Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
license-manager-for-woocommerce	license-manager-for-woocommerce	93	License Manager for WooCommerce <= 3.0.12 - Authenticated (Administrator+) SQL Injection	LOW	*-3.0.12	3.0.13	June 29, 2026
lastudio-element-kit	lastudio-element-kit	93	LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-1.5.5.1	1.5.5.2	June 29, 2026
kiwi-social-share	kiwi-social-share	91	Kiwi <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.8		June 29, 2026
job-board-manager	job-board-manager	83	Job Board Manager <= 2.1.61 - Authenticated (Job Poster+) Arbitrary Shortcode Execution	LOW	*-2.1.61		June 29, 2026
jinshuju	jinshuju	91	金数据 <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
invelity-mygls-connect	invelity-mygls-connect	91	Invelity MyGLS connect <= 1.1.1 - Cross-Site Request Forgery	LOW	*-1.1.1		June 29, 2026
instant-locations	instant-locations	91	Instant Locations <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
ibtana-ecommerce-product-addons	ibtana-ecommerce-product-addons	91	Ibtana – Ecommerce Product Addons <= 0.4.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.4.7.4		June 29, 2026
hide-real-download-path	hide-real-download-path	91	Hide Real Download Path <= 1.6 - Cross-Site Request Forgery	LOW	*-1.6		June 29, 2026
gutentor	gutentor	91	Gutentor <= 3.5.5 - Missing Authorization	LOW	*-3.5.5	3.5.6	June 29, 2026
gourl-bitcoin-payment-gateway-paid-downloads-membership	gourl-bitcoin-payment-gateway-paid-downloads-membership	91	GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.6.6		June 29, 2026
get-cash	get-cash	89	Get Cash <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.2		June 29, 2026
fw-anker	fw-anker	91	FW Anker <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.6		June 29, 2026
enable-latex	enable-latex	91	Enable Latex <= 1.2.16 - Cross-Site Request Forgery	LOW	*-1.2.16		June 29, 2026
elex-woocommerce-google-product-feed-plugin-basic	elex-woocommerce-google-product-feed-plugin-basic	93	ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction	LOW	*-1.4.3	1.4.4	June 29, 2026
ele-conditions	ele-conditions	93	Elementor Element Condition <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.0.6	1.0.7	June 29, 2026
eds-responsive-menu	eds-responsive-menu	87	eDS Responsive Menu <= 1.2 - Authenticated (Administrator+) PHP Object Injection	LOW	*-1.2		June 29, 2026
ecommerce-product-carousel-slider-for-elementor	ecommerce-product-carousel-slider-for-elementor	91	Product Carousel Slider for Elementor <= 2.1.3 - Missing Authorization	LOW	*-2.1.3		June 29, 2026
easy-download-media-counter	easy-download-media-counter	91	Easy Download Media Counter <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2		June 29, 2026
donation-forms-by-givecloud	donation-forms-by-givecloud	93	Donation Forms WP by Givecloud <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.9	1.0.10	June 29, 2026
database-to-excel	database-to-excel	91	Database to Excel <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
custom-team-manager	custom-team-manager	91	Custom Team Manager <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.2		June 29, 2026
course-booking-platform	course-booking-platform	91	Course Booking Platform <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
content-table	content-table	91	Table of content <= 1.5.3.1 - Cross-Site Request Forgery	LOW	*-1.5.3.1		June 29, 2026
connect-daily-web-calendar	connect-daily-web-calendar	91	WordPress Events Calendar Plugin – connectDaily <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.4		June 29, 2026
compact-admin	compact-admin	91	Compact Admin <= 1.3.0 - Cross-Site Request Forgery	LOW	*-1.3.0		June 29, 2026
comment-form-wp	comment-form-wp	91	Comment Form WP – Customize Default Comment Form <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.0		June 29, 2026
cloud-sso-single-sign-on	cloud-sso-single-sign-on	93	Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action	LOW	*-1.0.19	1.0.20	June 29, 2026
cloud-sso-single-sign-on	cloud-sso-single-sign-on	93	Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action	LOW	*-1.0.19	1.0.20	June 29, 2026
carousel	carousel	89	Carousel Ultimate <= 1.8 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.8		June 29, 2026
bulk-watermark	bulk-watermark	91	Bulk Watermark <= 1.6.10 - Cross-Site Request Forgery	LOW	*-1.6.10		June 29, 2026
bulk-featured-image	bulk-featured-image	87	Bulk Featured Image <= 1.2.2 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.2.2		June 29, 2026
bugsnag	bugsnag	93	Error Monitoring by Bugsnag <= 1.6.3 - Cross-Site Request Forgery	LOW	*-1.6.3	1.6.4	June 29, 2026
buffer-my-post	buffer-my-post	91	WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule <= 2020.1.0 - Cross-Site Request Forgery	LOW	*-2020.1.0		June 29, 2026
boxed-content	boxed-content	91	Boxed Content <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
bonus-for-woo	bonus-for-woo	93	Bonus for Woo <= 7.6.6 - Insufficient Input Validation	LOW	*-7.6.6	7.6.7	June 29, 2026
biagiotti-core	biagiotti-core	93	Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.1.3	2.1.4	June 29, 2026
best-restaurant-menu-by-pricelisto	best-restaurant-menu-by-pricelisto	91	Best Restaurant Menu by PriceListo <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.3		June 29, 2026
bcm-duplicate-menu	bcm-duplicate-menu	91	BCM Duplicate Menu <= 1.1.2 - Cross-Site Request Forgery	LOW	*-1.1.2		June 29, 2026
auto-last-youtube-video	auto-last-youtube-video	91	Auto Last Youtube Video <= 1.0.7 - Cross-Site Request Forgery	LOW	*-1.0.7		June 29, 2026
authors-list	authors-list	91	Authors List <= 2.0.6.1 - Cross-Site Request Forgery	LOW	*-2.0.6.1		June 29, 2026
ari-fancy-lightbox	ari-fancy-lightbox	97	ARI Fancy Lightbox <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.0	1.4.1	June 29, 2026
aparat-shortcode	aparat-shortcode	95	Aparat Video Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.2.4		June 29, 2026
ap-honeypot	ap-honeypot	95	AP HoneyPot WordPress Plugin <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 29, 2026
aitasi-coming-soon	aitasi-coming-soon	95	Aitasi Coming Soon <= 2.0.2 - Authenticated (Administrator+) PHP Object Injection	LOW	*-2.0.2		June 29, 2026
ai-auto-tool	ai-auto-tool	95	Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One <= 2.2.6 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-2.2.6		June 29, 2026
add-to-feedly	add-to-feedly	95	Add to Feedly <= 1.2.11 - Cross-Site Request Forgery	LOW	*-1.2.11		June 29, 2026
add-fields-to-checkout-page-woocommerce	add-fields-to-checkout-page-woocommerce	95	Custom WooCommerce Checkout Fields Editor <= 1.3.4 - Cross-Site Request Forgery	LOW	*-1.3.4		June 29, 2026
wp-helpdesk-integration	wp-helpdesk-integration	N/A	WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion	LOW	*-5.8.10		June 29, 2026
quick-paypal-payments	quick-paypal-payments	N/A	Quick Paypal Payments <= 5.7.46 - Cross-Site Request Forgery	LOW	*-5.7.46	5.7.47	June 29, 2026
integromat-connector	integromat-connector	93	Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload	LOW	*-1.5.10	1.6.0	June 29, 2026
popad	popad	N/A	PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.4		June 29, 2026
spirit-framework	spirit-framework	N/A	Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-1.2.13		June 29, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress	ai-engine	82	Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion	LOW	*-2.9.5	2.9.6	June 29, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-2.4.6	2.4.7	June 29, 2026
wp-malware-removal	wp-malware-removal	N/A	Malcure Malware Scanner <= 16.8 - Missing Authorization	LOW	*-16.8	16.9	June 29, 2026
wp-imageflow2	wp-imageflow2	N/A	WP Flow Plus <= 5.2.5 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-5.2.5	5.2.6	June 29, 2026
wp-bannerize-pro	wp-bannerize-pro	N/A	WP Bannerize Pro <= 1.10.0 - Authenticated (Editor+) Server-Side Request Forgery	LOW	*-1.10.0	1.11.0	June 29, 2026
wp-abstracts-manuscripts-manager	wp-abstracts-manuscripts-manager	N/A	Abstracts <= 2.7.4 - Unauthenticated Local File Inclusion	LOW	*-2.7.4	2.7.5	June 29, 2026
tickera-event-ticketing-system	tickera-event-ticketing-system	N/A	Tickera <= 3.5.5.6 - Cross-Site Request Forgery	LOW	*-3.5.5.6	3.5.5.8	June 29, 2026
themeisle-companion	themeisle-companion	N/A	Orbit Fox by ThemeIsle <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0.0	3.0.1	June 29, 2026
surferseo	surferseo	N/A	Surfer <= 1.6.4.574 - Missing Authorization	LOW	*-1.6.4.574	1.6.5.584	June 29, 2026
support-genix-lite	support-genix-lite	N/A	Support Genix <= 1.4.23 - Missing Authorization	LOW	*-1.4.23	1.4.24	June 29, 2026
spirit-framework	spirit-framework	N/A	Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-1.2.13		June 29, 2026
simple-matomo-tracking-code	simple-matomo-tracking-code	N/A	Simple Matomo Tracking Code <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.0	1.1.1	June 29, 2026
rumbletalk-chat-a-chat-with-themes	rumbletalk-chat-a-chat-with-themes	N/A	RumbleTalk Live Group Chat <= 6.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.3.5	6.3.6	June 29, 2026
reepay-checkout-gateway	reepay-checkout-gateway	N/A	Frisbii Pay <= 1.8.2.1 - Missing Authorization	LOW	*-1.8.2.1	1.8.3	June 29, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 10.2.5 - Unauthenticated PHP Object Injection	LOW	*-10.2.5	10.2.6	June 29, 2026
puzzleme	puzzleme	N/A	PuzzleMe for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.0	1.2.1	June 29, 2026
propertyhive	propertyhive	N/A	PropertyHive <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.5	2.1.6	June 29, 2026
posts-data-table	posts-data-table	N/A	Posts Table with Search & Sort <= 1.4.10 - Missing Authorization	LOW	*-1.4.10	1.4.11	June 29, 2026
pie-calendar	pie-calendar	N/A	Pie Calendar <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.8	1.2.9	June 29, 2026
photoblocks-grid-gallery	photoblocks-grid-gallery	N/A	Gallery PhotoBlocks <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.1	1.3.2	June 29, 2026
peachpay-for-woocommerce	peachpay-for-woocommerce	N/A	PeachPay Payments <= 1.117.4 - Missing Authorization	LOW	*-1.117.4	1.117.5	June 29, 2026
pdf-for-wpforms	pdf-for-wpforms	N/A	PDF for WPForms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.2.1	6.3.0	June 29, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	paid-member-subscriptions	N/A	Paid Member Subscriptions <= 2.15.9 - Missing Authorization	LOW	*-2.15.9	2.16.0	June 29, 2026
order-delivery-date-for-woocommerce	order-delivery-date-for-woocommerce	N/A	Order Delivery Date for WooCommerce <= 4.1.0 - Missing Authorization	LOW	*-4.1.0	4.2.0	June 29, 2026
mobile-contact-line	mobile-contact-line	N/A	Mobile Contact Line <= 2.4.0 - Missing Authorization	LOW	*-2.4.0	2.4.1	June 29, 2026
mega-forms	mega-forms	93	Contact Form By Mega Forms <= 1.6.1 - Missing Authorization	LOW	*-1.6.1	1.6.2	June 29, 2026
mediapress	mediapress	93	MediaPress <= 1.5.9.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.5.9.1	1.6.0	June 29, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.6.15 - Missing Authorization	LOW	*-3.6.15	3.6.16	June 29, 2026
mailoptin	mailoptin	93	MailOptin <= 1.2.75.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.75.0	1.2.75.1	June 29, 2026
mail-mint	mail-mint	93	Mail Mint <= 1.18.5 - Authenticated (Administrator+) SQL Injection	LOW	*-1.18.5	1.18.6	June 29, 2026
ltl-freight-quotes-tql-edition	ltl-freight-quotes-tql-edition	93	LTL Freight Quotes - TQL Edition <= 1.2.6 - Authenticated (Administrator+) PHP Object Injection	LOW	*-1.2.6	1.2.7	June 29, 2026
ltl-freight-quotes-daylight-edition	ltl-freight-quotes-daylight-edition	93	LTL Freight Quotes – Daylight Edition <= 2.2.7 - Authenticated (Administrator+) PHP Object Injection	LOW	*-2.2.7	2.2.8	June 29, 2026
ltl-freight-quotes-day-ross-edition	ltl-freight-quotes-day-ross-edition	93	LTL Freight Quotes – Day & Ross Edition <= 2.1.11 - Authenticated (Administrator+) PHP Object Injection	LOW	*-2.1.11	2.1.12	June 29, 2026
latest-post-shortcode	latest-post-shortcode	93	Latest Post Shortcode <= 14.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-14.0.3	14.10	June 29, 2026
klarna-order-management-for-woocommerce	klarna-order-management-for-woocommerce	93	Klarna Order Management for WooCommerce <= 1.9.8 - Authenticated (Shop Manager+) Information Disclosure via Log Files	LOW	*-1.9.8	1.9.9	June 29, 2026
issuem	issuem	93	IssueM <= 2.9.0 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-2.9.0	2.9.1	June 29, 2026
inpost-gallery	inpost-gallery	93	InPost Gallery <= 2.1.4.5 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-2.1.4.5	2.1.4.6	June 29, 2026
immonex-kickstart	immonex-kickstart	93	immonex Kickstart <= 1.11.6 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.11.6	1.11.13	June 29, 2026
if-so	if-so	93	If-So Dynamic Content Personalization <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.4	1.9.4.1	June 29, 2026
f4-media-taxonomies	f4-media-taxonomies	93	F4 Media Taxonomies <= 1.1.4 - Missing Authorization	LOW	*-1.1.4	1.1.5	June 29, 2026
exitintentpopup	exitintentpopup	93	Exit Intent Popup <= 1.0.1 - Unauthenticated Server-Side Request Forgery	LOW	*-1.0.1	1.0.3	June 29, 2026
exchange-rates	exchange-rates	93	Exchange Rates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.5	1.3.0	June 29, 2026
event-feed-for-eventbrite	event-feed-for-eventbrite	93	Event Feed for Eventbrite <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.2	1.4.0	June 29, 2026
easy-timer	easy-timer	93	Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode	LOW	*-4.2.1	4.2.2	June 29, 2026
document-engine	document-engine	93	Document Engine <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2	1.3	June 29, 2026
delicious-recipes	delicious-recipes	93	WP Delicious <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.7	1.8.8	June 29, 2026
dadevarzan-common	dadevarzan-common	93	Dadevarzan WordPress Common <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.2	2.2.3	June 29, 2026

LOW

license-manager-for-woocommerce

Score: 93/100 License Manager for WooCommerce <= 3.0.12 - Authenticated (Administrator+) SQL Injection Affected: *-3.0.12 Patched: 3.0.13 Updated: June 29, 2026

LOW

lastudio-element-kit

Score: 93/100 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-1.5.5.1 Patched: 1.5.5.2 Updated: June 29, 2026

LOW

kiwi-social-share

Score: 91/100 Kiwi <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.8 Patched: Updated: June 29, 2026

LOW

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.61 - Authenticated (Job Poster+) Arbitrary Shortcode Execution Affected: *-2.1.61 Patched: Updated: June 29, 2026

LOW

jinshuju

Score: 91/100 金数据 <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

invelity-mygls-connect

Score: 91/100 Invelity MyGLS connect <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

instant-locations

Score: 91/100 Instant Locations <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

ibtana-ecommerce-product-addons

Score: 91/100 Ibtana – Ecommerce Product Addons <= 0.4.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.4.7.4 Patched: Updated: June 29, 2026

LOW

hide-real-download-path

Score: 91/100 Hide Real Download Path <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: Updated: June 29, 2026

LOW

gutentor

Score: 91/100 Gutentor <= 3.5.5 - Missing Authorization Affected: *-3.5.5 Patched: 3.5.6 Updated: June 29, 2026

LOW

gourl-bitcoin-payment-gateway-paid-downloads-membership

Score: 91/100 GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.6 Patched: Updated: June 29, 2026

LOW

get-cash

Score: 89/100 Get Cash <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.2 Patched: Updated: June 29, 2026

LOW

fw-anker

Score: 91/100 FW Anker <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: Updated: June 29, 2026

LOW

enable-latex

Score: 91/100 Enable Latex <= 1.2.16 - Cross-Site Request Forgery Affected: *-1.2.16 Patched: Updated: June 29, 2026

LOW

elex-woocommerce-google-product-feed-plugin-basic

Score: 93/100 ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction Affected: *-1.4.3 Patched: 1.4.4 Updated: June 29, 2026

LOW

ele-conditions

Score: 93/100 Elementor Element Condition <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: June 29, 2026

LOW

eds-responsive-menu

Score: 87/100 eDS Responsive Menu <= 1.2 - Authenticated (Administrator+) PHP Object Injection Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

ecommerce-product-carousel-slider-for-elementor

Score: 91/100 Product Carousel Slider for Elementor <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: Updated: June 29, 2026

LOW

easy-download-media-counter

Score: 91/100 Easy Download Media Counter <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

donation-forms-by-givecloud

Score: 93/100 Donation Forms WP by Givecloud <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.0.10 Updated: June 29, 2026

LOW

database-to-excel

Score: 91/100 Database to Excel <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

custom-team-manager

Score: 91/100 Custom Team Manager <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.2 Patched: Updated: June 29, 2026

LOW

course-booking-platform

Score: 91/100 Course Booking Platform <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

content-table

Score: 91/100 Table of content <= 1.5.3.1 - Cross-Site Request Forgery Affected: *-1.5.3.1 Patched: Updated: June 29, 2026

LOW

connect-daily-web-calendar

Score: 91/100 WordPress Events Calendar Plugin – connectDaily <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.4 Patched: Updated: June 29, 2026

LOW

compact-admin

Score: 91/100 Compact Admin <= 1.3.0 - Cross-Site Request Forgery Affected: *-1.3.0 Patched: Updated: June 29, 2026

LOW

comment-form-wp

Score: 91/100 Comment Form WP – Customize Default Comment Form <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: June 29, 2026

LOW

cloud-sso-single-sign-on

Score: 93/100 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action Affected: *-1.0.19 Patched: 1.0.20 Updated: June 29, 2026

LOW

cloud-sso-single-sign-on

Score: 93/100 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action Affected: *-1.0.19 Patched: 1.0.20 Updated: June 29, 2026

LOW

carousel

Score: 89/100 Carousel Ultimate <= 1.8 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: June 29, 2026

LOW

bulk-watermark

Score: 91/100 Bulk Watermark <= 1.6.10 - Cross-Site Request Forgery Affected: *-1.6.10 Patched: Updated: June 29, 2026

LOW

bulk-featured-image

Score: 87/100 Bulk Featured Image <= 1.2.2 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.2.2 Patched: Updated: June 29, 2026

LOW

bugsnag

Score: 93/100 Error Monitoring by Bugsnag <= 1.6.3 - Cross-Site Request Forgery Affected: *-1.6.3 Patched: 1.6.4 Updated: June 29, 2026

LOW

buffer-my-post

Score: 91/100 WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule <= 2020.1.0 - Cross-Site Request Forgery Affected: *-2020.1.0 Patched: Updated: June 29, 2026

LOW

boxed-content

Score: 91/100 Boxed Content <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

bonus-for-woo

Score: 93/100 Bonus for Woo <= 7.6.6 - Insufficient Input Validation Affected: *-7.6.6 Patched: 7.6.7 Updated: June 29, 2026

LOW

biagiotti-core

Score: 93/100 Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.3 Patched: 2.1.4 Updated: June 29, 2026

LOW

best-restaurant-menu-by-pricelisto

Score: 91/100 Best Restaurant Menu by PriceListo <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: June 29, 2026

LOW

bcm-duplicate-menu

Score: 91/100 BCM Duplicate Menu <= 1.1.2 - Cross-Site Request Forgery Affected: *-1.1.2 Patched: Updated: June 29, 2026

LOW

auto-last-youtube-video

Score: 91/100 Auto Last Youtube Video <= 1.0.7 - Cross-Site Request Forgery Affected: *-1.0.7 Patched: Updated: June 29, 2026

LOW

authors-list

Score: 91/100 Authors List <= 2.0.6.1 - Cross-Site Request Forgery Affected: *-2.0.6.1 Patched: Updated: June 29, 2026

LOW

ari-fancy-lightbox

Score: 97/100 ARI Fancy Lightbox <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.0 Patched: 1.4.1 Updated: June 29, 2026

LOW

aparat-shortcode

Score: 95/100 Aparat Video Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.4 Patched: Updated: June 29, 2026

LOW

ap-honeypot

Score: 95/100 AP HoneyPot WordPress Plugin <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

aitasi-coming-soon

Score: 95/100 Aitasi Coming Soon <= 2.0.2 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.0.2 Patched: Updated: June 29, 2026

LOW

ai-auto-tool

Score: 95/100 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One <= 2.2.6 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-2.2.6 Patched: Updated: June 29, 2026

LOW

add-to-feedly

Score: 95/100 Add to Feedly <= 1.2.11 - Cross-Site Request Forgery Affected: *-1.2.11 Patched: Updated: June 29, 2026

LOW

add-fields-to-checkout-page-woocommerce

Score: 95/100 Custom WooCommerce Checkout Fields Editor <= 1.3.4 - Cross-Site Request Forgery Affected: *-1.3.4 Patched: Updated: June 29, 2026

LOW

wp-helpdesk-integration

Score: N/A WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion Affected: *-5.8.10 Patched: Updated: June 29, 2026

LOW

quick-paypal-payments

Score: N/A Quick Paypal Payments <= 5.7.46 - Cross-Site Request Forgery Affected: *-5.7.46 Patched: 5.7.47 Updated: June 29, 2026

LOW

integromat-connector

Score: 93/100 Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-1.5.10 Patched: 1.6.0 Updated: June 29, 2026

LOW

popad

Score: N/A PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

spirit-framework

Score: N/A Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.2.13 Patched: Updated: June 29, 2026

LOW

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

Score: 82/100 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion Affected: *-2.9.5 Patched: 2.9.6 Updated: June 29, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.4.6 Patched: 2.4.7 Updated: June 29, 2026

LOW

wp-malware-removal

Score: N/A Malcure Malware Scanner <= 16.8 - Missing Authorization Affected: *-16.8 Patched: 16.9 Updated: June 29, 2026

LOW

wp-imageflow2

Score: N/A WP Flow Plus <= 5.2.5 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-5.2.5 Patched: 5.2.6 Updated: June 29, 2026

LOW

wp-bannerize-pro

Score: N/A WP Bannerize Pro <= 1.10.0 - Authenticated (Editor+) Server-Side Request Forgery Affected: *-1.10.0 Patched: 1.11.0 Updated: June 29, 2026

LOW

wp-abstracts-manuscripts-manager

Score: N/A Abstracts <= 2.7.4 - Unauthenticated Local File Inclusion Affected: *-2.7.4 Patched: 2.7.5 Updated: June 29, 2026

LOW

tickera-event-ticketing-system

Score: N/A Tickera <= 3.5.5.6 - Cross-Site Request Forgery Affected: *-3.5.5.6 Patched: 3.5.5.8 Updated: June 29, 2026

LOW

themeisle-companion

Score: N/A Orbit Fox by ThemeIsle <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.0 Patched: 3.0.1 Updated: June 29, 2026

LOW

surferseo

Score: N/A Surfer <= 1.6.4.574 - Missing Authorization Affected: *-1.6.4.574 Patched: 1.6.5.584 Updated: June 29, 2026

LOW

support-genix-lite

Score: N/A Support Genix <= 1.4.23 - Missing Authorization Affected: *-1.4.23 Patched: 1.4.24 Updated: June 29, 2026

LOW

spirit-framework

Score: N/A Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.2.13 Patched: Updated: June 29, 2026

LOW

simple-matomo-tracking-code

Score: N/A Simple Matomo Tracking Code <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: June 29, 2026

LOW

rumbletalk-chat-a-chat-with-themes

Score: N/A RumbleTalk Live Group Chat <= 6.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.3.5 Patched: 6.3.6 Updated: June 29, 2026

LOW

reepay-checkout-gateway

Score: N/A Frisbii Pay <= 1.8.2.1 - Missing Authorization Affected: *-1.8.2.1 Patched: 1.8.3 Updated: June 29, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 10.2.5 - Unauthenticated PHP Object Injection Affected: *-10.2.5 Patched: 10.2.6 Updated: June 29, 2026

LOW

puzzleme

Score: N/A PuzzleMe for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: June 29, 2026

LOW

propertyhive

Score: N/A PropertyHive <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: June 29, 2026

LOW

posts-data-table

Score: N/A Posts Table with Search & Sort <= 1.4.10 - Missing Authorization Affected: *-1.4.10 Patched: 1.4.11 Updated: June 29, 2026

LOW

pie-calendar

Score: N/A Pie Calendar <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: 1.2.9 Updated: June 29, 2026

LOW

photoblocks-grid-gallery

Score: N/A Gallery PhotoBlocks <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: June 29, 2026

LOW

peachpay-for-woocommerce

Score: N/A PeachPay Payments <= 1.117.4 - Missing Authorization Affected: *-1.117.4 Patched: 1.117.5 Updated: June 29, 2026

LOW

pdf-for-wpforms

Score: N/A PDF for WPForms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.2.1 Patched: 6.3.0 Updated: June 29, 2026

LOW

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Score: N/A Paid Member Subscriptions <= 2.15.9 - Missing Authorization Affected: *-2.15.9 Patched: 2.16.0 Updated: June 29, 2026

LOW

order-delivery-date-for-woocommerce

Score: N/A Order Delivery Date for WooCommerce <= 4.1.0 - Missing Authorization Affected: *-4.1.0 Patched: 4.2.0 Updated: June 29, 2026

LOW

mobile-contact-line

Score: N/A Mobile Contact Line <= 2.4.0 - Missing Authorization Affected: *-2.4.0 Patched: 2.4.1 Updated: June 29, 2026

LOW

mega-forms

Score: 93/100 Contact Form By Mega Forms <= 1.6.1 - Missing Authorization Affected: *-1.6.1 Patched: 1.6.2 Updated: June 29, 2026

LOW

mediapress

Score: 93/100 MediaPress <= 1.5.9.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.5.9.1 Patched: 1.6.0 Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.6.15 - Missing Authorization Affected: *-3.6.15 Patched: 3.6.16 Updated: June 29, 2026

LOW

mailoptin

Score: 93/100 MailOptin <= 1.2.75.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.75.0 Patched: 1.2.75.1 Updated: June 29, 2026

LOW

mail-mint

Score: 93/100 Mail Mint <= 1.18.5 - Authenticated (Administrator+) SQL Injection Affected: *-1.18.5 Patched: 1.18.6 Updated: June 29, 2026

LOW

ltl-freight-quotes-tql-edition

Score: 93/100 LTL Freight Quotes - TQL Edition <= 1.2.6 - Authenticated (Administrator+) PHP Object Injection Affected: *-1.2.6 Patched: 1.2.7 Updated: June 29, 2026

LOW

ltl-freight-quotes-daylight-edition

Score: 93/100 LTL Freight Quotes – Daylight Edition <= 2.2.7 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.2.7 Patched: 2.2.8 Updated: June 29, 2026

LOW

ltl-freight-quotes-day-ross-edition

Score: 93/100 LTL Freight Quotes – Day & Ross Edition <= 2.1.11 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.1.11 Patched: 2.1.12 Updated: June 29, 2026

LOW

latest-post-shortcode

Score: 93/100 Latest Post Shortcode <= 14.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-14.0.3 Patched: 14.10 Updated: June 29, 2026

LOW

klarna-order-management-for-woocommerce

Score: 93/100 Klarna Order Management for WooCommerce <= 1.9.8 - Authenticated (Shop Manager+) Information Disclosure via Log Files Affected: *-1.9.8 Patched: 1.9.9 Updated: June 29, 2026

LOW

issuem

Score: 93/100 IssueM <= 2.9.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.9.0 Patched: 2.9.1 Updated: June 29, 2026

LOW

inpost-gallery

Score: 93/100 InPost Gallery <= 2.1.4.5 - Authenticated (Subscriber+) Local File Inclusion Affected: *-2.1.4.5 Patched: 2.1.4.6 Updated: June 29, 2026

LOW

immonex-kickstart

Score: 93/100 immonex Kickstart <= 1.11.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.11.6 Patched: 1.11.13 Updated: June 29, 2026

LOW

if-so

Score: 93/100 If-So Dynamic Content Personalization <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.4 Patched: 1.9.4.1 Updated: June 29, 2026

LOW

f4-media-taxonomies

Score: 93/100 F4 Media Taxonomies <= 1.1.4 - Missing Authorization Affected: *-1.1.4 Patched: 1.1.5 Updated: June 29, 2026

LOW

exitintentpopup

Score: 93/100 Exit Intent Popup <= 1.0.1 - Unauthenticated Server-Side Request Forgery Affected: *-1.0.1 Patched: 1.0.3 Updated: June 29, 2026

LOW

exchange-rates

Score: 93/100 Exchange Rates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 1.3.0 Updated: June 29, 2026

LOW

event-feed-for-eventbrite

Score: 93/100 Event Feed for Eventbrite <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.4.0 Updated: June 29, 2026

LOW

easy-timer

Score: 93/100 Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode Affected: *-4.2.1 Patched: 4.2.2 Updated: June 29, 2026

LOW

document-engine

Score: 93/100 Document Engine <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: 1.3 Updated: June 29, 2026

LOW

delicious-recipes

Score: 93/100 WP Delicious <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.7 Patched: 1.8.8 Updated: June 29, 2026

LOW

dadevarzan-common

Score: 93/100 Dadevarzan WordPress Common <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: June 29, 2026

Showing 6601 to 6700 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 14:47 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List