Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
jet-tabs	jet-tabs	93	JetTabs <= 2.2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.9.1	2.2.9.2	June 30, 2026
jet-engine	jet-engine	93	JetEngine <= 3.7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.7.1.2	3.7.2	June 30, 2026
integrate-google-drive	integrate-google-drive	91	Integrate Google Drive <= 1.5.2 - Cross-Site Request Forgery	LOW	*-1.5.2	1.5.3	June 30, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions	LOW	*-2.9.1	2.9.2	June 30, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure	LOW	*-2.9.1	2.9.2	June 30, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions	LOW	*-2.9.1	2.9.2	June 30, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega <= 2.9.0 - Missing Authorization	LOW	*-2.9.0	2.9.1	June 30, 2026
ebook-store	ebook-store	93	Ebook Store <= 5.8013 - Cross-Site Request Forgery	LOW	*-5.8013	5.8014	June 30, 2026
easy-elementor-addons	easy-elementor-addons	93	Easy Elementor Addons <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.6	2.2.7	June 30, 2026
content-egg	content-egg	93	Content Egg <= 7.0.0 - Authenticated (Editor+) PHP Object Injection	LOW	*-7.0.0	8.0.0	June 30, 2026
classified-listing	classified-listing	93	Classified Listing <= 5.0.0 - Authenticated (Contributor+) Content Injection	LOW	*-5.0.0	5.0.1	June 30, 2026
chart-builder	chart-builder	93	Chartify <= 3.5.3 - Cross-Site Request Forgery	LOW	*-3.5.3	3.5.4	June 30, 2026
cf7-constant-contact	cf7-constant-contact	93	Integration for Contact Form 7 and Constant Contact <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.7	1.1.8	June 30, 2026
button-block	button-block	93	Button Block <= 1.2.0 - Cross-Site Request Forgery	LOW	*-1.2.0	1.2.1	June 30, 2026
beeteam368-extensions	beeteam368-extensions	91	BeeTeam368 Extensions <= 1.9.4 - Unauthenticated Local File Inclusion	LOW	*-1.9.4		June 30, 2026
Smart Slider 3	smart-slider-3	90	Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter	LOW	*-3.5.1.28	3.5.1.29	June 30, 2026
metform	metform	93	MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element	LOW	*-4.0.1	4.0.2	June 30, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	paid-member-subscriptions	N/A	Paid Membership Subscriptions <= 2.15.5 - Unauthenticated Local File Inclusion	LOW	*-2.15.4	2.15.5	June 30, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	paid-member-subscriptions	N/A	Paid Membership Subscriptions <= 2.15.5 - Unauthenticated Local File Inclusion	LOW	*-2.15.4	2.15.5	June 30, 2026
newsletters-lite	newsletters-lite	N/A	Newsletters <= 4.10 - Unauthenticated Local File Inclusion	LOW	*-4.10	4.11	June 30, 2026
league-of-legends-rotation	league-of-legends-rotation	91	WP LOL Rotation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
bookify	bookify	93	Bookify <= 1.0.9 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0.9	1.0.10	June 30, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 4.2.1 - Unauthenticated Arbitrary File Upload	LOW	*-4.2.1	4.2.2	June 30, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 4.2.1 - Unauthenticated Information Exposure	LOW	*-4.2.1	4.2.2	June 30, 2026
anchor-smooth-scroll	anchor-smooth-scroll	95	Anchor smooth scroll <= 1.0.2 - Unauthenticated Local File Inclusion	LOW	*-1.0.2		June 30, 2026
magical-addons-for-elementor	magical-addons-for-elementor	93	Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes	LOW	*-1.3.8	1.3.9	June 30, 2026
sky-elementor-addons	sky-elementor-addons	N/A	Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	LOW	*-3.1.4	3.2.0	June 30, 2026
hydra-booking	hydra-booking	93	Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function	LOW	1.1.0-1.1.18	1.1.19	June 30, 2026
fan-page	fan-page	91	Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter	LOW	*-1.0.1		June 30, 2026
youram-youtube-embed	youram-youtube-embed	N/A	YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter	LOW	*-10.3		June 30, 2026
bonanza-woocommerce-free-gifts-lite	bonanza-woocommerce-free-gifts-lite	91	Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success	LOW	*-1.0.0		June 30, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.29.0	3.29.1	June 30, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget	LOW	*-3.30.2	3.30.3	June 30, 2026
brizy	brizy	93	Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload	LOW	*-2.6.20	2.6.21	June 30, 2026
WP REST Cache	wp-rest-cache	N/A	WP REST Cache <= 2025.1.0 - Unauthenticated Local File Inclusion	LOW	*-2025.1.0	2025.1.1	June 30, 2026
woo-thank-you-page-nextmove-lite	woo-thank-you-page-nextmove-lite	N/A	NextMove Lite <= 2.21.0 - Reflected Cross-Site Scripting	LOW	*-2.21.0		June 30, 2026
wc-polo-payments	wc-polo-payments	N/A	PoloPag – Pix Automático para Woocommerce <= 2.0.9 - Unauthenticated Local File Inclusion	LOW	*-2.0.9	3.0.0	June 30, 2026
suredash	suredash	N/A	SureDash <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0.3	1.1.0	June 30, 2026
supermalink	supermalink	N/A	Supermalink <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
streamweasels-youtube-integration	streamweasels-youtube-integration	N/A	StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.0	1.4.1	June 30, 2026
streamweasels-twitch-integration	streamweasels-twitch-integration	N/A	StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.3	1.9.4	June 30, 2026
streamweasels-kick-integration	streamweasels-kick-integration	N/A	StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.4	1.1.5	June 30, 2026
Simple File List	simple-file-list	90	Simple File List <= 6.1.14 - Unauthenticated Arbitrary File Download	LOW	*-6.1.14	6.1.15	June 30, 2026
rt18-extensions	rt18-extensions	N/A	RT-Theme 18 \| Extensions <= 2.4 - Unauthenticated Local File Inclusion	LOW	*-2.4	2.5	June 30, 2026
responsive-sidebar	responsive-sidebar	N/A	Responsive Sidebar <= 1.2.2 - Unauthenticated Local File Inclusion	LOW	*-1.2.2		June 30, 2026
premmerce-woocommerce-wishlist	premmerce-woocommerce-wishlist	N/A	Premmerce Wishlist for WooCommerce <= 1.1.10 - Unauthenticated Local File Inclusion	LOW	*-1.1.10	1.1.11	June 30, 2026
premmerce-woocommerce-wholesale-pricing	premmerce-woocommerce-wholesale-pricing	N/A	Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Unauthenticated Local File Inclusion	LOW	*-1.1.10	1.1.11	June 30, 2026
premmerce-user-roles	premmerce-user-roles	N/A	Premmerce User Roles <= 1.0.13 - Unauthenticated Local File Inclusion	LOW	*-1.0.13	1.0.14	June 30, 2026
premmerce-search	premmerce-search	N/A	Premmerce Product Search for WooCommerce <= 2.2.4 - Unauthenticated Local File Inclusion	LOW	*-2.2.4	2.2.5	June 30, 2026
lazy-load-optimizer	lazy-load-optimizer	91	Lazy Load Optimizer <= 1.4.7 - Unauthenticated Local File Inclusion	LOW	*-1.4.7		June 30, 2026
immocaster	immocaster	91	Immocaster WordPress <= 1.3.6 - Unauthenticated Local File Inclusion	LOW	*-1.3.6		June 30, 2026
graphina-elementor-charts-and-graphs	graphina-elementor-charts-and-graphs	93	Graphina <= 3.1.1 - Unauthenticated Local File Inclusion	LOW	*-3.1.1	3.1.2	June 30, 2026
finale-woocommerce-sales-countdown-timer-discount	finale-woocommerce-sales-countdown-timer-discount	91	Finale Lite <= 2.20.0 - Reflected Cross-Site Scripting	LOW	*-2.20.0		June 30, 2026
custom-api-for-wp	custom-api-for-wp	93	Custom API for WP <= 4.2.2 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-4.2.2	4.2.3	June 30, 2026
advanced-gutenberg	advanced-gutenberg	97	Gutenberg Blocks <= 3.3.1 - Unauthenticated Local File Inclusion	LOW	*-3.3.1	3.3.2	June 30, 2026
advanced-google-universal-analytics	advanced-google-universal-analytics	95	Advanced Google Universal Analytics <= 1.0.3 - Missing Authorization	LOW	*-1.0.3		June 30, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 4.2.1 - Unauthenticated Privilege Escalation	LOW	*-4.2.1	4.2.2	June 30, 2026
wp-memory	wp-memory	N/A	Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function	LOW	*-3.98	3.99	June 30, 2026
ebook-store	ebook-store	93	Ebook Store <= 5.8014 - Reflected Cross-Site Scripting	LOW	*-5.8014	5.8015	June 30, 2026
melapress-login-security	melapress-login-security	93	MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function	LOW	2.1.0-2.1.1	2.2.0	June 30, 2026
wpematico	wpematico	N/A	WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function	LOW	*-2.8.7	2.8.8	June 30, 2026
wonderplugin-slider-lite	wonderplugin-slider-lite	N/A	Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting	LOW	*-14.4	14.5	June 30, 2026
wonderplugin-slider	wonderplugin-slider	N/A	Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting	LOW	*-14.4	14.5	June 30, 2026
seopress-for-mainwp	seopress-for-mainwp	N/A	SEOPress for MainWP <= 1.4 - Unauthenticated Local File Inclusion	LOW	*-1.4	1.5	June 30, 2026
geo-mashup	geo-mashup	93	Geo Mashup <= 1.13.16 - Unauthenticated Local File Inclusion	LOW	*-1.13.16	1.13.17	June 30, 2026
advanced-iframe	advanced-iframe	97	Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2025.5	2025.6	June 30, 2026
droip	droip	93	Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	[*, 2.5.2)	2.5.2	June 30, 2026
droip	droip	93	Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions	LOW	*-2.2.6	2.3.0	June 30, 2026
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor	elementskit-lite	95	ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget	LOW	*-3.5.2	3.5.3	June 30, 2026
wp-shopify	wp-shopify	N/A	WP Shopify <= 1.5.3 - Reflected Cross-Site Scripting	LOW	*-1.5.3	1.5.4	June 30, 2026
woo-point-of-salepos	woo-point-of-salepos	N/A	WooCommerce Point Of Sale (POS) <= 1.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.4		June 30, 2026
timber-library	timber-library	N/A	Timber <= 1.23.1 - Use of a Vulnerable Dependency	LOW	*-1.23.1	1.23.3	June 30, 2026
structured-content	structured-content	N/A	Structured Content (JSON-LD) #wpsc <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via FAQ Block	LOW	*-1.6.4	1.7.0	June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master (QSM) <= 10.2.2 - Cross-Site Request Forgery to Template Creation	LOW	*-10.2.2	10.2.3	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.5.3 - Authenticated (Subscriber+) SQL Injection	LOW	*-5.9.5.3	5.9.5.4	June 30, 2026
Frontend File Manager Plugin	nmedia-user-file-uploader	86	Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion	LOW	*-21.5	22.0	June 30, 2026
injection-guard	injection-guard	93	Injection Guard <= 1.2.7 - Reflected Cross-Site Scripting	LOW	*-1.2.7	1.2.8	June 30, 2026
clearblue-ovulation-calculator	clearblue-ovulation-calculator	91	Clearblue® Ovulation Calculator <= 1.2.4 - Unauthenticated Local File Inclusion	LOW	*-1.2.4		June 30, 2026
supreme-addons-for-beaver-builder-lite	supreme-addons-for-beaver-builder-lite	N/A	Supreme Addons for Beaver Builder <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_qrcodesabb Shortcode	LOW	*-1.0.9		June 30, 2026
hiweb-export-posts	hiweb-export-posts	91	hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion	LOW	*-0.9.0.0		June 30, 2026
funnelcockpit	funnelcockpit	93	FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting via `error` Parameter	LOW	*-1.4.3	1.4.4	June 30, 2026
taeggie-feed	taeggie-feed	N/A	Taeggie Feed <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Attribute	LOW	*-0.1.10	0.1.11	June 30, 2026
ithoughts-advanced-code-editor	ithoughts-advanced-code-editor	91	iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update	LOW	*-1.2.10		June 30, 2026
muse-ai	muse-ai	N/A	muse.ai video embedding <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via muse-ai Shortcode	LOW	*-0.4	0.5	June 30, 2026
affiliate-plus	affiliate-plus	95	Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.3.2		June 30, 2026
onlyoffice	onlyoffice	N/A	ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function	LOW	1.1.0-2.2.0	2.3.0	June 30, 2026
wp-applink	wp-applink	N/A	WP Applink <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter	LOW	*-0.4.1		June 30, 2026
webinar-ignition	webinar-ignition	N/A	Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings \| WebinarIgnition <= 4.03.32 - Unauthenticated Login Token Generation to Authentication Bypass	LOW	*-4.03.32	4.03.33	June 30, 2026
wp-get-the-table	wp-get-the-table	N/A	WP Get The Table <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter	LOW	*-1.5	1.6	June 30, 2026
get-youtube-subs	get-youtube-subs	91	Get Youtube Subs <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via subscribe_link_att Function	LOW	*-3.5		June 30, 2026
station-pro	station-pro	N/A	Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters	LOW	*-2.4.2		June 30, 2026
wp-wallcreeper	wp-wallcreeper	N/A	WP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/Disable	LOW	*-1.6.1		June 30, 2026
ajax-filter-posts	ajax-filter-posts	95	Post Grid Master <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text']	LOW	*-3.4.13	3.4.14	June 30, 2026
voltax-video-player	voltax-video-player	N/A	Voltax Video Player <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter	LOW	*-1.6.5		June 30, 2026
mine-cloudvod	mine-cloudvod	93	Mine CloudVod <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via audio Parameter	LOW	*-2.1.10	2.2.0	June 30, 2026
structured-content	structured-content	N/A	Structured Content <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode	LOW	*-1.6.4	1.7.0	June 30, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress	ai-engine	82	AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions	LOW	*-2.9.4	2.9.5	June 30, 2026
integration-cds	integration-cds	93	Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route	LOW	2.77-2.81	2.81.1	June 30, 2026
wpbookit	wpbookit	N/A	WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function	LOW	*-1.0.6	1.0.7	June 30, 2026
ebook-store	ebook-store	93	Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload	LOW	*-5.8012	5.8013	June 30, 2026

LOW

jet-tabs

Score: 93/100 JetTabs <= 2.2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.9.1 Patched: 2.2.9.2 Updated: June 30, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.1.2 Patched: 3.7.2 Updated: June 30, 2026

LOW

integrate-google-drive

Score: 91/100 Integrate Google Drive <= 1.5.2 - Cross-Site Request Forgery Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

ht-mega-for-elementor

Score: 93/100 HT Mega <= 2.9.0 - Missing Authorization Affected: *-2.9.0 Patched: 2.9.1 Updated: June 30, 2026

LOW

ebook-store

Score: 93/100 Ebook Store <= 5.8013 - Cross-Site Request Forgery Affected: *-5.8013 Patched: 5.8014 Updated: June 30, 2026

LOW

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.6 Patched: 2.2.7 Updated: June 30, 2026

LOW

content-egg

Score: 93/100 Content Egg <= 7.0.0 - Authenticated (Editor+) PHP Object Injection Affected: *-7.0.0 Patched: 8.0.0 Updated: June 30, 2026

LOW

classified-listing

Score: 93/100 Classified Listing <= 5.0.0 - Authenticated (Contributor+) Content Injection Affected: *-5.0.0 Patched: 5.0.1 Updated: June 30, 2026

LOW

chart-builder

Score: 93/100 Chartify <= 3.5.3 - Cross-Site Request Forgery Affected: *-3.5.3 Patched: 3.5.4 Updated: June 30, 2026

LOW

cf7-constant-contact

Score: 93/100 Integration for Contact Form 7 and Constant Contact <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

button-block

Score: 93/100 Button Block <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

beeteam368-extensions

Score: 91/100 BeeTeam368 Extensions <= 1.9.4 - Unauthenticated Local File Inclusion Affected: *-1.9.4 Patched: Updated: June 30, 2026

LOW

Smart Slider 3

smart-slider-3

Score: 90/100 Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter Affected: *-3.5.1.28 Patched: 3.5.1.29 Updated: June 30, 2026

LOW

metform

Score: 93/100 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element Affected: *-4.0.1 Patched: 4.0.2 Updated: June 30, 2026

LOW

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Score: N/A Paid Membership Subscriptions <= 2.15.5 - Unauthenticated Local File Inclusion Affected: *-2.15.4 Patched: 2.15.5 Updated: June 30, 2026

LOW

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Score: N/A Paid Membership Subscriptions <= 2.15.5 - Unauthenticated Local File Inclusion Affected: *-2.15.4 Patched: 2.15.5 Updated: June 30, 2026

LOW

newsletters-lite

Score: N/A Newsletters <= 4.10 - Unauthenticated Local File Inclusion Affected: *-4.10 Patched: 4.11 Updated: June 30, 2026

LOW

league-of-legends-rotation

Score: 91/100 WP LOL Rotation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

bookify

Score: 93/100 Bookify <= 1.0.9 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.9 Patched: 1.0.10 Updated: June 30, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.2.1 - Unauthenticated Arbitrary File Upload Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.2.1 - Unauthenticated Information Exposure Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

anchor-smooth-scroll

Score: 95/100 Anchor smooth scroll <= 1.0.2 - Unauthenticated Local File Inclusion Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

magical-addons-for-elementor

Score: 93/100 Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes Affected: *-1.3.8 Patched: 1.3.9 Updated: June 30, 2026

LOW

sky-elementor-addons

Score: N/A Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-3.1.4 Patched: 3.2.0 Updated: June 30, 2026

LOW

hydra-booking

Score: 93/100 Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function Affected: 1.1.0-1.1.18 Patched: 1.1.19 Updated: June 30, 2026

LOW

fan-page

Score: 91/100 Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

youram-youtube-embed

Score: N/A YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter Affected: *-10.3 Patched: Updated: June 30, 2026

LOW

bonanza-woocommerce-free-gifts-lite

Score: 91/100 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.29.0 Patched: 3.29.1 Updated: June 30, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget Affected: *-3.30.2 Patched: 3.30.3 Updated: June 30, 2026

LOW

brizy

Score: 93/100 Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload Affected: *-2.6.20 Patched: 2.6.21 Updated: June 30, 2026

LOW

WP REST Cache

wp-rest-cache

Score: N/A WP REST Cache <= 2025.1.0 - Unauthenticated Local File Inclusion Affected: *-2025.1.0 Patched: 2025.1.1 Updated: June 30, 2026

LOW

woo-thank-you-page-nextmove-lite

Score: N/A NextMove Lite <= 2.21.0 - Reflected Cross-Site Scripting Affected: *-2.21.0 Patched: Updated: June 30, 2026

LOW

wc-polo-payments

Score: N/A PoloPag – Pix Automático para Woocommerce <= 2.0.9 - Unauthenticated Local File Inclusion Affected: *-2.0.9 Patched: 3.0.0 Updated: June 30, 2026

LOW

suredash

Score: N/A SureDash <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.3 Patched: 1.1.0 Updated: June 30, 2026

LOW

supermalink

Score: N/A Supermalink <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

streamweasels-youtube-integration

Score: N/A StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

streamweasels-twitch-integration

Score: N/A StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.3 Patched: 1.9.4 Updated: June 30, 2026

LOW

streamweasels-kick-integration

Score: N/A StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 6.1.14 - Unauthenticated Arbitrary File Download Affected: *-6.1.14 Patched: 6.1.15 Updated: June 30, 2026

LOW

rt18-extensions

Score: N/A RT-Theme 18 | Extensions <= 2.4 - Unauthenticated Local File Inclusion Affected: *-2.4 Patched: 2.5 Updated: June 30, 2026

LOW

responsive-sidebar

Score: N/A Responsive Sidebar <= 1.2.2 - Unauthenticated Local File Inclusion Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

premmerce-woocommerce-wishlist

Score: N/A Premmerce Wishlist for WooCommerce <= 1.1.10 - Unauthenticated Local File Inclusion Affected: *-1.1.10 Patched: 1.1.11 Updated: June 30, 2026

LOW

premmerce-woocommerce-wholesale-pricing

Score: N/A Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Unauthenticated Local File Inclusion Affected: *-1.1.10 Patched: 1.1.11 Updated: June 30, 2026

LOW

premmerce-user-roles

Score: N/A Premmerce User Roles <= 1.0.13 - Unauthenticated Local File Inclusion Affected: *-1.0.13 Patched: 1.0.14 Updated: June 30, 2026

LOW

premmerce-search

Score: N/A Premmerce Product Search for WooCommerce <= 2.2.4 - Unauthenticated Local File Inclusion Affected: *-2.2.4 Patched: 2.2.5 Updated: June 30, 2026

LOW

lazy-load-optimizer

Score: 91/100 Lazy Load Optimizer <= 1.4.7 - Unauthenticated Local File Inclusion Affected: *-1.4.7 Patched: Updated: June 30, 2026

LOW

immocaster

Score: 91/100 Immocaster WordPress <= 1.3.6 - Unauthenticated Local File Inclusion Affected: *-1.3.6 Patched: Updated: June 30, 2026

LOW

graphina-elementor-charts-and-graphs

Score: 93/100 Graphina <= 3.1.1 - Unauthenticated Local File Inclusion Affected: *-3.1.1 Patched: 3.1.2 Updated: June 30, 2026

LOW

finale-woocommerce-sales-countdown-timer-discount

Score: 91/100 Finale Lite <= 2.20.0 - Reflected Cross-Site Scripting Affected: *-2.20.0 Patched: Updated: June 30, 2026

LOW

custom-api-for-wp

Score: 93/100 Custom API for WP <= 4.2.2 - Authenticated (Subscriber+) Privilege Escalation Affected: *-4.2.2 Patched: 4.2.3 Updated: June 30, 2026

LOW

advanced-gutenberg

Score: 97/100 Gutenberg Blocks <= 3.3.1 - Unauthenticated Local File Inclusion Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

advanced-google-universal-analytics

Score: 95/100 Advanced Google Universal Analytics <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.2.1 - Unauthenticated Privilege Escalation Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

wp-memory

Score: N/A Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function Affected: *-3.98 Patched: 3.99 Updated: June 30, 2026

LOW

ebook-store

Score: 93/100 Ebook Store <= 5.8014 - Reflected Cross-Site Scripting Affected: *-5.8014 Patched: 5.8015 Updated: June 30, 2026

LOW

melapress-login-security

Score: 93/100 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function Affected: 2.1.0-2.1.1 Patched: 2.2.0 Updated: June 30, 2026

LOW

wpematico

Score: N/A WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function Affected: *-2.8.7 Patched: 2.8.8 Updated: June 30, 2026

LOW

wonderplugin-slider-lite

Score: N/A Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting Affected: *-14.4 Patched: 14.5 Updated: June 30, 2026

LOW

wonderplugin-slider

Score: N/A Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting Affected: *-14.4 Patched: 14.5 Updated: June 30, 2026

LOW

seopress-for-mainwp

Score: N/A SEOPress for MainWP <= 1.4 - Unauthenticated Local File Inclusion Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.16 - Unauthenticated Local File Inclusion Affected: *-1.13.16 Patched: 1.13.17 Updated: June 30, 2026

LOW

advanced-iframe

Score: 97/100 Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2025.5 Patched: 2025.6 Updated: June 30, 2026

LOW

droip

Score: 93/100 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload Affected: [*, 2.5.2) Patched: 2.5.2 Updated: June 30, 2026

LOW

droip

Score: 93/100 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions Affected: *-2.2.6 Patched: 2.3.0 Updated: June 30, 2026

LOW

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Score: 95/100 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget Affected: *-3.5.2 Patched: 3.5.3 Updated: June 30, 2026

LOW

wp-shopify

Score: N/A WP Shopify <= 1.5.3 - Reflected Cross-Site Scripting Affected: *-1.5.3 Patched: 1.5.4 Updated: June 30, 2026

LOW

woo-point-of-salepos

Score: N/A WooCommerce Point Of Sale (POS) <= 1.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

timber-library

Score: N/A Timber <= 1.23.1 - Use of a Vulnerable Dependency Affected: *-1.23.1 Patched: 1.23.3 Updated: June 30, 2026

LOW

structured-content

Score: N/A Structured Content (JSON-LD) #wpsc <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via FAQ Block Affected: *-1.6.4 Patched: 1.7.0 Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master (QSM) <= 10.2.2 - Cross-Site Request Forgery to Template Creation Affected: *-10.2.2 Patched: 10.2.3 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.5.3 - Authenticated (Subscriber+) SQL Injection Affected: *-5.9.5.3 Patched: 5.9.5.4 Updated: June 30, 2026

LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion Affected: *-21.5 Patched: 22.0 Updated: June 30, 2026

LOW

injection-guard

Score: 93/100 Injection Guard <= 1.2.7 - Reflected Cross-Site Scripting Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

clearblue-ovulation-calculator

Score: 91/100 Clearblue® Ovulation Calculator <= 1.2.4 - Unauthenticated Local File Inclusion Affected: *-1.2.4 Patched: Updated: June 30, 2026

LOW

supreme-addons-for-beaver-builder-lite

Score: N/A Supreme Addons for Beaver Builder <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_qrcodesabb Shortcode Affected: *-1.0.9 Patched: Updated: June 30, 2026

LOW

hiweb-export-posts

Score: 91/100 hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-0.9.0.0 Patched: Updated: June 30, 2026

LOW

funnelcockpit

Score: 93/100 FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting via `error` Parameter Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

taeggie-feed

Score: N/A Taeggie Feed <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Attribute Affected: *-0.1.10 Patched: 0.1.11 Updated: June 30, 2026

LOW

ithoughts-advanced-code-editor

Score: 91/100 iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update Affected: *-1.2.10 Patched: Updated: June 30, 2026

LOW

muse-ai

Score: N/A muse.ai video embedding <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via muse-ai Shortcode Affected: *-0.4 Patched: 0.5 Updated: June 30, 2026

LOW

affiliate-plus

Score: 95/100 Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

onlyoffice

Score: N/A ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function Affected: 1.1.0-2.2.0 Patched: 2.3.0 Updated: June 30, 2026

LOW

wp-applink

Score: N/A WP Applink <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter Affected: *-0.4.1 Patched: Updated: June 30, 2026

LOW

webinar-ignition

Score: N/A Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 4.03.32 - Unauthenticated Login Token Generation to Authentication Bypass Affected: *-4.03.32 Patched: 4.03.33 Updated: June 30, 2026

LOW

wp-get-the-table

Score: N/A WP Get The Table <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter Affected: *-1.5 Patched: 1.6 Updated: June 30, 2026

LOW

get-youtube-subs

Score: 91/100 Get Youtube Subs <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via subscribe_link_att Function Affected: *-3.5 Patched: Updated: June 30, 2026

LOW

station-pro

Score: N/A Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters Affected: *-2.4.2 Patched: Updated: June 30, 2026

LOW

wp-wallcreeper

Score: N/A WP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/Disable Affected: *-1.6.1 Patched: Updated: June 30, 2026

LOW

ajax-filter-posts

Score: 95/100 Post Grid Master <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text'] Affected: *-3.4.13 Patched: 3.4.14 Updated: June 30, 2026

LOW

voltax-video-player

Score: N/A Voltax Video Player <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-1.6.5 Patched: Updated: June 30, 2026

LOW

mine-cloudvod

Score: 93/100 Mine CloudVod <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via audio Parameter Affected: *-2.1.10 Patched: 2.2.0 Updated: June 30, 2026

LOW

structured-content

Score: N/A Structured Content <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode Affected: *-1.6.4 Patched: 1.7.0 Updated: June 30, 2026

LOW

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

Score: 82/100 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions Affected: *-2.9.4 Patched: 2.9.5 Updated: June 30, 2026

LOW

integration-cds

Score: 93/100 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route Affected: 2.77-2.81 Patched: 2.81.1 Updated: June 30, 2026

LOW

wpbookit

Score: N/A WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

ebook-store

Score: 93/100 Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload Affected: *-5.8012 Patched: 5.8013 Updated: June 30, 2026

Showing 7401 to 7500 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 02:23 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List