Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36194

Across tracked plugins

Affected Plugins

100

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.3	5.4.4	June 29, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting	LOW	*-2.9.2.1	2.9.3.1	June 29, 2026
aftership-woocommerce-tracking	aftership-woocommerce-tracking	97	AfterShip Tracking <= 1.17.17 - Missing Authorization	LOW	*-1.17.17	1.17.18	June 29, 2026
lazy-load-for-videos	lazy-load-for-videos	93	Lazy Load for Videos <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes	LOW	*-2.18.7	2.18.8	June 29, 2026
All-in-One WP Migration and Backup	all-in-one-wp-migration	94	All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import	LOW	*-7.97	7.98	June 29, 2026
SiteSEO – SEO Simplified	siteseo	94	SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression	LOW	*-1.2.7	1.2.8	June 29, 2026
zephyr-project-manager	zephyr-project-manager	N/A	Zephyr Project Manager <= 3.3.201 - Missing Authorization	LOW	*-3.3.201	3.3.202	June 29, 2026
yahoo-media-player	yahoo-media-player	N/A	Yahoo! WebPlayer <= 2.0.6 - Reflected Cross-Site Scripting	LOW	*-2.0.6		June 29, 2026
xmasb-quotes	xmasb-quotes	N/A	XmasB Quotes <= 1.6.1 - Reflected Cross-Site Scripting	LOW	*-1.6.1		June 29, 2026
woocommerce-payment-gateway-for-saferpay	woocommerce-payment-gateway-for-saferpay	N/A	WooCommerce Payment Gateway for Saferpay <= 0.4.9 - Unauthenticated Path Traversal	LOW	*-0.4.9		June 29, 2026
theme-blvd-widget-areas	theme-blvd-widget-areas	N/A	Theme Blvd Widget Areas <= 1.3.0 - Reflected Cross-Site Scripting	LOW	*-1.3.0		June 29, 2026
social-polls-by-opinionstage	social-polls-by-opinionstage	N/A	Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.11.0 - Unauthenticated Local File Inclusion	LOW	*-19.11.0	19.11.1	June 29, 2026
scw-seat-reservation	scw-seat-reservation	N/A	Advance Seat Reservation Management for WooCommerce <= 3.1 - Unauthenticated SQL Injection	LOW	*-3.1		June 29, 2026
parallax-section	parallax-section	N/A	Parallax Section block <= 1.0.9 - Missing Authorization	LOW	*-1.0.9	2.0.0	June 29, 2026
javo-core	javo-core	86	Javo Core <= 3.0.0.529 - Unauthenticated Arbitrary Content Deletion	LOW	*-3.0.0.529		June 29, 2026
info-cards	info-cards	93	Info Cards <= 1.0.11 - Missing Authorization	LOW	*-1.0.11	2.0.0	June 29, 2026
gutenify	gutenify	91	Gutenify <= 1.5.4 - Unauthenticated Local File Inclusion	LOW	*-1.5.4	1.5.5	June 29, 2026
extendons-eo-wooimport-export	extendons-eo-wooimport-export	93	WooCommerce csv import export <= 2.0.6 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-2.0.6	2.0.7	June 29, 2026
drag-and-drop-file-upload-for-elementor-forms	drag-and-drop-file-upload-for-elementor-forms	93	Drag and Drop File Upload for Elementor Forms <= 1.5.3 - Unauthenticated Arbitrary File Upload	LOW	*-1.5.3	1.5.4	June 29, 2026
chartbeat	chartbeat	91	Chartbeat <= 2.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-2.0.7		June 29, 2026
captcha-eu	captcha-eu	93	Captcha.eu <= 1.0.60 - Reflected Cross-Site Scripting	LOW	*-1.0.60	1.0.61	June 29, 2026
b-tiktok-feed	b-tiktok-feed	93	Tiktok Feed <= 1.0.21 - Missing Authorization	LOW	*-1.0.21	1.0.22	June 29, 2026
b-slider	b-slider	93	B Slider <= 1.1.30 - Missing Authorization	LOW	*-1.1.30	2.0.0	June 29, 2026
all-bootstrap-blocks	all-bootstrap-blocks	97	All Bootstrap Blocks <= 1.3.28 - Missing Authorization	LOW	*-1.3.28	1.3.29	June 29, 2026
age-restriction	age-restriction	93	Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Download	LOW	*-3.0.2		June 29, 2026
3d-image-gallery	3d-image-gallery	97	Image Gallery block – Create and display photo gallery/photo album. <= 1.0.7 - Missing Authorization	LOW	*-1.0.7	2.0.0	June 29, 2026
wp-automatic	wp-automatic	N/A	WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.118.0	3.119.0	June 29, 2026
eventlist	eventlist	93	Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-2.0.4	2.0.5	June 29, 2026
dokan-pro	dokan-pro	91	Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation	LOW	*-4.0.5	4.0.6	June 29, 2026
vibes	vibes	N/A	Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter	LOW	*-2.2.0	2.2.1	June 29, 2026
youtube-showcase	youtube-showcase	N/A	YouTube Showcase <= 3.5.1 - Unauthenticated PHP Object Injection	LOW	*-3.5.1	3.5.2	June 29, 2026
xm-backup	xm-backup	N/A	XM-Backup <= 0.9.1 - Cross-Site Request Forgery	LOW	*-0.9.1		June 29, 2026
wpavatar	wpavatar	N/A	WPAvatar <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.3		June 29, 2026
wp-ticket	wp-ticket	N/A	WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 - Unauthenticated PHP Object Injection	LOW	*-6.0.2	6.0.3	June 29, 2026
wp-table-editor	wp-table-editor	N/A	Table Editor <= 1.6.4 - Cross-Site Request Forgery	LOW	*-1.6.4		June 29, 2026
wp-easy-contact	wp-easy-contact	N/A	WP Easy Contact <= 4.0.1 - Unauthenticated PHP Object Injection	LOW	*-4.0.1	4.0.2	June 29, 2026
upc-ean-barcode-generator	upc-ean-barcode-generator	N/A	UPC/EAN/GTIN Code Generator <= 2.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-2.0.2	2.0.3	June 29, 2026
tripadvisor-shortcode	tripadvisor-shortcode	N/A	Tripadvisor Shortcode <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2		June 29, 2026
theme-switcher-reloaded	theme-switcher-reloaded	N/A	Theme Switcher Reloaded <= 1.1 - Reflected Cross-Site Scripting	LOW	*-1.1		June 29, 2026
seo-for-images	seo-for-images	N/A	SEO For Images <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 29, 2026
savyour-affiliate-partner	savyour-affiliate-partner	N/A	Savyour Affiliate Partner <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.1.4		June 29, 2026
responsive-mobile-friendly-tooltip	responsive-mobile-friendly-tooltip	N/A	Responsive Mobile-Friendly Tooltip <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.6		June 29, 2026
pro-watermark	pro-watermark	N/A	Pro Bulk Watermark Plugin for WordPress <= 2.0 - Authenticated (Subscriber+) Path Traversal	LOW	*-2.0		June 29, 2026
post-type-converter	post-type-converter	N/A	Post Type Converter <= 0.6 - Cross-Site Request Forgery	LOW	*-0.6		June 29, 2026
password-protect-page	password-protect-page	N/A	PPWP – Password Protect Pages <= 1.9.10 - Authenticated (Subscriber+) Content Exposure via REST API	LOW	*-1.9.10	1.9.11	June 29, 2026
page-manager-for-elementor	page-manager-for-elementor	N/A	Page Manager for Elementor <= 2.0.5 - Missing Authorization	LOW	*-2.0.5		June 29, 2026
nextgen-gallery-search-galleries	nextgen-gallery-search-galleries	N/A	NextGEN Gallery Search <= 2.12 - Reflected Cross-Site Scripting	LOW	*-2.12		June 29, 2026
newsletter-subscription-widget-for-sendblaster	newsletter-subscription-widget-for-sendblaster	N/A	Newsletter subscription optin module <= 1.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.2.9		June 29, 2026
link-view	link-view	89	Link View <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.8.0		June 29, 2026
invisible-optin	invisible-optin	91	Invisible Optin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
Goal Tracker for Patreon	goal-tracker-for-patreon	91	Goal Tracker for Patreon <= 0.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.4.6		June 29, 2026
gn-xml-sitemap	gn-xml-sitemap	91	Google XML News Sitemap plugin <= 0.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.02		June 29, 2026
exertio-framework	exertio-framework	91	Exertio Framework <= 1.3.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.3.3		June 29, 2026
employee-spotlight	employee-spotlight	93	Employee Spotlight <= 5.1.1 - Unauthenticated PHP Object Injection	LOW	*-5.1.1	5.1.2	June 29, 2026
employee-directory	employee-directory	91	Employee Directory – Staff Listing & Team Directory Plugin for WordPress <= 4.5.3 - Unauthenticated PHP Object Injection	LOW	*-4.5.3		June 29, 2026
ecab-taxi-booking-manager	ecab-taxi-booking-manager	93	Taxi Booking Manager for WooCommerce <= 1.3.0 - Missing Authorization	LOW	*-1.3.0	1.3.1	June 29, 2026
custom-html-bodyhead	custom-html-bodyhead	91	WordPress HTML <= 0.51 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.51		June 29, 2026
bidorbuystoreintegrator	bidorbuystoreintegrator	89	bidorbuy Store Integrator <= 2.12.0 - Authenticated (Admin+) Remote Code Execution	LOW	*-2.12.0		June 29, 2026
betpress	betpress	91	BetPress <= 1.0.1 Lite - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	* - 1.0.1 Lite		June 29, 2026
add-code-to-head	add-code-to-head	97	Add Code To Head <= 1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.17	1.23	June 29, 2026
custom-query-shortcode	custom-query-shortcode	93	Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter	LOW	*-0.4.0	0.5.0	June 29, 2026
wp-last-modified-info	wp-last-modified-info	N/A	WP Last Modified Info <= 1.9.4 - Authenticated (Contributor+) Remote Code Execution	LOW	*-1.9.4	1.9.5	June 29, 2026
off-canvas-sidebars	off-canvas-sidebars	N/A	Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.5 - Cross-Site Request Forgery	LOW	*-0.5.8.5	0.5.9	June 29, 2026
sastra-essential-addons-for-elementor	sastra-essential-addons-for-elementor	N/A	Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget	LOW	*-1.0.23	1.0.24	June 29, 2026
ultimate-twitter-profile-widget	ultimate-twitter-profile-widget	N/A	Ultimate twitter profile widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
pdf-for-wpforms	pdf-for-wpforms	N/A	PDF for WPForms <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
pdf-for-woocommerce	pdf-for-woocommerce	N/A	PDF Invoice Builder for WooCommerce <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
pdf-for-gravity-forms	pdf-for-gravity-forms	N/A	PDF for Gravity Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
pdf-for-contact-form-7	pdf-for-contact-form-7	N/A	PDF for Contact Form 7 <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
miniorange-2-factor-authentication	miniorange-2-factor-authentication	N/A	miniOrange's Google Authenticator <= 6.1.1 - Missing Authorization	LOW	*-6.1.1	6.1.2	June 29, 2026
mesa-mesa-reservation-widget	mesa-mesa-reservation-widget	N/A	Mesa Mesa Reservation Widget <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
global-dns	global-dns	93	Global DNS <= 3.1.0 - Unauthenticated Remote Code Execution	LOW	*-3.1.0	3.1.1	June 29, 2026
duoshuo	duoshuo	89	多说社会化评论框 <= 1.2 - Cross-Site Request Forgery to Settings Update	LOW	*-1.2		June 29, 2026
doliconnect	doliconnect	93	Doliconnect <= 9.3.2 - Reflected Cross-Site Scripting	LOW	*-9.3.2	9.4.2	June 29, 2026
baidushare-wp	baidushare-wp	91	百度分享按钮 <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.6		June 29, 2026
ai-image-alt-text-generator-for-wp	ai-image-alt-text-generator-for-wp	95	Ai Image Alt Text Generator for WP <= 1.1.5 - Missing Authorization	LOW	*-1.1.5	1.1.6	June 29, 2026
bravis-user	bravis-user	93	Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover	LOW	[*, 1.0.2)	1.0.2	June 29, 2026
case-theme-user	case-theme-user	93	Case Theme User <= 1.0.3 - Authentication Bypass via Social Login	LOW	*-1.0.3	1.0.4	June 29, 2026
wp-event-solution	wp-event-solution	N/A	Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery	LOW	*-4.0.37	4.0.38	June 29, 2026
wp-filter-combine-rss-feeds	wp-filter-combine-rss-feeds	N/A	WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion	LOW	*-0.4		June 29, 2026
restore-permanently-delete-post-or-page-data	restore-permanently-delete-post-or-page-data	N/A	Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
external-rss-reader	external-rss-reader	87	Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion	LOW	*-0.6		June 29, 2026
sertifier-certificates-open-badges	sertifier-certificates-open-badges	N/A	Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update	LOW	*-1.19	1.20	June 29, 2026
ws-theme-addons	ws-theme-addons	95	WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode	LOW	*-2.0.0		June 29, 2026
ogulo-360-tour	ogulo-360-tour	N/A	Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter	LOW	*-1.0.11	1.0.13	June 29, 2026
ni-woocommerce-customer-product-report	ni-woocommerce-customer-product-report	N/A	Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-1.2.4		June 29, 2026
wc-plus	wc-plus	N/A	WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation	LOW	*-1.2.0		June 29, 2026
shortcodehub	shortcodehub	N/A	ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter	LOW	*-1.7.1		June 29, 2026
wptobe-memberships	wptobe-memberships	N/A	Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-3.4.2		June 29, 2026
simpler-checkout	simpler-checkout	N/A	Simpler Checkout 0.7.0 - 1.1.13 - Authentication Bypass	LOW	0.7.0-1.1.13	1.2.0	June 29, 2026
wppizza	wppizza	N/A	WPPizza <= 3.19.8 - Missing Authorization	LOW	*-3.19.8	3.19.8.1	June 29, 2026
wp-admin-theme	wp-admin-theme	N/A	WP Admin Theme <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
tlitl-auto-twitter-poster	tlitl-auto-twitter-poster	N/A	tli.tl auto Twitter poster <= 3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.4		June 29, 2026
statify-widget	statify-widget	N/A	Statify Widget <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.6	1.4.7	June 29, 2026
simple-feed-stats	simple-feed-stats	N/A	Simple Statistics for Feeds <= 20250322 - Cross-Site Request Forgery	LOW	*-20250322	20250820	June 29, 2026
sessions	sessions	N/A	Sessions <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.0	3.2.1	June 29, 2026
recurring-donation	recurring-donation	N/A	Recurring PayPal Donations <= 1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.8	1.9	June 29, 2026
premmerce-woocommerce-brands	premmerce-woocommerce-brands	N/A	Premmerce Brands for WooCommerce <= 1.2.13 - Cross-Site Request Forgery	LOW	*-1.2.13	1.2.14	June 29, 2026
pdf-for-elementor-forms	pdf-for-elementor-forms	N/A	PDF for Elementor Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
jquery-colorbox	jquery-colorbox	91	jQuery Colorbox <= 4.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.6.3		June 29, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.3 Patched: 5.4.4 Updated: June 29, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting Affected: *-2.9.2.1 Patched: 2.9.3.1 Updated: June 29, 2026

LOW

aftership-woocommerce-tracking

Score: 97/100 AfterShip Tracking <= 1.17.17 - Missing Authorization Affected: *-1.17.17 Patched: 1.17.18 Updated: June 29, 2026

LOW

Score: 93/100 Lazy Load for Videos <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes Affected: *-2.18.7 Patched: 2.18.8 Updated: June 29, 2026

LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import Affected: *-7.97 Patched: 7.98 Updated: June 29, 2026

LOW

SiteSEO – SEO Simplified

siteseo

Score: 94/100 SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression Affected: *-1.2.7 Patched: 1.2.8 Updated: June 29, 2026

LOW

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.3.201 - Missing Authorization Affected: *-3.3.201 Patched: 3.3.202 Updated: June 29, 2026

LOW

yahoo-media-player

Score: N/A Yahoo! WebPlayer <= 2.0.6 - Reflected Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: June 29, 2026

LOW

xmasb-quotes

Score: N/A XmasB Quotes <= 1.6.1 - Reflected Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: June 29, 2026

LOW

woocommerce-payment-gateway-for-saferpay

Score: N/A WooCommerce Payment Gateway for Saferpay <= 0.4.9 - Unauthenticated Path Traversal Affected: *-0.4.9 Patched: Updated: June 29, 2026

LOW

theme-blvd-widget-areas

Score: N/A Theme Blvd Widget Areas <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: June 29, 2026

LOW

social-polls-by-opinionstage

Score: N/A Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.11.0 - Unauthenticated Local File Inclusion Affected: *-19.11.0 Patched: 19.11.1 Updated: June 29, 2026

LOW

scw-seat-reservation

Score: N/A Advance Seat Reservation Management for WooCommerce <= 3.1 - Unauthenticated SQL Injection Affected: *-3.1 Patched: Updated: June 29, 2026

LOW

parallax-section

Score: N/A Parallax Section block <= 1.0.9 - Missing Authorization Affected: *-1.0.9 Patched: 2.0.0 Updated: June 29, 2026

LOW

javo-core

Score: 86/100 Javo Core <= 3.0.0.529 - Unauthenticated Arbitrary Content Deletion Affected: *-3.0.0.529 Patched: Updated: June 29, 2026

LOW

info-cards

Score: 93/100 Info Cards <= 1.0.11 - Missing Authorization Affected: *-1.0.11 Patched: 2.0.0 Updated: June 29, 2026

LOW

gutenify

Score: 91/100 Gutenify <= 1.5.4 - Unauthenticated Local File Inclusion Affected: *-1.5.4 Patched: 1.5.5 Updated: June 29, 2026

LOW

extendons-eo-wooimport-export

Score: 93/100 WooCommerce csv import export <= 2.0.6 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-2.0.6 Patched: 2.0.7 Updated: June 29, 2026

LOW

drag-and-drop-file-upload-for-elementor-forms

Score: 93/100 Drag and Drop File Upload for Elementor Forms <= 1.5.3 - Unauthenticated Arbitrary File Upload Affected: *-1.5.3 Patched: 1.5.4 Updated: June 29, 2026

LOW

chartbeat

Score: 91/100 Chartbeat <= 2.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-2.0.7 Patched: Updated: June 29, 2026

LOW

captcha-eu

Score: 93/100 Captcha.eu <= 1.0.60 - Reflected Cross-Site Scripting Affected: *-1.0.60 Patched: 1.0.61 Updated: June 29, 2026

LOW

b-tiktok-feed

Score: 93/100 Tiktok Feed <= 1.0.21 - Missing Authorization Affected: *-1.0.21 Patched: 1.0.22 Updated: June 29, 2026

LOW

b-slider

Score: 93/100 B Slider <= 1.1.30 - Missing Authorization Affected: *-1.1.30 Patched: 2.0.0 Updated: June 29, 2026

LOW

all-bootstrap-blocks

Score: 97/100 All Bootstrap Blocks <= 1.3.28 - Missing Authorization Affected: *-1.3.28 Patched: 1.3.29 Updated: June 29, 2026

LOW

age-restriction

Score: 93/100 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Download Affected: *-3.0.2 Patched: Updated: June 29, 2026

LOW

3d-image-gallery

Score: 97/100 Image Gallery block – Create and display photo gallery/photo album. <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 2.0.0 Updated: June 29, 2026

LOW

wp-automatic

Score: N/A WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.118.0 Patched: 3.119.0 Updated: June 29, 2026

LOW

eventlist

Score: 93/100 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.0.4 Patched: 2.0.5 Updated: June 29, 2026

LOW

dokan-pro

Score: 91/100 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation Affected: *-4.0.5 Patched: 4.0.6 Updated: June 29, 2026

LOW

vibes

Score: N/A Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter Affected: *-2.2.0 Patched: 2.2.1 Updated: June 29, 2026

LOW

youtube-showcase

Score: N/A YouTube Showcase <= 3.5.1 - Unauthenticated PHP Object Injection Affected: *-3.5.1 Patched: 3.5.2 Updated: June 29, 2026

LOW

xm-backup

Score: N/A XM-Backup <= 0.9.1 - Cross-Site Request Forgery Affected: *-0.9.1 Patched: Updated: June 29, 2026

LOW

wpavatar

Score: N/A WPAvatar <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.3 Patched: Updated: June 29, 2026

LOW

wp-ticket

Score: N/A WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 - Unauthenticated PHP Object Injection Affected: *-6.0.2 Patched: 6.0.3 Updated: June 29, 2026

LOW

wp-table-editor

Score: N/A Table Editor <= 1.6.4 - Cross-Site Request Forgery Affected: *-1.6.4 Patched: Updated: June 29, 2026

LOW

wp-easy-contact

Score: N/A WP Easy Contact <= 4.0.1 - Unauthenticated PHP Object Injection Affected: *-4.0.1 Patched: 4.0.2 Updated: June 29, 2026

LOW

upc-ean-barcode-generator

Score: N/A UPC/EAN/GTIN Code Generator <= 2.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026

LOW

tripadvisor-shortcode

Score: N/A Tripadvisor Shortcode <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: June 29, 2026

LOW

theme-switcher-reloaded

Score: N/A Theme Switcher Reloaded <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

seo-for-images

Score: N/A SEO For Images <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

savyour-affiliate-partner

Score: N/A Savyour Affiliate Partner <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.4 Patched: Updated: June 29, 2026

LOW

responsive-mobile-friendly-tooltip

Score: N/A Responsive Mobile-Friendly Tooltip <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.6 Patched: Updated: June 29, 2026

LOW

pro-watermark

Score: N/A Pro Bulk Watermark Plugin for WordPress <= 2.0 - Authenticated (Subscriber+) Path Traversal Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

post-type-converter

Score: N/A Post Type Converter <= 0.6 - Cross-Site Request Forgery Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

password-protect-page

Score: N/A PPWP – Password Protect Pages <= 1.9.10 - Authenticated (Subscriber+) Content Exposure via REST API Affected: *-1.9.10 Patched: 1.9.11 Updated: June 29, 2026

LOW

page-manager-for-elementor

Score: N/A Page Manager for Elementor <= 2.0.5 - Missing Authorization Affected: *-2.0.5 Patched: Updated: June 29, 2026

LOW

nextgen-gallery-search-galleries

Score: N/A NextGEN Gallery Search <= 2.12 - Reflected Cross-Site Scripting Affected: *-2.12 Patched: Updated: June 29, 2026

LOW

newsletter-subscription-widget-for-sendblaster

Score: N/A Newsletter subscription optin module <= 1.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.9 Patched: Updated: June 29, 2026

LOW

link-view

Score: 89/100 Link View <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.8.0 Patched: Updated: June 29, 2026

LOW

invisible-optin

Score: 91/100 Invisible Optin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

Goal Tracker for Patreon

goal-tracker-for-patreon

Score: 91/100 Goal Tracker for Patreon <= 0.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.4.6 Patched: Updated: June 29, 2026

LOW

gn-xml-sitemap

Score: 91/100 Google XML News Sitemap plugin <= 0.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.02 Patched: Updated: June 29, 2026

LOW

exertio-framework

Score: 91/100 Exertio Framework <= 1.3.3 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.3 Patched: Updated: June 29, 2026

LOW

employee-spotlight

Score: 93/100 Employee Spotlight <= 5.1.1 - Unauthenticated PHP Object Injection Affected: *-5.1.1 Patched: 5.1.2 Updated: June 29, 2026

LOW

employee-directory

Score: 91/100 Employee Directory – Staff Listing & Team Directory Plugin for WordPress <= 4.5.3 - Unauthenticated PHP Object Injection Affected: *-4.5.3 Patched: Updated: June 29, 2026

LOW

ecab-taxi-booking-manager

Score: 93/100 Taxi Booking Manager for WooCommerce <= 1.3.0 - Missing Authorization Affected: *-1.3.0 Patched: 1.3.1 Updated: June 29, 2026

LOW

custom-html-bodyhead

Score: 91/100 WordPress HTML <= 0.51 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.51 Patched: Updated: June 29, 2026

LOW

bidorbuystoreintegrator

Score: 89/100 bidorbuy Store Integrator <= 2.12.0 - Authenticated (Admin+) Remote Code Execution Affected: *-2.12.0 Patched: Updated: June 29, 2026

LOW

betpress

Score: 91/100 BetPress <= 1.0.1 Lite - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: * - 1.0.1 Lite Patched: Updated: June 29, 2026

LOW

add-code-to-head

Score: 97/100 Add Code To Head <= 1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.17 Patched: 1.23 Updated: June 29, 2026

LOW

custom-query-shortcode

Score: 93/100 Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter Affected: *-0.4.0 Patched: 0.5.0 Updated: June 29, 2026

LOW

wp-last-modified-info

Score: N/A WP Last Modified Info <= 1.9.4 - Authenticated (Contributor+) Remote Code Execution Affected: *-1.9.4 Patched: 1.9.5 Updated: June 29, 2026

LOW

off-canvas-sidebars

Score: N/A Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.5 - Cross-Site Request Forgery Affected: *-0.5.8.5 Patched: 0.5.9 Updated: June 29, 2026

LOW

sastra-essential-addons-for-elementor

Score: N/A Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Affected: *-1.0.23 Patched: 1.0.24 Updated: June 29, 2026

LOW

ultimate-twitter-profile-widget

Score: N/A Ultimate twitter profile widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

pdf-for-wpforms

Score: N/A PDF for WPForms <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

pdf-for-woocommerce

Score: N/A PDF Invoice Builder for WooCommerce <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

pdf-for-gravity-forms

Score: N/A PDF for Gravity Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

pdf-for-contact-form-7

Score: N/A PDF for Contact Form 7 <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

miniorange-2-factor-authentication

Score: N/A miniOrange's Google Authenticator <= 6.1.1 - Missing Authorization Affected: *-6.1.1 Patched: 6.1.2 Updated: June 29, 2026

LOW

mesa-mesa-reservation-widget

Score: N/A Mesa Mesa Reservation Widget <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

global-dns

Score: 93/100 Global DNS <= 3.1.0 - Unauthenticated Remote Code Execution Affected: *-3.1.0 Patched: 3.1.1 Updated: June 29, 2026

LOW

duoshuo

Score: 89/100 多说社会化评论框 <= 1.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

doliconnect

Score: 93/100 Doliconnect <= 9.3.2 - Reflected Cross-Site Scripting Affected: *-9.3.2 Patched: 9.4.2 Updated: June 29, 2026

LOW

baidushare-wp

Score: 91/100 百度分享按钮 <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

ai-image-alt-text-generator-for-wp

Score: 95/100 Ai Image Alt Text Generator for WP <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026

LOW

bravis-user

Score: 93/100 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 29, 2026

LOW

case-theme-user

Score: 93/100 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login Affected: *-1.0.3 Patched: 1.0.4 Updated: June 29, 2026

LOW

wp-event-solution

Score: N/A Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery Affected: *-4.0.37 Patched: 4.0.38 Updated: June 29, 2026

LOW

wp-filter-combine-rss-feeds

Score: N/A WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion Affected: *-0.4 Patched: Updated: June 29, 2026

LOW

restore-permanently-delete-post-or-page-data

Score: N/A Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

external-rss-reader

Score: 87/100 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

sertifier-certificates-open-badges

Score: N/A Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update Affected: *-1.19 Patched: 1.20 Updated: June 29, 2026

LOW

ws-theme-addons

Score: 95/100 WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode Affected: *-2.0.0 Patched: Updated: June 29, 2026

LOW

ogulo-360-tour

Score: N/A Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter Affected: *-1.0.11 Patched: 1.0.13 Updated: June 29, 2026

LOW

ni-woocommerce-customer-product-report

Score: N/A Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.2.4 Patched: Updated: June 29, 2026

LOW

wc-plus

Score: N/A WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

shortcodehub

Score: N/A ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter Affected: *-1.7.1 Patched: Updated: June 29, 2026

LOW

wptobe-memberships

Score: N/A Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-3.4.2 Patched: Updated: June 29, 2026

LOW

simpler-checkout

Score: N/A Simpler Checkout 0.7.0 - 1.1.13 - Authentication Bypass Affected: 0.7.0-1.1.13 Patched: 1.2.0 Updated: June 29, 2026

LOW

wppizza

Score: N/A WPPizza <= 3.19.8 - Missing Authorization Affected: *-3.19.8 Patched: 3.19.8.1 Updated: June 29, 2026

LOW

wp-admin-theme

Score: N/A WP Admin Theme <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

tlitl-auto-twitter-poster

Score: N/A tli.tl auto Twitter poster <= 3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.4 Patched: Updated: June 29, 2026

LOW

statify-widget

Score: N/A Statify Widget <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: June 29, 2026

LOW

simple-feed-stats

Score: N/A Simple Statistics for Feeds <= 20250322 - Cross-Site Request Forgery Affected: *-20250322 Patched: 20250820 Updated: June 29, 2026

LOW

sessions

Score: N/A Sessions <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: June 29, 2026

LOW

recurring-donation

Score: N/A Recurring PayPal Donations <= 1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

premmerce-woocommerce-brands

Score: N/A Premmerce Brands for WooCommerce <= 1.2.13 - Cross-Site Request Forgery Affected: *-1.2.13 Patched: 1.2.14 Updated: June 29, 2026

LOW

pdf-for-elementor-forms

Score: N/A PDF for Elementor Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

jquery-colorbox

Score: 91/100 jQuery Colorbox <= 4.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.6.3 Patched: Updated: June 29, 2026

Showing 6801 to 6900 of 36194 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 17:28 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List