Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
cf7-editor-button	cf7-editor-button	91	Contact Form 7 Editor Button <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0		June 30, 2026
azon-addon-js-composer	azon-addon-js-composer	89	Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.2		June 30, 2026
wp-pipes	wp-pipes	N/A	WP Pipes <= 1.4.3 - Unauthenticated Arbitrary File Deletion	LOW	*-1.4.3		June 30, 2026
universam-demo	universam-demo	N/A	UNIVERSAM <= 8.72.34 - Unauthenticated PHP Object Injection	LOW	*-8.72.34		June 30, 2026
wp-iframe-images-gallery	wp-iframe-images-gallery	N/A	iFrame Images Gallery <= 9.0 - Authenticated (Contributor+) SQL Injection	LOW	*-9.0		June 30, 2026
wp-fancybox	wp-fancybox	N/A	WP fancybox <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
video-gallery-block	video-gallery-block	N/A	Video Gallery Block – Display your videos as a gallery in a professional way <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0	1.1.1	June 30, 2026
subscribe-to-download	subscribe-to-download	N/A	Subscribe to Download <= 2.0.9 - Unauthenticated PHP Object Injection	LOW	*-2.0.9	2.1.0	June 30, 2026
sf-booking	sf-booking	N/A	Service Finder Booking <= 6.0 - Unauthenticated Privilege Escalation	LOW	*-6.0		June 30, 2026
posts-slider-shortcode	posts-slider-shortcode	N/A	Posts Slider Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
pixelating-image-slideshow-gallery	pixelating-image-slideshow-gallery	N/A	Pixelating image slideshow gallery <= 8.0 - Authenticated (Contributor+) SQL Injection	LOW	*-8.0		June 30, 2026
ownerrez	ownerrez	N/A	OwnerRez <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.1	1.2.2	June 30, 2026
Frontend File Manager Plugin	nmedia-user-file-uploader	86	Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection	LOW	*-23.2		June 30, 2026
my-reservation-system	my-reservation-system	N/A	My Reservation System <= 2.3 - Reflected Cross-Site Scripting	LOW	*-2.3		June 30, 2026
lmsace-connect	lmsace-connect	91	LMSACE Connect <= 3.4 - Missing Authorization	LOW	*-3.4		June 30, 2026
guest-author-name	guest-author-name	93	(Simply) Guest Author Name <= 4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.36	4.40	June 30, 2026
groundhogg	groundhogg	93	Groundhogg <= 4.2.1 - Authenticated (Sales Rep+) Arbitrary File Upload	LOW	*-4.2.1	4.2.2	June 30, 2026
gallery-widget	gallery-widget	91	Gallery Widget <= 1.2.1 - Authenticated (Contributor+) SQL Injection	LOW	*-1.2.1		June 30, 2026
fluxtore	fluxtore	93	fluXtore <= 1.6.0 - Missing Authorization	LOW	*-1.6.0	1.6.3	June 30, 2026
exact-links	exact-links	83	URL Shortener <= 3.0.7 - Unauthenticated Server-Side Request Forgery	LOW	*-3.0.7		June 30, 2026
easy-elements-hider	easy-elements-hider	91	Easy Elements Hider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0		June 30, 2026
dzs-wootable	dzs-wootable	89	WooCommerce Shop Page Builder <= 2.27.7 - Missing Authorization	LOW	*-2.27.7		June 30, 2026
cool-fade-popup	cool-fade-popup	91	Cool fade popup <= 10.1 - Authenticated (Contributor+) SQL Injection	LOW	*-10.1		June 30, 2026
contact-us-page-contact-people	contact-us-page-contact-people	89	Contact Us page - Contact people LITE <= 3.7.4 - Authenticated (Contributor+) SQL Injection	LOW	*-3.7.4		June 30, 2026
contact-form-7-recaptcha	contact-form-7-recaptcha	89	Contact Form 7 reCAPTCHA <= 1.2.0 - Cross-Site Request Forgery	LOW	*-1.2.0		June 30, 2026
chatra-live-chat	chatra-live-chat	91	Chatra Live Chat + ChatBot + Cart Saver <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.11		June 30, 2026
cf7-mailchimp-addon	cf7-mailchimp-addon	93	CF7 7 Mailchimp Add-on < 2.4 - Missing Authorization	LOW	[*, 2.4)	2.4	June 30, 2026
card-flip-image-slideshow	card-flip-image-slideshow	91	Card flip image slideshow <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5		June 30, 2026
bulk-featured-image	bulk-featured-image	87	Bulk Featured Image <= 1.2.2 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.2.2		June 30, 2026
Database Addon for Contact Form 7 – CFDB7	contact-form-cfdb7	89	Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter	LOW	*-1.3.1	1.3.2	June 30, 2026
easy-pdf-restaurant-menu-upload	easy-pdf-restaurant-menu-upload	93	Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode	LOW	*-2.0.1	2.0.2	June 30, 2026
premium-addons-for-elementor	premium-addons-for-elementor	N/A	Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.10.69	4.10.70	June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute	LOW	*-7.4.0	7.4.1	June 30, 2026
download-plugin	download-plugin	93	Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload	LOW	*-2.2.8	2.2.9	June 30, 2026
doccheck-login	doccheck-login	93	DocCheck Login <= 1.1.5 - Unauthorized Post Access	LOW	*-1.1.5	1.1.6	June 30, 2026
ycontributors	ycontributors	N/A	yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.5		June 30, 2026
rd-wapp	rd-wapp	N/A	RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update	LOW	*-1.4		June 30, 2026
wp-push-notification-firebase	wp-push-notification-firebase	N/A	WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification	LOW	*-1.2.0		June 30, 2026
woocommerce-paymaster-gateway-019	woocommerce-paymaster-gateway-019	N/A	PayMaster for WooCommerce <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-0.4.31		June 30, 2026
smart-docs	smart-docs	N/A	Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0	1.1.1	June 30, 2026
booking-x	booking-x	91	Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function	LOW	1.0-1.1.2		June 30, 2026
processingjs-for-wp	processingjs-for-wp	N/A	ProcessingJS for WordPress <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.2		June 30, 2026
gozen-forms	gozen-forms	89	GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()	LOW	*-1.1.5		June 30, 2026
gozen-forms	gozen-forms	89	GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()	LOW	*-1.1.5		June 30, 2026
hrm	hrm	89	WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX Action	LOW	2.0.0-2.2.17		June 30, 2026
hrm	hrm	89	WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function	LOW	2.0.0-2.2.17		June 30, 2026
portfolio-elementor	portfolio-elementor	N/A	Portfolio for Elementor & Image Gallery \| PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS	LOW	*-3.2.0	3.2.1	June 30, 2026
vikrentcar	vikrentcar	N/A	VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload	LOW	*-1.4.3	1.4.4	June 30, 2026
WPvivid — Backup, Migration & Staging	wpvivid-backuprestore	63	Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload	LOW	*-0.9.116	0.9.117	June 30, 2026
youtube-video-player	youtube-video-player	N/A	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library	LOW	*-2.6.7		June 30, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery	66	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library	LOW	*-3.59.11	3.59.12	June 30, 2026
auto-thickbox	auto-thickbox	91	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library	LOW	*-3.5		June 30, 2026
wpquiz	wpquiz	N/A	WPQuiz <= 0.4.2 - Authenticated (Contributor+) SQL Injection	LOW	*-0.4.2		June 30, 2026
wp-stats-manager	wp-stats-manager	N/A	WP Visitor Statistics (Real Time Traffic) <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-7.8	7.9	June 30, 2026
WP Compress – Instant Performance & Speed Optimization	wp-compress-image-optimizer	61	WP Compress <= 6.30.30 - Unauthenticated Broken Authentication	LOW	*-6.30.30	6.30.31	June 30, 2026
Melapress File Monitor	website-file-changes-monitor	97	Melapress File Monitor < 2.2.0 - Missing Authorization	LOW	[*, 2.2.0)	2.2.0	June 30, 2026
wc-pickup-store	wc-pickup-store	N/A	WC Pickup Store <= 1.8.9 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.8.9	1.8.10	June 30, 2026
uncode-core	uncode-core	N/A	Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	LOW	*-2.9.4.2	2.9.4.3	June 30, 2026
trust-payments-gateway-3ds2	trust-payments-gateway-3ds2	N/A	Trust Payments Gateway for WooCommerce (JavaScript Library) <= 1.3.6 - Cross-Site Request Forgery	LOW	*-1.3.6	1.3.7	June 30, 2026
testimonials-showcase	testimonials-showcase	N/A	Testimonials Showcase <= 1.9.16 - Reflected Cross-Site Scripting	LOW	*-1.9.16	1.9.18	June 30, 2026
radio-station	radio-station	N/A	Radio Station <= 2.5.12 - Cross-Site Request Forgery	LOW	*-2.5.12	2.5.13	June 30, 2026
printcart-integration	printcart-integration	N/A	Printcart Web to Print Product Designer for WooCommerce <= 2.4.0 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.4.0	2.4.1	June 30, 2026
paytiko	paytiko	N/A	Paytiko for WooCommerce <= 1.4.7 - Missing Authorization	LOW	*-1.4.7	1.4.8	June 30, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	paid-member-subscriptions	N/A	Paid Member Subscriptions <= 2.15.1 - Unauthenticated SQL Injection	LOW	*-2.15.1	2.15.2	June 30, 2026
mf-plus-wpml	mf-plus-wpml	91	MF Plus WPML <= 1.1 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.1		June 30, 2026
eventon	eventon	86	EventON <= 4.9.9 - Missing Authorization	LOW	*-4.9.9		June 30, 2026
easy-stripe	easy-stripe	93	Easy Stripe <= 1.1 - Unauthenticated Remote Code Execution	LOW	*-1.1	1.2	June 30, 2026
bsecure	bsecure	95	bSecure – Your Universal Checkout <= 1.7.9 - Unauthenticated SQL Injection	LOW	*-1.7.9	1.8.0	June 30, 2026
allmart-core	allmart-core	95	Allmart <= 1.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.0.0		June 30, 2026
aibuddy-openai-chatgpt	aibuddy-openai-chatgpt	95	AiBud WP <= 1.8.5 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.8.5		June 30, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress	ai-engine	82	AI Engine 2.8.4 - Insecure OAuth Implementation	LOW	2.8.4	2.8.5	June 30, 2026
wp-video-lightbox	wp-video-lightbox	N/A	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library	LOW	*-1.9.11	1.9.12	June 30, 2026
woo-3d-viewer	woo-3d-viewer	N/A	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library	LOW	*-1.8.6.6	1.8.6.7	June 30, 2026
easy-image-gallery	easy-image-gallery	91	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library	LOW	*-1.5.2	1.5.3	June 30, 2026
awesome-wp-image-gallery	awesome-wp-image-gallery	89	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library	LOW	*-1.0		June 30, 2026
awesome-gallery	awesome-gallery	89	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library	LOW	*-1.0		June 30, 2026
peepso-groups	peepso-groups	N/A	PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description	LOW	*-6.4.6.0	6.4.6.1	June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute	LOW	8.0.0	8.1.0	June 30, 2026
supreme-modules-for-divi	supreme-modules-for-divi	N/A	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-2.5.52	2.5.53	June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-7.4.2	7.4.3	June 30, 2026
Robo Gallery – Photo & Image Slider	robo-gallery	N/A	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-3.2.22	3.2.23	June 30, 2026
qwiz-online-quizzes-and-flashcards	qwiz-online-quizzes-and-flashcards	N/A	WordPress Qwizcards <= 3.94 - Reflected Cross-Site Scripting	LOW	*-3.94	3.95	June 30, 2026
premmerce	premmerce	N/A	Premmerce <= 1.3.19 - Unauthenticated Local File Inclusion	LOW	*-1.3.19	1.3.20	June 30, 2026
jkdevkit	jkdevkit	91	JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-1.9.4		June 30, 2026
happy-elementor-addons	happy-elementor-addons	93	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-3.12.2	3.12.3	June 30, 2026
gutentor	gutentor	91	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-3.4.9		June 30, 2026
everest-forms-frontend-listing	everest-forms-frontend-listing	91	Everest Forms - Frontend Listing <= 1.0.5 - Unauthenticated PHP Object Injection	LOW	*-1.0.5		June 30, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets	essential-addons-for-elementor-lite	85	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-6.0.4	6.0.5	June 30, 2026
divi-builder	divi-builder	93	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-4.27.1	4.27.2	June 30, 2026
Carousel Slider	carousel-slider	95	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-2.2.14	2.2.15	June 30, 2026
bold-page-builder	bold-page-builder	86	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-5.1.2	5.1.3	June 30, 2026
blossomthemes-instagram-feed	blossomthemes-instagram-feed	91	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-2.0.5		June 30, 2026
DiviTorque Lite – Divi Theme, Divi Builder & Extra Theme	addons-for-divi	93	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library	LOW	*-4.0.5	4.0.6	June 30, 2026
widgetkit-for-elementor	widgetkit-for-elementor	N/A	All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget	LOW	*-2.5.4	2.5.5	June 30, 2026
bit-form	bit-form	93	Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure	LOW	*-2.17.5	2.17.6	June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion	LOW	*-1.44.2	1.44.3	June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion	LOW	*-1.44.2	1.44.3	June 30, 2026
soumettre-fr	soumettre-fr	N/A	Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion	LOW	*-2.1.5	2.1.6	June 30, 2026
import-products-to-wc	import-products-to-wc	89	Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery	LOW	*-1.2.7		June 30, 2026
magic-buttons-for-elementor	magic-buttons-for-elementor	91	Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode	LOW	*-1.0	1.1	June 30, 2026

LOW

cf7-editor-button

Score: 91/100 Contact Form 7 Editor Button <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

azon-addon-js-composer

Score: 89/100 Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

wp-pipes

Score: N/A WP Pipes <= 1.4.3 - Unauthenticated Arbitrary File Deletion Affected: *-1.4.3 Patched: Updated: June 30, 2026

LOW

universam-demo

Score: N/A UNIVERSAM <= 8.72.34 - Unauthenticated PHP Object Injection Affected: *-8.72.34 Patched: Updated: June 30, 2026

LOW

wp-iframe-images-gallery

Score: N/A iFrame Images Gallery <= 9.0 - Authenticated (Contributor+) SQL Injection Affected: *-9.0 Patched: Updated: June 30, 2026

LOW

wp-fancybox

Score: N/A WP fancybox <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

Score: N/A Video Gallery Block – Display your videos as a gallery in a professional way <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

subscribe-to-download

Score: N/A Subscribe to Download <= 2.0.9 - Unauthenticated PHP Object Injection Affected: *-2.0.9 Patched: 2.1.0 Updated: June 30, 2026

LOW

sf-booking

Score: N/A Service Finder Booking <= 6.0 - Unauthenticated Privilege Escalation Affected: *-6.0 Patched: Updated: June 30, 2026

LOW

posts-slider-shortcode

Score: N/A Posts Slider Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

pixelating-image-slideshow-gallery

Score: N/A Pixelating image slideshow gallery <= 8.0 - Authenticated (Contributor+) SQL Injection Affected: *-8.0 Patched: Updated: June 30, 2026

LOW

ownerrez

Score: N/A OwnerRez <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

Frontend File Manager Plugin

nmedia-user-file-uploader

Score: 86/100 Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection Affected: *-23.2 Patched: Updated: June 30, 2026

LOW

my-reservation-system

Score: N/A My Reservation System <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

lmsace-connect

Score: 91/100 LMSACE Connect <= 3.4 - Missing Authorization Affected: *-3.4 Patched: Updated: June 30, 2026

LOW

guest-author-name

Score: 93/100 (Simply) Guest Author Name <= 4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.36 Patched: 4.40 Updated: June 30, 2026

LOW

groundhogg

Score: 93/100 Groundhogg <= 4.2.1 - Authenticated (Sales Rep+) Arbitrary File Upload Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

gallery-widget

Score: 91/100 Gallery Widget <= 1.2.1 - Authenticated (Contributor+) SQL Injection Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

fluxtore

Score: 93/100 fluXtore <= 1.6.0 - Missing Authorization Affected: *-1.6.0 Patched: 1.6.3 Updated: June 30, 2026

LOW

exact-links

Score: 83/100 URL Shortener <= 3.0.7 - Unauthenticated Server-Side Request Forgery Affected: *-3.0.7 Patched: Updated: June 30, 2026

LOW

easy-elements-hider

Score: 91/100 Easy Elements Hider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

dzs-wootable

Score: 89/100 WooCommerce Shop Page Builder <= 2.27.7 - Missing Authorization Affected: *-2.27.7 Patched: Updated: June 30, 2026

LOW

cool-fade-popup

Score: 91/100 Cool fade popup <= 10.1 - Authenticated (Contributor+) SQL Injection Affected: *-10.1 Patched: Updated: June 30, 2026

LOW

contact-us-page-contact-people

Score: 89/100 Contact Us page - Contact people LITE <= 3.7.4 - Authenticated (Contributor+) SQL Injection Affected: *-3.7.4 Patched: Updated: June 30, 2026

LOW

contact-form-7-recaptcha

Score: 89/100 Contact Form 7 reCAPTCHA <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

chatra-live-chat

Score: 91/100 Chatra Live Chat + ChatBot + Cart Saver <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.11 Patched: Updated: June 30, 2026

LOW

cf7-mailchimp-addon

Score: 93/100 CF7 7 Mailchimp Add-on < 2.4 - Missing Authorization Affected: [*, 2.4) Patched: 2.4 Updated: June 30, 2026

LOW

card-flip-image-slideshow

Score: 91/100 Card flip image slideshow <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

bulk-featured-image

Score: 87/100 Bulk Featured Image <= 1.2.2 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Score: 89/100 Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

easy-pdf-restaurant-menu-upload

Score: 93/100 Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

premium-addons-for-elementor

Score: N/A Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.10.69 Patched: 4.10.70 Updated: June 30, 2026

LOW

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute Affected: *-7.4.0 Patched: 7.4.1 Updated: June 30, 2026

LOW

download-plugin

Score: 93/100 Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-2.2.8 Patched: 2.2.9 Updated: June 30, 2026

LOW

doccheck-login

Score: 93/100 DocCheck Login <= 1.1.5 - Unauthorized Post Access Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026

LOW

ycontributors

Score: N/A yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5 Patched: Updated: June 30, 2026

LOW

rd-wapp

Score: N/A RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

wp-push-notification-firebase

Score: N/A WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

woocommerce-paymaster-gateway-019

Score: N/A PayMaster for WooCommerce <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-0.4.31 Patched: Updated: June 30, 2026

LOW

smart-docs

Score: N/A Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

booking-x

Score: 91/100 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function Affected: 1.0-1.1.2 Patched: Updated: June 30, 2026

LOW

processingjs-for-wp

Score: N/A ProcessingJS for WordPress <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

gozen-forms

Score: 89/100 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm() Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

gozen-forms

Score: 89/100 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

hrm

Score: 89/100 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX Action Affected: 2.0.0-2.2.17 Patched: Updated: June 30, 2026

LOW

hrm

Score: 89/100 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function Affected: 2.0.0-2.2.17 Patched: Updated: June 30, 2026

LOW

portfolio-elementor

Score: N/A Portfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS Affected: *-3.2.0 Patched: 3.2.1 Updated: June 30, 2026

LOW

vikrentcar

Score: N/A VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-0.9.116 Patched: 0.9.117 Updated: June 30, 2026

LOW

youtube-video-player

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library Affected: *-2.6.7 Patched: Updated: June 30, 2026

LOW

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

Score: 66/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library Affected: *-3.59.11 Patched: 3.59.12 Updated: June 30, 2026

LOW

auto-thickbox

Score: 91/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library Affected: *-3.5 Patched: Updated: June 30, 2026

LOW

wpquiz

Score: N/A WPQuiz <= 0.4.2 - Authenticated (Contributor+) SQL Injection Affected: *-0.4.2 Patched: Updated: June 30, 2026

LOW

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.8 Patched: 7.9 Updated: June 30, 2026

LOW

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Score: 61/100 WP Compress <= 6.30.30 - Unauthenticated Broken Authentication Affected: *-6.30.30 Patched: 6.30.31 Updated: June 30, 2026

LOW

Melapress File Monitor

website-file-changes-monitor

Score: 97/100 Melapress File Monitor < 2.2.0 - Missing Authorization Affected: [*, 2.2.0) Patched: 2.2.0 Updated: June 30, 2026

LOW

wc-pickup-store

Score: N/A WC Pickup Store <= 1.8.9 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.8.9 Patched: 1.8.10 Updated: June 30, 2026

LOW

uncode-core

Score: N/A Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes Affected: *-2.9.4.2 Patched: 2.9.4.3 Updated: June 30, 2026

LOW

trust-payments-gateway-3ds2

Score: N/A Trust Payments Gateway for WooCommerce (JavaScript Library) <= 1.3.6 - Cross-Site Request Forgery Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

testimonials-showcase

Score: N/A Testimonials Showcase <= 1.9.16 - Reflected Cross-Site Scripting Affected: *-1.9.16 Patched: 1.9.18 Updated: June 30, 2026

LOW

radio-station

Score: N/A Radio Station <= 2.5.12 - Cross-Site Request Forgery Affected: *-2.5.12 Patched: 2.5.13 Updated: June 30, 2026

LOW

printcart-integration

Score: N/A Printcart Web to Print Product Designer for WooCommerce <= 2.4.0 - Authenticated (Subscriber+) SQL Injection Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

paytiko

Score: N/A Paytiko for WooCommerce <= 1.4.7 - Missing Authorization Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Score: N/A Paid Member Subscriptions <= 2.15.1 - Unauthenticated SQL Injection Affected: *-2.15.1 Patched: 2.15.2 Updated: June 30, 2026

LOW

mf-plus-wpml

Score: 91/100 MF Plus WPML <= 1.1 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

eventon

Score: 86/100 EventON <= 4.9.9 - Missing Authorization Affected: *-4.9.9 Patched: Updated: June 30, 2026

LOW

easy-stripe

Score: 93/100 Easy Stripe <= 1.1 - Unauthenticated Remote Code Execution Affected: *-1.1 Patched: 1.2 Updated: June 30, 2026

LOW

bsecure

Score: 95/100 bSecure – Your Universal Checkout <= 1.7.9 - Unauthenticated SQL Injection Affected: *-1.7.9 Patched: 1.8.0 Updated: June 30, 2026

LOW

allmart-core

Score: 95/100 Allmart <= 1.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

aibuddy-openai-chatgpt

Score: 95/100 AiBud WP <= 1.8.5 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.8.5 Patched: Updated: June 30, 2026

LOW

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

Score: 82/100 AI Engine 2.8.4 - Insecure OAuth Implementation Affected: 2.8.4 Patched: 2.8.5 Updated: June 30, 2026

LOW

wp-video-lightbox

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library Affected: *-1.9.11 Patched: 1.9.12 Updated: June 30, 2026

LOW

woo-3d-viewer

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library Affected: *-1.8.6.6 Patched: 1.8.6.7 Updated: June 30, 2026

LOW

easy-image-gallery

Score: 91/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

awesome-wp-image-gallery

Score: 89/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

awesome-gallery

LOW

peepso-groups

Score: N/A PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description Affected: *-6.4.6.0 Patched: 6.4.6.1 Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute Affected: 8.0.0 Patched: 8.1.0 Updated: June 30, 2026

LOW

supreme-modules-for-divi

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library Affected: *-2.5.52 Patched: 2.5.53 Updated: June 30, 2026

LOW

shortcodes-ultimate

LOW

Robo Gallery – Photo & Image Slider

robo-gallery

LOW

qwiz-online-quizzes-and-flashcards

Score: N/A WordPress Qwizcards <= 3.94 - Reflected Cross-Site Scripting Affected: *-3.94 Patched: 3.95 Updated: June 30, 2026

LOW

premmerce

Score: N/A Premmerce <= 1.3.19 - Unauthenticated Local File Inclusion Affected: *-1.3.19 Patched: 1.3.20 Updated: June 30, 2026

LOW

jkdevkit

Score: 91/100 JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.9.4 Patched: Updated: June 30, 2026

LOW

happy-elementor-addons

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library Affected: *-3.12.2 Patched: 3.12.3 Updated: June 30, 2026

LOW

gutentor

Score: 91/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library Affected: *-3.4.9 Patched: Updated: June 30, 2026

LOW

everest-forms-frontend-listing

Score: 91/100 Everest Forms - Frontend Listing <= 1.0.5 - Unauthenticated PHP Object Injection Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Score: 85/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library Affected: *-6.0.4 Patched: 6.0.5 Updated: June 30, 2026

LOW

divi-builder

LOW

Carousel Slider

carousel-slider

Score: 95/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library Affected: *-2.2.14 Patched: 2.2.15 Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library Affected: *-5.1.2 Patched: 5.1.3 Updated: June 30, 2026

LOW

blossomthemes-instagram-feed

LOW

DiviTorque Lite – Divi Theme, Divi Builder & Extra Theme

addons-for-divi

LOW

widgetkit-for-elementor

Score: N/A All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget Affected: *-2.5.4 Patched: 2.5.5 Updated: June 30, 2026

LOW

bit-form

Score: 93/100 Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure Affected: *-2.17.5 Patched: 2.17.6 Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion Affected: *-1.44.2 Patched: 1.44.3 Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion Affected: *-1.44.2 Patched: 1.44.3 Updated: June 30, 2026

LOW

soumettre-fr

Score: N/A Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion Affected: *-2.1.5 Patched: 2.1.6 Updated: June 30, 2026

LOW

import-products-to-wc

Score: 89/100 Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery Affected: *-1.2.7 Patched: Updated: June 30, 2026

LOW

magic-buttons-for-elementor

Score: 91/100 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode Affected: *-1.0 Patched: 1.1 Updated: June 30, 2026

Showing 7801 to 7900 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 08:15 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List