Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.9 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.1.9		June 29, 2026
filr-protection	filr-protection	93	Filr <= 1.2.10 - Authenticated (Contributor+) Arbitrary File Deletion	LOW	*-1.2.10	1.2.11	June 29, 2026
customcomment	customcomment	89	Custom Comment <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.6		June 29, 2026
custom-menu	custom-menu	91	Custom Menu <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8		June 29, 2026
awstats-script	awstats-script	91	AWStats Script <= 0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.3		June 29, 2026
wp-emmet	wp-emmet	N/A	WP Emmet <= 0.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.3.4		June 29, 2026
serverbuddy-by-pluginbuddy	serverbuddy-by-pluginbuddy	N/A	ServerBuddy by PluginBuddy.com <= 1.0.5 - Cross-Site Request Forgery to PHP Object Injection	LOW	*-1.0.5		June 29, 2026
emu2-email-users-2	emu2-email-users-2	91	Emu2 <= 0.83b - Reflected Cross-Site Scripting	LOW	* - 0.83b		June 29, 2026
elizaibot-chatbots	elizaibot-chatbots	91	Elizaibots <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
translate-this-google-translate-web-element-shortcode	translate-this-google-translate-web-element-shortcode	N/A	Translate This - Google Translate Web Element Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter	LOW	*-1.0		June 29, 2026
betterdocs	betterdocs	93	BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure	LOW	*-4.1.1	4.1.2	June 29, 2026
Drag and Drop Multiple File Upload for Contact Form 7	drag-and-drop-multiple-file-upload-contact-form-7	93	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie	LOW	*-1.3.9.0	1.3.9.1	June 29, 2026
advanced-iframe	advanced-iframe	97	Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2025.6	2025.7	June 29, 2026
profile-builder	profile-builder	N/A	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.14.3	3.14.4	June 29, 2026
school-management	school-management	N/A	School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection	LOW	*-93.2.0		June 29, 2026
school-management	school-management	N/A	School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload	LOW	*-93.2.0		June 29, 2026
gym-management	gym-management	83	WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update	LOW	*-67.7.0		June 29, 2026
gym-management	gym-management	83	WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation	LOW	*-67.7.0		June 29, 2026
intl-datetime-calendar	intl-datetime-calendar	91	Intl DateTime Calendar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter	LOW	*-1.0.1		June 29, 2026
anber-elementor-addon	anber-elementor-addon	95	Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link	LOW	*-1.0.1		June 29, 2026
anber-elementor-addon	anber-elementor-addon	95	Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link	LOW	*-1.0.1		June 29, 2026
linux-promotional-plugin	linux-promotional-plugin	91	Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.4		June 29, 2026
earnware-connect	earnware-connect	93	Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.74	1.0.75	June 29, 2026
embed-bokun	embed-bokun	93	Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter	LOW	*-0.23	0.24	June 29, 2026
surbma-recent-comments-shortcode	surbma-recent-comments-shortcode	N/A	Surbma \| Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0	2.0.1	June 29, 2026
lastfm-recent-album-artwork	lastfm-recent-album-artwork	91	Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.2		June 29, 2026
latestcheckins	latestcheckins	91	LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1		June 29, 2026
alpack	alpack	97	Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function	LOW	*-1.1.1	1.1.2	June 29, 2026
weichuncai	weichuncai	N/A	weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.5		June 29, 2026
story-chief	story-chief	N/A	StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload	LOW	*-1.0.42	1.0.43	June 29, 2026
wp-user-avatar	wp-user-avatar	N/A	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-4.16.4	4.16.5	June 29, 2026
wp-discord-post-plus	wp-discord-post-plus	N/A	WP Discord Post Plus - Supports Unlimited Channels <= 1.0.2 - Cross-Site Request Forgery	LOW	*-1.0.2		June 29, 2026
woolook	woolook	N/A	Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion	LOW	*-1.7.0		June 29, 2026
vertical-scroll-slideshow-gallery-v2	vertical-scroll-slideshow-gallery-v2	N/A	Vertical scroll slideshow gallery v2 <= 9.1 - Authenticated (Contributor+) SQL Injection	LOW	*-9.1		June 29, 2026
uji-countdown	uji-countdown	N/A	Uji Countdown <= 2.3.3 - Reflected Cross-Site Scripting	LOW	*-2.3.3		June 29, 2026
tplayer-html5-audio-player-with-playlist	tplayer-html5-audio-player-with-playlist	N/A	tPlayer <= 1.2.1.6 - Unauthenticated SQL Injection	LOW	*-1.2.1.6		June 29, 2026
sms-alert	sms-alert	N/A	SMS Alert Order Notifications <= 3.8.5 - Unauthenticated SQL Injection	LOW	*-3.8.5	3.8.6	June 29, 2026
school-management	school-management	N/A	School Management <= 93.2.0 - Missing Authorization	LOW	*-93.2.0		June 29, 2026
school-management	school-management	N/A	School Management <= 93.2.0 - Authenticated (Support staff+) SQL Injection	LOW	*-93.2.0		June 29, 2026
school-management	school-management	N/A	School Management <= 93.1.0 - Unauthenticated Insecure Direct Object Reference	LOW	*-93.1.0		June 29, 2026
poll-maker	poll-maker	N/A	Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure	LOW	*-5.8.9	5.9.0	June 29, 2026
fwduvp	fwduvp	89	Ultimate Video Player <= 10.1 - Missing Authorization	LOW	*-10.1		June 29, 2026
extensive-vc-addon	extensive-vc-addon	89	Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion	LOW	*-1.9.1		June 29, 2026
ecab-taxi-booking-manager	ecab-taxi-booking-manager	93	Taxi Booking Manager for Woocommerce \| E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover	LOW	*-1.3.0	1.3.1	June 29, 2026
dropshipping-xox	dropshipping-xox	91	Dropshix <= 4.0.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.0.14		June 29, 2026
directory-pro	directory-pro	86	Directory Pro <= 2.5.5 - Reflected Cross-Site Scripting	LOW	*-2.5.5		June 29, 2026
eventon-lite	eventon-lite	93	EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure	LOW	*-2.4.7	2.4.8	June 29, 2026
err-our-team	err-our-team	91	Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call	LOW	*-1.0		June 29, 2026
gestion-tarifs	gestion-tarifs	91	Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection	LOW	*-1.4		June 29, 2026
icons-factory	icons-factory	91	Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function	LOW	*-1.6.12		June 29, 2026
assistant-for-nextgen-gallery	assistant-for-nextgen-gallery	95	Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion	LOW	*-1.0.9		June 29, 2026
add-user-meta	add-user-meta	95	Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
bizcalendar-web	bizcalendar-web	93	BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.1.0.53	1.1.0.54	June 29, 2026
radius-blocks	radius-blocks	N/A	Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter	LOW	*-2.2.1		June 29, 2026
alobaidi-captcha	alobaidi-captcha	95	Alobaidi Captcha <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-1.0.3		June 29, 2026
wp-readme-parser	wp-readme-parser	N/A	Plugin README Parser <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter	LOW	*-1.3.15		June 29, 2026
elink-embed-content	elink-embed-content	91	elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation	LOW	*-1.1.0		June 29, 2026
wp-table-builder	wp-table-builder	N/A	WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0.12	2.0.13	June 29, 2026
bit-form	bit-form	93	Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload	LOW	*-2.20.3	2.20.4	June 29, 2026
b-slider	b-slider	93	B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-2.0.0	2.0.1	June 29, 2026
b-slider	b-slider	93	B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-2.0.0	2.0.1	June 29, 2026
login-with-phone-number	login-with-phone-number	93	WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass	LOW	*-1.8.47	1.8.48	June 29, 2026
order-tip-woo	order-tip-woo	N/A	Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts	LOW	*-1.5.4	1.5.5	June 29, 2026
wpguppy-lite	wpguppy-lite	N/A	WPGuppy <= 1.1.4 - Missing Authorization	LOW	*-1.1.4	1.1.5	June 29, 2026
wpdm-premium-packages	wpdm-premium-packages	N/A	WPDM – Premium Packages <= 6.0.2 - Cross-Site Request Forgery	LOW	*-6.0.2	6.0.3	June 29, 2026
wp-table-builder	wp-table-builder	N/A	WP Table Builder <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.12	2.0.13	June 29, 2026
wp-storymap	wp-storymap	N/A	StoryMap <= 2.1 - Cross-Site Request Forgery	LOW	*-2.1		June 29, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative	wp-statistics	90	WP Statistics <= 14.15 - Missing Authorization	LOW	*-14.15	14.15.2	June 29, 2026
wp-pipes	wp-pipes	N/A	WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting	LOW	*-1.4.3		June 29, 2026
wp-membership	wp-membership	N/A	WP Membership <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-1.6.3	1.6.4	June 29, 2026
wp-jobsearch	wp-jobsearch	N/A	JobSearch < 3.0.8 - Authenticated (Subscriber+) Local File Inclusion	LOW	[*, 3.0.8)	3.0.8	June 29, 2026
wp-database-optimizer-tools	wp-database-optimizer-tools	N/A	WP-Database-Optimizer-Tools <= 0.2 - Cross-Site Request Forgery	LOW	*-0.2		June 29, 2026
wordlift	wordlift	N/A	WordLift <= 3.54.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.54.5	3.54.6	June 29, 2026
Advanced Booking & Appointment System – Webba Booking Calendar	webba-booking-lite	70	Webba Booking <= 6.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-6.0.5	6.0.6	June 29, 2026
visualcomposer	visualcomposer	N/A	Visual Composer Website Builder <= 45.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-45.13.0	45.15.0	June 29, 2026
video-expander	video-expander	N/A	Video Expander <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 29, 2026
thim-core	thim-core	N/A	Thim Core <= 2.3.3 - Missing Authorization	LOW	*-2.3.3		June 29, 2026
thim-core	thim-core	N/A	Thim Core <= 2.3.3 - Cross-Site Request Forgery	LOW	*-2.3.3		June 29, 2026
the-plus-addons-for-elementor-page-builder	the-plus-addons-for-elementor-page-builder	N/A	The Plus Addons for Elementor Page Builder Lite <= 6.3.13 - Missing Authorization	LOW	*-6.3.13	6.3.14	June 29, 2026
the-plus-addons-for-block-editor	the-plus-addons-for-block-editor	N/A	Nexter Blocks <= 4.5.4 - Missing Authorization	LOW	*-4.5.4	4.5.5	June 29, 2026
templatera	templatera	N/A	Templatera <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.0	2.4.0	June 29, 2026
simplified	simplified	N/A	Simplified <= 1.0.11 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-1.0.11	1.0.12	June 29, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.37.2 - Authenticated (Subscriber+) Information Exposure	LOW	*-3.37.2	3.37.3	June 29, 2026
simple-poll	simple-poll	N/A	Simple Poll <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.1.1		June 29, 2026
shortcode-redirect	shortcode-redirect	N/A	Shortcode Redirect <= 1.0.02 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.02	1.0.03	June 29, 2026
rss-feed-pro	rss-feed-pro	N/A	RSS Feed Pro <= 1.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.1.8	1.1.9	June 29, 2026
real-estate-manager-pro	real-estate-manager-pro	N/A	Real Estate Manager Pro <= 12.7.3 - Reflected Cross-Site Scripting	LOW	*-12.7.3	12.7.4	June 29, 2026
quttera-web-malware-scanner	quttera-web-malware-scanner	N/A	Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-3.5.1.41	3.5.2.1	June 29, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 10.2.4 - Authenticated (Contributor+) SQL Injection	LOW	*-10.2.4	10.2.5	June 29, 2026
print-my-blog	print-my-blog	N/A	Print My Blog <= 3.27.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.27.9	3.27.10	June 29, 2026
primer-mydata	primer-mydata	N/A	Primer MyData for Woocommerce <= 4.2.5 - Cross-Site Request Forgery	LOW	*-4.2.5	4.2.6	June 29, 2026
oik	oik	N/A	oik <= 4.15.2 - Reflected Cross-Site Scripting	LOW	*-4.15.2	4.15.3	June 29, 2026
netinsight-analytics-implementation-plugin	netinsight-analytics-implementation-plugin	N/A	NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3		June 29, 2026
netinsight-analytics-implementation-plugin	netinsight-analytics-implementation-plugin	N/A	NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3		June 29, 2026
neon-channel-product-customizer-free	neon-channel-product-customizer-free	N/A	Neon Channel Product Customizer Free <= 2.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion	LOW	*-2.0	3.0	June 29, 2026
meeting-scheduler-by-vcita	meeting-scheduler-by-vcita	93	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.3 - Authenticated (Author+) Arbitrary File Upload	LOW	*-4.5.3	4.5.5	June 29, 2026
Kadence WooCommerce Email Designer	kadence-woocommerce-email-designer	90	Kadence WooCommerce Email Designer <= 1.5.16 - Authenticated (Shop Manager+) Arbitrary Options Update	LOW	*-1.5.16	1.5.17	June 29, 2026
jet-woo-product-gallery	jet-woo-product-gallery	93	JetProductGallery <= 2.2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.0.2	2.2.0.3	June 29, 2026
jet-elements	jet-elements	93	JetElements For Elementor <= 2.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.9	2.7.9.1	June 29, 2026
inspectlet-heatmaps-and-user-session-recording	inspectlet-heatmaps-and-user-session-recording	93	Inspectlet - User Session Recording and Heatmaps <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0	3.0	June 29, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.9 - Authenticated (Subscriber+) Information Exposure Affected: *-2.1.9 Patched: Updated: June 29, 2026

LOW

filr-protection

Score: 93/100 Filr <= 1.2.10 - Authenticated (Contributor+) Arbitrary File Deletion Affected: *-1.2.10 Patched: 1.2.11 Updated: June 29, 2026

LOW

customcomment

Score: 89/100 Custom Comment <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: June 29, 2026

LOW

custom-menu

Score: 91/100 Custom Menu <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: June 29, 2026

LOW

awstats-script

Score: 91/100 AWStats Script <= 0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.3 Patched: Updated: June 29, 2026

LOW

wp-emmet

Score: N/A WP Emmet <= 0.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.3.4 Patched: Updated: June 29, 2026

LOW

serverbuddy-by-pluginbuddy

Score: N/A ServerBuddy by PluginBuddy.com <= 1.0.5 - Cross-Site Request Forgery to PHP Object Injection Affected: *-1.0.5 Patched: Updated: June 29, 2026

LOW

emu2-email-users-2

Score: 91/100 Emu2 <= 0.83b - Reflected Cross-Site Scripting Affected: * - 0.83b Patched: Updated: June 29, 2026

LOW

elizaibot-chatbots

Score: 91/100 Elizaibots <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

translate-this-google-translate-web-element-shortcode

Score: N/A Translate This - Google Translate Web Element Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

betterdocs

Score: 93/100 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure Affected: *-4.1.1 Patched: 4.1.2 Updated: June 29, 2026

LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie Affected: *-1.3.9.0 Patched: 1.3.9.1 Updated: June 29, 2026

LOW

advanced-iframe

Score: 97/100 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2025.6 Patched: 2025.7 Updated: June 29, 2026

LOW

profile-builder

Score: N/A User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.14.3 Patched: 3.14.4 Updated: June 29, 2026

LOW

school-management

Score: N/A School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection Affected: *-93.2.0 Patched: Updated: June 29, 2026

LOW

school-management

Score: N/A School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload Affected: *-93.2.0 Patched: Updated: June 29, 2026

LOW

gym-management

Score: 83/100 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update Affected: *-67.7.0 Patched: Updated: June 29, 2026

LOW

gym-management

Score: 83/100 WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation Affected: *-67.7.0 Patched: Updated: June 29, 2026

LOW

intl-datetime-calendar

Score: 91/100 Intl DateTime Calendar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

anber-elementor-addon

Score: 95/100 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

anber-elementor-addon

Score: 95/100 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

linux-promotional-plugin

Score: 91/100 Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

earnware-connect

Score: 93/100 Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.74 Patched: 1.0.75 Updated: June 29, 2026

LOW

embed-bokun

Score: 93/100 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter Affected: *-0.23 Patched: 0.24 Updated: June 29, 2026

LOW

surbma-recent-comments-shortcode

Score: N/A Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

lastfm-recent-album-artwork

Score: 91/100 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

latestcheckins

Score: 91/100 LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1 Patched: Updated: June 29, 2026

LOW

alpack

Score: 97/100 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function Affected: *-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

weichuncai

Score: N/A weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

story-chief

Score: N/A StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload Affected: *-1.0.42 Patched: 1.0.43 Updated: June 29, 2026

LOW

wp-user-avatar

Score: N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution Affected: *-4.16.4 Patched: 4.16.5 Updated: June 29, 2026

LOW

wp-discord-post-plus

Score: N/A WP Discord Post Plus - Supports Unlimited Channels <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

woolook

Score: N/A Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion Affected: *-1.7.0 Patched: Updated: June 29, 2026

LOW

vertical-scroll-slideshow-gallery-v2

Score: N/A Vertical scroll slideshow gallery v2 <= 9.1 - Authenticated (Contributor+) SQL Injection Affected: *-9.1 Patched: Updated: June 29, 2026

LOW

uji-countdown

Score: N/A Uji Countdown <= 2.3.3 - Reflected Cross-Site Scripting Affected: *-2.3.3 Patched: Updated: June 29, 2026

LOW

tplayer-html5-audio-player-with-playlist

Score: N/A tPlayer <= 1.2.1.6 - Unauthenticated SQL Injection Affected: *-1.2.1.6 Patched: Updated: June 29, 2026

LOW

sms-alert

Score: N/A SMS Alert Order Notifications <= 3.8.5 - Unauthenticated SQL Injection Affected: *-3.8.5 Patched: 3.8.6 Updated: June 29, 2026

LOW

school-management

Score: N/A School Management <= 93.2.0 - Missing Authorization Affected: *-93.2.0 Patched: Updated: June 29, 2026

LOW

school-management

Score: N/A School Management <= 93.2.0 - Authenticated (Support staff+) SQL Injection Affected: *-93.2.0 Patched: Updated: June 29, 2026

LOW

school-management

Score: N/A School Management <= 93.1.0 - Unauthenticated Insecure Direct Object Reference Affected: *-93.1.0 Patched: Updated: June 29, 2026

LOW

poll-maker

Score: N/A Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure Affected: *-5.8.9 Patched: 5.9.0 Updated: June 29, 2026

LOW

fwduvp

Score: 89/100 Ultimate Video Player <= 10.1 - Missing Authorization Affected: *-10.1 Patched: Updated: June 29, 2026

LOW

extensive-vc-addon

Score: 89/100 Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion Affected: *-1.9.1 Patched: Updated: June 29, 2026

LOW

ecab-taxi-booking-manager

Score: 93/100 Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover Affected: *-1.3.0 Patched: 1.3.1 Updated: June 29, 2026

LOW

dropshipping-xox

Score: 91/100 Dropshix <= 4.0.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.14 Patched: Updated: June 29, 2026

LOW

directory-pro

Score: 86/100 Directory Pro <= 2.5.5 - Reflected Cross-Site Scripting Affected: *-2.5.5 Patched: Updated: June 29, 2026

LOW

eventon-lite

Score: 93/100 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure Affected: *-2.4.7 Patched: 2.4.8 Updated: June 29, 2026

LOW

err-our-team

Score: 91/100 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

gestion-tarifs

Score: 91/100 Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

icons-factory

Score: 91/100 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function Affected: *-1.6.12 Patched: Updated: June 29, 2026

LOW

assistant-for-nextgen-gallery

Score: 95/100 Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion Affected: *-1.0.9 Patched: Updated: June 29, 2026

LOW

add-user-meta

Score: 95/100 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

bizcalendar-web

Score: 93/100 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.0.53 Patched: 1.1.0.54 Updated: June 29, 2026

LOW

radius-blocks

Score: N/A Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter Affected: *-2.2.1 Patched: Updated: June 29, 2026

LOW

alobaidi-captcha

Score: 95/100 Alobaidi Captcha <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

wp-readme-parser

Score: N/A Plugin README Parser <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter Affected: *-1.3.15 Patched: Updated: June 29, 2026

LOW

elink-embed-content

Score: 91/100 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation Affected: *-1.1.0 Patched: Updated: June 29, 2026

LOW

wp-table-builder

Score: N/A WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.12 Patched: 2.0.13 Updated: June 29, 2026

LOW

bit-form

Score: 93/100 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload Affected: *-2.20.3 Patched: 2.20.4 Updated: June 29, 2026

LOW

b-slider

Score: 93/100 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

b-slider

Score: 93/100 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

login-with-phone-number

Score: 93/100 WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass Affected: *-1.8.47 Patched: 1.8.48 Updated: June 29, 2026

LOW

order-tip-woo

Score: N/A Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts Affected: *-1.5.4 Patched: 1.5.5 Updated: June 29, 2026

LOW

wpguppy-lite

Score: N/A WPGuppy <= 1.1.4 - Missing Authorization Affected: *-1.1.4 Patched: 1.1.5 Updated: June 29, 2026

LOW

wpdm-premium-packages

Score: N/A WPDM – Premium Packages <= 6.0.2 - Cross-Site Request Forgery Affected: *-6.0.2 Patched: 6.0.3 Updated: June 29, 2026

LOW

wp-table-builder

Score: N/A WP Table Builder <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.12 Patched: 2.0.13 Updated: June 29, 2026

LOW

wp-storymap

Score: N/A StoryMap <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: June 29, 2026

LOW

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Score: 90/100 WP Statistics <= 14.15 - Missing Authorization Affected: *-14.15 Patched: 14.15.2 Updated: June 29, 2026

LOW

wp-pipes

Score: N/A WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: June 29, 2026

LOW

wp-membership

Score: N/A WP Membership <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.6.3 Patched: 1.6.4 Updated: June 29, 2026

LOW

wp-jobsearch

Score: N/A JobSearch < 3.0.8 - Authenticated (Subscriber+) Local File Inclusion Affected: [*, 3.0.8) Patched: 3.0.8 Updated: June 29, 2026

LOW

wp-database-optimizer-tools

Score: N/A WP-Database-Optimizer-Tools <= 0.2 - Cross-Site Request Forgery Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

wordlift

Score: N/A WordLift <= 3.54.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.54.5 Patched: 3.54.6 Updated: June 29, 2026

LOW

Advanced Booking & Appointment System – Webba Booking Calendar

webba-booking-lite

Score: 70/100 Webba Booking <= 6.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.0.5 Patched: 6.0.6 Updated: June 29, 2026

LOW

visualcomposer

Score: N/A Visual Composer Website Builder <= 45.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-45.13.0 Patched: 45.15.0 Updated: June 29, 2026

LOW

video-expander

Score: N/A Video Expander <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

thim-core

Score: N/A Thim Core <= 2.3.3 - Missing Authorization Affected: *-2.3.3 Patched: Updated: June 29, 2026

LOW

thim-core

Score: N/A Thim Core <= 2.3.3 - Cross-Site Request Forgery Affected: *-2.3.3 Patched: Updated: June 29, 2026

LOW

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor Page Builder Lite <= 6.3.13 - Missing Authorization Affected: *-6.3.13 Patched: 6.3.14 Updated: June 29, 2026

LOW

the-plus-addons-for-block-editor

Score: N/A Nexter Blocks <= 4.5.4 - Missing Authorization Affected: *-4.5.4 Patched: 4.5.5 Updated: June 29, 2026

LOW

templatera

Score: N/A Templatera <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: 2.4.0 Updated: June 29, 2026

LOW

simplified

Score: N/A Simplified <= 1.0.11 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-1.0.11 Patched: 1.0.12 Updated: June 29, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.37.2 - Authenticated (Subscriber+) Information Exposure Affected: *-3.37.2 Patched: 3.37.3 Updated: June 29, 2026

LOW

simple-poll

Score: N/A Simple Poll <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

shortcode-redirect

Score: N/A Shortcode Redirect <= 1.0.02 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.02 Patched: 1.0.03 Updated: June 29, 2026

LOW

rss-feed-pro

Score: N/A RSS Feed Pro <= 1.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: June 29, 2026

LOW

real-estate-manager-pro

Score: N/A Real Estate Manager Pro <= 12.7.3 - Reflected Cross-Site Scripting Affected: *-12.7.3 Patched: 12.7.4 Updated: June 29, 2026

LOW

quttera-web-malware-scanner

Score: N/A Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-3.5.1.41 Patched: 3.5.2.1 Updated: June 29, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 10.2.4 - Authenticated (Contributor+) SQL Injection Affected: *-10.2.4 Patched: 10.2.5 Updated: June 29, 2026

LOW

print-my-blog

Score: N/A Print My Blog <= 3.27.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.27.9 Patched: 3.27.10 Updated: June 29, 2026

LOW

primer-mydata

Score: N/A Primer MyData for Woocommerce <= 4.2.5 - Cross-Site Request Forgery Affected: *-4.2.5 Patched: 4.2.6 Updated: June 29, 2026

LOW

oik

Score: N/A oik <= 4.15.2 - Reflected Cross-Site Scripting Affected: *-4.15.2 Patched: 4.15.3 Updated: June 29, 2026

LOW

netinsight-analytics-implementation-plugin

Score: N/A NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

netinsight-analytics-implementation-plugin

Score: N/A NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

neon-channel-product-customizer-free

Score: N/A Neon Channel Product Customizer Free <= 2.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion Affected: *-2.0 Patched: 3.0 Updated: June 29, 2026

LOW

meeting-scheduler-by-vcita

Score: 93/100 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.3 - Authenticated (Author+) Arbitrary File Upload Affected: *-4.5.3 Patched: 4.5.5 Updated: June 29, 2026

LOW

Kadence WooCommerce Email Designer

kadence-woocommerce-email-designer

Score: 90/100 Kadence WooCommerce Email Designer <= 1.5.16 - Authenticated (Shop Manager+) Arbitrary Options Update Affected: *-1.5.16 Patched: 1.5.17 Updated: June 29, 2026

LOW

jet-woo-product-gallery

Score: 93/100 JetProductGallery <= 2.2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.0.2 Patched: 2.2.0.3 Updated: June 29, 2026

LOW

jet-elements

Score: 93/100 JetElements For Elementor <= 2.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.9 Patched: 2.7.9.1 Updated: June 29, 2026

LOW

inspectlet-heatmaps-and-user-session-recording

Score: 93/100 Inspectlet - User Session Recording and Heatmaps <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 3.0 Updated: June 29, 2026

Showing 7101 to 7200 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 21:55 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List