Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
lbg_universal_video_player_addon_visual_composer	lbg_universal_video_player_addon_visual_composer	93	Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Reflected Cross-Site Scripting	LOW	*-3.2.1	3.2.2.0	June 30, 2026
jet-search	jet-search	93	JetSearch <= 3.5.10 - Unauthenticated SQL Injection	LOW	*-3.5.10	3.5.10.1	June 30, 2026
jet-blog	jet-blog	93	JetBlog <= 2.4.4 - Reflected Cross-Site Scripting	LOW	*-2.4.4	2.4.4.1	June 30, 2026
jet-blocks	jet-blocks	93	JetBlocks For Elementor <= 1.3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.18	1.3.19	June 30, 2026
dzs-wootable	dzs-wootable	89	WooCommerce Shop Page Builder <= 2.27.7 - Reflected Cross-Site Scripting	LOW	*-2.27.7		June 30, 2026
dzs-restaurantmenu	dzs-restaurantmenu	91	FoodMenu <= 1.20 - Reflected Cross-Site Scripting	LOW	*-1.20		June 30, 2026
azon-addon-js-composer	azon-addon-js-composer	89	Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 30, 2026
alike	alike	95	Alike - WordPress Custom Post Comparison <= 3.0.1 - Reflected Cross-Site Scripting	LOW	*-3.0.1		June 30, 2026
madara-core	madara-core	93	Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion	LOW	*-2.2.3	2.2.4	June 30, 2026
yayextra	yayextra	N/A	YayExtra <= 1.5.5 - Authenticated (Administrator+) SQL Injection	LOW	*-1.5.5	1.5.6	June 30, 2026
wpadverts	wpadverts	N/A	WPAdverts <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.5	2.2.6	June 30, 2026
wp-post-hide	wp-post-hide	N/A	WP Post Hide <= 1.0.9 - Cross-Site Request Forgery	LOW	*-1.0.9	1.1.0	June 30, 2026
wp-pinterest-automatic	wp-pinterest-automatic	N/A	Pinterest Automatic Pin < 4.19.0 - Authenticated (Subscriber+) SQL Injection	LOW	[*, 4.19.0)	4.19.0	June 30, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates <= 6.4.0 - Cross-Site Request Forgery	LOW	*-6.4.0	6.4.1	June 30, 2026
Advanced Booking & Appointment System – Webba Booking Calendar	webba-booking-lite	70	Webba Booking <= 5.1.20 - Missing Authorization	LOW	*-5.1.20	5.1.22	June 30, 2026
Advanced Booking & Appointment System – Webba Booking Calendar	webba-booking-lite	70	Webba Booking <= 5.1.20 - Cross-Site Request Forgery	LOW	*-5.1.20	5.1.21	June 30, 2026
wc-gsheetconnector	wc-gsheetconnector	N/A	WooCommerce Google Sheet Connector <= 1.3.20 - Cross-Site Request Forgery	LOW	*-1.3.20	1.4.0	June 30, 2026
wallet-system-for-woocommerce	wallet-system-for-woocommerce	N/A	Wallet System for WooCommerce <= 2.6.7 - Cross-Site Request Forgery	LOW	*-2.6.7	2.6.8	June 30, 2026
wa-chatbox-manager	wa-chatbox-manager	N/A	Chatbox Manager <= 1.2.5 - Missing Authorization	LOW	*-1.2.5	1.2.6	June 30, 2026
video-embed-thumbnail-generator	video-embed-thumbnail-generator	N/A	Videopack <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.10.3	4.10.4	June 30, 2026
video_player_youtube_vimeo	video_player_youtube_vimeo	N/A	Youtube Vimeo Video Player and Slider <= 3.8 - Reflected Cross-Site Scripting	LOW	*-3.8	3.9	June 30, 2026
usc-e-shop	usc-e-shop	N/A	Welcart e-Commerce <= 2.11.16 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-2.11.16	2.11.17	June 30, 2026
theplus_elementor_addon	theplus_elementor_addon	N/A	The Plus Addons for Elementor Pro < 6.3.7 - Missing Authorization	LOW	[*, 6.3.7)	6.3.7	June 30, 2026
theme-builder-for-elementor	theme-builder-for-elementor	N/A	Theme Builder For Elementor <= 1.2.3 - Cross-Site Request Forgery	LOW	*-1.2.3	1.2.4	June 30, 2026
smtp2go	smtp2go	N/A	SMTP2GO <= 1.12.1 - Missing Authorization	LOW	*-1.12.1	1.12.2	June 30, 2026
smtp-sendinblue	smtp-sendinblue	N/A	YaySMTP <= 1.3 - Authenticated (Administrator+) SQL Injection	LOW	*-1.3	1.3.1	June 30, 2026
smtp-sendgrid	smtp-sendgrid	N/A	SMTP for SendGrid – YaySMTP <= 1.5 - Authenticated (Administrator+) SQL Injection	LOW	*-1.5	1.5.1	June 30, 2026
smtp-amazon-ses	smtp-amazon-ses	N/A	SMTP for Amazon SES <= 1.9 - Authenticated (Administrator+) SQL Injection	LOW	*-1.9	1.9.1	June 30, 2026
scroll-triggered-animations	scroll-triggered-animations	N/A	Animator <= 3.0.16 - Cross-Site Request Forgery	LOW	*-3.0.16	3.0.17	June 30, 2026
revolution_video_player	revolution_video_player	N/A	Revolution Video Player With Bottom Playlist <= 2.9.2 - Reflected Cross-Site Scripting	LOW	*-2.9.2	2.9.3	June 30, 2026
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates	responsive-addons-for-elementor	N/A	Responsive Addons for Elementor <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.3	1.7.4	June 30, 2026
residential-address-detection	residential-address-detection	N/A	Residential Address Detection <= 2.5.9 - Missing Authorization	LOW	*-2.5.9	2.5.10	June 30, 2026
real-estate-right-now	real-estate-right-now	N/A	Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin <= 4.48 - Missing Authorization	LOW	*-4.48	4.49	June 30, 2026
ql-cost-calculator	ql-cost-calculator	N/A	Cost Calculator <= 7.4 - Missing Authorization	LOW	*-7.4	7.5	June 30, 2026
qc-simple-link-directory	qc-simple-link-directory	N/A	Simple Link Directory < 14.8.1 - Reflected Cross-Site Scripting	LOW	[*, 14.8.1)	14.8.1	June 30, 2026
paymaya-checkout-for-woocommerce	paymaya-checkout-for-woocommerce	N/A	Maya Business <= 1.2.0 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.2.0	1.3.0	June 30, 2026
newsletters-lite	newsletters-lite	N/A	Newsletters <= 4.10 - Cross-Site Request Forgery	LOW	*-4.10	4.11	June 30, 2026
news-kit-elementor-addons	news-kit-elementor-addons	N/A	News Kit Elementor Addons <= 1.3.4 - Missing Authorization	LOW	*-1.3.4	1.3.5	June 30, 2026
mp-restaurant-menu	mp-restaurant-menu	N/A	Restaurant Menu by MotoPress <= 2.4.6 - Cross-Site Request Forgery	LOW	*-2.4.6	2.4.7	June 30, 2026
lightbox-block	lightbox-block	93	LightBox Block <= 1.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.30	1.1.31	June 30, 2026
lbg-audio4-html5-shoutcast	lbg-audio4-html5-shoutcast	93	Radio Player Shoutcast & Icecast <= 4.4.7 - Reflected Cross-Site Scripting	LOW	*-4.4.7	4.4.8	June 30, 2026
lbg_vp_youtube_vimeo_addon_visual_composer	lbg_vp_youtube_vimeo_addon_visual_composer	91	Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1		June 30, 2026
lbg_radio_player_addon_visual_composer	lbg_radio_player_addon_visual_composer	93	HTML5 Radio Player - WPBakery Page Builder Addon <= 2.5 - Reflected Cross-Site Scripting	LOW	*-2.5	2.5.2	June 30, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder <= 3.5.1.2 - Authenticated (Administrator+) PHP Object Injection	LOW	*-3.5.1.2	3.5.2	June 30, 2026
jet-woo-builder	jet-woo-builder	93	JetWooBuilder <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.20	2.1.20.1	June 30, 2026
jet-woo-builder	jet-woo-builder	93	JetWooBuilder <= 2.1.20 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.1.20	2.1.20.1	June 30, 2026
jet-tricks	jet-tricks	93	JetTricks <= 1.5.4.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-1.5.4.1	1.5.4.2	June 30, 2026
jet-tricks	jet-tricks	93	JetTricks <= 1.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.4.1	1.5.4.2	June 30, 2026
jet-tabs	jet-tabs	93	JetTabs <= 2.2.9 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.2.9	2.2.9.1	June 30, 2026
jet-tabs	jet-tabs	93	JetTabs <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.9	2.2.9.1	June 30, 2026
jet-smart-filters	jet-smart-filters	93	JetSmartFilters <= 3.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.6.8	3.6.8.1	June 30, 2026
jet-smart-filters	jet-smart-filters	93	JetSmartFilters <= 3.6.7 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-3.6.7	3.6.7.1	June 30, 2026
jet-search	jet-search	93	JetSearch <= 3.5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5.10.1	3.5.11	June 30, 2026
jet-popup	jet-popup	93	JetPopup <= 2.0.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.15.1	2.0.16	June 30, 2026
jet-popup	jet-popup	93	JetPopup <= 2.0.15 - Authenticated (Subscriber+) Information Disclosure	LOW	*-2.0.15	2.0.15.1	June 30, 2026
jet-popup	jet-popup	93	JetPopup <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.15	2.0.15.1	June 30, 2026
jet-menu	jet-menu	93	JetMenu <= 2.4.11.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.4.11.1	2.4.11.2	June 30, 2026
jet-engine	jet-engine	93	JetEngine <= 3.7.0 - Authenticated (Subscriber+) Information Exposure	LOW	*-3.7.0	3.7.1.1	June 30, 2026
jet-elements	jet-elements	93	JetElements For Elementor <= 2.7.7 - Authenticated (Subscriber+) Information Disclosure	LOW	*-2.7.7	2.7.7.1	June 30, 2026
jet-elements	jet-elements	93	JetElements For Elementor <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.7	2.7.7.1	June 30, 2026
jet-blocks	jet-blocks	93	JetBlocks For Elementor <= 1.3.18 - Authenticated (Subscriber+) Information Disclsoure	LOW	*-1.3.18	1.3.19	June 30, 2026
jet-blocks	jet-blocks	93	JetBlocks For Elementor <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.19	1.3.19.1	June 30, 2026
import-cdn-remote-images	import-cdn-remote-images	93	Import CDN-Remote Images <= 2.1.2 - Cross-Site Request Forgery	LOW	*-2.1.2	2.1.3	June 30, 2026
image-wall	image-wall	93	Image Wall <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1	3.2	June 30, 2026
idonate-pro	idonate-pro	85	IDonatePro <= 2.1.8 - Unauthenticated Local File Inclusion	LOW	*-2.1.8		June 30, 2026
ht-contactform	ht-contactform	93	HT Contact Form 7 <= 2.0.0 - Authenticated (Administrator+) Local File Inclusion	LOW	*-2.0.0	2.1.0	June 30, 2026
ghostkit	ghostkit	93	Ghost Kit <= 3.4.1 - Unauthenticated Local File Inclusion	LOW	*-3.4.1	3.4.2	June 30, 2026
formality	formality	93	Formality <= 1.5.9 - Unauthenticated Local File Inclusion	LOW	*-1.5.9	1.5.10	June 30, 2026
fg-drupal-to-wp	fg-drupal-to-wp	93	FG Drupal to WordPress <= 3.90.0 - Authenticated (Admin+) Server-Side Request Forgery	LOW	*-3.90.0	3.90.1	June 30, 2026
easy-elementor-addons	easy-elementor-addons	93	Easy Elementor Addons <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.5	2.2.6	June 30, 2026
easy-code-manager	easy-code-manager	93	FluentSnippets <= 10.50 - Cross-Site Request Forgery	LOW	*-10.50	10.51	June 30, 2026
delicious-recipes	delicious-recipes	93	WP Delicious <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.4	1.8.5	June 30, 2026
db-backup	db-backup	91	DB Backup <= 6.0 - Missing Authorization	LOW	*-6.0		June 30, 2026
custom-api-for-wp	custom-api-for-wp	93	Custom API for WP <= 4.2.2 - Unauthenticated SQL Injection	LOW	*-4.2.2	4.2.3	June 30, 2026
cm-pop-up-banners	cm-pop-up-banners	93	CM Pop-Up banners <= 1.8.4 - Missing Authorization	LOW	*-1.8.4	1.8.5	June 30, 2026
cloud-sso-single-sign-on	cloud-sso-single-sign-on	93	Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Unauthenticated Local File Inclusion	LOW	*-1.0.18	1.0.19	June 30, 2026
AntiSpam for Contact Form 7	cf7-antispam	87	AntiSpam for Contact Form 7 <= 0.6.3 - Cross-Site Request Forgery	LOW	*-0.6.3	0.6.4	June 30, 2026
business-reviews-wp	business-reviews-wp	93	Widget for Google Reviews <= 1.0.15 - Unauthenticated Local File Inclusion	LOW	*-1.0.15	1.0.16	June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.4.1	5.4.2	June 30, 2026
bears-backup	bears-backup	93	Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution	LOW	*-2.0.0	2.1.0	June 30, 2026
bbp-move-topics	bbp-move-topics	91	bbPress Move Topics <= 1.1.6 - Reflected Cross-Site Scripting	LOW	*-1.1.6		June 30, 2026
antibots	antibots	97	Stop and Block bots plugin Anti bots <= 1.48 - Missing Authorization	LOW	*-1.48	1.50	June 30, 2026
ultimate-wp-mail	ultimate-wp-mail	N/A	Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function	LOW	1.0.17-1.3.6	1.3.7	June 30, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes	LOW	*-3.26	3.27	June 30, 2026
counter-visitor-for-woocommerce	counter-visitor-for-woocommerce	93	Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block	LOW	*-1.3.6	1.3.7	June 30, 2026
affiliate-reviews	affiliate-reviews	97	Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter	LOW	*-1.0.6	1.0.7	June 30, 2026
wp-malware-removal	wp-malware-removal	N/A	Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 17.0 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-17.0	17.1	June 30, 2026
brandfolder	brandfolder	93	Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter	LOW	*-5.0.19	5.0.20	June 30, 2026
wp-event-manager	wp-event-manager	N/A	WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name'	LOW	*-3.1.50	3.1.51	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function	LOW	*-5.9.5.4	5.9.5.5	June 30, 2026
woocommerce-store-toolkit	woocommerce-store-toolkit	N/A	WooCommerce Store Toolkit <= 2.4.3 - Unauthenticated Local File Inclusion	LOW	*-2.4.3	2.4.4	June 30, 2026
woocommerce-exporter	woocommerce-exporter	N/A	Store Exporter <= 2.7.6 - Unauthenticated Local File Inclusion	LOW	*-2.7.6	2.7.7	June 30, 2026
robokassa	robokassa	N/A	Robokassa payment gateway for Woocommerce <= 1.8.1 - Reflected Cross-Site Scripting	LOW	*-1.8.1		June 30, 2026
mediabay	mediabay	89	Mediabay - WordPress Media Library Folders <= 1.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.4		June 30, 2026
master-addons	master-addons	93	Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.8.2	2.0.8.3	June 30, 2026
knowledgebase-helpdesk-pro	knowledgebase-helpdesk-pro	91	KBx Pro Ultimate <= 8.0.5 - Unauthenticated PHP Object Injection	LOW	*-8.0.5		June 30, 2026
hpbseo	hpbseo	91	hpb seo plugin for WordPress <= 3.0.1 - Reflected Cross-Site Scripting	LOW	*-3.0.1		June 30, 2026
fusion-builder	fusion-builder	93	Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.12.1	3.12.2	June 30, 2026
exact-links	exact-links	83	URL Shortener <= 3.0.7 - Missing Authorization	LOW	*-3.0.7		June 30, 2026
elex-bulk-edit-products-prices-attributes-for-woocommerce-basic	elex-bulk-edit-products-prices-attributes-for-woocommerce-basic	93	ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.4.9	1.5.0	June 30, 2026

LOW

lbg_universal_video_player_addon_visual_composer

Score: 93/100 Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2.0 Updated: June 30, 2026

LOW

jet-search

Score: 93/100 JetSearch <= 3.5.10 - Unauthenticated SQL Injection Affected: *-3.5.10 Patched: 3.5.10.1 Updated: June 30, 2026

LOW

jet-blog

Score: 93/100 JetBlog <= 2.4.4 - Reflected Cross-Site Scripting Affected: *-2.4.4 Patched: 2.4.4.1 Updated: June 30, 2026

LOW

jet-blocks

Score: 93/100 JetBlocks For Elementor <= 1.3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.18 Patched: 1.3.19 Updated: June 30, 2026

LOW

dzs-wootable

Score: 89/100 WooCommerce Shop Page Builder <= 2.27.7 - Reflected Cross-Site Scripting Affected: *-2.27.7 Patched: Updated: June 30, 2026

LOW

dzs-restaurantmenu

Score: 91/100 FoodMenu <= 1.20 - Reflected Cross-Site Scripting Affected: *-1.20 Patched: Updated: June 30, 2026

LOW

azon-addon-js-composer

Score: 89/100 Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

alike

Score: 95/100 Alike - WordPress Custom Post Comparison <= 3.0.1 - Reflected Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

madara-core

Score: 93/100 Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

yayextra

Score: N/A YayExtra <= 1.5.5 - Authenticated (Administrator+) SQL Injection Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

wpadverts

Score: N/A WPAdverts <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.5 Patched: 2.2.6 Updated: June 30, 2026

LOW

wp-post-hide

Score: N/A WP Post Hide <= 1.0.9 - Cross-Site Request Forgery Affected: *-1.0.9 Patched: 1.1.0 Updated: June 30, 2026

LOW

wp-pinterest-automatic

Score: N/A Pinterest Automatic Pin < 4.19.0 - Authenticated (Subscriber+) SQL Injection Affected: [*, 4.19.0) Patched: 4.19.0 Updated: June 30, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates <= 6.4.0 - Cross-Site Request Forgery Affected: *-6.4.0 Patched: 6.4.1 Updated: June 30, 2026

LOW

Advanced Booking & Appointment System – Webba Booking Calendar

webba-booking-lite

Score: 70/100 Webba Booking <= 5.1.20 - Missing Authorization Affected: *-5.1.20 Patched: 5.1.22 Updated: June 30, 2026

LOW

Advanced Booking & Appointment System – Webba Booking Calendar

webba-booking-lite

Score: 70/100 Webba Booking <= 5.1.20 - Cross-Site Request Forgery Affected: *-5.1.20 Patched: 5.1.21 Updated: June 30, 2026

LOW

wc-gsheetconnector

Score: N/A WooCommerce Google Sheet Connector <= 1.3.20 - Cross-Site Request Forgery Affected: *-1.3.20 Patched: 1.4.0 Updated: June 30, 2026

LOW

wallet-system-for-woocommerce

Score: N/A Wallet System for WooCommerce <= 2.6.7 - Cross-Site Request Forgery Affected: *-2.6.7 Patched: 2.6.8 Updated: June 30, 2026

LOW

wa-chatbox-manager

Score: N/A Chatbox Manager <= 1.2.5 - Missing Authorization Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

video-embed-thumbnail-generator

Score: N/A Videopack <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.10.3 Patched: 4.10.4 Updated: June 30, 2026

LOW

video_player_youtube_vimeo

Score: N/A Youtube Vimeo Video Player and Slider <= 3.8 - Reflected Cross-Site Scripting Affected: *-3.8 Patched: 3.9 Updated: June 30, 2026

LOW

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.16 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.11.16 Patched: 2.11.17 Updated: June 30, 2026

LOW

theplus_elementor_addon

Score: N/A The Plus Addons for Elementor Pro < 6.3.7 - Missing Authorization Affected: [*, 6.3.7) Patched: 6.3.7 Updated: June 30, 2026

LOW

theme-builder-for-elementor

Score: N/A Theme Builder For Elementor <= 1.2.3 - Cross-Site Request Forgery Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

smtp2go

Score: N/A SMTP2GO <= 1.12.1 - Missing Authorization Affected: *-1.12.1 Patched: 1.12.2 Updated: June 30, 2026

LOW

smtp-sendinblue

Score: N/A YaySMTP <= 1.3 - Authenticated (Administrator+) SQL Injection Affected: *-1.3 Patched: 1.3.1 Updated: June 30, 2026

LOW

smtp-sendgrid

Score: N/A SMTP for SendGrid – YaySMTP <= 1.5 - Authenticated (Administrator+) SQL Injection Affected: *-1.5 Patched: 1.5.1 Updated: June 30, 2026

LOW

smtp-amazon-ses

Score: N/A SMTP for Amazon SES <= 1.9 - Authenticated (Administrator+) SQL Injection Affected: *-1.9 Patched: 1.9.1 Updated: June 30, 2026

LOW

scroll-triggered-animations

Score: N/A Animator <= 3.0.16 - Cross-Site Request Forgery Affected: *-3.0.16 Patched: 3.0.17 Updated: June 30, 2026

LOW

revolution_video_player

Score: N/A Revolution Video Player With Bottom Playlist <= 2.9.2 - Reflected Cross-Site Scripting Affected: *-2.9.2 Patched: 2.9.3 Updated: June 30, 2026

LOW

Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates

responsive-addons-for-elementor

Score: N/A Responsive Addons for Elementor <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: June 30, 2026

LOW

residential-address-detection

Score: N/A Residential Address Detection <= 2.5.9 - Missing Authorization Affected: *-2.5.9 Patched: 2.5.10 Updated: June 30, 2026

LOW

real-estate-right-now

Score: N/A Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin <= 4.48 - Missing Authorization Affected: *-4.48 Patched: 4.49 Updated: June 30, 2026

LOW

ql-cost-calculator

Score: N/A Cost Calculator <= 7.4 - Missing Authorization Affected: *-7.4 Patched: 7.5 Updated: June 30, 2026

LOW

qc-simple-link-directory

Score: N/A Simple Link Directory < 14.8.1 - Reflected Cross-Site Scripting Affected: [*, 14.8.1) Patched: 14.8.1 Updated: June 30, 2026

LOW

paymaya-checkout-for-woocommerce

Score: N/A Maya Business <= 1.2.0 - Unauthenticated Insecure Direct Object Reference Affected: *-1.2.0 Patched: 1.3.0 Updated: June 30, 2026

LOW

newsletters-lite

Score: N/A Newsletters <= 4.10 - Cross-Site Request Forgery Affected: *-4.10 Patched: 4.11 Updated: June 30, 2026

LOW

news-kit-elementor-addons

Score: N/A News Kit Elementor Addons <= 1.3.4 - Missing Authorization Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

mp-restaurant-menu

Score: N/A Restaurant Menu by MotoPress <= 2.4.6 - Cross-Site Request Forgery Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026

LOW

lightbox-block

Score: 93/100 LightBox Block <= 1.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.30 Patched: 1.1.31 Updated: June 30, 2026

LOW

lbg-audio4-html5-shoutcast

Score: 93/100 Radio Player Shoutcast & Icecast <= 4.4.7 - Reflected Cross-Site Scripting Affected: *-4.4.7 Patched: 4.4.8 Updated: June 30, 2026

LOW

lbg_vp_youtube_vimeo_addon_visual_composer

Score: 91/100 Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

lbg_radio_player_addon_visual_composer

Score: 93/100 HTML5 Radio Player - WPBakery Page Builder Addon <= 2.5 - Reflected Cross-Site Scripting Affected: *-2.5 Patched: 2.5.2 Updated: June 30, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder <= 3.5.1.2 - Authenticated (Administrator+) PHP Object Injection Affected: *-3.5.1.2 Patched: 3.5.2 Updated: June 30, 2026

LOW

jet-woo-builder

Score: 93/100 JetWooBuilder <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.20 Patched: 2.1.20.1 Updated: June 30, 2026

LOW

jet-woo-builder

Score: 93/100 JetWooBuilder <= 2.1.20 - Authenticated (Subscriber+) Information Exposure Affected: *-2.1.20 Patched: 2.1.20.1 Updated: June 30, 2026

LOW

jet-tricks

Score: 93/100 JetTricks <= 1.5.4.1 - Authenticated (Subscriber+) Information Exposure Affected: *-1.5.4.1 Patched: 1.5.4.2 Updated: June 30, 2026

LOW

jet-tricks

Score: 93/100 JetTricks <= 1.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.4.1 Patched: 1.5.4.2 Updated: June 30, 2026

LOW

jet-tabs

Score: 93/100 JetTabs <= 2.2.9 - Authenticated (Subscriber+) Information Exposure Affected: *-2.2.9 Patched: 2.2.9.1 Updated: June 30, 2026

LOW

jet-tabs

Score: 93/100 JetTabs <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.9 Patched: 2.2.9.1 Updated: June 30, 2026

LOW

jet-smart-filters

Score: 93/100 JetSmartFilters <= 3.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.8 Patched: 3.6.8.1 Updated: June 30, 2026

LOW

jet-smart-filters

Score: 93/100 JetSmartFilters <= 3.6.7 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-3.6.7 Patched: 3.6.7.1 Updated: June 30, 2026

LOW

jet-search

Score: 93/100 JetSearch <= 3.5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.10.1 Patched: 3.5.11 Updated: June 30, 2026

LOW

jet-popup

Score: 93/100 JetPopup <= 2.0.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.15.1 Patched: 2.0.16 Updated: June 30, 2026

LOW

jet-popup

Score: 93/100 JetPopup <= 2.0.15 - Authenticated (Subscriber+) Information Disclosure Affected: *-2.0.15 Patched: 2.0.15.1 Updated: June 30, 2026

LOW

jet-popup

Score: 93/100 JetPopup <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.15 Patched: 2.0.15.1 Updated: June 30, 2026

LOW

jet-menu

Score: 93/100 JetMenu <= 2.4.11.1 - Authenticated (Subscriber+) Information Exposure Affected: *-2.4.11.1 Patched: 2.4.11.2 Updated: June 30, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.7.0 - Authenticated (Subscriber+) Information Exposure Affected: *-3.7.0 Patched: 3.7.1.1 Updated: June 30, 2026

LOW

jet-elements

Score: 93/100 JetElements For Elementor <= 2.7.7 - Authenticated (Subscriber+) Information Disclosure Affected: *-2.7.7 Patched: 2.7.7.1 Updated: June 30, 2026

LOW

jet-elements

Score: 93/100 JetElements For Elementor <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.7 Patched: 2.7.7.1 Updated: June 30, 2026

LOW

jet-blocks

Score: 93/100 JetBlocks For Elementor <= 1.3.18 - Authenticated (Subscriber+) Information Disclsoure Affected: *-1.3.18 Patched: 1.3.19 Updated: June 30, 2026

LOW

jet-blocks

Score: 93/100 JetBlocks For Elementor <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.19 Patched: 1.3.19.1 Updated: June 30, 2026

LOW

import-cdn-remote-images

Score: 93/100 Import CDN-Remote Images <= 2.1.2 - Cross-Site Request Forgery Affected: *-2.1.2 Patched: 2.1.3 Updated: June 30, 2026

LOW

image-wall

Score: 93/100 Image Wall <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: 3.2 Updated: June 30, 2026

LOW

idonate-pro

Score: 85/100 IDonatePro <= 2.1.8 - Unauthenticated Local File Inclusion Affected: *-2.1.8 Patched: Updated: June 30, 2026

LOW

ht-contactform

Score: 93/100 HT Contact Form 7 <= 2.0.0 - Authenticated (Administrator+) Local File Inclusion Affected: *-2.0.0 Patched: 2.1.0 Updated: June 30, 2026

LOW

ghostkit

Score: 93/100 Ghost Kit <= 3.4.1 - Unauthenticated Local File Inclusion Affected: *-3.4.1 Patched: 3.4.2 Updated: June 30, 2026

LOW

formality

Score: 93/100 Formality <= 1.5.9 - Unauthenticated Local File Inclusion Affected: *-1.5.9 Patched: 1.5.10 Updated: June 30, 2026

LOW

fg-drupal-to-wp

Score: 93/100 FG Drupal to WordPress <= 3.90.0 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-3.90.0 Patched: 3.90.1 Updated: June 30, 2026

LOW

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.5 Patched: 2.2.6 Updated: June 30, 2026

LOW

easy-code-manager

Score: 93/100 FluentSnippets <= 10.50 - Cross-Site Request Forgery Affected: *-10.50 Patched: 10.51 Updated: June 30, 2026

LOW

delicious-recipes

Score: 93/100 WP Delicious <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.4 Patched: 1.8.5 Updated: June 30, 2026

LOW

db-backup

Score: 91/100 DB Backup <= 6.0 - Missing Authorization Affected: *-6.0 Patched: Updated: June 30, 2026

LOW

custom-api-for-wp

Score: 93/100 Custom API for WP <= 4.2.2 - Unauthenticated SQL Injection Affected: *-4.2.2 Patched: 4.2.3 Updated: June 30, 2026

LOW

cm-pop-up-banners

Score: 93/100 CM Pop-Up banners <= 1.8.4 - Missing Authorization Affected: *-1.8.4 Patched: 1.8.5 Updated: June 30, 2026

LOW

cloud-sso-single-sign-on

Score: 93/100 Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Unauthenticated Local File Inclusion Affected: *-1.0.18 Patched: 1.0.19 Updated: June 30, 2026

LOW

AntiSpam for Contact Form 7

cf7-antispam

Score: 87/100 AntiSpam for Contact Form 7 <= 0.6.3 - Cross-Site Request Forgery Affected: *-0.6.3 Patched: 0.6.4 Updated: June 30, 2026

LOW

business-reviews-wp

Score: 93/100 Widget for Google Reviews <= 1.0.15 - Unauthenticated Local File Inclusion Affected: *-1.0.15 Patched: 1.0.16 Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.1 Patched: 5.4.2 Updated: June 30, 2026

LOW

bears-backup

Score: 93/100 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution Affected: *-2.0.0 Patched: 2.1.0 Updated: June 30, 2026

LOW

bbp-move-topics

Score: 91/100 bbPress Move Topics <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: June 30, 2026

LOW

antibots

Score: 97/100 Stop and Block bots plugin Anti bots <= 1.48 - Missing Authorization Affected: *-1.48 Patched: 1.50 Updated: June 30, 2026

LOW

Score: N/A Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function Affected: 1.0.17-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes Affected: *-3.26 Patched: 3.27 Updated: June 30, 2026

LOW

counter-visitor-for-woocommerce

Score: 93/100 Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

affiliate-reviews

Score: 97/100 Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

wp-malware-removal

Score: N/A Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 17.0 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-17.0 Patched: 17.1 Updated: June 30, 2026

LOW

brandfolder

Score: 93/100 Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-5.0.19 Patched: 5.0.20 Updated: June 30, 2026

LOW

wp-event-manager

Score: N/A WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' Affected: *-3.1.50 Patched: 3.1.51 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function Affected: *-5.9.5.4 Patched: 5.9.5.5 Updated: June 30, 2026

LOW

woocommerce-store-toolkit

Score: N/A WooCommerce Store Toolkit <= 2.4.3 - Unauthenticated Local File Inclusion Affected: *-2.4.3 Patched: 2.4.4 Updated: June 30, 2026

LOW

woocommerce-exporter

Score: N/A Store Exporter <= 2.7.6 - Unauthenticated Local File Inclusion Affected: *-2.7.6 Patched: 2.7.7 Updated: June 30, 2026

LOW

robokassa

Score: N/A Robokassa payment gateway for Woocommerce <= 1.8.1 - Reflected Cross-Site Scripting Affected: *-1.8.1 Patched: Updated: June 30, 2026

LOW

mediabay

Score: 89/100 Mediabay - WordPress Media Library Folders <= 1.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

master-addons

Score: 93/100 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.8.2 Patched: 2.0.8.3 Updated: June 30, 2026

LOW

knowledgebase-helpdesk-pro

Score: 91/100 KBx Pro Ultimate <= 8.0.5 - Unauthenticated PHP Object Injection Affected: *-8.0.5 Patched: Updated: June 30, 2026

LOW

hpbseo

Score: 91/100 hpb seo plugin for WordPress <= 3.0.1 - Reflected Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: June 30, 2026

LOW

fusion-builder

Score: 93/100 Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.12.1 Patched: 3.12.2 Updated: June 30, 2026

LOW

exact-links

Score: 83/100 URL Shortener <= 3.0.7 - Missing Authorization Affected: *-3.0.7 Patched: Updated: June 30, 2026

LOW

elex-bulk-edit-products-prices-attributes-for-woocommerce-basic

Score: 93/100 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4.9 Patched: 1.5.0 Updated: June 30, 2026

Showing 7601 to 7700 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 05:15 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List