Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
infility-global	infility-global	81	Infility Global <= 2.14.7 - Authenticated (Subscriber+) Arbitrary File Download	LOW	*-2.14.7		June 29, 2026
graphina-elementor-charts-and-graphs	graphina-elementor-charts-and-graphs	93	Graphina - Elementor Charts and Graphs <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.3	3.1.4	June 29, 2026
flexo-social-gallery	flexo-social-gallery	91	flexo-social-gallery <= 1.0006 - Cross-Site Request Forgery	LOW	*-1.0006		June 29, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets	essential-addons-for-elementor-lite	85	Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items'	LOW	*-6.2.2	6.2.3	June 29, 2026
embedder-for-google-reviews	embedder-for-google-reviews	93	Embedder for Google Reviews <= 1.7.3 - Missing Authorization	LOW	*-1.7.3	1.7.4	June 29, 2026
easy-elementor-addons	easy-elementor-addons	93	Easy Elementor Addons <= 2.2.7 - Missing Authorization	LOW	*-2.2.7	2.2.8	June 29, 2026
do-spaces-sync	do-spaces-sync	91	DigitalOcean Spaces Sync <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.1		June 29, 2026
codeablepress-simple-frontend-profile-picture-upload	codeablepress-simple-frontend-profile-picture-upload	91	CodeablePress <= 1.0.0 - Missing Authorization	LOW	*-1.0.0		June 29, 2026
cm-on-demand-search-and-replace	cm-on-demand-search-and-replace	91	CM On Demand Search And Replace <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.2	1.5.3	June 29, 2026
cm-on-demand-search-and-replace	cm-on-demand-search-and-replace	91	CM On Demand Search And Replace <= 1.5.2 - Cross-Site Request Forgery	LOW	*-1.5.2	1.5.3	June 29, 2026
build-app-online	build-app-online	85	Build App Online <= 1.0.23 - Cross-Site Request Forgery	LOW	*-1.0.23		June 29, 2026
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders	barcode-scanner-lite-pos-to-manage-products-inventory-and-orders	93	Barcode Scanner with Inventory & Order Manager <= 1.9.0 - Authenticated (Admin+) Arbitrary File Download	LOW	*-1.9.0	1.9.1	June 29, 2026
bBlocks – Essential Gutenberg Blocks & Patterns Collection	b-blocks	90	B Blocks <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.5	2.0.6	June 29, 2026
awesome-support	awesome-support	93	Awesome Support <= 6.3.6 - Information Exposure	LOW	*-6.3.6	6.3.7	June 29, 2026
add-custom-codes	add-custom-codes	97	Add Custom Codes <= 4.80 - Authenticated (Contributor+) Remote Code Execution	LOW	*-4.80	5.0	June 29, 2026
aco-woo-dynamic-pricing	aco-woo-dynamic-pricing	97	Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.9 - Authenticated (Shop Manager+) Arbitrary Code Execution	LOW	*-4.5.9	4.5.10	June 29, 2026
12-step-meeting-list	12-step-meeting-list	97	12 Step Meeting List <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.18.3	3.18.4	June 29, 2026
wp-event-solution	wp-event-solution	N/A	Eventin <= 4.0.31 - Authenticated (Contributor+) PHP Object Injection	LOW	*-4.0.31	4.0.32	June 29, 2026
time-sheets	time-sheets	N/A	Time Sheets <= 2.1.3 - Reflected Cross-Site Scripting	LOW	*-2.1.3		June 29, 2026
sticky-side-buttons	sticky-side-buttons	N/A	Sticky Side Buttons < 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 2.0.0)	2.0.0	June 29, 2026
responsive-posts-carousel-pro	responsive-posts-carousel-pro	N/A	Responsive Posts Carousel WordPress Plugin <= 15.0 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-15.0	15.1	June 29, 2026
netease-music	netease-music	N/A	Netease Music <= 3.2.1 - Missing Authorization	LOW	*-3.2.1		June 29, 2026
hide-text-shortcode	hide-text-shortcode	91	Hide Text Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 29, 2026
forms-by-made-it	forms-by-made-it	93	Forms <= 2.9.0 - Authenticated (Contributor+) Arbitrary File Upload	LOW	*-2.9.0	3.0.0	June 29, 2026
eventin-pro	eventin-pro	93	WordPress Event Manager, Event Calendar and Booking Plugin <= 4.0.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion	LOW	*-4.0.24	4.0.25	June 29, 2026
blog-designer-pro	blog-designer-pro	86	Blog Designer PRO <= 3.4.7 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-3.4.7		June 29, 2026
billplz-for-contact-form-7	billplz-for-contact-form-7	93	Billplz Addon for Contact Form 7 <= 1.2.0 - Reflected Cross-Site Scripting	LOW	*-1.2.0	1.2.1	June 29, 2026
authentication-and-xmlrpc-log-writer	authentication-and-xmlrpc-log-writer	91	Authentication and xmlrpc log writer <= 1.2.2 - Reflected Cross-Site Scripting	LOW	*-1.2.2		June 29, 2026
airdrop	airdrop	95	WP Airdrop Manager <= 1.0.5 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.0.5		June 29, 2026
tutor-pro	tutor-pro	N/A	Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection	LOW	*-3.7.0	3.7.1	June 29, 2026
easy-pdf-restaurant-menu-upload	easy-pdf-restaurant-menu-upload	93	Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload	LOW	*-2.0.2	2.0.3	June 29, 2026
wp-voting	wp-voting	N/A	WP Voting <= 1.8 - Reflected Cross-Site Scripting	LOW	*-1.8		June 29, 2026
wp-file-manager-pro	wp-file-manager-pro	N/A	Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion	LOW	*-8.4.2	8.4.3	June 29, 2026
wp-dynamic-links	wp-dynamic-links	N/A	WP Dynamic Links <= 1.0.1 - Reflected Cross-Site Scripting	LOW	*-1.0.1		June 29, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.11.16 - Authenticated (Editor+) PHP Object Injection	LOW	*-2.11.16	2.11.17	June 29, 2026
soundst-seo-search	soundst-seo-search	N/A	SoundSt SEO Search <= 1.2.3 - Reflected Cross-Site Scripting	LOW	*-1.2.3		June 29, 2026
school-management	school-management	N/A	School Management <= 1.93.1 (02-07-2025) - Authenticated (Student+) Arbitrary File Upload	LOW	*		June 29, 2026
membership-for-woocommerce	membership-for-woocommerce	93	Membership For WooCommerce <= 2.9.0 - Missing Authorization	LOW	*-2.9.0	3.0.0	June 29, 2026
File Manager Pro – Filester	filester	78	Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion	LOW	*-1.8.9	1.9	June 29, 2026
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	file-manager-advanced	66	Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion	LOW	*-5.3.6	5.4.0	June 29, 2026
Database for Contact Form 7, WPforms, Elementor forms	contact-form-entries	84	Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion	LOW	*-1.4.3	1.4.4	June 29, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.28.3	3.28.5	June 29, 2026
master-addons	master-addons	93	Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox	LOW	*-2.0.9.0	2.0.9.1	June 29, 2026
simple-local-avatars	simple-local-avatars	N/A	Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration	LOW	*-2.8.4	2.8.5	June 29, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import	LOW	*-3.30.2	3.30.3	June 29, 2026
uicore-elements	uicore-elements	N/A	UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read	LOW	*-1.3.0	1.3.1	June 29, 2026
software-issue-manager	software-issue-manager	N/A	Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter	LOW	*-5.0.0	5.0.1	June 29, 2026
bBlocks – Essential Gutenberg Blocks & Patterns Collection	b-blocks	90	B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function	LOW	*-2.0.6	2.0.7	June 29, 2026
mosaic-generator	mosaic-generator	N/A	Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter	LOW	*-1.0.5		June 29, 2026
addi-simple-slider	addi-simple-slider	95	Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0		June 29, 2026
inline-stock-quotes	inline-stock-quotes	91	Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode	LOW	*-0.2		June 29, 2026
wp-chart-generator	wp-chart-generator	N/A	Wp chart generator <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode	LOW	*-1.0.4		June 29, 2026
wp-private-content-plus	wp-private-content-plus	N/A	WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure	LOW	*-3.6.2		June 29, 2026
wc-purchase-orders	wc-purchase-orders	N/A	WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-1.0.2	1.0.3	June 29, 2026
gmap-venturit	gmap-venturit	91	GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter	LOW	*-1.1		June 29, 2026
rt-easy-builder-advanced-addons-for-elementor	rt-easy-builder-advanced-addons-for-elementor	N/A	RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3		June 29, 2026
woo-thank-you-page-customizer	woo-thank-you-page-customizer	N/A	Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Missing Authorization	LOW	*-1.1.7	1.1.8	June 29, 2026
qi-blocks	qi-blocks	N/A	Qi Blocks <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.3	1.4.4	June 29, 2026
project-cost-calculator	project-cost-calculator	N/A	Project Cost Calculator <= 1.0.0 - Missing Authorization	LOW	*-1.0.0		June 29, 2026
premium-addons-for-kingcomposer	premium-addons-for-kingcomposer	N/A	Premium Addons for KingComposer <= 1.1.1 - Unauthenticated Local File Inclusion	LOW	*-1.1.1		June 29, 2026
football-leagues-by-anwppro	football-leagues-by-anwppro	93	AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection	LOW	*-0.16.17	0.16.18	June 29, 2026
eventin-pro	eventin-pro	93	WordPress Event Manager, Event Calendar and Booking Plugin <= 4.0.24 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-4.0.24	4.0.25	June 29, 2026
cf7-spreadsheets	cf7-spreadsheets	87	CF7 Spreadsheets <= 2.3.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-2.3.2		June 29, 2026
b-slider	b-slider	93	B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation	LOW	*-1.1.30	2.0.0	June 29, 2026
webinar-ignition	webinar-ignition	N/A	WebinarIgnition <= 4.06.04 - Missing Authorization	LOW	*-4.06.04	4.06.05	June 29, 2026
gf-insightly	gf-insightly	93	Gravity Forms Insightly <= 1.1.6 - Unauthenticated PHP Object Injection	LOW	*-1.1.6	1.1.7	June 29, 2026
gf-freshdesk	gf-freshdesk	93	Gravity Forms FreshDesk <= 1.3.5 - Unauthenticated PHP Object Injection	LOW	*-1.3.5	1.3.6	June 29, 2026
wp-gravity-forms-spreadsheets	wp-gravity-forms-spreadsheets	N/A	Connector for Gravity Forms and Google Sheets <= 1.2.6 - Unauthenticated PHP Object Injection	LOW	*-1.2.6	1.2.7	June 29, 2026
wp-fundraising-donation	wp-fundraising-donation	N/A	FundEngine <= 1.7.4 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-1.7.4	1.7.5	June 29, 2026
wp-event-solution	wp-event-solution	N/A	Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover	LOW	*-4.0.34	4.0.35	June 29, 2026
mapsvg	mapsvg	91	MapSVG < 8.7.4 - Unauthenticated SQL Injection	LOW	[*, 8.7.4)	8.7.4	June 29, 2026
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.9 - Missing Authorization	LOW	*-2.1.9		June 29, 2026
gravitywp-merge-tags	gravitywp-merge-tags	93	GravityWP - Merge Tags <= 1.4.4 - Unauthenticated Local File Inclusion	LOW	*-1.4.4	1.4.5	June 29, 2026
gf-zoho	gf-zoho	93	Gravity Forms Zoho CRM and Bigin <= 1.2.9 - Unauthenticated PHP Object Injection	LOW	*-1.2.9	1.3.0	June 29, 2026
gf-salesforce-crmperks	gf-salesforce-crmperks	93	Gravity Forms Salesforce <= 1.5.1 - Unauthenticated PHP Object Injection	LOW	*-1.5.1	1.5.2	June 29, 2026
gf-infusionsoft	gf-infusionsoft	93	Gravity Forms Keap/Infusionsoft <= 1.2.3 - Unauthenticated PHP Object Injection	LOW	*-1.2.3	1.2.4	June 29, 2026
gf-hubspot	gf-hubspot	93	Gravity Forms HubSpot <= 1.2.6 - Unauthenticated PHP Object Injection	LOW	*-1.2.6	1.2.7	June 29, 2026
gf-constant-contact	gf-constant-contact	93	Gravity Forms Constant Contact <= 1.1.2 - Unauthenticated PHP Object Injection	LOW	*-1.1.2	1.1.3	June 29, 2026
advanced-custom-fields	advanced-custom-fields	97	Advanced Custom Fields <= 6.4.2. - HTML Injection	LOW	*-6.4.2	6.4.3	June 29, 2026
zoloblocks	zoloblocks	N/A	ZoloBlocks <= 2.3.2 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-2.3.2	2.3.3	June 29, 2026
yith-woocommerce-compare	yith-woocommerce-compare	N/A	YITH WooCommerce Compare <= 3.6.0 - Authenticated (Admin+) PHP Object Injection	LOW	*-3.6.0	3.7.0	June 29, 2026
wp-jscrollpane	wp-jscrollpane	N/A	WP-jScrollPane <= 2.0.3 - Reflected Cross-Site Scripting	LOW	*-2.0.3		June 29, 2026
visit-counter	visit-counter	N/A	Visit Counter <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 29, 2026
user-language-switch	user-language-switch	N/A	User Language Switch <= 1.6.10 - Reflected Cross-Site Scripting	LOW	*-1.6.10		June 29, 2026
smm-api	smm-api	N/A	SMM API <= 6.0.30 - Missing Authorization	LOW	*-6.0.30		June 29, 2026
rentsyst	rentsyst	N/A	Rentsyst <= 2.0.100 - Reflected Cross-Site Scripting	LOW	*-2.0.100	2.0.101	June 29, 2026
lbg_vp_youtube_vimeo_addon_visual_composer	lbg_vp_youtube_vimeo_addon_visual_composer	91	Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1	2.2	June 29, 2026
i3geek-baiduxzh	i3geek-baiduxzh	91	BaiduXZH Submit(百度熊掌号) <= 1.4.6 - Reflected Cross-Site Scripting	LOW	*-1.4.6		June 29, 2026
global-gallery	global-gallery	91	Global Gallery <= 9.2.3 - Missing Authorization	LOW	*-9.2.3	9.2.4	June 29, 2026
form-block	form-block	93	Form Block <= 1.5.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.5.5	1.5.6	June 29, 2026
easy-form-builder	easy-form-builder	93	Easy Form Builder <= 3.8.15 - Unauthenticated SQL Injection	LOW	*-3.8.15	3.8.16	June 29, 2026
duoshuo	duoshuo	89	多说社会化评论框 <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 29, 2026
code-engine	code-engine	93	Code Engine <= 0.3.3 - Authenticated (Contributor+) Remote Code Execution	LOW	*-0.3.3	0.3.4	June 29, 2026
cf7-styler	cf7-styler	91	CF7 WOW Styler <= 1.7.2 - Unauthenticated Local File Inclusion	LOW	*-1.7.2	1.7.3	June 29, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates <= 6.4.1 - Missing Authorization to Unauthenticated Settings Update	LOW	*-6.4.1	6.4.2	June 29, 2026
ql-cost-calculator	ql-cost-calculator	N/A	Cost Calculator <= 7.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-7.4	7.5	June 29, 2026
prevent-file-access	prevent-file-access	N/A	Prevent files / folders access <= 2.6.0 - Authenticated (Subscriber+) Path Traversal	LOW	*-2.6.0	2.6.1	June 29, 2026
post-grid	post-grid	N/A	Post Grid and Gutenberg Blocks <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection	LOW	*-2.3.11	2.3.12	June 29, 2026
post-connector	post-connector	N/A	Post Connector <= 1.0.11 - Reflected Cross-Site Scripting	LOW	*-1.0.11		June 29, 2026
porn-videos-embed	porn-videos-embed	N/A	Porn Videos Embed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.9.1		June 29, 2026

LOW

infility-global

Score: 81/100 Infility Global <= 2.14.7 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-2.14.7 Patched: Updated: June 29, 2026

LOW

graphina-elementor-charts-and-graphs

Score: 93/100 Graphina - Elementor Charts and Graphs <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: June 29, 2026

LOW

flexo-social-gallery

Score: 91/100 flexo-social-gallery <= 1.0006 - Cross-Site Request Forgery Affected: *-1.0006 Patched: Updated: June 29, 2026

LOW

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Score: 85/100 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' Affected: *-6.2.2 Patched: 6.2.3 Updated: June 29, 2026

LOW

embedder-for-google-reviews

Score: 93/100 Embedder for Google Reviews <= 1.7.3 - Missing Authorization Affected: *-1.7.3 Patched: 1.7.4 Updated: June 29, 2026

LOW

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.2.7 - Missing Authorization Affected: *-2.2.7 Patched: 2.2.8 Updated: June 29, 2026

LOW

do-spaces-sync

Score: 91/100 DigitalOcean Spaces Sync <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: June 29, 2026

LOW

codeablepress-simple-frontend-profile-picture-upload

Score: 91/100 CodeablePress <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

cm-on-demand-search-and-replace

Score: 91/100 CM On Demand Search And Replace <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: June 29, 2026

LOW

cm-on-demand-search-and-replace

Score: 91/100 CM On Demand Search And Replace <= 1.5.2 - Cross-Site Request Forgery Affected: *-1.5.2 Patched: 1.5.3 Updated: June 29, 2026

LOW

build-app-online

Score: 85/100 Build App Online <= 1.0.23 - Cross-Site Request Forgery Affected: *-1.0.23 Patched: Updated: June 29, 2026

LOW

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Score: 93/100 Barcode Scanner with Inventory & Order Manager <= 1.9.0 - Authenticated (Admin+) Arbitrary File Download Affected: *-1.9.0 Patched: 1.9.1 Updated: June 29, 2026

LOW

bBlocks – Essential Gutenberg Blocks & Patterns Collection

b-blocks

Score: 90/100 B Blocks <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: June 29, 2026

LOW

awesome-support

Score: 93/100 Awesome Support <= 6.3.6 - Information Exposure Affected: *-6.3.6 Patched: 6.3.7 Updated: June 29, 2026

LOW

add-custom-codes

Score: 97/100 Add Custom Codes <= 4.80 - Authenticated (Contributor+) Remote Code Execution Affected: *-4.80 Patched: 5.0 Updated: June 29, 2026

LOW

aco-woo-dynamic-pricing

Score: 97/100 Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.9 - Authenticated (Shop Manager+) Arbitrary Code Execution Affected: *-4.5.9 Patched: 4.5.10 Updated: June 29, 2026

LOW

12-step-meeting-list

Score: 97/100 12 Step Meeting List <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.18.3 Patched: 3.18.4 Updated: June 29, 2026

LOW

wp-event-solution

Score: N/A Eventin <= 4.0.31 - Authenticated (Contributor+) PHP Object Injection Affected: *-4.0.31 Patched: 4.0.32 Updated: June 29, 2026

LOW

time-sheets

Score: N/A Time Sheets <= 2.1.3 - Reflected Cross-Site Scripting Affected: *-2.1.3 Patched: Updated: June 29, 2026

LOW

sticky-side-buttons

Score: N/A Sticky Side Buttons < 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 2.0.0) Patched: 2.0.0 Updated: June 29, 2026

LOW

responsive-posts-carousel-pro

Score: N/A Responsive Posts Carousel WordPress Plugin <= 15.0 - Authenticated (Subscriber+) Local File Inclusion Affected: *-15.0 Patched: 15.1 Updated: June 29, 2026

LOW

netease-music

Score: N/A Netease Music <= 3.2.1 - Missing Authorization Affected: *-3.2.1 Patched: Updated: June 29, 2026

LOW

hide-text-shortcode

Score: 91/100 Hide Text Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

forms-by-made-it

Score: 93/100 Forms <= 2.9.0 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-2.9.0 Patched: 3.0.0 Updated: June 29, 2026

LOW

eventin-pro

Score: 93/100 WordPress Event Manager, Event Calendar and Booking Plugin <= 4.0.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-4.0.24 Patched: 4.0.25 Updated: June 29, 2026

LOW

blog-designer-pro

Score: 86/100 Blog Designer PRO <= 3.4.7 - Authenticated (Subscriber+) Local File Inclusion Affected: *-3.4.7 Patched: Updated: June 29, 2026

LOW

billplz-for-contact-form-7

Score: 93/100 Billplz Addon for Contact Form 7 <= 1.2.0 - Reflected Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: June 29, 2026

LOW

authentication-and-xmlrpc-log-writer

Score: 91/100 Authentication and xmlrpc log writer <= 1.2.2 - Reflected Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: June 29, 2026

LOW

airdrop

Score: 95/100 WP Airdrop Manager <= 1.0.5 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: June 29, 2026

LOW

tutor-pro

Score: N/A Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection Affected: *-3.7.0 Patched: 3.7.1 Updated: June 29, 2026

LOW

easy-pdf-restaurant-menu-upload

Score: 93/100 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026

LOW

wp-voting

Score: N/A WP Voting <= 1.8 - Reflected Cross-Site Scripting Affected: *-1.8 Patched: Updated: June 29, 2026

LOW

wp-file-manager-pro

Score: N/A Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion Affected: *-8.4.2 Patched: 8.4.3 Updated: June 29, 2026

LOW

wp-dynamic-links

Score: N/A WP Dynamic Links <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.16 - Authenticated (Editor+) PHP Object Injection Affected: *-2.11.16 Patched: 2.11.17 Updated: June 29, 2026

LOW

soundst-seo-search

Score: N/A SoundSt SEO Search <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: June 29, 2026

LOW

school-management

Score: N/A School Management <= 1.93.1 (02-07-2025) - Authenticated (Student+) Arbitrary File Upload Affected: * Patched: Updated: June 29, 2026

LOW

membership-for-woocommerce

Score: 93/100 Membership For WooCommerce <= 2.9.0 - Missing Authorization Affected: *-2.9.0 Patched: 3.0.0 Updated: June 29, 2026

LOW

File Manager Pro – Filester

filester

Score: 78/100 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion Affected: *-1.8.9 Patched: 1.9 Updated: June 29, 2026

LOW

Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution

file-manager-advanced

Score: 66/100 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion Affected: *-5.3.6 Patched: 5.4.0 Updated: June 29, 2026

LOW

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Score: 84/100 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion Affected: *-1.4.3 Patched: 1.4.4 Updated: June 29, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.3 - Authenticated (Subscriber+) SQL Injection Affected: *-3.28.3 Patched: 3.28.5 Updated: June 29, 2026

LOW

master-addons

Score: 93/100 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox Affected: *-2.0.9.0 Patched: 2.0.9.1 Updated: June 29, 2026

LOW

simple-local-avatars

Score: N/A Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration Affected: *-2.8.4 Patched: 2.8.5 Updated: June 29, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import Affected: *-3.30.2 Patched: 3.30.3 Updated: June 29, 2026

LOW

uicore-elements

Score: N/A UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read Affected: *-1.3.0 Patched: 1.3.1 Updated: June 29, 2026

LOW

software-issue-manager

Score: N/A Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter Affected: *-5.0.0 Patched: 5.0.1 Updated: June 29, 2026

LOW

bBlocks – Essential Gutenberg Blocks & Patterns Collection

b-blocks

Score: 90/100 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function Affected: *-2.0.6 Patched: 2.0.7 Updated: June 29, 2026

LOW

mosaic-generator

Score: N/A Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter Affected: *-1.0.5 Patched: Updated: June 29, 2026

LOW

addi-simple-slider

Score: 95/100 Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

inline-stock-quotes

Score: 91/100 Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode Affected: *-0.2 Patched: Updated: June 29, 2026

LOW

wp-chart-generator

Score: N/A Wp chart generator <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

wp-private-content-plus

Score: N/A WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure Affected: *-3.6.2 Patched: Updated: June 29, 2026

LOW

wc-purchase-orders

Score: N/A WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

gmap-venturit

Score: 91/100 GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

rt-easy-builder-advanced-addons-for-elementor

Score: N/A RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

woo-thank-you-page-customizer

Score: N/A Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Missing Authorization Affected: *-1.1.7 Patched: 1.1.8 Updated: June 29, 2026

LOW

qi-blocks

Score: N/A Qi Blocks <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: June 29, 2026

LOW

project-cost-calculator

Score: N/A Project Cost Calculator <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

premium-addons-for-kingcomposer

Score: N/A Premium Addons for KingComposer <= 1.1.1 - Unauthenticated Local File Inclusion Affected: *-1.1.1 Patched: Updated: June 29, 2026

LOW

football-leagues-by-anwppro

Score: 93/100 AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection Affected: *-0.16.17 Patched: 0.16.18 Updated: June 29, 2026

LOW

eventin-pro

Score: 93/100 WordPress Event Manager, Event Calendar and Booking Plugin <= 4.0.24 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.0.24 Patched: 4.0.25 Updated: June 29, 2026

LOW

cf7-spreadsheets

Score: 87/100 CF7 Spreadsheets <= 2.3.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: Updated: June 29, 2026

LOW

b-slider

Score: 93/100 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation Affected: *-1.1.30 Patched: 2.0.0 Updated: June 29, 2026

LOW

webinar-ignition

Score: N/A WebinarIgnition <= 4.06.04 - Missing Authorization Affected: *-4.06.04 Patched: 4.06.05 Updated: June 29, 2026

LOW

gf-insightly

Score: 93/100 Gravity Forms Insightly <= 1.1.6 - Unauthenticated PHP Object Injection Affected: *-1.1.6 Patched: 1.1.7 Updated: June 29, 2026

LOW

gf-freshdesk

Score: 93/100 Gravity Forms FreshDesk <= 1.3.5 - Unauthenticated PHP Object Injection Affected: *-1.3.5 Patched: 1.3.6 Updated: June 29, 2026

LOW

wp-gravity-forms-spreadsheets

Score: N/A Connector for Gravity Forms and Google Sheets <= 1.2.6 - Unauthenticated PHP Object Injection Affected: *-1.2.6 Patched: 1.2.7 Updated: June 29, 2026

LOW

wp-fundraising-donation

Score: N/A FundEngine <= 1.7.4 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.7.4 Patched: 1.7.5 Updated: June 29, 2026

LOW

wp-event-solution

Score: N/A Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover Affected: *-4.0.34 Patched: 4.0.35 Updated: June 29, 2026

LOW

mapsvg

Score: 91/100 MapSVG < 8.7.4 - Unauthenticated SQL Injection Affected: [*, 8.7.4) Patched: 8.7.4 Updated: June 29, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.9 - Missing Authorization Affected: *-2.1.9 Patched: Updated: June 29, 2026

LOW

gravitywp-merge-tags

Score: 93/100 GravityWP - Merge Tags <= 1.4.4 - Unauthenticated Local File Inclusion Affected: *-1.4.4 Patched: 1.4.5 Updated: June 29, 2026

LOW

gf-zoho

Score: 93/100 Gravity Forms Zoho CRM and Bigin <= 1.2.9 - Unauthenticated PHP Object Injection Affected: *-1.2.9 Patched: 1.3.0 Updated: June 29, 2026

LOW

gf-salesforce-crmperks

Score: 93/100 Gravity Forms Salesforce <= 1.5.1 - Unauthenticated PHP Object Injection Affected: *-1.5.1 Patched: 1.5.2 Updated: June 29, 2026

LOW

gf-infusionsoft

Score: 93/100 Gravity Forms Keap/Infusionsoft <= 1.2.3 - Unauthenticated PHP Object Injection Affected: *-1.2.3 Patched: 1.2.4 Updated: June 29, 2026

LOW

gf-hubspot

Score: 93/100 Gravity Forms HubSpot <= 1.2.6 - Unauthenticated PHP Object Injection Affected: *-1.2.6 Patched: 1.2.7 Updated: June 29, 2026

LOW

gf-constant-contact

Score: 93/100 Gravity Forms Constant Contact <= 1.1.2 - Unauthenticated PHP Object Injection Affected: *-1.1.2 Patched: 1.1.3 Updated: June 29, 2026

LOW

advanced-custom-fields

Score: 97/100 Advanced Custom Fields <= 6.4.2. - HTML Injection Affected: *-6.4.2 Patched: 6.4.3 Updated: June 29, 2026

LOW

zoloblocks

Score: N/A ZoloBlocks <= 2.3.2 - Authenticated (Subscriber+) Local File Inclusion Affected: *-2.3.2 Patched: 2.3.3 Updated: June 29, 2026

LOW

yith-woocommerce-compare

Score: N/A YITH WooCommerce Compare <= 3.6.0 - Authenticated (Admin+) PHP Object Injection Affected: *-3.6.0 Patched: 3.7.0 Updated: June 29, 2026

LOW

wp-jscrollpane

Score: N/A WP-jScrollPane <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: June 29, 2026

LOW

visit-counter

Score: N/A Visit Counter <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

user-language-switch

Score: N/A User Language Switch <= 1.6.10 - Reflected Cross-Site Scripting Affected: *-1.6.10 Patched: Updated: June 29, 2026

LOW

smm-api

Score: N/A SMM API <= 6.0.30 - Missing Authorization Affected: *-6.0.30 Patched: Updated: June 29, 2026

LOW

rentsyst

Score: N/A Rentsyst <= 2.0.100 - Reflected Cross-Site Scripting Affected: *-2.0.100 Patched: 2.0.101 Updated: June 29, 2026

LOW

lbg_vp_youtube_vimeo_addon_visual_composer

Score: 91/100 Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: June 29, 2026

LOW

i3geek-baiduxzh

Score: 91/100 BaiduXZH Submit(百度熊掌号) <= 1.4.6 - Reflected Cross-Site Scripting Affected: *-1.4.6 Patched: Updated: June 29, 2026

LOW

global-gallery

Score: 91/100 Global Gallery <= 9.2.3 - Missing Authorization Affected: *-9.2.3 Patched: 9.2.4 Updated: June 29, 2026

LOW

form-block

Score: 93/100 Form Block <= 1.5.5 - Unauthenticated Arbitrary File Upload Affected: *-1.5.5 Patched: 1.5.6 Updated: June 29, 2026

LOW

easy-form-builder

Score: 93/100 Easy Form Builder <= 3.8.15 - Unauthenticated SQL Injection Affected: *-3.8.15 Patched: 3.8.16 Updated: June 29, 2026

LOW

duoshuo

Score: 89/100 多说社会化评论框 <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 29, 2026

LOW

code-engine

Score: 93/100 Code Engine <= 0.3.3 - Authenticated (Contributor+) Remote Code Execution Affected: *-0.3.3 Patched: 0.3.4 Updated: June 29, 2026

LOW

cf7-styler

Score: 91/100 CF7 WOW Styler <= 1.7.2 - Unauthenticated Local File Inclusion Affected: *-1.7.2 Patched: 1.7.3 Updated: June 29, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates <= 6.4.1 - Missing Authorization to Unauthenticated Settings Update Affected: *-6.4.1 Patched: 6.4.2 Updated: June 29, 2026

LOW

ql-cost-calculator

Score: N/A Cost Calculator <= 7.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-7.4 Patched: 7.5 Updated: June 29, 2026

LOW

prevent-file-access

Score: N/A Prevent files / folders access <= 2.6.0 - Authenticated (Subscriber+) Path Traversal Affected: *-2.6.0 Patched: 2.6.1 Updated: June 29, 2026

LOW

post-grid

Score: N/A Post Grid and Gutenberg Blocks <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.3.11 Patched: 2.3.12 Updated: June 29, 2026

LOW

post-connector

Score: N/A Post Connector <= 1.0.11 - Reflected Cross-Site Scripting Affected: *-1.0.11 Patched: Updated: June 29, 2026

LOW

porn-videos-embed

Score: N/A Porn Videos Embed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.1 Patched: Updated: June 29, 2026

Showing 7201 to 7300 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 23:30 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List