Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36189Across tracked plugins
Affected Plugins
92With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| alfie-the-productfeedtool-wp-plugin | alfie-the-productfeedtool-wp-plugin |
95
|
Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter | LOW | *-1.2.1 | June 29, 2026 | ||
| wp-blockade | wp-blockade | N/A | WP Blockade <= 0.9.14 - Reflected Cross-Site Scripting via 'shortcode' Parameter | LOW | *-0.9.14 | June 29, 2026 | ||
| easy-elements | easy-elements | N/A | Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter | LOW | *-1.4.9 | June 29, 2026 | ||
| simple-draft-list | simple-draft-list | N/A | Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title | LOW | 2.6.3 | 2.6.4 | June 29, 2026 | |
| cbxscratingreview | cbxscratingreview | N/A | CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter | LOW | *-1.0.7 | 1.0.8 | June 29, 2026 | |
| kia-subtitle | kia-subtitle | N/A | KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] | LOW | *-4.0.1 | 4.0.2 | June 29, 2026 | |
| location-weather | location-weather |
93
|
Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging | LOW | *-3.0.2 | 3.0.3 | June 29, 2026 | |
| erp-pro | erp-pro | N/A | WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter | LOW | *-1.5.1 | June 29, 2026 | ||
| import-products-from-gsheet-for-woo-importer | import-products-from-gsheet-for-woo-importer | N/A | GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset | LOW | *-2.3.1 | 2.4.1 | June 29, 2026 | |
| bookingpress-appointment-booking-pro | bookingpress-appointment-booking-pro | N/A | BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field | LOW | *-5.6 | 5.7 | June 29, 2026 | |
| the-plus-addons-for-elementor-page-builder | the-plus-addons-for-elementor-page-builder | N/A | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.4.11 | 6.4.12 | June 29, 2026 | |
| the-plus-addons-for-elementor-page-builder | the-plus-addons-for-elementor-page-builder | N/A | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.4.11 | 6.4.12 | June 29, 2026 | |
| mail-mint | mail-mint |
93
|
Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails <= 1.19.5 - Authenticated (Subscriber+) Information Exposure | LOW | *-1.19.5 | 1.20.0 | June 29, 2026 | |
| cf7-styler | cf7-styler |
91
|
WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms <= 1.7.6 - Missing Authorization | LOW | *-1.7.6 | 1.8.5 | June 29, 2026 | |
| fusion-builder | fusion-builder |
93
|
Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes | LOW | *-3.15.2 | 3.15.3 | June 29, 2026 | |
| fusion-builder | fusion-builder |
93
|
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler | LOW | *-3.15.2 | 3.15.3 | June 29, 2026 | |
| wpb-floating-menu-or-categories | wpb-floating-menu-or-categories | N/A | WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field | LOW | *-1.0.8 | 1.0.9 | June 29, 2026 | |
| broadstreet | broadstreet |
93
|
Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta | LOW | *-1.52.2 | 1.53.2 | June 29, 2026 | |
| yith-woocommerce-product-add-ons | yith-woocommerce-product-add-ons | N/A | YITH WooCommerce Product Add-Ons <= 4.29.0 - Authenticated (Shop manager+) SQL Injection | LOW | *-4.29.0 | 4.29.1 | June 29, 2026 | |
| visualizer | visualizer | N/A | Visualizer: Tables and Charts Manager for WordPress < 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | [*, 4.0.0) | 4.0.0 | June 29, 2026 | |
| VikBooking Hotel Booking Engine & PMS | vikbooking |
95
|
VikBooking Hotel Booking Engine & PMS <= 1.8.8 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.8.8 | 1.8.9 | June 29, 2026 | |
| service-booking-manager | service-booking-manager | N/A | Appointment Booking Plugin for WooCommerce – WpBookingly | All-in-One Service Manager <= 1.2.9 - Missing Authorization | LOW | *-1.2.9 | 1.3.0 | June 29, 2026 | |
| quickwebp | quickwebp | N/A | QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly <= 3.2.7 - Authenticated (Contributor+) Arbitrary File Deletion | LOW | *-3.2.7 | 3.2.8 | June 29, 2026 | |
| powerpress | powerpress | N/A | PowerPress Podcasting plugin by Blubrry <= 11.15.10 - Authenticated (Contributor+) SQL Injection | LOW | *-11.15.10 | 11.15.11 | June 29, 2026 | |
| pdf-for-elementor-forms | pdf-for-elementor-forms | N/A | PDF for Elementor Forms + Drag And Drop Template Builder <= 5.5.1 - Missing Authorization | LOW | *-5.5.1 | 5.6.1 | June 29, 2026 | |
| ht-contactform | ht-contactform |
93
|
HT Contact Form – Drag & Drop Form Builder for WordPress <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting | LOW | *-2.8.2 | 2.8.3 | June 29, 2026 | |
| giftware | giftware | N/A | Gift Cards For WooCommerce Pro <= 4.2.6 - Unauthenticated Arbitrary File Upload | LOW | *-4.2.6 | 4.2.7 | June 29, 2026 | |
| final-tiles-grid-gallery-lite | final-tiles-grid-gallery-lite |
93
|
Image Photo Gallery Final Tiles Grid <= 3.6.11 - Missing Authorization | LOW | *-3.6.11 | 3.6.12 | June 29, 2026 | |
| divi-form-builder | divi-form-builder | N/A | Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role' | LOW | *-5.1.2 | 5.1.3 | June 29, 2026 | |
| revslider | revslider | N/A | Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream' | LOW | 6.0-6.7.54, 7.0-7.0.9 | 6.7.55 | June 29, 2026 | |
| acymailing | acymailing |
97
|
AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router' | LOW | *-10.8.2 | 10.9.0 | June 29, 2026 | |
| anomify | anomify | N/A | Anomify AI <= 0.3.6 - Cross-Site Request Forgery | LOW | *-0.3.6 | June 29, 2026 | ||
| ai-copilot-content-generator | ai-copilot-content-generator |
95
|
AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header | LOW | *-1.4.14 | 1.4.15 | June 29, 2026 | |
| Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | nextgen-gallery |
66
|
Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API | LOW | *-4.2.0 | 4.2.1 | June 29, 2026 | |
| advanced-database-cleaner-premium | advanced-database-cleaner-premium | N/A | Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template' | LOW | *-4.1.0 | 4.1.1 | June 29, 2026 | |
| pixel-cost-of-goods | pixel-cost-of-goods | N/A | Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import | LOW | *-1.2.12 | 1.2.13 | June 29, 2026 | |
| All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic | all-in-one-seo-pack |
88
|
All in One SEO <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure via 'internalOptions' Localized Script Data | LOW | *-4.9.7 | 4.9.7.1 | June 29, 2026 | |
| boost | boost | N/A | Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters | LOW | *-2.0.3 | 2.0.4 | June 29, 2026 | |
| boost | boost | N/A | Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie | LOW | *-2.0.3 | 2.0.4 | June 29, 2026 | |
| xpro-elementor-addons | xpro-elementor-addons | N/A | Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation | LOW | *-1.5.0 | 1.5.1 | June 29, 2026 | |
| easy-elements | easy-elements | N/A | Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register | LOW | *-1.4.4 | 1.4.5 | June 29, 2026 | |
| creative-mail-by-constant-contact | creative-mail-by-constant-contact |
95
|
Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' Parameter | LOW | *-1.6.9 | June 29, 2026 | ||
| ts-webfonts-for-conoha | ts-webfonts-for-conoha | N/A | TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter | LOW | *-2.0.4 | June 29, 2026 | ||
| expand-maker | expand-maker |
89
|
Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter | LOW | *-3.5.7 | June 29, 2026 | ||
| expand-maker | expand-maker |
89
|
Read More & Accordion <= 3.5.7 - Privilege Escalation via importData | LOW | *-3.5.7 | June 29, 2026 | ||
| logo-manager-for-enamad | logo-manager-for-enamad |
91
|
Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute | LOW | *-0.7.4 | June 29, 2026 | ||
| correct-prices | correct-prices | N/A | Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter | LOW | *-1.0 | June 29, 2026 | ||
| sponsorme | sponsorme | N/A | SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter | LOW | *-0.5.2 | June 29, 2026 | ||
| lj-comments-import-reloaded | lj-comments-import-reloaded | N/A | LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter | LOW | *-0.97.1 | June 29, 2026 | ||
| infility-global | infility-global |
81
|
Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter | LOW | *-2.15.16 | June 29, 2026 | ||
| remove-yellow-bgbox | remove-yellow-bgbox | N/A | Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery | LOW | *-1.0 | June 29, 2026 | ||
| javibola-custom-theme | javibola-custom-theme | N/A | JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery | LOW | *-2.0.5 | June 29, 2026 | ||
| blogchat-chat-system | blogchat-chat-system | N/A | BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update | LOW | *-1.3.6.3 | June 29, 2026 | ||
| amazon-scraper | amazon-scraper | N/A | Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update | LOW | *-1.1 | June 29, 2026 | ||
| game-catalog | game-catalog | N/A | Games Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion | LOW | *-1.2.0 | June 29, 2026 | ||
| wp-sms-vatansms-com | wp-sms-vatansms-com | N/A | VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter | LOW | *-1.01 | June 29, 2026 | ||
| account-switcher | account-switcher | N/A | Account Switcher <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation | LOW | *-1.0.2 | June 29, 2026 | ||
| bigfishgames-syndicate | bigfishgames-syndicate | N/A | Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update | LOW | *-1.2 | June 29, 2026 | ||
| anomify | anomify | N/A | Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter | LOW | *-0.3.6 | June 29, 2026 | ||
| bottom-bar | bottom-bar | N/A | Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings Update | LOW | *-0.1.7 | June 29, 2026 | ||
| child-height-predictor | child-height-predictor | N/A | Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form | LOW | *-1.3 | June 29, 2026 | ||
| general-options | general-options | N/A | General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter | LOW | *-1.1.0 | June 29, 2026 | ||
| sticky | sticky | N/A | Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute | LOW | *-2.5.6 | June 29, 2026 | ||
| word-2-cash | word-2-cash | N/A | Word 2 Cash <= 0.9.2 - Cross-Site Request Forgeryto Stored Cross-Site Scripting via Settings Page | LOW | *-0.9.2 | June 29, 2026 | ||
| nexa-blocks | nexa-blocks | N/A | Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter | LOW | *-1.1.1 | June 29, 2026 | ||
| sentence-to-seo | sentence-to-seo | N/A | Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters | LOW | *-1.0 | June 29, 2026 | ||
| prosolution-wp-client | prosolution-wp-client | N/A | ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files' | LOW | *-2.0.0 | 2.0.1 | June 29, 2026 | |
| faces-of-users | faces-of-users | N/A | Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute | LOW | *-0.0.3 | June 29, 2026 | ||
| oliver-pos | oliver-pos | N/A | Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header | LOW | *-2.4.2.6 | 4.5.4 | June 29, 2026 | |
| os-diagnosis-generator | os-diagnosis-generator | N/A | 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter | LOW | *-1.4.16 | June 29, 2026 | ||
| kirki | kirki | N/A | Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP | LOW | *-6.0.6 | 6.0.7 | June 29, 2026 | |
| kirki | kirki | N/A | Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action | LOW | *-6.0.6 | 6.0.7 | June 29, 2026 | |
| WP Activity Log | wp-security-audit-log | N/A | WP Activity Log <= 5.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-5.6.3 | 5.6.3.1 | June 29, 2026 | |
| profit-products-tables-for-woocommerce | profit-products-tables-for-woocommerce | N/A | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.8 - Unauthenticated SQL Injection | LOW | *-1.0.8 | 1.0.9 | June 29, 2026 | |
| presto-player | presto-player | N/A | The Ultimate Video Player For WordPress – by Presto Player <= 4.1.3 - Missing Authorization | LOW | *-4.1.3 | 4.1.4 | June 29, 2026 | |
| piotnet-addons-for-elementor-pro | piotnet-addons-for-elementor-pro | N/A | Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload | LOW | *-7.1.70 | June 29, 2026 | ||
| piotnetforms-pro | piotnetforms-pro | N/A | Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload | LOW | *-2.1.40 | June 29, 2026 | ||
| wpforo | wpforo | N/A | wpForo Forum <= 3.0.6 - Missing Authorization | LOW | *-3.0.6 | 3.0.7 | June 29, 2026 | |
| e2pdf | e2pdf |
93
|
E2Pdf – Export Pdf Tool for WordPress <= 1.32.14 - Reflected Cross-Site Scripting | LOW | *-1.32.14 | 1.32.15 | June 29, 2026 | |
| contest-gallery | contest-gallery |
93
|
Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection | LOW | *-28.1.6 | 28.1.7 | June 29, 2026 | |
| contest-gallery-pro | contest-gallery-pro |
93
|
Contest Gallery Pro <= 29.0.1 - Unauthenticated Privilege Escalation | LOW | *-29.0.1 | 29.0.2 | June 29, 2026 | |
| classified-listing | classified-listing |
93
|
Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.8 - Authenticated (Subscriber+) Arbitrary File Download | LOW | *-5.3.8 | 5.3.9 | June 29, 2026 | |
| AI Engine – The Chatbot, AI Framework & MCP for WordPress | ai-engine |
82
|
AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token | LOW | 3.4.9 | 3.5.0 | June 29, 2026 | |
| give | give |
93
|
GiveWP – Donation Plugin and Fundraising Platform <= 4.14.5 - Unauthenticated Stored Cross-Site Scripting | LOW | *-4.14.5 | 4.14.6 | June 29, 2026 | |
| essential-chat-support | essential-chat-support |
91
|
Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter | LOW | *-1.0.1 | June 29, 2026 | ||
| wt-smart-coupons-for-woocommerce | wt-smart-coupons-for-woocommerce | N/A | Smart Coupons For WooCommerce Coupons < 2.3.0 - Missing Authorization | LOW | [*, 2.3.0) | 2.3.0 | June 29, 2026 | |
| wp-document-revisions | wp-document-revisions | N/A | WP Document Revisions <= 3.8.1 - Missing Authorization | LOW | *-3.8.1 | 4.0.0 | June 29, 2026 | |
| mycred | mycred | N/A | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred <= 3.0.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-3.0.4 | 3.0.5 | June 29, 2026 | |
| hydra-booking | hydra-booking |
93
|
Hydra Booking — Appointment Scheduling & Booking Calendar <= 1.1.41 - Missing Authorization | LOW | *-1.1.41 | 1.1.42 | June 29, 2026 | |
| commenting-feature | commenting-feature |
93
|
Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment | LOW | *-5.2 | 5.3 | June 29, 2026 | |
| classified-listing | classified-listing |
93
|
Classified Listing <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via add_order_note and send_email_to_user_by_moderator AJAX Actions | LOW | *-5.3.10 | 5.4.0 | June 29, 2026 | |
| acf-frontend-form-element | acf-frontend-form-element |
97
|
Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form | LOW | *-3.28.36 | 3.29.1 | June 29, 2026 | |
| quick-playground | quick-playground | N/A | Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter | LOW | *-1.3.3 | 1.3.4 | June 29, 2026 | |
| form-notify | form-notify |
93
|
Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback | LOW | *-1.1.10 | 1.1.11 | June 29, 2026 | |
| notify-odoo | notify-odoo | N/A | Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update | LOW | *-1.0.1 | 1.0.2 | June 29, 2026 | |
| nex-forms-express-wp-form-builder | nex-forms-express-wp-form-builder | N/A | NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter | LOW | *-9.1.12 | 9.1.13 | June 29, 2026 | |
| wpdirectorykit | wpdirectorykit | N/A | WP Directory Kit <= 1.5.1 - Unauthenticated SQL Injection | LOW | *-1.5.1 | 1.5.2 | June 29, 2026 | |
| woocommerce-currency-switcher | woocommerce-currency-switcher | N/A | FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion | LOW | *-1.4.5 | 1.4.6 | June 29, 2026 | |
| smartcat-wpml | smartcat-wpml | N/A | Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update | LOW | *-3.1.77 | 3.1.78 | June 29, 2026 | |
| logtivity | logtivity |
93
|
Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Exposure | LOW | *-3.3.6 | 3.3.7 | June 29, 2026 |
LOW
alfie-the-productfeedtool-wp-plugin
alfie-the-productfeedtool-wp-plugin
LOW
wp-blockade
wp-blockade
LOW
easy-elements
easy-elements
LOW
simple-draft-list
simple-draft-list
LOW
cbxscratingreview
cbxscratingreview
LOW
kia-subtitle
kia-subtitle
LOW
location-weather
location-weather
LOW
erp-pro
erp-pro
LOW
import-products-from-gsheet-for-woo-importer
import-products-from-gsheet-for-woo-importer
LOW
bookingpress-appointment-booking-pro
bookingpress-appointment-booking-pro
LOW
the-plus-addons-for-elementor-page-builder
the-plus-addons-for-elementor-page-builder
LOW
the-plus-addons-for-elementor-page-builder
the-plus-addons-for-elementor-page-builder
LOW
mail-mint
mail-mint
LOW
cf7-styler
cf7-styler
LOW
fusion-builder
fusion-builder
LOW
fusion-builder
fusion-builder
LOW
wpb-floating-menu-or-categories
wpb-floating-menu-or-categories
LOW
broadstreet
broadstreet
LOW
yith-woocommerce-product-add-ons
yith-woocommerce-product-add-ons
LOW
visualizer
visualizer
LOW
VikBooking Hotel Booking Engine & PMS
vikbooking
LOW
service-booking-manager
service-booking-manager
LOW
quickwebp
quickwebp
LOW
powerpress
powerpress
LOW
pdf-for-elementor-forms
pdf-for-elementor-forms
LOW
ht-contactform
ht-contactform
LOW
giftware
giftware
LOW
final-tiles-grid-gallery-lite
final-tiles-grid-gallery-lite
LOW
divi-form-builder
divi-form-builder
LOW
revslider
revslider
LOW
acymailing
acymailing
LOW
anomify
anomify
LOW
ai-copilot-content-generator
ai-copilot-content-generator
LOW
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
nextgen-gallery
LOW
advanced-database-cleaner-premium
advanced-database-cleaner-premium
LOW
pixel-cost-of-goods
pixel-cost-of-goods
LOW
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
all-in-one-seo-pack
LOW
boost
boost
LOW
boost
boost
LOW
xpro-elementor-addons
xpro-elementor-addons
LOW
easy-elements
easy-elements
LOW
creative-mail-by-constant-contact
creative-mail-by-constant-contact
LOW
ts-webfonts-for-conoha
ts-webfonts-for-conoha
LOW
expand-maker
expand-maker
LOW
expand-maker
expand-maker
LOW
logo-manager-for-enamad
logo-manager-for-enamad
LOW
correct-prices
correct-prices
LOW
sponsorme
sponsorme
LOW
lj-comments-import-reloaded
lj-comments-import-reloaded
LOW
infility-global
infility-global
LOW
remove-yellow-bgbox
remove-yellow-bgbox
LOW
javibola-custom-theme
javibola-custom-theme
LOW
blogchat-chat-system
blogchat-chat-system
LOW
amazon-scraper
amazon-scraper
LOW
game-catalog
game-catalog
LOW
wp-sms-vatansms-com
wp-sms-vatansms-com
LOW
account-switcher
account-switcher
LOW
bigfishgames-syndicate
bigfishgames-syndicate
LOW
anomify
anomify
LOW
bottom-bar
bottom-bar
LOW
child-height-predictor
child-height-predictor
LOW
general-options
general-options
LOW
sticky
sticky
LOW
word-2-cash
word-2-cash
LOW
nexa-blocks
nexa-blocks
LOW
sentence-to-seo
sentence-to-seo
LOW
prosolution-wp-client
prosolution-wp-client
LOW
faces-of-users
faces-of-users
LOW
oliver-pos
oliver-pos
LOW
os-diagnosis-generator
os-diagnosis-generator
LOW
kirki
kirki
LOW
kirki
kirki
LOW
WP Activity Log
wp-security-audit-log
LOW
profit-products-tables-for-woocommerce
profit-products-tables-for-woocommerce
LOW
presto-player
presto-player
LOW
piotnet-addons-for-elementor-pro
piotnet-addons-for-elementor-pro
LOW
piotnetforms-pro
piotnetforms-pro
LOW
wpforo
wpforo
LOW
e2pdf
e2pdf
LOW
contest-gallery
contest-gallery
LOW
contest-gallery-pro
contest-gallery-pro
LOW
classified-listing
classified-listing
LOW
AI Engine – The Chatbot, AI Framework & MCP for WordPress
ai-engine
LOW
give
give
LOW
essential-chat-support
essential-chat-support
LOW
wt-smart-coupons-for-woocommerce
wt-smart-coupons-for-woocommerce
LOW
wp-document-revisions
wp-document-revisions
LOW
mycred
mycred
LOW
hydra-booking
hydra-booking
LOW
commenting-feature
commenting-feature
LOW
classified-listing
classified-listing
LOW
acf-frontend-form-element
acf-frontend-form-element
LOW
quick-playground
quick-playground
LOW
form-notify
form-notify
LOW
notify-odoo
notify-odoo
LOW
nex-forms-express-wp-form-builder
nex-forms-express-wp-form-builder
LOW
wpdirectorykit
wpdirectorykit
LOW
woocommerce-currency-switcher
woocommerce-currency-switcher
LOW
smartcat-wpml
smartcat-wpml
LOW
logtivity
logtivity
Showing 701 to 800 of 36189 results
Important: Review Required
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: June 29, 2026 at 01:26 UTC.