Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36231

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
sastra-essential-addons-for-elementor	sastra-essential-addons-for-elementor	N/A	Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget	LOW	*-1.0.23	1.0.24	June 29, 2026
ultimate-twitter-profile-widget	ultimate-twitter-profile-widget	N/A	Ultimate twitter profile widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
pdf-for-wpforms	pdf-for-wpforms	N/A	PDF for WPForms <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
pdf-for-woocommerce	pdf-for-woocommerce	N/A	PDF Invoice Builder for WooCommerce <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
pdf-for-gravity-forms	pdf-for-gravity-forms	N/A	PDF for Gravity Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
pdf-for-contact-form-7	pdf-for-contact-form-7	N/A	PDF for Contact Form 7 <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
miniorange-2-factor-authentication	miniorange-2-factor-authentication	N/A	miniOrange's Google Authenticator <= 6.1.1 - Missing Authorization	LOW	*-6.1.1	6.1.2	June 29, 2026
mesa-mesa-reservation-widget	mesa-mesa-reservation-widget	N/A	Mesa Mesa Reservation Widget <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
global-dns	global-dns	93	Global DNS <= 3.1.0 - Unauthenticated Remote Code Execution	LOW	*-3.1.0	3.1.1	June 29, 2026
duoshuo	duoshuo	89	多说社会化评论框 <= 1.2 - Cross-Site Request Forgery to Settings Update	LOW	*-1.2		June 29, 2026
doliconnect	doliconnect	93	Doliconnect <= 9.3.2 - Reflected Cross-Site Scripting	LOW	*-9.3.2	9.4.2	June 29, 2026
baidushare-wp	baidushare-wp	91	百度分享按钮 <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.6		June 29, 2026
ai-image-alt-text-generator-for-wp	ai-image-alt-text-generator-for-wp	95	Ai Image Alt Text Generator for WP <= 1.1.5 - Missing Authorization	LOW	*-1.1.5	1.1.6	June 29, 2026
bravis-user	bravis-user	93	Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover	LOW	[*, 1.0.2)	1.0.2	June 29, 2026
case-theme-user	case-theme-user	93	Case Theme User <= 1.0.3 - Authentication Bypass via Social Login	LOW	*-1.0.3	1.0.4	June 29, 2026
wp-event-solution	wp-event-solution	N/A	Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery	LOW	*-4.0.37	4.0.38	June 29, 2026
wp-filter-combine-rss-feeds	wp-filter-combine-rss-feeds	N/A	WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion	LOW	*-0.4		June 29, 2026
restore-permanently-delete-post-or-page-data	restore-permanently-delete-post-or-page-data	N/A	Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 29, 2026
external-rss-reader	external-rss-reader	87	Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion	LOW	*-0.6		June 29, 2026
sertifier-certificates-open-badges	sertifier-certificates-open-badges	N/A	Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update	LOW	*-1.19	1.20	June 29, 2026
ws-theme-addons	ws-theme-addons	95	WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode	LOW	*-2.0.0		June 29, 2026
ogulo-360-tour	ogulo-360-tour	N/A	Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter	LOW	*-1.0.11	1.0.13	June 29, 2026
ni-woocommerce-customer-product-report	ni-woocommerce-customer-product-report	N/A	Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-1.2.4		June 29, 2026
wc-plus	wc-plus	N/A	WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation	LOW	*-1.2.0		June 29, 2026
shortcodehub	shortcodehub	N/A	ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter	LOW	*-1.7.1		June 29, 2026
wptobe-memberships	wptobe-memberships	N/A	Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-3.4.2		June 29, 2026
simpler-checkout	simpler-checkout	N/A	Simpler Checkout 0.7.0 - 1.1.13 - Authentication Bypass	LOW	0.7.0-1.1.13	1.2.0	June 29, 2026
wppizza	wppizza	N/A	WPPizza <= 3.19.8 - Missing Authorization	LOW	*-3.19.8	3.19.8.1	June 29, 2026
wp-admin-theme	wp-admin-theme	N/A	WP Admin Theme <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
tlitl-auto-twitter-poster	tlitl-auto-twitter-poster	N/A	tli.tl auto Twitter poster <= 3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.4		June 29, 2026
statify-widget	statify-widget	N/A	Statify Widget <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.6	1.4.7	June 29, 2026
simple-feed-stats	simple-feed-stats	N/A	Simple Statistics for Feeds <= 20250322 - Cross-Site Request Forgery	LOW	*-20250322	20250820	June 29, 2026
sessions	sessions	N/A	Sessions <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.0	3.2.1	June 29, 2026
recurring-donation	recurring-donation	N/A	Recurring PayPal Donations <= 1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.8	1.9	June 29, 2026
premmerce-woocommerce-brands	premmerce-woocommerce-brands	N/A	Premmerce Brands for WooCommerce <= 1.2.13 - Cross-Site Request Forgery	LOW	*-1.2.13	1.2.14	June 29, 2026
pdf-for-elementor-forms	pdf-for-elementor-forms	N/A	PDF for Elementor Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-6.5.0	6.5.1	June 29, 2026
jquery-colorbox	jquery-colorbox	91	jQuery Colorbox <= 4.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.6.3		June 29, 2026
jobwp	jobwp	93	JobWP <= 2.4.3 - Cross-Site Request Forgery	LOW	*-2.4.3	2.4.4	June 29, 2026
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.11 - Missing Authorization	LOW	*-2.1.11		June 29, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	Greenshift <= 12.1.1 - Missing Authorization	LOW	*-12.1.1	12.1.2	June 29, 2026
fulltext-search	fulltext-search	93	WP Fast Total Search <= 1.79.270 - Cross-Site Request Forgery	LOW	*-1.79.270	1.79.274	June 29, 2026
Fluent Support – Helpdesk & Customer Support Ticket System	fluent-support	79	Fluent Support <= 1.9.1 - Cross-Site Request Forgery	LOW	*-1.9.1	1.9.2	June 29, 2026
contact-form-7-recaptcha	contact-form-7-recaptcha	89	Contact Form 7 reCAPTCHA <= 1.2.0 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI']	LOW	*-1.2.0		June 29, 2026
church-admin	church-admin	93	Church Admin <= 5.0.26 - Missing Authorization	LOW	*-5.0.26	5.0.27	June 29, 2026
advance-food-menu	advance-food-menu	95	Advance Food Menu <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
acclectic-media-organizer	acclectic-media-organizer	95	Acclectic Media Organizer <= 1.4 - Missing Authorization	LOW	*-1.4		June 29, 2026
Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance	accessibility-checker	89	Accessibility Checker by Equalize Digital <= 1.30.0 - Authenticated (Contributor+) Insecure Direct Object Reference	LOW	*-1.30.0	1.30.1	June 29, 2026
wpmuldap	wpmuldap	N/A	WPMU Ldap Authentication <= 5.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-5.0.1	5.1	June 29, 2026
wp-voting-contest	wp-voting-contest	N/A	Voting Contest <= 5.8 - Missing Authorization	LOW	*-5.8		June 29, 2026
wp-mailgun-smtp	wp-mailgun-smtp	N/A	WP Mailgun SMTP <= 1.0.7 - Missing Authorization	LOW	*-1.0.7		June 29, 2026
wp-edit-password-protected	wp-edit-password-protected	N/A	Wp Edit Password Protected <= 1.3.4 - Open Redirect	LOW	*-1.3.4	1.3.5	June 29, 2026
wp-crontrol	wp-crontrol	N/A	WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery	LOW	1.17.0-1.19.1	1.19.2	June 29, 2026
superstorefinder-wp	superstorefinder-wp	N/A	Super Store Finder <= 7.6 - Reflected Cross-Site Scripting	LOW	*-7.6	7.7	June 29, 2026
superstorefinder-wp	superstorefinder-wp	N/A	Super Store Finder <= 7.5 - Cross-Site Request Forgery	LOW	*-7.5		June 29, 2026
sumomemberships	sumomemberships	N/A	SUMO Memberships for WooCommerce <= 7.8.0 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-7.8.0	7.9.0	June 29, 2026
smart-grid-gallery	smart-grid-gallery	N/A	Video Gallery – Vimeo and YouTube Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.7		June 29, 2026
site-offline	site-offline	N/A	Site Offline <= 1.5.7 - Missing Authorization	LOW	*-1.5.7		June 29, 2026
s2member	s2member	N/A	s2Member <= 250701 - Unauthenticated PHP Object Injection	LOW	*-250701	250905	June 29, 2026
provesource	provesource	N/A	ProveSource Social Proof <= 3.1.2 - Unauthenticated Sensitive Information Disclosure	LOW	*-3.1.2	4.0.0	June 29, 2026
pressapps-knowledge-base	pressapps-knowledge-base	N/A	PressApps Knowledge Base Contextual Sidebar Addon <= 4.2.1 - Unauthenticated PHP Object Injection	LOW	*-4.2.1		June 29, 2026
otw-portfolio-manager	otw-portfolio-manager	N/A	Portfolio Manager Pro 3.8 - Unauthenticated Arbitrary File Upload	LOW	3.8		June 29, 2026
otw-portfolio-manager	otw-portfolio-manager	N/A	Portfolio Manager Pro 3.8 - Unauthenticated PHP Object Injection	LOW	3.8		June 29, 2026
miraculouscore	miraculouscore	N/A	Miraculous Core <= 2.0.7 - Unauthenticated Privilege Escalation	LOW	*-2.0.7	2.0.8	June 29, 2026
kento-splash-screen	kento-splash-screen	91	Kento Splash Screen <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.4		June 29, 2026
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.9 - Missing Authorization	LOW	*-2.1.9		June 29, 2026
e-boekhoudennl-connector	e-boekhoudennl-connector	91	e-Boekhouden.nl <= 1.9.3 - Reflected Cross-Site Scripting	LOW	*-1.9.3		June 29, 2026
clickbank-niche-storefronts	clickbank-niche-storefronts	91	Clickbank WordPress Plugin (Niche Storefront) <= 1.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.3.5		June 29, 2026
child-themes	child-themes	91	Child Themes <= 1.0.1 - Reflected Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
bxslider-integration	bxslider-integration	91	bxSlider integration for WordPress <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.2		June 29, 2026
better-post-filter-widgets-for-elementor	better-post-filter-widgets-for-elementor	93	Better Post & Filter Widgets for Elementor <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.1	1.6.2	June 29, 2026
autowp-ai-content-writer-rewriter	autowp-ai-content-writer-rewriter	91	AutoWP <= 2.2.2 - Missing Authorization	LOW	*-2.2.2		June 29, 2026
biblesupersearch	biblesupersearch	93	Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter	LOW	*-6.0.1	6.1.0	June 29, 2026
wp-webhooks	wp-webhooks	N/A	WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy	LOW	*-3.3.5	3.3.6	June 29, 2026
slingblocks	slingblocks	N/A	SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.0	1.7.0	June 29, 2026
give	give	93	GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update	LOW	*-4.5.0	4.6.1	June 29, 2026
yandex-pinger	yandex-pinger	N/A	Yandex Site search pinger <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5		June 29, 2026
wp-stats-manager	wp-stats-manager	N/A	WP Visitor Statistics (Real Time Traffic) <= 8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.2	8.3	June 29, 2026
wp-funnel-manager	wp-funnel-manager	N/A	WP Funnel Manager <= 1.4.0 - Unauthenticated PHP Object Injection	LOW	*-1.4.0	1.4.1	June 29, 2026
wp-colorbox	wp-colorbox	N/A	Colorbox Lightbox <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.5	1.1.6	June 29, 2026
vcaching	vcaching	N/A	Varnish/Nginx Proxy Caching <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.8.3		June 29, 2026
themify-icons	themify-icons	N/A	Themify Icons <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.3	2.0.4	June 29, 2026
themify-builder	themify-builder	N/A	Themify Builder <= 7.6.7 - Missing Authorization	LOW	*-7.6.7	7.6.8	June 29, 2026
themify-audio-dock	themify-audio-dock	N/A	Themify Audio Dock <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.5	2.0.6	June 29, 2026
templately	templately	N/A	Templately <= 3.2.7 - Authenticated (Author+) Information Disclosure	LOW	*-3.2.7	3.2.8	June 29, 2026
support-ticket	support-ticket	N/A	Support Ticket <= 1.9 - Unauthenticated Privilege Escalation	LOW	*-1.9		June 29, 2026
sign-up-sheets	sign-up-sheets	N/A	Sign-up Sheets <= 2.3.3 - Cross-Site Request Forgery	LOW	*-2.3.3	2.3.3.1	June 29, 2026
sello-channelconnector	sello-channelconnector	N/A	Sello ChannelConnector <= 1.6.3 - Reflected Cross-Site Scripting	LOW	*-1.6.3		June 29, 2026
risk-free-cash-on-delivery-cod-woocommerce	risk-free-cash-on-delivery-cod-woocommerce	N/A	Risk Free Cash On Delivery (COD) - WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 29, 2026
rajce	rajce	N/A	rajce <= 0.4.2 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-0.4.2		June 29, 2026
ova-events	ova-events	N/A	Ovatheme Events <= 1.2.8 - Unauthenticated Local File Inclusion	LOW	*-1.2.8	1.2.9	June 29, 2026
notice-bar	notice-bar	N/A	Notice Bar <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.3	3.1.4	June 29, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms <= 9.1.3 - Cross-Site Request Forgery	LOW	*-9.1.3	9.1.4	June 29, 2026
listeo-core	listeo-core	91	Listeo-Core < 2.0.7 - Authenticated (Subscriber+) SQL Injection	LOW	[*, 2.0.7)	2.0.7	June 29, 2026
lifepress	lifepress	91	LifePress <= 2.1.3 - Missing Authorization	LOW	*-2.1.3	2.2	June 29, 2026
kanpress	kanpress	91	Kanpress <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
hesabfa-accounting	hesabfa-accounting	89	Hesabfa Accounting <= 2.2.4 - Unauthenticated Sensitive Information Exposure via Log File	LOW	*-2.2.4		June 29, 2026
hesabfa-accounting	hesabfa-accounting	89	Hesabfa Accounting <= 2.2.4 - Cross-Site Request Forgery	LOW	*-2.2.4		June 29, 2026
customcomment	customcomment	89	Custom Comment <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.6		June 29, 2026
cf7-sweet-alert-popup	cf7-sweet-alert-popup	91	Popup for CF7 with Sweet Alert <= 1.6.5 - Cross-Site Request Forgery	LOW	*-1.6.5		June 29, 2026
century-toolkit	century-toolkit	91	Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation	LOW	*-1.2.1		June 29, 2026

LOW

sastra-essential-addons-for-elementor

Score: N/A Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Affected: *-1.0.23 Patched: 1.0.24 Updated: June 29, 2026

LOW

ultimate-twitter-profile-widget

Score: N/A Ultimate twitter profile widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

pdf-for-wpforms

Score: N/A PDF for WPForms <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

pdf-for-woocommerce

Score: N/A PDF Invoice Builder for WooCommerce <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

pdf-for-gravity-forms

Score: N/A PDF for Gravity Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

pdf-for-contact-form-7

Score: N/A PDF for Contact Form 7 <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

miniorange-2-factor-authentication

Score: N/A miniOrange's Google Authenticator <= 6.1.1 - Missing Authorization Affected: *-6.1.1 Patched: 6.1.2 Updated: June 29, 2026

LOW

mesa-mesa-reservation-widget

Score: N/A Mesa Mesa Reservation Widget <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

global-dns

Score: 93/100 Global DNS <= 3.1.0 - Unauthenticated Remote Code Execution Affected: *-3.1.0 Patched: 3.1.1 Updated: June 29, 2026

LOW

duoshuo

Score: 89/100 多说社会化评论框 <= 1.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

doliconnect

Score: 93/100 Doliconnect <= 9.3.2 - Reflected Cross-Site Scripting Affected: *-9.3.2 Patched: 9.4.2 Updated: June 29, 2026

LOW

baidushare-wp

Score: 91/100 百度分享按钮 <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

ai-image-alt-text-generator-for-wp

Score: 95/100 Ai Image Alt Text Generator for WP <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026

LOW

bravis-user

Score: 93/100 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 29, 2026

LOW

case-theme-user

Score: 93/100 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login Affected: *-1.0.3 Patched: 1.0.4 Updated: June 29, 2026

LOW

Score: N/A Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery Affected: *-4.0.37 Patched: 4.0.38 Updated: June 29, 2026

LOW

wp-filter-combine-rss-feeds

Score: N/A WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion Affected: *-0.4 Patched: Updated: June 29, 2026

LOW

restore-permanently-delete-post-or-page-data

Score: N/A Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

external-rss-reader

Score: 87/100 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion Affected: *-0.6 Patched: Updated: June 29, 2026

LOW

sertifier-certificates-open-badges

Score: N/A Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update Affected: *-1.19 Patched: 1.20 Updated: June 29, 2026

LOW

ws-theme-addons

Score: 95/100 WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode Affected: *-2.0.0 Patched: Updated: June 29, 2026

LOW

ogulo-360-tour

Score: N/A Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter Affected: *-1.0.11 Patched: 1.0.13 Updated: June 29, 2026

LOW

ni-woocommerce-customer-product-report

Score: N/A Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.2.4 Patched: Updated: June 29, 2026

LOW

wc-plus

Score: N/A WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

shortcodehub

Score: N/A ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter Affected: *-1.7.1 Patched: Updated: June 29, 2026

LOW

wptobe-memberships

Score: N/A Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-3.4.2 Patched: Updated: June 29, 2026

LOW

simpler-checkout

Score: N/A Simpler Checkout 0.7.0 - 1.1.13 - Authentication Bypass Affected: 0.7.0-1.1.13 Patched: 1.2.0 Updated: June 29, 2026

LOW

wppizza

Score: N/A WPPizza <= 3.19.8 - Missing Authorization Affected: *-3.19.8 Patched: 3.19.8.1 Updated: June 29, 2026

LOW

wp-admin-theme

Score: N/A WP Admin Theme <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

tlitl-auto-twitter-poster

Score: N/A tli.tl auto Twitter poster <= 3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.4 Patched: Updated: June 29, 2026

LOW

statify-widget

Score: N/A Statify Widget <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: June 29, 2026

LOW

simple-feed-stats

Score: N/A Simple Statistics for Feeds <= 20250322 - Cross-Site Request Forgery Affected: *-20250322 Patched: 20250820 Updated: June 29, 2026

LOW

sessions

Score: N/A Sessions <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: June 29, 2026

LOW

recurring-donation

Score: N/A Recurring PayPal Donations <= 1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: June 29, 2026

LOW

premmerce-woocommerce-brands

Score: N/A Premmerce Brands for WooCommerce <= 1.2.13 - Cross-Site Request Forgery Affected: *-1.2.13 Patched: 1.2.14 Updated: June 29, 2026

LOW

pdf-for-elementor-forms

Score: N/A PDF for Elementor Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-6.5.0 Patched: 6.5.1 Updated: June 29, 2026

LOW

jquery-colorbox

Score: 91/100 jQuery Colorbox <= 4.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.6.3 Patched: Updated: June 29, 2026

LOW

jobwp

Score: 93/100 JobWP <= 2.4.3 - Cross-Site Request Forgery Affected: *-2.4.3 Patched: 2.4.4 Updated: June 29, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.11 - Missing Authorization Affected: *-2.1.11 Patched: Updated: June 29, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift <= 12.1.1 - Missing Authorization Affected: *-12.1.1 Patched: 12.1.2 Updated: June 29, 2026

LOW

fulltext-search

Score: 93/100 WP Fast Total Search <= 1.79.270 - Cross-Site Request Forgery Affected: *-1.79.270 Patched: 1.79.274 Updated: June 29, 2026

LOW

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

Score: 79/100 Fluent Support <= 1.9.1 - Cross-Site Request Forgery Affected: *-1.9.1 Patched: 1.9.2 Updated: June 29, 2026

LOW

contact-form-7-recaptcha

Score: 89/100 Contact Form 7 reCAPTCHA <= 1.2.0 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] Affected: *-1.2.0 Patched: Updated: June 29, 2026

LOW

church-admin

Score: 93/100 Church Admin <= 5.0.26 - Missing Authorization Affected: *-5.0.26 Patched: 5.0.27 Updated: June 29, 2026

LOW

advance-food-menu

Score: 95/100 Advance Food Menu <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

acclectic-media-organizer

Score: 95/100 Acclectic Media Organizer <= 1.4 - Missing Authorization Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance

accessibility-checker

Score: 89/100 Accessibility Checker by Equalize Digital <= 1.30.0 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-1.30.0 Patched: 1.30.1 Updated: June 29, 2026

LOW

wpmuldap

Score: N/A WPMU Ldap Authentication <= 5.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.0.1 Patched: 5.1 Updated: June 29, 2026

LOW

wp-voting-contest

Score: N/A Voting Contest <= 5.8 - Missing Authorization Affected: *-5.8 Patched: Updated: June 29, 2026

LOW

wp-mailgun-smtp

Score: N/A WP Mailgun SMTP <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: Updated: June 29, 2026

LOW

wp-edit-password-protected

Score: N/A Wp Edit Password Protected <= 1.3.4 - Open Redirect Affected: *-1.3.4 Patched: 1.3.5 Updated: June 29, 2026

LOW

wp-crontrol

Score: N/A WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery Affected: 1.17.0-1.19.1 Patched: 1.19.2 Updated: June 29, 2026

LOW

superstorefinder-wp

Score: N/A Super Store Finder <= 7.6 - Reflected Cross-Site Scripting Affected: *-7.6 Patched: 7.7 Updated: June 29, 2026

LOW

superstorefinder-wp

Score: N/A Super Store Finder <= 7.5 - Cross-Site Request Forgery Affected: *-7.5 Patched: Updated: June 29, 2026

LOW

sumomemberships

Score: N/A SUMO Memberships for WooCommerce <= 7.8.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-7.8.0 Patched: 7.9.0 Updated: June 29, 2026

LOW

smart-grid-gallery

Score: N/A Video Gallery – Vimeo and YouTube Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: June 29, 2026

LOW

site-offline

Score: N/A Site Offline <= 1.5.7 - Missing Authorization Affected: *-1.5.7 Patched: Updated: June 29, 2026

LOW

s2member

Score: N/A s2Member <= 250701 - Unauthenticated PHP Object Injection Affected: *-250701 Patched: 250905 Updated: June 29, 2026

LOW

provesource

Score: N/A ProveSource Social Proof <= 3.1.2 - Unauthenticated Sensitive Information Disclosure Affected: *-3.1.2 Patched: 4.0.0 Updated: June 29, 2026

LOW

pressapps-knowledge-base

Score: N/A PressApps Knowledge Base Contextual Sidebar Addon <= 4.2.1 - Unauthenticated PHP Object Injection Affected: *-4.2.1 Patched: Updated: June 29, 2026

LOW

otw-portfolio-manager

Score: N/A Portfolio Manager Pro 3.8 - Unauthenticated Arbitrary File Upload Affected: 3.8 Patched: Updated: June 29, 2026

LOW

otw-portfolio-manager

Score: N/A Portfolio Manager Pro 3.8 - Unauthenticated PHP Object Injection Affected: 3.8 Patched: Updated: June 29, 2026

LOW

miraculouscore

Score: N/A Miraculous Core <= 2.0.7 - Unauthenticated Privilege Escalation Affected: *-2.0.7 Patched: 2.0.8 Updated: June 29, 2026

LOW

kento-splash-screen

Score: 91/100 Kento Splash Screen <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.9 - Missing Authorization Affected: *-2.1.9 Patched: Updated: June 29, 2026

LOW

e-boekhoudennl-connector

Score: 91/100 e-Boekhouden.nl <= 1.9.3 - Reflected Cross-Site Scripting Affected: *-1.9.3 Patched: Updated: June 29, 2026

LOW

clickbank-niche-storefronts

Score: 91/100 Clickbank WordPress Plugin (Niche Storefront) <= 1.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.5 Patched: Updated: June 29, 2026

LOW

child-themes

Score: 91/100 Child Themes <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

bxslider-integration

Score: 91/100 bxSlider integration for WordPress <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.2 Patched: Updated: June 29, 2026

LOW

better-post-filter-widgets-for-elementor

Score: 93/100 Better Post & Filter Widgets for Elementor <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.6.2 Updated: June 29, 2026

LOW

autowp-ai-content-writer-rewriter

Score: 91/100 AutoWP <= 2.2.2 - Missing Authorization Affected: *-2.2.2 Patched: Updated: June 29, 2026

LOW

biblesupersearch

Score: 93/100 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter Affected: *-6.0.1 Patched: 6.1.0 Updated: June 29, 2026

LOW

wp-webhooks

Score: N/A WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy Affected: *-3.3.5 Patched: 3.3.6 Updated: June 29, 2026

LOW

slingblocks

Score: N/A SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.7.0 Updated: June 29, 2026

LOW

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update Affected: *-4.5.0 Patched: 4.6.1 Updated: June 29, 2026

LOW

yandex-pinger

Score: N/A Yandex Site search pinger <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.2 Patched: 8.3 Updated: June 29, 2026

LOW

wp-funnel-manager

Score: N/A WP Funnel Manager <= 1.4.0 - Unauthenticated PHP Object Injection Affected: *-1.4.0 Patched: 1.4.1 Updated: June 29, 2026

LOW

wp-colorbox

Score: N/A Colorbox Lightbox <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026

LOW

vcaching

Score: N/A Varnish/Nginx Proxy Caching <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.3 Patched: Updated: June 29, 2026

LOW

themify-icons

Score: N/A Themify Icons <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: June 29, 2026

LOW

themify-builder

Score: N/A Themify Builder <= 7.6.7 - Missing Authorization Affected: *-7.6.7 Patched: 7.6.8 Updated: June 29, 2026

LOW

themify-audio-dock

Score: N/A Themify Audio Dock <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: June 29, 2026

LOW

templately

Score: N/A Templately <= 3.2.7 - Authenticated (Author+) Information Disclosure Affected: *-3.2.7 Patched: 3.2.8 Updated: June 29, 2026

LOW

support-ticket

Score: N/A Support Ticket <= 1.9 - Unauthenticated Privilege Escalation Affected: *-1.9 Patched: Updated: June 29, 2026

LOW

sign-up-sheets

Score: N/A Sign-up Sheets <= 2.3.3 - Cross-Site Request Forgery Affected: *-2.3.3 Patched: 2.3.3.1 Updated: June 29, 2026

LOW

sello-channelconnector

Score: N/A Sello ChannelConnector <= 1.6.3 - Reflected Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: June 29, 2026

LOW

risk-free-cash-on-delivery-cod-woocommerce

Score: N/A Risk Free Cash On Delivery (COD) - WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

rajce

Score: N/A rajce <= 0.4.2 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-0.4.2 Patched: Updated: June 29, 2026

LOW

ova-events

Score: N/A Ovatheme Events <= 1.2.8 - Unauthenticated Local File Inclusion Affected: *-1.2.8 Patched: 1.2.9 Updated: June 29, 2026

LOW

notice-bar

Score: N/A Notice Bar <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: June 29, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms <= 9.1.3 - Cross-Site Request Forgery Affected: *-9.1.3 Patched: 9.1.4 Updated: June 29, 2026

LOW

listeo-core

Score: 91/100 Listeo-Core < 2.0.7 - Authenticated (Subscriber+) SQL Injection Affected: [*, 2.0.7) Patched: 2.0.7 Updated: June 29, 2026

LOW

lifepress

Score: 91/100 LifePress <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: 2.2 Updated: June 29, 2026

LOW

kanpress

Score: 91/100 Kanpress <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

hesabfa-accounting

Score: 89/100 Hesabfa Accounting <= 2.2.4 - Unauthenticated Sensitive Information Exposure via Log File Affected: *-2.2.4 Patched: Updated: June 29, 2026

LOW

hesabfa-accounting

Score: 89/100 Hesabfa Accounting <= 2.2.4 - Cross-Site Request Forgery Affected: *-2.2.4 Patched: Updated: June 29, 2026

LOW

customcomment

Score: 89/100 Custom Comment <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: June 29, 2026

LOW

cf7-sweet-alert-popup

Score: 91/100 Popup for CF7 with Sweet Alert <= 1.6.5 - Cross-Site Request Forgery Affected: *-1.6.5 Patched: Updated: June 29, 2026

LOW

century-toolkit

Score: 91/100 Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.2.1 Patched: Updated: June 29, 2026

Showing 6901 to 7000 of 36231 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 18:51 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List