Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36280

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-crontrol	wp-crontrol	N/A	WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery	LOW	1.17.0-1.19.1	1.19.2	June 29, 2026
superstorefinder-wp	superstorefinder-wp	N/A	Super Store Finder <= 7.6 - Reflected Cross-Site Scripting	LOW	*-7.6	7.7	June 29, 2026
superstorefinder-wp	superstorefinder-wp	N/A	Super Store Finder <= 7.5 - Cross-Site Request Forgery	LOW	*-7.5		June 29, 2026
sumomemberships	sumomemberships	N/A	SUMO Memberships for WooCommerce <= 7.8.0 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-7.8.0	7.9.0	June 29, 2026
smart-grid-gallery	smart-grid-gallery	N/A	Video Gallery – Vimeo and YouTube Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.7		June 29, 2026
site-offline	site-offline	N/A	Site Offline <= 1.5.7 - Missing Authorization	LOW	*-1.5.7		June 29, 2026
s2member	s2member	N/A	s2Member <= 250701 - Unauthenticated PHP Object Injection	LOW	*-250701	250905	June 29, 2026
provesource	provesource	N/A	ProveSource Social Proof <= 3.1.2 - Unauthenticated Sensitive Information Disclosure	LOW	*-3.1.2	4.0.0	June 29, 2026
pressapps-knowledge-base	pressapps-knowledge-base	N/A	PressApps Knowledge Base Contextual Sidebar Addon <= 4.2.1 - Unauthenticated PHP Object Injection	LOW	*-4.2.1		June 29, 2026
otw-portfolio-manager	otw-portfolio-manager	N/A	Portfolio Manager Pro 3.8 - Unauthenticated Arbitrary File Upload	LOW	3.8		June 29, 2026
otw-portfolio-manager	otw-portfolio-manager	N/A	Portfolio Manager Pro 3.8 - Unauthenticated PHP Object Injection	LOW	3.8		June 29, 2026
miraculouscore	miraculouscore	N/A	Miraculous Core <= 2.0.7 - Unauthenticated Privilege Escalation	LOW	*-2.0.7	2.0.8	June 29, 2026
kento-splash-screen	kento-splash-screen	91	Kento Splash Screen <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.4		June 29, 2026
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.9 - Missing Authorization	LOW	*-2.1.9		June 29, 2026
e-boekhoudennl-connector	e-boekhoudennl-connector	91	e-Boekhouden.nl <= 1.9.3 - Reflected Cross-Site Scripting	LOW	*-1.9.3		June 29, 2026
clickbank-niche-storefronts	clickbank-niche-storefronts	91	Clickbank WordPress Plugin (Niche Storefront) <= 1.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.3.5		June 29, 2026
child-themes	child-themes	91	Child Themes <= 1.0.1 - Reflected Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
bxslider-integration	bxslider-integration	91	bxSlider integration for WordPress <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.2		June 29, 2026
better-post-filter-widgets-for-elementor	better-post-filter-widgets-for-elementor	93	Better Post & Filter Widgets for Elementor <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.1	1.6.2	June 29, 2026
autowp-ai-content-writer-rewriter	autowp-ai-content-writer-rewriter	91	AutoWP <= 2.2.2 - Missing Authorization	LOW	*-2.2.2		June 29, 2026
biblesupersearch	biblesupersearch	93	Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter	LOW	*-6.0.1	6.1.0	June 29, 2026
wp-webhooks	wp-webhooks	N/A	WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy	LOW	*-3.3.5	3.3.6	June 29, 2026
slingblocks	slingblocks	N/A	SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.0	1.7.0	June 29, 2026
give	give	93	GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update	LOW	*-4.5.0	4.6.1	June 29, 2026
yandex-pinger	yandex-pinger	N/A	Yandex Site search pinger <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5		June 29, 2026
wp-stats-manager	wp-stats-manager	N/A	WP Visitor Statistics (Real Time Traffic) <= 8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.2	8.3	June 29, 2026
wp-funnel-manager	wp-funnel-manager	N/A	WP Funnel Manager <= 1.4.0 - Unauthenticated PHP Object Injection	LOW	*-1.4.0	1.4.1	June 29, 2026
wp-colorbox	wp-colorbox	N/A	Colorbox Lightbox <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.5	1.1.6	June 29, 2026
vcaching	vcaching	N/A	Varnish/Nginx Proxy Caching <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.8.3		June 29, 2026
themify-icons	themify-icons	N/A	Themify Icons <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.3	2.0.4	June 29, 2026
themify-builder	themify-builder	N/A	Themify Builder <= 7.6.7 - Missing Authorization	LOW	*-7.6.7	7.6.8	June 29, 2026
themify-audio-dock	themify-audio-dock	N/A	Themify Audio Dock <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.5	2.0.6	June 29, 2026
templately	templately	N/A	Templately <= 3.2.7 - Authenticated (Author+) Information Disclosure	LOW	*-3.2.7	3.2.8	June 29, 2026
support-ticket	support-ticket	N/A	Support Ticket <= 1.9 - Unauthenticated Privilege Escalation	LOW	*-1.9		June 29, 2026
sign-up-sheets	sign-up-sheets	N/A	Sign-up Sheets <= 2.3.3 - Cross-Site Request Forgery	LOW	*-2.3.3	2.3.3.1	June 29, 2026
sello-channelconnector	sello-channelconnector	N/A	Sello ChannelConnector <= 1.6.3 - Reflected Cross-Site Scripting	LOW	*-1.6.3		June 29, 2026
risk-free-cash-on-delivery-cod-woocommerce	risk-free-cash-on-delivery-cod-woocommerce	N/A	Risk Free Cash On Delivery (COD) - WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 29, 2026
rajce	rajce	N/A	rajce <= 0.4.2 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-0.4.2		June 29, 2026
ova-events	ova-events	N/A	Ovatheme Events <= 1.2.8 - Unauthenticated Local File Inclusion	LOW	*-1.2.8	1.2.9	June 29, 2026
notice-bar	notice-bar	N/A	Notice Bar <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.3	3.1.4	June 29, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms <= 9.1.3 - Cross-Site Request Forgery	LOW	*-9.1.3	9.1.4	June 29, 2026
listeo-core	listeo-core	91	Listeo-Core < 2.0.7 - Authenticated (Subscriber+) SQL Injection	LOW	[*, 2.0.7)	2.0.7	June 29, 2026
lifepress	lifepress	91	LifePress <= 2.1.3 - Missing Authorization	LOW	*-2.1.3	2.2	June 29, 2026
kanpress	kanpress	91	Kanpress <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
hesabfa-accounting	hesabfa-accounting	89	Hesabfa Accounting <= 2.2.4 - Unauthenticated Sensitive Information Exposure via Log File	LOW	*-2.2.4		June 29, 2026
hesabfa-accounting	hesabfa-accounting	89	Hesabfa Accounting <= 2.2.4 - Cross-Site Request Forgery	LOW	*-2.2.4		June 29, 2026
customcomment	customcomment	89	Custom Comment <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.6		June 29, 2026
cf7-sweet-alert-popup	cf7-sweet-alert-popup	91	Popup for CF7 with Sweet Alert <= 1.6.5 - Cross-Site Request Forgery	LOW	*-1.6.5		June 29, 2026
century-toolkit	century-toolkit	91	Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation	LOW	*-1.2.1		June 29, 2026
att-youtube	att-youtube	91	ATT YouTube Widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
adstxt-guru-connect	adstxt-guru-connect	97	ads.txt Guru Connect <= 1.1.1 - Cross-Site Request Forgery	LOW	*-1.1.1	1.1.2	June 29, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy	easy-digital-downloads	78	Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions	LOW	*-3.5.0	3.5.1	June 29, 2026
woo-smart-quick-view	woo-smart-quick-view	N/A	WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode	LOW	*-4.2.1	4.2.2	June 29, 2026
Redirection for Contact Form 7	wpcf7-redirect	N/A	Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion	LOW	*-3.2.4	3.2.5	June 29, 2026
Redirection for Contact Form 7	wpcf7-redirect	N/A	Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization	LOW	*-3.2.4	3.2.5	June 29, 2026
Redirection for Contact Form 7	wpcf7-redirect	N/A	Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection	LOW	*-3.2.4	3.2.5	June 29, 2026
tmm_content_composer	tmm_content_composer	N/A	ThemeMakers Visual Content Composer <= 1.5.8 - Unauthenticated PHP Object Injection	LOW	*-1.5.8		June 29, 2026
terms-of-service-and-privacy-policy	terms-of-service-and-privacy-policy	N/A	Terms of Service & Privacy Policy Generator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
tc-testimonial	tc-testimonial	N/A	TC Testimonials <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.1		June 29, 2026
simple-business-directory-pro	simple-business-directory-pro	N/A	Simple Business Directory Pro < 15.6.9 - Unauthenticated Privilege Escalation	LOW	[*, 15.6.9)	15.6.9	June 29, 2026
sensorpress-uptime-monitoring	sensorpress-uptime-monitoring	N/A	SensorPress <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
page-transition	page-transition	N/A	Page Transition <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3		June 29, 2026
markup-markdown	markup-markdown	93	Markup Markdown <= 3.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.20.6	3.20.7	June 29, 2026
link-view	link-view	89	Link View <= 0.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.8.0		June 29, 2026
iframe-block	iframe-block	91	iFrame Block <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1.1		June 29, 2026
happy-helpdesk-support-ticket-system	happy-helpdesk-support-ticket-system	93	HAPPY – Helpdesk Support Ticket System <= 1.0.6 - Missing Authorization	LOW	*-1.0.6	1.0.7	June 29, 2026
funnel-builder	funnel-builder	93	Funnel Builder by FunnelKit <= 3.11.1 - Unauthenticated Local File Inclusion	LOW	*-3.11.1	3.12.0	June 29, 2026
CubeWP Framework	cubewp-framework	74	CubeWP Framework <= 1.1.24 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.1.24	1.1.25	June 29, 2026
compress-then-upload	compress-then-upload	93	Compress Then Upload <= 1.0.4 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.0.4	1.0.5	June 29, 2026
comments-capcha-box	comments-capcha-box	91	Comments Capcha Box <= 1.1 - Reflected Cross-Site Scripting	LOW	*-1.1		June 29, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	AI ChatBot for WordPress <= 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-7.0.0	7.1.0	June 29, 2026
captcha-eu	captcha-eu	93	Captcha.eu <= 1.0.61 - Unauthenticated Server-Side Request Forgery	LOW	*-1.0.61	1.0.62	June 29, 2026
backup-bolt	backup-bolt	91	Backup Bolt <= 1.4.1 - Cross-Site Request Forgery	LOW	*-1.4.1		June 29, 2026
adthrive-ads	adthrive-ads	97	Raptive Ads <= 3.8.0 - Reflected Cross-Site Scripting	LOW	*-3.8.0	3.9.0	June 29, 2026
admin-menu-groups	admin-menu-groups	95	Admin Menu Groups <= 0.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.1.2		June 29, 2026
the-plus-addons-for-block-editor	the-plus-addons-for-block-editor	N/A	Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-4.5.4	4.5.5	June 29, 2026
jquery-archive-list-widget	jquery-archive-list-widget	93	JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function	LOW	*-6.1.5	6.1.6	June 29, 2026
cf-image-resizing	cf-image-resizing	93	Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook	LOW	*-1.5.6	1.5.7	June 29, 2026
wp-flexible-map	wp-flexible-map	N/A	Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode	LOW	*-1.18.0	1.19.0	June 29, 2026
wp-marketing-automations	wp-marketing-automations	N/A	Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library	LOW	*-3.6.3	3.6.4	June 29, 2026
funnel-builder	funnel-builder	93	Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library	LOW	*-3.11.0.2	3.11.1	June 29, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion	LOW	*-3.27	3.28	June 29, 2026
wp-meta-data-filter-and-taxonomy-filter	wp-meta-data-filter-and-taxonomy-filter	N/A	MDTF <= 1.3.3.7 - Unauthenticated SQL Injection	LOW	*-1.3.3.7	1.3.3.8	June 29, 2026
woo-smart-compare	woo-smart-compare	N/A	WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	LOW	*-6.4.7	6.4.8	June 29, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.62 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-51.1.62	51.1.63	June 29, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.62 - Missing Authorization	LOW	*-51.1.62	51.1.63	June 29, 2026
iframe-wrapper	iframe-wrapper	91	iframe Wrapper <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1.1		June 29, 2026
ditty-news-ticker	ditty-news-ticker	93	Ditty <= 3.1.57 - Unauthenticated Server-Side Request Forgery	LOW	*-3.1.57	3.1.58	June 29, 2026
cookie-warning	cookie-warning	89	Cookie Warning <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3		June 29, 2026
cookie-warning	cookie-warning	89	Cookie Warning <= 1.3 - Cross-Site Request Forgery	LOW	*-1.3		June 29, 2026
contact-manager	contact-manager	91	Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title'	LOW	*-8.6.5	8.6.6	June 29, 2026
contact-form-by-supsystic	contact-form-by-supsystic	93	Contact Form by Supsystic <= 1.7.36 - Reflected Cross-Site Scripting	LOW	*-1.7.36	1.8.0	June 29, 2026
animated-icon-banner-for-visual-composer	animated-icon-banner-for-visual-composer	95	Essential Doo Components for Visual Composer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9		June 29, 2026
slide-puzzle	slide-puzzle	N/A	Slide Puzzle <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0		June 29, 2026
simple-login-log	simple-login-log	N/A	Simple Login Log <= 1.1.3 - Authenticated (Administrator+) PHP Object Injection	LOW	*-1.1.3	2.0.0	June 29, 2026
simple-contact-info-widget	simple-contact-info-widget	N/A	Contact Info Widget <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.6.2		June 29, 2026
pending-order-bot	pending-order-bot	N/A	Pending Order Bot <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
laposta-woocommerce	laposta-woocommerce	93	Laposta WooCommerce <= 1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.9.1	1.9.2	June 29, 2026
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.9 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.1.9		June 29, 2026
filr-protection	filr-protection	93	Filr <= 1.2.10 - Authenticated (Contributor+) Arbitrary File Deletion	LOW	*-1.2.10	1.2.11	June 29, 2026

LOW

wp-crontrol

Score: N/A WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery Affected: 1.17.0-1.19.1 Patched: 1.19.2 Updated: June 29, 2026

LOW

superstorefinder-wp

Score: N/A Super Store Finder <= 7.6 - Reflected Cross-Site Scripting Affected: *-7.6 Patched: 7.7 Updated: June 29, 2026

LOW

superstorefinder-wp

Score: N/A Super Store Finder <= 7.5 - Cross-Site Request Forgery Affected: *-7.5 Patched: Updated: June 29, 2026

LOW

sumomemberships

Score: N/A SUMO Memberships for WooCommerce <= 7.8.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-7.8.0 Patched: 7.9.0 Updated: June 29, 2026

LOW

smart-grid-gallery

Score: N/A Video Gallery – Vimeo and YouTube Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: June 29, 2026

LOW

site-offline

Score: N/A Site Offline <= 1.5.7 - Missing Authorization Affected: *-1.5.7 Patched: Updated: June 29, 2026

LOW

s2member

Score: N/A s2Member <= 250701 - Unauthenticated PHP Object Injection Affected: *-250701 Patched: 250905 Updated: June 29, 2026

LOW

provesource

Score: N/A ProveSource Social Proof <= 3.1.2 - Unauthenticated Sensitive Information Disclosure Affected: *-3.1.2 Patched: 4.0.0 Updated: June 29, 2026

LOW

pressapps-knowledge-base

Score: N/A PressApps Knowledge Base Contextual Sidebar Addon <= 4.2.1 - Unauthenticated PHP Object Injection Affected: *-4.2.1 Patched: Updated: June 29, 2026

LOW

otw-portfolio-manager

Score: N/A Portfolio Manager Pro 3.8 - Unauthenticated Arbitrary File Upload Affected: 3.8 Patched: Updated: June 29, 2026

LOW

otw-portfolio-manager

Score: N/A Portfolio Manager Pro 3.8 - Unauthenticated PHP Object Injection Affected: 3.8 Patched: Updated: June 29, 2026

LOW

miraculouscore

Score: N/A Miraculous Core <= 2.0.7 - Unauthenticated Privilege Escalation Affected: *-2.0.7 Patched: 2.0.8 Updated: June 29, 2026

LOW

kento-splash-screen

Score: 91/100 Kento Splash Screen <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.9 - Missing Authorization Affected: *-2.1.9 Patched: Updated: June 29, 2026

LOW

e-boekhoudennl-connector

Score: 91/100 e-Boekhouden.nl <= 1.9.3 - Reflected Cross-Site Scripting Affected: *-1.9.3 Patched: Updated: June 29, 2026

LOW

clickbank-niche-storefronts

Score: 91/100 Clickbank WordPress Plugin (Niche Storefront) <= 1.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.5 Patched: Updated: June 29, 2026

LOW

child-themes

Score: 91/100 Child Themes <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

bxslider-integration

Score: 91/100 bxSlider integration for WordPress <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.2 Patched: Updated: June 29, 2026

LOW

better-post-filter-widgets-for-elementor

Score: 93/100 Better Post & Filter Widgets for Elementor <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.6.2 Updated: June 29, 2026

LOW

autowp-ai-content-writer-rewriter

Score: 91/100 AutoWP <= 2.2.2 - Missing Authorization Affected: *-2.2.2 Patched: Updated: June 29, 2026

LOW

biblesupersearch

Score: 93/100 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter Affected: *-6.0.1 Patched: 6.1.0 Updated: June 29, 2026

LOW

wp-webhooks

Score: N/A WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy Affected: *-3.3.5 Patched: 3.3.6 Updated: June 29, 2026

LOW

Score: N/A SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.7.0 Updated: June 29, 2026

LOW

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update Affected: *-4.5.0 Patched: 4.6.1 Updated: June 29, 2026

LOW

yandex-pinger

Score: N/A Yandex Site search pinger <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.2 Patched: 8.3 Updated: June 29, 2026

LOW

wp-funnel-manager

Score: N/A WP Funnel Manager <= 1.4.0 - Unauthenticated PHP Object Injection Affected: *-1.4.0 Patched: 1.4.1 Updated: June 29, 2026

LOW

wp-colorbox

Score: N/A Colorbox Lightbox <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026

LOW

vcaching

Score: N/A Varnish/Nginx Proxy Caching <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.3 Patched: Updated: June 29, 2026

LOW

themify-icons

Score: N/A Themify Icons <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: June 29, 2026

LOW

themify-builder

Score: N/A Themify Builder <= 7.6.7 - Missing Authorization Affected: *-7.6.7 Patched: 7.6.8 Updated: June 29, 2026

LOW

themify-audio-dock

Score: N/A Themify Audio Dock <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: June 29, 2026

LOW

templately

Score: N/A Templately <= 3.2.7 - Authenticated (Author+) Information Disclosure Affected: *-3.2.7 Patched: 3.2.8 Updated: June 29, 2026

LOW

support-ticket

Score: N/A Support Ticket <= 1.9 - Unauthenticated Privilege Escalation Affected: *-1.9 Patched: Updated: June 29, 2026

LOW

sign-up-sheets

Score: N/A Sign-up Sheets <= 2.3.3 - Cross-Site Request Forgery Affected: *-2.3.3 Patched: 2.3.3.1 Updated: June 29, 2026

LOW

sello-channelconnector

Score: N/A Sello ChannelConnector <= 1.6.3 - Reflected Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: June 29, 2026

LOW

risk-free-cash-on-delivery-cod-woocommerce

Score: N/A Risk Free Cash On Delivery (COD) - WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

rajce

Score: N/A rajce <= 0.4.2 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-0.4.2 Patched: Updated: June 29, 2026

LOW

ova-events

Score: N/A Ovatheme Events <= 1.2.8 - Unauthenticated Local File Inclusion Affected: *-1.2.8 Patched: 1.2.9 Updated: June 29, 2026

LOW

notice-bar

Score: N/A Notice Bar <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: June 29, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms <= 9.1.3 - Cross-Site Request Forgery Affected: *-9.1.3 Patched: 9.1.4 Updated: June 29, 2026

LOW

listeo-core

Score: 91/100 Listeo-Core < 2.0.7 - Authenticated (Subscriber+) SQL Injection Affected: [*, 2.0.7) Patched: 2.0.7 Updated: June 29, 2026

LOW

lifepress

Score: 91/100 LifePress <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: 2.2 Updated: June 29, 2026

LOW

kanpress

Score: 91/100 Kanpress <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

hesabfa-accounting

Score: 89/100 Hesabfa Accounting <= 2.2.4 - Unauthenticated Sensitive Information Exposure via Log File Affected: *-2.2.4 Patched: Updated: June 29, 2026

LOW

hesabfa-accounting

Score: 89/100 Hesabfa Accounting <= 2.2.4 - Cross-Site Request Forgery Affected: *-2.2.4 Patched: Updated: June 29, 2026

LOW

customcomment

Score: 89/100 Custom Comment <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: June 29, 2026

LOW

cf7-sweet-alert-popup

Score: 91/100 Popup for CF7 with Sweet Alert <= 1.6.5 - Cross-Site Request Forgery Affected: *-1.6.5 Patched: Updated: June 29, 2026

LOW

century-toolkit

Score: 91/100 Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

att-youtube

Score: 91/100 ATT YouTube Widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

adstxt-guru-connect

Score: 97/100 ads.txt Guru Connect <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

easy-digital-downloads

Score: 78/100 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions Affected: *-3.5.0 Patched: 3.5.1 Updated: June 29, 2026

LOW

woo-smart-quick-view

Score: N/A WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode Affected: *-4.2.1 Patched: 4.2.2 Updated: June 29, 2026

LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion Affected: *-3.2.4 Patched: 3.2.5 Updated: June 29, 2026

LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization Affected: *-3.2.4 Patched: 3.2.5 Updated: June 29, 2026

LOW

Redirection for Contact Form 7

wpcf7-redirect

Score: N/A Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection Affected: *-3.2.4 Patched: 3.2.5 Updated: June 29, 2026

LOW

tmm_content_composer

Score: N/A ThemeMakers Visual Content Composer <= 1.5.8 - Unauthenticated PHP Object Injection Affected: *-1.5.8 Patched: Updated: June 29, 2026

LOW

terms-of-service-and-privacy-policy

Score: N/A Terms of Service & Privacy Policy Generator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

tc-testimonial

Score: N/A TC Testimonials <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

simple-business-directory-pro

Score: N/A Simple Business Directory Pro < 15.6.9 - Unauthenticated Privilege Escalation Affected: [*, 15.6.9) Patched: 15.6.9 Updated: June 29, 2026

LOW

sensorpress-uptime-monitoring

Score: N/A SensorPress <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

page-transition

Score: N/A Page Transition <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

markup-markdown

Score: 93/100 Markup Markdown <= 3.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.20.6 Patched: 3.20.7 Updated: June 29, 2026

LOW

link-view

Score: 89/100 Link View <= 0.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.8.0 Patched: Updated: June 29, 2026

LOW

iframe-block

Score: 91/100 iFrame Block <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 29, 2026

LOW

happy-helpdesk-support-ticket-system

Score: 93/100 HAPPY – Helpdesk Support Ticket System <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: 1.0.7 Updated: June 29, 2026

LOW

funnel-builder

Score: 93/100 Funnel Builder by FunnelKit <= 3.11.1 - Unauthenticated Local File Inclusion Affected: *-3.11.1 Patched: 3.12.0 Updated: June 29, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP Framework <= 1.1.24 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.1.24 Patched: 1.1.25 Updated: June 29, 2026

LOW

compress-then-upload

Score: 93/100 Compress Then Upload <= 1.0.4 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.0.4 Patched: 1.0.5 Updated: June 29, 2026

LOW

comments-capcha-box

Score: 91/100 Comments Capcha Box <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 AI ChatBot for WordPress <= 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-7.0.0 Patched: 7.1.0 Updated: June 29, 2026

LOW

captcha-eu

Score: 93/100 Captcha.eu <= 1.0.61 - Unauthenticated Server-Side Request Forgery Affected: *-1.0.61 Patched: 1.0.62 Updated: June 29, 2026

LOW

backup-bolt

Score: 91/100 Backup Bolt <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: Updated: June 29, 2026

LOW

adthrive-ads

Score: 97/100 Raptive Ads <= 3.8.0 - Reflected Cross-Site Scripting Affected: *-3.8.0 Patched: 3.9.0 Updated: June 29, 2026

LOW

admin-menu-groups

Score: 95/100 Admin Menu Groups <= 0.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1.2 Patched: Updated: June 29, 2026

LOW

the-plus-addons-for-block-editor

Score: N/A Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-4.5.4 Patched: 4.5.5 Updated: June 29, 2026

LOW

jquery-archive-list-widget

Score: 93/100 JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function Affected: *-6.1.5 Patched: 6.1.6 Updated: June 29, 2026

LOW

cf-image-resizing

Score: 93/100 Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook Affected: *-1.5.6 Patched: 1.5.7 Updated: June 29, 2026

LOW

wp-flexible-map

Score: N/A Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode Affected: *-1.18.0 Patched: 1.19.0 Updated: June 29, 2026

LOW

wp-marketing-automations

Score: N/A Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library Affected: *-3.6.3 Patched: 3.6.4 Updated: June 29, 2026

LOW

funnel-builder

Score: 93/100 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library Affected: *-3.11.0.2 Patched: 3.11.1 Updated: June 29, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion Affected: *-3.27 Patched: 3.28 Updated: June 29, 2026

LOW

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF <= 1.3.3.7 - Unauthenticated SQL Injection Affected: *-1.3.3.7 Patched: 1.3.3.8 Updated: June 29, 2026

LOW

woo-smart-compare

Score: N/A WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting Affected: *-6.4.7 Patched: 6.4.8 Updated: June 29, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.62 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-51.1.62 Patched: 51.1.63 Updated: June 29, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.62 - Missing Authorization Affected: *-51.1.62 Patched: 51.1.63 Updated: June 29, 2026

LOW

iframe-wrapper

Score: 91/100 iframe Wrapper <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 29, 2026

LOW

ditty-news-ticker

Score: 93/100 Ditty <= 3.1.57 - Unauthenticated Server-Side Request Forgery Affected: *-3.1.57 Patched: 3.1.58 Updated: June 29, 2026

LOW

cookie-warning

Score: 89/100 Cookie Warning <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

cookie-warning

Score: 89/100 Cookie Warning <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

contact-manager

Score: 91/100 Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' Affected: *-8.6.5 Patched: 8.6.6 Updated: June 29, 2026

LOW

contact-form-by-supsystic

Score: 93/100 Contact Form by Supsystic <= 1.7.36 - Reflected Cross-Site Scripting Affected: *-1.7.36 Patched: 1.8.0 Updated: June 29, 2026

LOW

animated-icon-banner-for-visual-composer

Score: 95/100 Essential Doo Components for Visual Composer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: June 29, 2026

LOW

slide-puzzle

Score: N/A Slide Puzzle <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

simple-login-log

Score: N/A Simple Login Log <= 1.1.3 - Authenticated (Administrator+) PHP Object Injection Affected: *-1.1.3 Patched: 2.0.0 Updated: June 29, 2026

LOW

simple-contact-info-widget

Score: N/A Contact Info Widget <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6.2 Patched: Updated: June 29, 2026

LOW

pending-order-bot

Score: N/A Pending Order Bot <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

laposta-woocommerce

Score: 93/100 Laposta WooCommerce <= 1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.9.1 Patched: 1.9.2 Updated: June 29, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.9 - Authenticated (Subscriber+) Information Exposure Affected: *-2.1.9 Patched: Updated: June 29, 2026

LOW

filr-protection

Score: 93/100 Filr <= 1.2.10 - Authenticated (Contributor+) Arbitrary File Deletion Affected: *-1.2.10 Patched: 1.2.11 Updated: June 29, 2026

Showing 7001 to 7100 of 36280 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 20:19 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List