Rank Math SEO <= 1.0.252.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.0.252.1	1.0.253	June 29, 2026
recipe-card-blocks-by-wpzoom	recipe-card-blocks-by-wpzoom	N/A	Recipe Card Blocks for Gutenberg & Elementor <= 3.4.8 - Incorrect Authorization	LOW	*-3.4.8	3.4.9	June 29, 2026
lws-cleaner	lws-cleaner	93	LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'	LOW	*-2.4.1.3	2.4.2	June 29, 2026
ctl-behance-importer-lite	ctl-behance-importer-lite	91	CTL Behance Importer Lite <= 1.0 - Unauthenticated SQL Injection	LOW	*-1.0		June 29, 2026
ajax-woosearch	ajax-woosearch	95	Ajax WooSearch <= 1.0.0 - Unauthenticated SQL Injection	LOW	*-1.0.0		June 29, 2026
time-tracker	time-tracker	N/A	Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion	LOW	*-3.1.0	3.2.0	June 29, 2026
propovoice	propovoice	N/A	Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read	LOW	*-1.7.6.7	1.7.7	June 29, 2026
publish-approval	publish-approval	N/A	Publish approval <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 29, 2026
phpls	phpls	N/A	PhpList Subber <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 29, 2026
leads-for-amo-crm	leads-for-amo-crm	91	The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery	LOW	*-1.0.1		June 29, 2026
my-wp-translate	my-wp-translate	N/A	My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	LOW	*-1.1		June 29, 2026
my-wp-translate	my-wp-translate	N/A	My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion	LOW	*-1.1		June 29, 2026
countdown-timer-for-elementor	countdown-timer-for-elementor	91	Countdown Timer for Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label'	LOW	*-1.3.9		June 29, 2026
smart-id	smart-id	N/A	eID Easy <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter	LOW	*-4.9.3	4.9.4	June 29, 2026
blog-designer-for-elementor	blog-designer-for-elementor	91	Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery	LOW	*-1.1.7		June 29, 2026
elements-plus	elements-plus	93	Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-2.16.4	2.16.5	June 29, 2026
digital-events-calendar	digital-events-calendar	91	Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter	LOW	*-1.0.8		June 29, 2026
cbxgooglemap	cbxgooglemap	93	CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 29, 2026
themeloom-widgets	themeloom-widgets	N/A	ThemeLoom Widgets <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.5		June 29, 2026
mixtape	mixtape	N/A	Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
autocatset	autocatset	91	AutoCatSet <= 2.1.4 - Cross-Site Request Forgery	LOW	*-2.1.4		June 29, 2026
run-log	run-log	N/A	Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update	LOW	*-1.7.10	1.7.11	June 29, 2026
ultimate-classified-listings	ultimate-classified-listings	N/A	Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.6	1.7	June 29, 2026
admin-in-english-with-switch	admin-in-english-with-switch	95	Admin in English with Switch <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 29, 2026
wp-scriptcase	wp-scriptcase	N/A	WP Scriptcase <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter	LOW	*-2.0.0		June 29, 2026
seo-monster	seo-monster	N/A	Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.3.3		June 29, 2026
azurecurve-bbcode	azurecurve-bbcode	91	azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode	LOW	*-2.0.4		June 29, 2026
user-meta	user-meta	N/A	User Meta – User Profile Builder and User management plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-3.1.2		June 29, 2026
wrapper-for-workable-api	wrapper-for-workable-api	N/A	Workable API <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via workable_jobs Shortcode	LOW	*-1.0.4		June 29, 2026
all-in-one-minifier	all-in-one-minifier	95	All in one Minifier <= 3.2 - Unauthenticated SQL Injection	LOW	*-3.2		June 29, 2026
couponapi	couponapi	91	Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration'	LOW	*-6.2.12		June 29, 2026
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates	responsive-addons-for-elementor	N/A	Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-2.0.1	2.0.2	June 29, 2026
intelligent-importer	intelligent-importer	91	Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection	LOW	*-5.1.4		June 29, 2026
beyondcart	beyondcart	93	BeyondCart Connector <= 3.0.1 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter	LOW	*-3.0.1	3.0.2	June 29, 2026
jobify	jobify	91	Jobify <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via keyword Parameter	LOW	*-1.4.4		June 29, 2026
salon-booking-system	salon-booking-system	N/A	Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution	LOW	*-10.22	10.24	June 29, 2026
mitfahrgelegenheit	mitfahrgelegenheit	N/A	Mitfahrgelegenheit <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter	LOW	*-1.1.5		June 29, 2026
evenium	evenium	91	Evenium <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.11		June 29, 2026
smartcat-wpml	smartcat-wpml	N/A	Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter	LOW	*-3.1.72	3.1.73	June 29, 2026
certifica-wp	certifica-wp	91	Certifica WP <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter	LOW	*-3.1		June 29, 2026
enhanced-bibliplug	enhanced-bibliplug	91	Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting	LOW	*-1.3.8		June 29, 2026
wp-easy-faqs	wp-easy-faqs	N/A	WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode	LOW	*-1.0.5		June 29, 2026
analytics-unbounce	analytics-unbounce	95	Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery	LOW	*-2.3		June 29, 2026
plugin-update-blocker	plugin-update-blocker	N/A	Plugin updates blocker <= 0.2 - Cross-Site Request Forgery	LOW	*-0.2		June 29, 2026
lh-signing	lh-signing	91	LH Signing <= 2.83 - Cross-Site Request Forgery	LOW	*-2.83		June 29, 2026
catfolders	catfolders	93	CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import	LOW	*-2.5.2	2.5.3	June 29, 2026
zoho-flow	zoho-flow	N/A	Zoho Flow <= 2.14.1 - Cross-Site Request Forgery	LOW	*-2.14.1	2.14.2	June 29, 2026
ultimate-classified-listings	ultimate-classified-listings	N/A	Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update	LOW	*-1.7		June 29, 2026
schema-and-structured-data-for-wp	schema-and-structured-data-for-wp	N/A	Schema & Structured Data for WP & AMP <= 1.49 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.49	1.50	June 29, 2026
authorsy	authorsy	93	Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.0.5	1.0.6	June 29, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-2.11.20	2.11.21	June 29, 2026
responsive-filterable-portfolio	responsive-filterable-portfolio	N/A	Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.0.24	1.0.25	June 29, 2026
pagbank-connect	pagbank-connect	N/A	PagBank / PagSeguro Connect para WooCommerce <= 4.44.3 - Authenticated (Shop Manager+) SQL Injection	LOW	*-4.44.3	4.44.4	June 29, 2026
peachpay-for-woocommerce	peachpay-for-woocommerce	N/A	Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter	LOW	*-1.117.5	1.117.6	June 29, 2026
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization	nitropack	67	NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function	LOW	*-1.18.4	1.18.5	June 29, 2026
wp-ultimate-csv-importer	wp-ultimate-csv-importer	N/A	WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure	LOW	*-7.27	7.28	June 29, 2026
wpblast	wpblast	N/A	WP Blast \| SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing	LOW	*-1.8.6	1.8.7	June 29, 2026
mybrain-utilities	mybrain-utilities	N/A	MyBrain Utilities <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.8	1.1.0	June 29, 2026
heateor-login	heateor-login	93	Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.9	1.1.10	June 29, 2026
gym-management	gym-management	83	WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	LOW	*-67.7.0		June 29, 2026
resideo-plugin	resideo-plugin	N/A	Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover	LOW	*-2.5.4		June 29, 2026
auto-save-remote-images-drafts	auto-save-remote-images-drafts	91	Auto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-1.0.9		June 29, 2026
indianic-testimonial	indianic-testimonial	91	Testimonial <= 2.3 - Authenticated (Contributor+) SQL Injection	LOW	*-2.3		June 29, 2026
duplicate-wp-page-post	duplicate-wp-page-post	89	Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter	LOW	*-2.9.5		June 29, 2026
Maspik – Ultimate Spam Protection	contact-forms-anti-spam	78	Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export	LOW	*-2.5.6	2.5.7	June 29, 2026
Maspik – Ultimate Spam Protection	contact-forms-anti-spam	78	Maspik <= 2.5.6 - Cross-Site Request Forgery	LOW	*-2.5.6	2.5.7	June 29, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets	wp-all-import	66	Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload	LOW	*-3.9.3	3.9.4	June 29, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons	N/A	ShopLentor <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.0	3.2.1	June 29, 2026
woo-booking-bundle-hours	woo-booking-bundle-hours	N/A	WooCommerce Booking Bundle Hours <= 0.7.4 - Cross-Site Request Forgery	LOW	*-0.7.4	0.7.5	June 29, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.7.0.56 - Unauthenticated SQL Injection Affected: *-6.7.0.56 Patched: 6.7.0.57 Updated: June 29, 2026

LOW

productive-style

Score: N/A Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode Affected: *-1.1.23 Patched: 1.1.25 Updated: June 29, 2026

LOW

hackrepair-plugin-archiver

Score: 93/100 The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-content Affected: *-2.0.4 Patched: 3.1.1 Updated: June 29, 2026

LOW

falang

Score: 93/100 Falang multilanguage <= 1.3.65 - Unauthenticated PHP Object Injection Affected: *-1.3.65 Patched: 1.3.66 Updated: June 29, 2026

LOW

developer-loggers-for-simple-history

Score: 93/100 Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion Affected: *-0.5 Patched: 0.5.1 Updated: June 29, 2026

LOW

catch-dark-mode

Score: 93/100 Catch Dark Mode <= 2.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

appointmind

Score: 97/100 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.2.0 Updated: June 29, 2026

LOW

admin-and-client-message-after-order-for-woocommerce

Score: 97/100 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 13.5 - Unauthenticated Arbitrary File Read Affected: *-13.5 Patched: 14 Updated: June 29, 2026

LOW

accordions

Score: 97/100 Accordion <= 2.3.14 - Missing Authorization Affected: *-2.3.14 Patched: 2.3.16 Updated: June 29, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure Affected: *-6.15.2 Patched: 6.15.3 Updated: June 29, 2026

LOW

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery <= 2.5.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.5.3 Updated: June 29, 2026

LOW

header-footer-elementor

Score: 93/100 Ultimate Addons for Elementor Lite <= 2.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload Affected: *-2.4.9 Patched: 2.5.0 Updated: June 29, 2026

LOW

email-template-customizer-for-woo

Score: 93/100 Email Template Customizer for WooCommerce <= 1.2.17 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: *-1.2.17 Patched: 1.2.18 Updated: June 29, 2026

LOW

blaze-demo-importer

Score: 93/100 Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install Affected: *-1.0.12 Patched: 1.0.13 Updated: June 29, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.2.1 - Unauthenticated Information Exposure Affected: *-4.2.1 Patched: 4.2.2 Updated: June 29, 2026

LOW

wplms_plugin

Score: N/A WPLMS <= 1.9.9.7 - Missing Authorization Affected: *-1.9.9.7 Patched: 1.9.9.8 Updated: June 29, 2026

LOW

wplms_plugin

Score: N/A WPLMS <= 1.9.9.8 - Reflected Cross-Site Scripting Affected: *-1.9.9.8 Patched: Updated: June 29, 2026

LOW

grid-plus

Score: 89/100 Grid Plus <= 3.3 - Reflected Cross-Site Scripting Affected: *-3.3 Patched: Updated: June 29, 2026

LOW

hackrepair-plugin-archiver

Score: 93/100 The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deletion Affected: *-2.0.4 Patched: 3.1.1 Updated: June 29, 2026

LOW

wp-sendgrid-smtp

Score: N/A Multiple Plugins and Themes by inkthemes <= 1.1.8 - Unauthenticated Information Exposure Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

wp-mailgun-smtp

Score: N/A Multiple Plugins and Themes by inkthemes <= 1.1.8 - Unauthenticated Information Exposure Affected: *-1.0.7 Patched: Updated: June 29, 2026

LOW

thebing-snippet

Score: N/A Fidelo Snippet <= 1.12 - Reflected Cross-Site Scripting Affected: *-1.12 Patched: Updated: June 29, 2026

LOW

calendar-plus

Score: 91/100 Calendar Plus <= 1.2.4 - Reflected Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: June 29, 2026

LOW

spotify-embed-creator

Score: N/A Spotify Embed Creator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: June 29, 2026

LOW

ultimate-blogroll

Score: N/A Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.2 Patched: Updated: June 29, 2026

LOW

embed-google-data-studio

Score: 91/100 Embed Google Datastudio <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

side-slide-responsive-menu

Score: N/A Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection Affected: *-6.15.1 Patched: 6.15.1.1 Updated: June 29, 2026

LOW

wooenvato

Score: N/A Woocommerce Envato Affiliates <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

woocommerce-fortnox-integration

Score: N/A WooCommerce Fortnox Integration <= 4.5.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.5.6 Patched: 4.5.7 Updated: June 29, 2026

LOW

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Score: 85/100 Rank Math SEO <= 1.0.252.1 - Missing Authorization Affected: *-1.0.252.1 Patched: 1.0.253 Updated: June 29, 2026

LOW

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Score: 85/100 Rank Math SEO <= 1.0.252.1 - Authenticated (Subscriber+) Information Exposure Affected: *-1.0.252.1 Patched: 1.0.253 Updated: June 29, 2026

LOW

recipe-card-blocks-by-wpzoom

Score: N/A Recipe Card Blocks for Gutenberg & Elementor <= 3.4.8 - Incorrect Authorization Affected: *-3.4.8 Patched: 3.4.9 Updated: June 29, 2026

LOW

lws-cleaner

Score: 93/100 LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file' Affected: *-2.4.1.3 Patched: 2.4.2 Updated: June 29, 2026

LOW

ctl-behance-importer-lite

Score: 91/100 CTL Behance Importer Lite <= 1.0 - Unauthenticated SQL Injection Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

ajax-woosearch

Score: 95/100 Ajax WooSearch <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

time-tracker

Score: N/A Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion Affected: *-3.1.0 Patched: 3.2.0 Updated: June 29, 2026

LOW

propovoice

Score: N/A Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read Affected: *-1.7.6.7 Patched: 1.7.7 Updated: June 29, 2026

LOW

publish-approval

Score: N/A Publish approval <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

phpls

Score: N/A PhpList Subber <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

leads-for-amo-crm

Score: 91/100 The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

my-wp-translate

Score: N/A My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

my-wp-translate

Score: N/A My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

countdown-timer-for-elementor

Score: 91/100 Countdown Timer for Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label' Affected: *-1.3.9 Patched: Updated: June 29, 2026

LOW

smart-id

Score: N/A eID Easy <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-4.9.3 Patched: 4.9.4 Updated: June 29, 2026

LOW

blog-designer-for-elementor

Score: 91/100 Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery Affected: *-1.1.7 Patched: Updated: June 29, 2026

LOW

elements-plus

Score: 93/100 Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-2.16.4 Patched: 2.16.5 Updated: June 29, 2026

LOW

digital-events-calendar

Score: 91/100 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter Affected: *-1.0.8 Patched: Updated: June 29, 2026

LOW

cbxgooglemap

Score: 93/100 CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

themeloom-widgets

Score: N/A ThemeLoom Widgets <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.5 Patched: Updated: June 29, 2026

LOW

mixtape

Score: N/A Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

autocatset

Score: 91/100 AutoCatSet <= 2.1.4 - Cross-Site Request Forgery Affected: *-2.1.4 Patched: Updated: June 29, 2026

LOW

run-log

Score: N/A Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update Affected: *-1.7.10 Patched: 1.7.11 Updated: June 29, 2026

LOW

ultimate-classified-listings

Score: N/A Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.6 Patched: 1.7 Updated: June 29, 2026

LOW

admin-in-english-with-switch

Score: 95/100 Admin in English with Switch <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

wp-scriptcase

Score: N/A WP Scriptcase <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter Affected: *-2.0.0 Patched: Updated: June 29, 2026

LOW

seo-monster

Score: N/A Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3.3 Patched: Updated: June 29, 2026

LOW

azurecurve-bbcode

Score: 91/100 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode Affected: *-2.0.4 Patched: Updated: June 29, 2026

LOW

user-meta

Score: N/A User Meta – User Profile Builder and User management plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-3.1.2 Patched: Updated: June 29, 2026

LOW

wrapper-for-workable-api

Score: N/A Workable API <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via workable_jobs Shortcode Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

all-in-one-minifier

Score: 95/100 All in one Minifier <= 3.2 - Unauthenticated SQL Injection Affected: *-3.2 Patched: Updated: June 29, 2026

LOW

couponapi

Score: 91/100 Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration' Affected: *-6.2.12 Patched: Updated: June 29, 2026

LOW

Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates

responsive-addons-for-elementor

Score: N/A Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

intelligent-importer

Score: 91/100 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection Affected: *-5.1.4 Patched: Updated: June 29, 2026

LOW

Score: 93/100 BeyondCart Connector <= 3.0.1 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter Affected: *-3.0.1 Patched: 3.0.2 Updated: June 29, 2026

LOW

jobify

Score: 91/100 Jobify <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via keyword Parameter Affected: *-1.4.4 Patched: Updated: June 29, 2026

LOW

salon-booking-system

Score: N/A Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution Affected: *-10.22 Patched: 10.24 Updated: June 29, 2026

LOW

mitfahrgelegenheit

Score: N/A Mitfahrgelegenheit <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter Affected: *-1.1.5 Patched: Updated: June 29, 2026

LOW

evenium

Score: 91/100 Evenium <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.11 Patched: Updated: June 29, 2026

LOW

smartcat-wpml

Score: N/A Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter Affected: *-3.1.72 Patched: 3.1.73 Updated: June 29, 2026

LOW

certifica-wp

Score: 91/100 Certifica WP <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter Affected: *-3.1 Patched: Updated: June 29, 2026

LOW

enhanced-bibliplug

Score: 91/100 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting Affected: *-1.3.8 Patched: Updated: June 29, 2026

LOW

wp-easy-faqs

Score: N/A WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode Affected: *-1.0.5 Patched: Updated: June 29, 2026

LOW

analytics-unbounce

Score: 95/100 Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

plugin-update-blocker

Score: N/A Plugin updates blocker <= 0.2 - Cross-Site Request Forgery Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

lh-signing

Score: 91/100 LH Signing <= 2.83 - Cross-Site Request Forgery Affected: *-2.83 Patched: Updated: June 29, 2026

LOW

catfolders

Score: 93/100 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import Affected: *-2.5.2 Patched: 2.5.3 Updated: June 29, 2026

LOW

zoho-flow

Score: N/A Zoho Flow <= 2.14.1 - Cross-Site Request Forgery Affected: *-2.14.1 Patched: 2.14.2 Updated: June 29, 2026

LOW

ultimate-classified-listings

Score: N/A Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

schema-and-structured-data-for-wp

Score: N/A Schema & Structured Data for WP & AMP <= 1.49 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.49 Patched: 1.50 Updated: June 29, 2026

LOW

authorsy

Score: 93/100 Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: 1.0.6 Updated: June 29, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.11.20 Patched: 2.11.21 Updated: June 29, 2026

LOW

responsive-filterable-portfolio

Score: N/A Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.0.24 Patched: 1.0.25 Updated: June 29, 2026

LOW

pagbank-connect

Score: N/A PagBank / PagSeguro Connect para WooCommerce <= 4.44.3 - Authenticated (Shop Manager+) SQL Injection Affected: *-4.44.3 Patched: 4.44.4 Updated: June 29, 2026

LOW

peachpay-for-woocommerce

Score: N/A Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter Affected: *-1.117.5 Patched: 1.117.6 Updated: June 29, 2026

LOW

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

Score: 67/100 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function Affected: *-1.18.4 Patched: 1.18.5 Updated: June 29, 2026

LOW

wp-ultimate-csv-importer

Score: N/A WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure Affected: *-7.27 Patched: 7.28 Updated: June 29, 2026

LOW

wpblast

Score: N/A WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing Affected: *-1.8.6 Patched: 1.8.7 Updated: June 29, 2026

LOW

mybrain-utilities

Score: N/A MyBrain Utilities <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: 1.1.0 Updated: June 29, 2026

LOW

heateor-login

Score: 93/100 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.9 Patched: 1.1.10 Updated: June 29, 2026

LOW

gym-management

Score: 83/100 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: *-67.7.0 Patched: Updated: June 29, 2026

LOW

resideo-plugin

Score: N/A Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover Affected: *-2.5.4 Patched: Updated: June 29, 2026

LOW

auto-save-remote-images-drafts

Score: 91/100 Auto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.0.9 Patched: Updated: June 29, 2026

LOW

indianic-testimonial

Score: 91/100 Testimonial <= 2.3 - Authenticated (Contributor+) SQL Injection Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

duplicate-wp-page-post

Score: 89/100 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter Affected: *-2.9.5 Patched: Updated: June 29, 2026

LOW

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

Score: 78/100 Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export Affected: *-2.5.6 Patched: 2.5.7 Updated: June 29, 2026

LOW

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

Score: 78/100 Maspik <= 2.5.6 - Cross-Site Request Forgery Affected: *-2.5.6 Patched: 2.5.7 Updated: June 29, 2026

LOW

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

Score: 66/100 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload Affected: *-3.9.3 Patched: 3.9.4 Updated: June 29, 2026

LOW

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

Score: N/A ShopLentor <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: June 29, 2026

LOW

woo-booking-bundle-hours

Score: N/A WooCommerce Booking Bundle Hours <= 0.7.4 - Cross-Site Request Forgery Affected: *-0.7.4 Patched: 0.7.5 Updated: June 29, 2026

Showing 6401 to 6500 of 36190 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 14:50 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List