Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
team-master team-master N/A Team Master <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.1.2 June 29, 2026
query-shortcode query-shortcode N/A Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute LOW *-0.2.1 June 29, 2026
mutual-funds-data mutual-funds-data N/A Mutual Funds Data <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute LOW *-1.2.1 June 29, 2026
single-mailchimp single-mailchimp N/A Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.4 June 29, 2026
post-category-gallery post-category-gallery N/A Post Categories Gallery <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.0.0 June 29, 2026
automatic-thumbnail automatic-thumbnail N/A Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.0 June 29, 2026
jquery-googleslides jquery-googleslides N/A jQuery googleslides <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.3 June 29, 2026
events-in-city events-in-city N/A Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-3.0 June 29, 2026
product-icon-badge product-icon-badge N/A NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF LOW *-1.2.4 June 29, 2026
near-login near-login N/A Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter LOW *-0.3.3 June 29, 2026
gostats-for-wordpress gostats-for-wordpress N/A GoStats for WordPress <= 1.4 - Cross-Site Request Forgery via gostats_manage() Function LOW *-1.4 June 29, 2026
ossdl-cdn-off-linker ossdl-cdn-off-linker N/A CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update LOW *-1.3.1 June 29, 2026
search-simple-fields search-simple-fields N/A Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update LOW *-0.2 June 29, 2026
auto-making-json-ld auto-making-json-ld N/A auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass LOW *-4.5.3 June 29, 2026
wp-autobuzz wp-autobuzz N/A WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter LOW *-1.1.1 June 29, 2026
wp-promoter wp-promoter N/A WP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX Action LOW *-1.3 June 29, 2026
wp-iframe-geo-style-for-amazon-affiliates wp-iframe-geo-style-for-amazon-affiliates N/A WP Iframe Geo Style for Amazon affiliates <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'adid' Shortcode Attribute LOW *-1.1 June 29, 2026
ip-vault-wp-firewall ip-vault-wp-firewall
91
 Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update LOW *-2.1 June 29, 2026
wp-dideo wp-dideo N/A Dideo <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.0 June 29, 2026
tuxquote tuxquote N/A Tuxquote <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.3 June 29, 2026
islamic-database islamic-database N/A Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.0 June 29, 2026
responsive-checker-real-time responsive-checker-real-time N/A Responsive Check <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-0.0.3 June 29, 2026
google-plus-name-link-popup-badge google-plus-name-link-popup-badge N/A Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.0 June 29, 2026
endless-scroll endless-scroll N/A Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] LOW *-1.0.0 June 29, 2026
gbi-to-print gbi-to-print N/A GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute LOW *-1.0 June 29, 2026
gntt-post-title-ticker gntt-post-title-ticker N/A GNTT Post Title Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes LOW *-1.0 June 29, 2026
cryptocurrency-prijsvergelijking-widget cryptocurrency-prijsvergelijking-widget N/A Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute LOW *-1.0 June 29, 2026
genzel-breadcrumbs genzel-breadcrumbs N/A Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page LOW *-1.2 June 29, 2026
old-posts-highlighter old-posts-highlighter N/A Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update LOW *-1.0.3 June 29, 2026
admin-chat-box admin-chat-box N/A Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-3.1.1 3.1.2 June 29, 2026
my-email-shortcode my-email-shortcode N/A My Email Shortcode <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] LOW *-0.91 June 29, 2026
faq-shortcode faq-shortcode N/A faq shortocde <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute LOW *-1.0 June 29, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin woolentor-addons N/A ShopLentor - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Product Grid 'blockUniqId' Block Attribute LOW *-3.3.8 3.3.9 June 29, 2026
cm-ad-changer cm-ad-changer
93
 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management LOW *-2.0.7 2.0.8 June 29, 2026
Yoast SEO – Advanced SEO with real-time guidance and built-in AI wordpress-seo
89
 Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter LOW *-26.5 26.6 June 29, 2026
animation-addons-for-elementor animation-addons-for-elementor
95
 Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget LOW *-2.6.3 2.6.4 June 29, 2026
Splide Carousel Block splide-carousel N/A Splide Carousel Block <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'url' Block Attribute LOW *-1.7.1 1.7.2 June 29, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin simply-schedule-appointments N/A Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service LOW *-1.6.11.5 1.6.11.7 June 29, 2026
analogwp-templates analogwp-templates
97
 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title LOW *-2.5.0 2.6.0 June 29, 2026
wooenvato wooenvato N/A Woocommerce Envato Affiliates <= 1.2.1 - Missing Authorization LOW *-1.2.1 June 29, 2026
weekly-class weekly-class N/A Events Schedule - WordPress Events Calendar <= 2.7.2 - Authenticated (Subscriber+) SQL Injection LOW *-2.7.2 June 29, 2026
unlimited-elements-for-elementor unlimited-elements-for-elementor N/A Unlimited Elements For Elementor <= 2.0.8 - Authenticated (Contributor+) SQL Injection LOW *-2.0.8 2.0.9 June 29, 2026
tour-booking-manager tour-booking-manager N/A Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution <= 2.1.5 - Missing Authorization LOW *-2.1.5 2.1.6 June 29, 2026
sweetdate-core sweetdate-core N/A SweetDate Core < 1.1.5 - Reflected Cross-Site Scripting LOW [*, 1.1.5) 1.1.5 June 29, 2026
sw_core sw_core N/A SW Core <= 1.7.18 - Authenticated (Contributor+) Local File Inclusion LOW *-1.7.18 June 29, 2026
sunshine-photo-cart sunshine-photo-cart N/A Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers <= 3.6.7 - Missing Authorization LOW *-3.6.7 3.6.8 June 29, 2026
service-booking-manager service-booking-manager N/A Appointment Booking Plugin for WooCommerce – WpBookingly | All-in-One Service Manager <= 1.2.9 - Missing Authorization LOW *-1.2.9 1.3.0 June 29, 2026
sepay-gateway sepay-gateway N/A SePay Gateway <= 1.1.20 - Unauthenticated Information Exposure LOW *-1.1.20 1.1.21 June 29, 2026
real-estate-listing-realtyna-wpl real-estate-listing-realtyna-wpl N/A Realtyna Organic IDX plugin + WPL Real Estate <= 5.1.0 - Unauthenticated SQL Injection LOW *-5.1.0 5.2.0 June 29, 2026
ppv-live-webcams ppv-live-webcams N/A Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.23 - Missing Authorization LOW *-7.3.23 7.3.24 June 29, 2026
modula-best-grid-gallery modula-best-grid-gallery N/A Modula Image Gallery – Photo Grid & Video Gallery <= 2.14.23 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.14.23 2.14.24 June 29, 2026
mayosis-core mayosis-core
91
 Mayosis Core <= 5.4.7 - Missing Authorization LOW *-5.4.7 June 29, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
 Event Booking Manager for WooCommerce <= 5.3.3 - Missing Authorization LOW *-5.3.3 5.3.4 June 29, 2026
LiteSpeed Cache litespeed-cache
69
 LiteSpeed Cache <= 7.7 - Unauthenticated Stored Cross-Site Scripting via QUIC.cloud CCSS/UCSS REST API Endpoints LOW *-7.7 7.8 June 29, 2026
kivicare-clinic-management-system kivicare-clinic-management-system
93
 KiviCare – Clinic & Patient Management System (EHR) <= 4.3.0 - Missing Authorization LOW *-4.3.0 4.4.0 June 29, 2026
gutenverse gutenverse
93
 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter LOW *-3.4.6 3.4.7 June 29, 2026
geo-mashup geo-mashup
93
 Geo Mashup <= 1.13.19 - Unauthenticated Stored Cross-Site Scripting LOW *-1.13.19 1.13.20 June 29, 2026
geo-mashup geo-mashup
93
 Geo Mashup <= 1.13.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.13.18 1.13.19 June 29, 2026
felan-framework felan-framework
87
 Felan Framework <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 June 29, 2026
ecab-taxi-booking-manager ecab-taxi-booking-manager
93
 E-cab Taxi Booking Manager for Woocommerce <= 2.0.1 - Missing Authorization LOW *-2.0.1 2.0.2 June 29, 2026
computer-repair-shop computer-repair-shop
93
 RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress <= 4.1121 - Missing Authorization LOW *-4.1121 4.1125 June 29, 2026
b-tiktok-feed b-tiktok-feed
93
 Feeds for TikTok – Display Video Feeds in Grid Layouts <= 1.0.24 - Missing Authorization LOW *-1.0.24 1.0.25 June 29, 2026
animation-addons-for-elementor animation-addons-for-elementor
95
 Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.3 2.6.4 June 29, 2026
animation-addons-for-elementor animation-addons-for-elementor
95
 Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.3 2.6.4 June 29, 2026
wp-auto-affiliate-links wp-auto-affiliate-links N/A Auto Affiliate Links <= 6.8.8.3 - Missing Authorization LOW *-6.8.8.3 6.8.9 June 29, 2026
videowhisper-live-streaming-integration videowhisper-live-streaming-integration N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP < 7.1.3 - Authenticated (Admin+) Remote Code Execution LOW [*, 7.1.3) 7.1.3 June 29, 2026
team team N/A Team Showcase <= 1.22.28 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.22.28 June 29, 2026
subscription subscription N/A Subscription & Recurring Payment for WooCommerce <= 1.9.1 - Cross-Site Request Forgery LOW *-1.9.1 1.9.2 June 29, 2026
sheets-to-wp-table-live-sync sheets-to-wp-table-live-sync N/A FlexTable – Data Table Sync with Google Sheets <= 3.24.0 - Missing Authorization LOW *-3.24.0 3.24.1 June 29, 2026
search-analytics search-analytics N/A Search Analytics for WP < 1.5.0 - Missing Authorization LOW [*, 1.5.0) 1.5.0 June 29, 2026
rsvp rsvp N/A RSVP and Event Management <= 2.7.16 - Missing Authorization LOW *-2.7.16 2.7.17 June 29, 2026
qr-redirector qr-redirector N/A QR Redirector <= 2.0.3 - Missing Authorization LOW *-2.0.3 2.0.4 June 29, 2026
organization-chart organization-chart N/A Organization chart <= 1.7.5 - Cross-Site Request Forgery LOW *-1.7.5 1.7.6 June 29, 2026
gamipress gamipress
93
 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.3 - Missing Authorization LOW *-7.6.3 7.6.4 June 29, 2026
export-wp-page-to-static-html export-wp-page-to-static-html
93
 Export WordPress Pages to Static HTML & PDF — Static Site Export <= 6.0.0 - Cross-Site Request Forgery LOW *-6.0.0 6.0.1 June 29, 2026
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
74
 EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Unauthenticated PHP Object Injection LOW *-4.3.2.1 4.3.2.2 June 29, 2026
currency-switcher currency-switcher
93
 WPCS – WordPress Currency Switcher Professional <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.3.1 1.3.2 June 29, 2026
cforms2 cforms2
93
 cformsII <= 15.1.3 - Cross-Site Request Forgery LOW *-15.1.3 15.1.4 June 29, 2026
b2bking-wholesale-for-woocommerce b2bking-wholesale-for-woocommerce
93
 B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More < 5.2.10 - Missing Authorization LOW [*, 5.2.10) 5.2.10 June 29, 2026
autoship-cloud autoship-cloud
91
 Autoship Cloud for WooCommerce Subscription Products <= 2.14.3 - Missing Authorization LOW *-2.14.3 2.14.4 June 29, 2026
quick-adsense-reloaded quick-adsense-reloaded N/A Quads Ads Manager for Google AdSense <= 3.0.2 - Missing Authorization LOW *-3.0.2 3.0.3 June 29, 2026
miniorange-otp-verification miniorange-otp-verification N/A miniOrange OTP Login, Verification and SMS Notifications <= 5.4.9 - Unauthenticated Privilege Escalation LOW *-5.4.9 5.5.0 June 29, 2026
masterstudy-lms-learning-management-system masterstudy-lms-learning-management-system
93
 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.29 - Authenticated (Subscriber+) SQL Injection LOW *-3.7.29 3.7.30 June 29, 2026
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
74
 EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-4.3.2.1 4.3.2.2 June 29, 2026
wp-job-portal wp-job-portal N/A WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated Stored Cross-Site Scripting LOW *-2.5.1 2.5.2 June 29, 2026
wp-job-portal wp-job-portal N/A WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated SQL Injection LOW *-2.5.1 2.5.2 June 29, 2026
propertyhive propertyhive N/A Property Hive <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting LOW *-2.2.2 2.2.3 June 29, 2026
wishlist-member-x wishlist-member-x
92
 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action LOW *-3.30.1 3.31.0 June 29, 2026
wishlist-member-x wishlist-member-x
92
 Wishlist Member <= 3.32.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action LOW *-3.32.0 3.32.1 June 29, 2026
wishlist-member-x wishlist-member-x
92
 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action LOW *-3.30.1 3.31.0 June 29, 2026
wishlist-member-x wishlist-member-x
92
 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action LOW *-3.30.1 3.31.0 June 29, 2026
WooCommerce PayPal Payments woocommerce-paypal-payments
92
 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure LOW *-4.0.1 4.0.2 June 29, 2026
audioigniter audioigniter N/A AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter LOW *-2.0.2 2.0.3 June 29, 2026
widget-context widget-context N/A Widget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' Parameter LOW *-1.3.3 1.4.0 June 29, 2026
vedrixa-forms-registration-builder vedrixa-forms-registration-builder N/A Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action LOW *-1.1.1 1.2.0 June 29, 2026
soliloquy-lite soliloquy-lite N/A Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint LOW *-2.8.1 2.8.2 June 29, 2026
MotoPress Hotel Booking motopress-hotel-booking-lite N/A MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action LOW *-6.0.1 6.0.2 June 29, 2026
fluent-crm fluent-crm
93
 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter LOW *-2.9.87 3.0.0 June 29, 2026
the-plus-addons-for-elementor-page-builder the-plus-addons-for-elementor-page-builder N/A The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes LOW *-6.4.11 6.4.12 June 29, 2026
ditty-news-ticker ditty-news-ticker
93
 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action LOW *-3.1.65 3.1.66 June 29, 2026
LOW

team-master

team-master

Score: N/A Team Master <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1.2 Patched: Updated: June 29, 2026
LOW

query-shortcode

query-shortcode

Score: N/A Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute Affected: *-0.2.1 Patched: Updated: June 29, 2026
LOW

mutual-funds-data

mutual-funds-data

Score: N/A Mutual Funds Data <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute Affected: *-1.2.1 Patched: Updated: June 29, 2026
LOW

single-mailchimp

single-mailchimp

Score: N/A Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.4 Patched: Updated: June 29, 2026
LOW

post-category-gallery

post-category-gallery

Score: N/A Post Categories Gallery <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.0 Patched: Updated: June 29, 2026
LOW

automatic-thumbnail

automatic-thumbnail

Score: N/A Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

jquery-googleslides

jquery-googleslides

Score: N/A jQuery googleslides <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.3 Patched: Updated: June 29, 2026
LOW

events-in-city

events-in-city

Score: N/A Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-3.0 Patched: Updated: June 29, 2026
LOW

product-icon-badge

product-icon-badge

Score: N/A NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF Affected: *-1.2.4 Patched: Updated: June 29, 2026
LOW

near-login

near-login

Score: N/A Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter Affected: *-0.3.3 Patched: Updated: June 29, 2026
LOW

gostats-for-wordpress

gostats-for-wordpress

Score: N/A GoStats for WordPress <= 1.4 - Cross-Site Request Forgery via gostats_manage() Function Affected: *-1.4 Patched: Updated: June 29, 2026
LOW

ossdl-cdn-off-linker

ossdl-cdn-off-linker

Score: N/A CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.3.1 Patched: Updated: June 29, 2026
LOW

search-simple-fields

search-simple-fields

Score: N/A Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-0.2 Patched: Updated: June 29, 2026
LOW

auto-making-json-ld

auto-making-json-ld

Score: N/A auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass Affected: *-4.5.3 Patched: Updated: June 29, 2026
LOW

wp-autobuzz

wp-autobuzz

Score: N/A WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter Affected: *-1.1.1 Patched: Updated: June 29, 2026
LOW

wp-promoter

wp-promoter

Score: N/A WP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX Action Affected: *-1.3 Patched: Updated: June 29, 2026
LOW

wp-iframe-geo-style-for-amazon-affiliates

wp-iframe-geo-style-for-amazon-affiliates

Score: N/A WP Iframe Geo Style for Amazon affiliates <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'adid' Shortcode Attribute Affected: *-1.1 Patched: Updated: June 29, 2026
LOW

ip-vault-wp-firewall

ip-vault-wp-firewall

Score: 91/100 Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update Affected: *-2.1 Patched: Updated: June 29, 2026
LOW

wp-dideo

wp-dideo

Score: N/A Dideo <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

tuxquote

tuxquote

Score: N/A Tuxquote <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.3 Patched: Updated: June 29, 2026
LOW

islamic-database

islamic-database

Score: N/A Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

responsive-checker-real-time

responsive-checker-real-time

Score: N/A Responsive Check <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.0.3 Patched: Updated: June 29, 2026
LOW

google-plus-name-link-popup-badge

google-plus-name-link-popup-badge

Score: N/A Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

endless-scroll

endless-scroll

Score: N/A Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] Affected: *-1.0.0 Patched: Updated: June 29, 2026
LOW

gbi-to-print

gbi-to-print

Score: N/A GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

gntt-post-title-ticker

gntt-post-title-ticker

Score: N/A GNTT Post Title Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

cryptocurrency-prijsvergelijking-widget

cryptocurrency-prijsvergelijking-widget

Score: N/A Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

genzel-breadcrumbs

genzel-breadcrumbs

Score: N/A Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page Affected: *-1.2 Patched: Updated: June 29, 2026
LOW

old-posts-highlighter

old-posts-highlighter

Score: N/A Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.3 Patched: Updated: June 29, 2026
LOW

admin-chat-box

admin-chat-box

Score: N/A Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-3.1.1 Patched: 3.1.2 Updated: June 29, 2026
LOW

my-email-shortcode

my-email-shortcode

Score: N/A My Email Shortcode <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] Affected: *-0.91 Patched: Updated: June 29, 2026
LOW

faq-shortcode

faq-shortcode

Score: N/A faq shortocde <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute Affected: *-1.0 Patched: Updated: June 29, 2026
LOW

cm-ad-changer

cm-ad-changer

Score: 93/100 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management Affected: *-2.0.7 Patched: 2.0.8 Updated: June 29, 2026
LOW

animation-addons-for-elementor

animation-addons-for-elementor

Score: 95/100 Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget Affected: *-2.6.3 Patched: 2.6.4 Updated: June 29, 2026
LOW

Splide Carousel Block

splide-carousel

Score: N/A Splide Carousel Block <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'url' Block Attribute Affected: *-1.7.1 Patched: 1.7.2 Updated: June 29, 2026
LOW

analogwp-templates

analogwp-templates

Score: 97/100 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title Affected: *-2.5.0 Patched: 2.6.0 Updated: June 29, 2026
LOW

wooenvato

wooenvato

Score: N/A Woocommerce Envato Affiliates <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: Updated: June 29, 2026
LOW

weekly-class

weekly-class

Score: N/A Events Schedule - WordPress Events Calendar <= 2.7.2 - Authenticated (Subscriber+) SQL Injection Affected: *-2.7.2 Patched: Updated: June 29, 2026
LOW

unlimited-elements-for-elementor

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor <= 2.0.8 - Authenticated (Contributor+) SQL Injection Affected: *-2.0.8 Patched: 2.0.9 Updated: June 29, 2026
LOW

tour-booking-manager

tour-booking-manager

Score: N/A Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution <= 2.1.5 - Missing Authorization Affected: *-2.1.5 Patched: 2.1.6 Updated: June 29, 2026
LOW

sweetdate-core

sweetdate-core

Score: N/A SweetDate Core < 1.1.5 - Reflected Cross-Site Scripting Affected: [*, 1.1.5) Patched: 1.1.5 Updated: June 29, 2026
LOW

sw_core

sw_core

Score: N/A SW Core <= 1.7.18 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.7.18 Patched: Updated: June 29, 2026
LOW

sunshine-photo-cart

sunshine-photo-cart

Score: N/A Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers <= 3.6.7 - Missing Authorization Affected: *-3.6.7 Patched: 3.6.8 Updated: June 29, 2026
LOW

service-booking-manager

service-booking-manager

Score: N/A Appointment Booking Plugin for WooCommerce – WpBookingly | All-in-One Service Manager <= 1.2.9 - Missing Authorization Affected: *-1.2.9 Patched: 1.3.0 Updated: June 29, 2026
LOW

sepay-gateway

sepay-gateway

Score: N/A SePay Gateway <= 1.1.20 - Unauthenticated Information Exposure Affected: *-1.1.20 Patched: 1.1.21 Updated: June 29, 2026
LOW

real-estate-listing-realtyna-wpl

real-estate-listing-realtyna-wpl

Score: N/A Realtyna Organic IDX plugin + WPL Real Estate <= 5.1.0 - Unauthenticated SQL Injection Affected: *-5.1.0 Patched: 5.2.0 Updated: June 29, 2026
LOW

ppv-live-webcams

ppv-live-webcams

Score: N/A Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.23 - Missing Authorization Affected: *-7.3.23 Patched: 7.3.24 Updated: June 29, 2026
LOW

modula-best-grid-gallery

modula-best-grid-gallery

Score: N/A Modula Image Gallery – Photo Grid & Video Gallery <= 2.14.23 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.14.23 Patched: 2.14.24 Updated: June 29, 2026
LOW

mayosis-core

mayosis-core

Score: 91/100 Mayosis Core <= 5.4.7 - Missing Authorization Affected: *-5.4.7 Patched: Updated: June 29, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 Event Booking Manager for WooCommerce <= 5.3.3 - Missing Authorization Affected: *-5.3.3 Patched: 5.3.4 Updated: June 29, 2026
LOW

LiteSpeed Cache

litespeed-cache

Score: 69/100 LiteSpeed Cache <= 7.7 - Unauthenticated Stored Cross-Site Scripting via QUIC.cloud CCSS/UCSS REST API Endpoints Affected: *-7.7 Patched: 7.8 Updated: June 29, 2026
LOW

kivicare-clinic-management-system

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 4.3.0 - Missing Authorization Affected: *-4.3.0 Patched: 4.4.0 Updated: June 29, 2026
LOW

gutenverse

gutenverse

Score: 93/100 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter Affected: *-3.4.6 Patched: 3.4.7 Updated: June 29, 2026
LOW

geo-mashup

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.19 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.13.19 Patched: 1.13.20 Updated: June 29, 2026
LOW

geo-mashup

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.13.18 Patched: 1.13.19 Updated: June 29, 2026
LOW

felan-framework

felan-framework

Score: 87/100 Felan Framework <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 29, 2026
LOW

ecab-taxi-booking-manager

ecab-taxi-booking-manager

Score: 93/100 E-cab Taxi Booking Manager for Woocommerce <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026
LOW

computer-repair-shop

computer-repair-shop

Score: 93/100 RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress <= 4.1121 - Missing Authorization Affected: *-4.1121 Patched: 4.1125 Updated: June 29, 2026
LOW

b-tiktok-feed

b-tiktok-feed

Score: 93/100 Feeds for TikTok – Display Video Feeds in Grid Layouts <= 1.0.24 - Missing Authorization Affected: *-1.0.24 Patched: 1.0.25 Updated: June 29, 2026
LOW

animation-addons-for-elementor

animation-addons-for-elementor

Score: 95/100 Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.3 Patched: 2.6.4 Updated: June 29, 2026
LOW

animation-addons-for-elementor

animation-addons-for-elementor

Score: 95/100 Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.3 Patched: 2.6.4 Updated: June 29, 2026
LOW

wp-auto-affiliate-links

wp-auto-affiliate-links

Score: N/A Auto Affiliate Links <= 6.8.8.3 - Missing Authorization Affected: *-6.8.8.3 Patched: 6.8.9 Updated: June 29, 2026
LOW

videowhisper-live-streaming-integration

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP < 7.1.3 - Authenticated (Admin+) Remote Code Execution Affected: [*, 7.1.3) Patched: 7.1.3 Updated: June 29, 2026
LOW

team

team

Score: N/A Team Showcase <= 1.22.28 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.22.28 Patched: Updated: June 29, 2026
LOW

subscription

subscription

Score: N/A Subscription & Recurring Payment for WooCommerce <= 1.9.1 - Cross-Site Request Forgery Affected: *-1.9.1 Patched: 1.9.2 Updated: June 29, 2026
LOW

sheets-to-wp-table-live-sync

sheets-to-wp-table-live-sync

Score: N/A FlexTable – Data Table Sync with Google Sheets <= 3.24.0 - Missing Authorization Affected: *-3.24.0 Patched: 3.24.1 Updated: June 29, 2026
LOW

search-analytics

search-analytics

Score: N/A Search Analytics for WP < 1.5.0 - Missing Authorization Affected: [*, 1.5.0) Patched: 1.5.0 Updated: June 29, 2026
LOW

rsvp

rsvp

Score: N/A RSVP and Event Management <= 2.7.16 - Missing Authorization Affected: *-2.7.16 Patched: 2.7.17 Updated: June 29, 2026
LOW

qr-redirector

qr-redirector

Score: N/A QR Redirector <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: 2.0.4 Updated: June 29, 2026
LOW

organization-chart

organization-chart

Score: N/A Organization chart <= 1.7.5 - Cross-Site Request Forgery Affected: *-1.7.5 Patched: 1.7.6 Updated: June 29, 2026
LOW

gamipress

gamipress

Score: 93/100 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.3 - Missing Authorization Affected: *-7.6.3 Patched: 7.6.4 Updated: June 29, 2026
LOW

export-wp-page-to-static-html

export-wp-page-to-static-html

Score: 93/100 Export WordPress Pages to Static HTML & PDF — Static Site Export <= 6.0.0 - Cross-Site Request Forgery Affected: *-6.0.0 Patched: 6.0.1 Updated: June 29, 2026
LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Unauthenticated PHP Object Injection Affected: *-4.3.2.1 Patched: 4.3.2.2 Updated: June 29, 2026
LOW

currency-switcher

currency-switcher

Score: 93/100 WPCS – WordPress Currency Switcher Professional <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: June 29, 2026
LOW

cforms2

cforms2

Score: 93/100 cformsII <= 15.1.3 - Cross-Site Request Forgery Affected: *-15.1.3 Patched: 15.1.4 Updated: June 29, 2026
LOW

b2bking-wholesale-for-woocommerce

b2bking-wholesale-for-woocommerce

Score: 93/100 B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More < 5.2.10 - Missing Authorization Affected: [*, 5.2.10) Patched: 5.2.10 Updated: June 29, 2026
LOW

autoship-cloud

autoship-cloud

Score: 91/100 Autoship Cloud for WooCommerce Subscription Products <= 2.14.3 - Missing Authorization Affected: *-2.14.3 Patched: 2.14.4 Updated: June 29, 2026
LOW

quick-adsense-reloaded

quick-adsense-reloaded

Score: N/A Quads Ads Manager for Google AdSense <= 3.0.2 - Missing Authorization Affected: *-3.0.2 Patched: 3.0.3 Updated: June 29, 2026
LOW

miniorange-otp-verification

miniorange-otp-verification

Score: N/A miniOrange OTP Login, Verification and SMS Notifications <= 5.4.9 - Unauthenticated Privilege Escalation Affected: *-5.4.9 Patched: 5.5.0 Updated: June 29, 2026
LOW

masterstudy-lms-learning-management-system

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.29 - Authenticated (Subscriber+) SQL Injection Affected: *-3.7.29 Patched: 3.7.30 Updated: June 29, 2026
LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.3.2.1 Patched: 4.3.2.2 Updated: June 29, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.5.1 Patched: 2.5.2 Updated: June 29, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated SQL Injection Affected: *-2.5.1 Patched: 2.5.2 Updated: June 29, 2026
LOW

propertyhive

propertyhive

Score: N/A Property Hive <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: June 29, 2026
LOW

wishlist-member-x

wishlist-member-x

Score: 92/100 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action Affected: *-3.30.1 Patched: 3.31.0 Updated: June 29, 2026
LOW

wishlist-member-x

wishlist-member-x

Score: 92/100 Wishlist Member <= 3.32.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action Affected: *-3.32.0 Patched: 3.32.1 Updated: June 29, 2026
LOW

wishlist-member-x

wishlist-member-x

Score: 92/100 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action Affected: *-3.30.1 Patched: 3.31.0 Updated: June 29, 2026
LOW

wishlist-member-x

wishlist-member-x

Score: 92/100 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action Affected: *-3.30.1 Patched: 3.31.0 Updated: June 29, 2026
LOW

WooCommerce PayPal Payments

woocommerce-paypal-payments

Score: 92/100 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure Affected: *-4.0.1 Patched: 4.0.2 Updated: June 29, 2026
LOW

audioigniter

audioigniter

Score: N/A AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026
LOW

widget-context

widget-context

Score: N/A Widget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' Parameter Affected: *-1.3.3 Patched: 1.4.0 Updated: June 29, 2026
LOW

vedrixa-forms-registration-builder

vedrixa-forms-registration-builder

Score: N/A Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action Affected: *-1.1.1 Patched: 1.2.0 Updated: June 29, 2026
LOW

soliloquy-lite

soliloquy-lite

Score: N/A Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint Affected: *-2.8.1 Patched: 2.8.2 Updated: June 29, 2026
LOW

MotoPress Hotel Booking

motopress-hotel-booking-lite

Score: N/A MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action Affected: *-6.0.1 Patched: 6.0.2 Updated: June 29, 2026
LOW

fluent-crm

fluent-crm

Score: 93/100 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter Affected: *-2.9.87 Patched: 3.0.0 Updated: June 29, 2026
LOW

the-plus-addons-for-elementor-page-builder

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes Affected: *-6.4.11 Patched: 6.4.12 Updated: June 29, 2026
LOW

ditty-news-ticker

ditty-news-ticker

Score: 93/100 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action Affected: *-3.1.65 Patched: 3.1.66 Updated: June 29, 2026

Showing 601 to 700 of 36189 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 00:01 UTC.