Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
magic-buttons-for-elementor	magic-buttons-for-elementor	91	Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode	LOW	*-1.0		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id'	LOW	*-4.89		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid	LOW	*-4.89		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate	LOW	*-4.89		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection	LOW	*-4.89		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution	LOW	*-4.89		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion	LOW	*-4.89		June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id'	LOW	*-3.2.17	3.2.18	June 30, 2026
wp-front-end-login-and-register	wp-front-end-login-and-register	N/A	WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting	LOW	*-2.1.0		June 30, 2026
drag-and-drop-file-uploads-wc-pro	drag-and-drop-file-uploads-wc-pro	93	Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.7.1, 5.0-5.0.5	1.7.2	June 30, 2026
wp-travel-blocks	wp-travel-blocks	N/A	WP Travel Gutenberg Blocks <= 3.9.0 - Unauthenticated Local File Inclusion	LOW	*-3.9.0	3.9.1	June 30, 2026
wp-leads-builder-any-crm	wp-leads-builder-any-crm	N/A	Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions	LOW	*-3.1	3.2	June 30, 2026
woo-product-multiaction	woo-product-multiaction	N/A	WooCommerce Product Multi-Action <= 1.3 - Unauthenticated PHP Object Injection	LOW	*-1.3		June 30, 2026
video-list-manager	video-list-manager	N/A	Video List Manager <= 1.7 - Unauthenticated SQL Injection	LOW	*-1.7		June 30, 2026
private-content-mail-actions	private-content-mail-actions	N/A	PrivateContent - Mail Actions <= 2.3.2 - Unauthenticated Local File Inclusion	LOW	*-2.3.2		June 30, 2026
ngg-smart-image-search	ngg-smart-image-search	N/A	NGG Smart Image Search <= 3.4.1 - Unauthenticated SQL Injection	LOW	*-3.4.1	3.4.3	June 30, 2026
lifterlms	lifterlms	93	LifterLMS <= 8.0.6 - Unauthenticated SQL Injection	LOW	*-8.0.6	8.0.7	June 30, 2026
leyka	leyka	89	Leyka <= 3.31.9 - Unauthenticated Local File Inclusion	LOW	*-3.31.9		June 30, 2026
learning-management-system-pro	learning-management-system-pro	93	Masteriyo LMS PRO <= 2.20.0 - Unauthenticated Privilege Escalation	LOW	*-2.20.0	2.20.1	June 30, 2026
eventlist	eventlist	93	Event List <= 1.9.2 - Unauthenticated Local File Inclusion	LOW	*-1.9.2	2.0.2	June 30, 2026
custom-login-and-signup-widget	custom-login-and-signup-widget	89	Custom Login And Signup Widget <= 1.0 - Authenticated (Administrator+) Remote Code Execution	LOW	*-1.0		June 30, 2026
css3_vertical_web_pricing_tables	css3_vertical_web_pricing_tables	93	CSS3 Vertical Web Pricing Tables <= 1.9 - Reflected Cross-Site Scripting	LOW	*-1.9	2.0	June 30, 2026
couponxxl-cpt	couponxxl-cpt	93	CouponXxL Custom Post Types <= 3.0 - Unauthenticated Privilege Escalation	LOW	*-3.0	3.1	June 30, 2026
cmsmasters-content-composer	cmsmasters-content-composer	93	CMSMasters Content Composer < 2.5.7 - Unauthenticated Local File Inclusion	LOW	[*, 2.5.7)	2.5.7	June 30, 2026
click-pledge-connect	click-pledge-connect	93	Click & Pledge Connect <= 25.04010101-WP6.8 - Unauthenticated SQL Injection to Privilege Escalation	LOW	* - 25.04010101-WP6.8	25.07000000-WP6.8.1	June 30, 2026
case-theme-user	case-theme-user	93	Case Theme User < 1.0.4 - Unauthenticated Local File Inclusion	LOW	[*, 1.0.4)	1.0.4	June 30, 2026
Beautiful Cookie Consent Banner	beautiful-and-responsive-cookie-consent	93	Beautiful Cookie Consent Banner <= 4.6.1 - Reflected Cross-Site Scripting	LOW	*-4.6.1	4.6.2	June 30, 2026
backwp	backwp	89	Backwp <= 2.0.2 - Reflected Cross-Site Scripting	LOW	*-2.0.2		June 30, 2026
advanced-gutenberg	advanced-gutenberg	97	Gutenberg Blocks <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.3.1	3.3.2	June 30, 2026
3d-flipbook-dflip-lite	3d-flipbook-dflip-lite	97	Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'	LOW	*-2.3.65	2.3.67	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode	LOW	*-3.5.21	3.5.22	June 30, 2026
opal-estate-pro	opal-estate-pro	N/A	Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'	LOW	*-1.7.5		June 30, 2026
webemailprotector	webemailprotector	N/A	Email Address Security by WebEmailProtector <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.3.6		June 30, 2026
mobiloud-mobile-app-plugin	mobiloud-mobile-app-plugin	93	MobiLoud <= 4.6.6 - Missing Authorization	LOW	*-4.6.6	4.6.6.1	June 30, 2026
fw-gallery	fw-gallery	87	FW Gallery <= 8.0.0 - Unauthenticated Arbitrary File Upload	LOW	*-8.0.0		June 30, 2026
cm-on-demand-search-and-replace	cm-on-demand-search-and-replace	91	CM On Demand Search And Replace <= 1.5.4 - Missing Authorization	LOW	*-1.5.4		June 30, 2026
booking-calendar-contact-form	booking-calendar-contact-form	93	Booking Calendar Contact Form <= 1.2.58 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.2.58	1.2.59	June 30, 2026
aviation-weather-from-noaa	aviation-weather-from-noaa	91	Aviation Weather from NOAA <= 0.7.2 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-0.7.2		June 30, 2026
wpdevart-pricing-table	wpdevart-pricing-table	N/A	Pricing Table builder <= 1.5.1 - Cross-Site Request Forgery	LOW	*-1.5.1		June 30, 2026
elisqlreports	elisqlreports	93	EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode	LOW	*-5.25.11	5.25.25	June 30, 2026
paid-membership	paid-membership	N/A	MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset	LOW	*-3.2.0	3.2.1	June 30, 2026
game-users-share-buttons	game-users-share-buttons	91	Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter	LOW	*-1.3.0		June 30, 2026
project-notebooks	project-notebooks	N/A	PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function	LOW	1.0.0-1.1.3	1.2.0	June 30, 2026
qi-addons-for-elementor	qi-addons-for-elementor	N/A	Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.1	1.9.2	June 30, 2026
wpvr	wpvr	N/A	WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.5.32	8.5.33	June 30, 2026
beeteam368-extensions-pro	beeteam368-extensions-pro	93	BeeTeam368 Extensions Pro <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion	LOW	*-2.3.4	2.3.5	June 30, 2026
beeteam368-extensions	beeteam368-extensions	91	BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion	LOW	*-2.3.4	2.3.5	June 30, 2026
yaysmtp	yaysmtp	N/A	YaySMTP <= 2.6.6 - Authenticated (Administrator+) SQL Injection	LOW	*-2.6.6	2.6.7	June 30, 2026
writesonic	writesonic	N/A	Writesonic <= 1.0.5 - Cross-Site Request Forgery	LOW	*-1.0.5	1.0.6	June 30, 2026
wpvr	wpvr	N/A	VR <= 8.5.48 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.5.48	8.5.49	June 30, 2026
wpshapere-lite	wpshapere-lite	N/A	WPShapere - WordPress admin theme <= 1.4.1 - Cross-Site Request Forgery	LOW	*-1.4.1		June 30, 2026
wpb-woocommerce-category-slider	wpb-woocommerce-category-slider	N/A	WPB Category Slider for WooCommerce <= 1.71 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.71		June 30, 2026
wpadcenter	wpadcenter	N/A	WP AdCenter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.6.0	2.6.1	June 30, 2026
wp-youtube-live	wp-youtube-live	N/A	WP YouTube Live <= 1.10.0 - Cross-Site Request Forgery	LOW	*-1.10.0	1.10.1	June 30, 2026
wp-visual-sitemap	wp-visual-sitemap	N/A	WP Visual Sitemap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 30, 2026
wp-permalink-translator	wp-permalink-translator	N/A	WP Permalink Translator <= 1.7.6 - Cross-Site Request Forgery	LOW	*-1.7.6		June 30, 2026
wp-optimizer	wp-optimizer	N/A	WP Optimizer <= 2.3.6 - Cross-Site Request Forgery	LOW	*-2.3.6		June 30, 2026
wp-gdpr-cookie-consen	wp-gdpr-cookie-consen	N/A	WP GDPR Cookie Consent <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 30, 2026
wp-edit	wp-edit	N/A	WP Edit <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.0.4		June 30, 2026
wp-db-booster	wp-db-booster	N/A	WP DB Booster <= 1.0.1 - Missing Authorization	LOW	*-1.0.1		June 30, 2026
wp-datatable	wp-datatable	N/A	WP DataTable <= 0.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.2.7		June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.148 - Cross-Site Request Forgery	LOW	*-1.2.148	1.2.149	June 30, 2026
weblizar-companion	weblizar-companion	N/A	IS-theme-companion <= 1.57 - Cross-Site Request Forgery	LOW	*-1.57		June 30, 2026
wc-spod	wc-spod	N/A	Spreadconnect <= 2.1.5 - Missing Authorization	LOW	*-2.1.5		June 30, 2026
virusdie	virusdie	N/A	Virusdie <= 1.1.3 - Cross-Site Request Forgery	LOW	*-1.1.3	1.1.4	June 30, 2026
twitch-tv-embed-suite	twitch-tv-embed-suite	N/A	Twitch TV Embed Suite <= 2.1.0 - Cross-Site Request Forgery	LOW	*-2.1.0		June 30, 2026
track-everything	track-everything	N/A	Track Everything <= 2.0.1 - Cross-Site Request Forgery	LOW	*-2.0.1		June 30, 2026
thumbnail-editor	thumbnail-editor	N/A	Thumbnail Editor <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.3		June 30, 2026
theme-junkie-team-content	theme-junkie-team-content	N/A	Theme Junkie Team Content <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1.1		June 30, 2026
spolecznosciowa-6-pl-2013	spolecznosciowa-6-pl-2013	N/A	Społecznościowa 6 PL 2013 <= 2.0.6 - Cross-Site Request Forgery	LOW	*-2.0.6		June 30, 2026
smart-agenda-prise-de-rendez-vous-en-ligne	smart-agenda-prise-de-rendez-vous-en-ligne	N/A	Smart Agenda <= 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.9	5.0	June 30, 2026
slick-engagement	slick-engagement	N/A	Slickstream <= 2.0.3 - Cross-Site Request Forgery	LOW	*-2.0.3	3.0.0	June 30, 2026
sertifier-certificates-open-badges	sertifier-certificates-open-badges	N/A	Sertifier Certificate & Badge Maker <= 1.21 - Missing Authorization	LOW	*-1.21		June 30, 2026
rss-digest	rss-digest	N/A	RSS Digest <= 1.5 - Cross-Site Request Forgery	LOW	*-1.5		June 30, 2026
responsive-block-editor-addons	responsive-block-editor-addons	N/A	Responsive Blocks <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.6	2.0.7	June 30, 2026
replace	replace	N/A	re.place <= 0.2.1 - Cross-Site Request Forgery	LOW	*-0.2.1		June 30, 2026
relocate-upload	relocate-upload	N/A	Relocate Upload <= 0.24.1 - Cross-Site Request Forgery	LOW	*-0.24.1		June 30, 2026
raise-the-money	raise-the-money	N/A	Raise The Money <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.2		June 30, 2026
quick-favicon	quick-favicon	N/A	Quick Favicon <= 0.22.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.22.8		June 30, 2026
pre-publish-post-checklist	pre-publish-post-checklist	N/A	Pre-Publish Post Checklist <= 3.1 - Missing Authorization	LOW	*-3.1		June 30, 2026
popup-addon-for-ninja-forms	popup-addon-for-ninja-forms	N/A	Popup addon for Ninja Forms <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4	3.5	June 30, 2026
podcast-feed-player-widget	podcast-feed-player-widget	N/A	Podcast Feed Player Widget and Shortcode <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.0		June 30, 2026
plugin-inspector	plugin-inspector	N/A	Plugin Inspector <= 1.5 - Authenticated (Admin+) Arbitrary File Download	LOW	*-1.5		June 30, 2026
plationline	plationline	N/A	PlatiOnline Payments <= 7.0.0 - Missing Authorization	LOW	*-7.0.0	7.0.1	June 30, 2026
onionbuzz-viral-quiz	onionbuzz-viral-quiz	N/A	OnionBuzz <= 1.0.7 - Cross-Site Request Forgery	LOW	*-1.0.7		June 30, 2026
onet-regenerate-thumbnails	onet-regenerate-thumbnails	N/A	ONet Regenerate Thumbnails <= 1.5 - Cross-Site Request Forgery	LOW	*-1.5		June 30, 2026
omnipress	omnipress	N/A	Omnipress <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.4	1.6.5	June 30, 2026
nd-booking	nd-booking	N/A	Hotel Booking <= 3.7 - Authenticated (Contributor+) Local File Inclusion	LOW	*-3.7	3.8	June 30, 2026
navayan-subscribe	navayan-subscribe	N/A	Navayan Subscribe <= 1.13 - Cross-Site Request Forgery	LOW	*-1.13		June 30, 2026
my-wp-brand	my-wp-brand	N/A	My Wp Brand <= 1.1.3 - Cross-Site Request Forgery	LOW	*-1.1.3	1.1.4	June 30, 2026
my-resume-builder	my-resume-builder	N/A	My Resume Builder <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.3		June 30, 2026
leyka	leyka	89	Leyka <= 3.31.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.31.9		June 30, 2026
jet-engine	jet-engine	93	JetEngine <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.7.0	3.7.1.1	June 30, 2026
import-external-attachments	import-external-attachments	89	Import external attachments <= 1.5.12 - Cross-Site Request Forgery	LOW	*-1.5.12		June 30, 2026
image-slider-with-description	image-slider-with-description	91	Image Slider With Description <= 9.2 - Cross-Site Request Forgery	LOW	*-9.2		June 30, 2026
image-cleanup	image-cleanup	87	Image Cleanup <= 1.9.2 - Cross-Site Request Forgery	LOW	*-1.9.2		June 30, 2026
icount	icount	91	iCount Payment Gateway <= 2.0.6 - Missing Authorization	LOW	*-2.0.6		June 30, 2026
hurrytimer	hurrytimer	93	HurryTimer <= 2.13.1 - Missing Authorization	LOW	*-2.13.1	2.14.0	June 30, 2026
ht-slider-for-elementor	ht-slider-for-elementor	93	HT Slider For Elementor <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.5	1.6.6	June 30, 2026
ht-mega-for-wpbakery	ht-mega-for-wpbakery	93	HT Mega – Absolute Addons for WPBakery Page Builder <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.8	1.0.9	June 30, 2026

LOW

magic-buttons-for-elementor

Score: 91/100 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id' Affected: *-4.89 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid Affected: *-4.89 Patched: Updated: June 30, 2026

LOW

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate Affected: *-4.89 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection Affected: *-4.89 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution Affected: *-4.89 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion Affected: *-4.89 Patched: Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id' Affected: *-3.2.17 Patched: 3.2.18 Updated: June 30, 2026

LOW

wp-front-end-login-and-register

Score: N/A WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: June 30, 2026

LOW

drag-and-drop-file-uploads-wc-pro

Score: 93/100 Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload Affected: *-1.7.1, 5.0-5.0.5 Patched: 1.7.2 Updated: June 30, 2026

LOW

wp-travel-blocks

Score: N/A WP Travel Gutenberg Blocks <= 3.9.0 - Unauthenticated Local File Inclusion Affected: *-3.9.0 Patched: 3.9.1 Updated: June 30, 2026

LOW

wp-leads-builder-any-crm

Score: N/A Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions Affected: *-3.1 Patched: 3.2 Updated: June 30, 2026

LOW

woo-product-multiaction

Score: N/A WooCommerce Product Multi-Action <= 1.3 - Unauthenticated PHP Object Injection Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

video-list-manager

Score: N/A Video List Manager <= 1.7 - Unauthenticated SQL Injection Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

private-content-mail-actions

Score: N/A PrivateContent - Mail Actions <= 2.3.2 - Unauthenticated Local File Inclusion Affected: *-2.3.2 Patched: Updated: June 30, 2026

LOW

ngg-smart-image-search

Score: N/A NGG Smart Image Search <= 3.4.1 - Unauthenticated SQL Injection Affected: *-3.4.1 Patched: 3.4.3 Updated: June 30, 2026

LOW

lifterlms

Score: 93/100 LifterLMS <= 8.0.6 - Unauthenticated SQL Injection Affected: *-8.0.6 Patched: 8.0.7 Updated: June 30, 2026

LOW

leyka

Score: 89/100 Leyka <= 3.31.9 - Unauthenticated Local File Inclusion Affected: *-3.31.9 Patched: Updated: June 30, 2026

LOW

learning-management-system-pro

Score: 93/100 Masteriyo LMS PRO <= 2.20.0 - Unauthenticated Privilege Escalation Affected: *-2.20.0 Patched: 2.20.1 Updated: June 30, 2026

LOW

eventlist

Score: 93/100 Event List <= 1.9.2 - Unauthenticated Local File Inclusion Affected: *-1.9.2 Patched: 2.0.2 Updated: June 30, 2026

LOW

custom-login-and-signup-widget

Score: 89/100 Custom Login And Signup Widget <= 1.0 - Authenticated (Administrator+) Remote Code Execution Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

css3_vertical_web_pricing_tables

Score: 93/100 CSS3 Vertical Web Pricing Tables <= 1.9 - Reflected Cross-Site Scripting Affected: *-1.9 Patched: 2.0 Updated: June 30, 2026

LOW

couponxxl-cpt

Score: 93/100 CouponXxL Custom Post Types <= 3.0 - Unauthenticated Privilege Escalation Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

cmsmasters-content-composer

Score: 93/100 CMSMasters Content Composer < 2.5.7 - Unauthenticated Local File Inclusion Affected: [*, 2.5.7) Patched: 2.5.7 Updated: June 30, 2026

LOW

click-pledge-connect

Score: 93/100 Click & Pledge Connect <= 25.04010101-WP6.8 - Unauthenticated SQL Injection to Privilege Escalation Affected: * - 25.04010101-WP6.8 Patched: 25.07000000-WP6.8.1 Updated: June 30, 2026

LOW

case-theme-user

Score: 93/100 Case Theme User < 1.0.4 - Unauthenticated Local File Inclusion Affected: [*, 1.0.4) Patched: 1.0.4 Updated: June 30, 2026

LOW

Beautiful Cookie Consent Banner

beautiful-and-responsive-cookie-consent

Score: 93/100 Beautiful Cookie Consent Banner <= 4.6.1 - Reflected Cross-Site Scripting Affected: *-4.6.1 Patched: 4.6.2 Updated: June 30, 2026

LOW

backwp

Score: 89/100 Backwp <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

advanced-gutenberg

Score: 97/100 Gutenberg Blocks <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026

LOW

3d-flipbook-dflip-lite

Score: 97/100 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' Affected: *-2.3.65 Patched: 2.3.67 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode Affected: *-3.5.21 Patched: 3.5.22 Updated: June 30, 2026

LOW

opal-estate-pro

Score: N/A Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' Affected: *-1.7.5 Patched: Updated: June 30, 2026

LOW

webemailprotector

Score: N/A Email Address Security by WebEmailProtector <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.3.6 Patched: Updated: June 30, 2026

LOW

mobiloud-mobile-app-plugin

Score: 93/100 MobiLoud <= 4.6.6 - Missing Authorization Affected: *-4.6.6 Patched: 4.6.6.1 Updated: June 30, 2026

LOW

fw-gallery

Score: 87/100 FW Gallery <= 8.0.0 - Unauthenticated Arbitrary File Upload Affected: *-8.0.0 Patched: Updated: June 30, 2026

LOW

cm-on-demand-search-and-replace

Score: 91/100 CM On Demand Search And Replace <= 1.5.4 - Missing Authorization Affected: *-1.5.4 Patched: Updated: June 30, 2026

LOW

booking-calendar-contact-form

Score: 93/100 Booking Calendar Contact Form <= 1.2.58 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2.58 Patched: 1.2.59 Updated: June 30, 2026

LOW

aviation-weather-from-noaa

Score: 91/100 Aviation Weather from NOAA <= 0.7.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-0.7.2 Patched: Updated: June 30, 2026

LOW

wpdevart-pricing-table

Score: N/A Pricing Table builder <= 1.5.1 - Cross-Site Request Forgery Affected: *-1.5.1 Patched: Updated: June 30, 2026

LOW

elisqlreports

Score: 93/100 EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode Affected: *-5.25.11 Patched: 5.25.25 Updated: June 30, 2026

LOW

paid-membership

Score: N/A MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset Affected: *-3.2.0 Patched: 3.2.1 Updated: June 30, 2026

LOW

game-users-share-buttons

Score: 91/100 Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter Affected: *-1.3.0 Patched: Updated: June 30, 2026

LOW

project-notebooks

Score: N/A PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function Affected: 1.0.0-1.1.3 Patched: 1.2.0 Updated: June 30, 2026

LOW

qi-addons-for-elementor

Score: N/A Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.1 Patched: 1.9.2 Updated: June 30, 2026

LOW

wpvr

Score: N/A WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.5.32 Patched: 8.5.33 Updated: June 30, 2026

LOW

beeteam368-extensions-pro

Score: 93/100 BeeTeam368 Extensions Pro <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

beeteam368-extensions

Score: 91/100 BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

yaysmtp

Score: N/A YaySMTP <= 2.6.6 - Authenticated (Administrator+) SQL Injection Affected: *-2.6.6 Patched: 2.6.7 Updated: June 30, 2026

LOW

writesonic

Score: N/A Writesonic <= 1.0.5 - Cross-Site Request Forgery Affected: *-1.0.5 Patched: 1.0.6 Updated: June 30, 2026

LOW

wpvr

Score: N/A VR <= 8.5.48 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.5.48 Patched: 8.5.49 Updated: June 30, 2026

LOW

wpshapere-lite

Score: N/A WPShapere - WordPress admin theme <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: Updated: June 30, 2026

LOW

wpb-woocommerce-category-slider

Score: N/A WPB Category Slider for WooCommerce <= 1.71 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.71 Patched: Updated: June 30, 2026

LOW

wpadcenter

Score: N/A WP AdCenter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026

LOW

wp-youtube-live

Score: N/A WP YouTube Live <= 1.10.0 - Cross-Site Request Forgery Affected: *-1.10.0 Patched: 1.10.1 Updated: June 30, 2026

LOW

wp-visual-sitemap

Score: N/A WP Visual Sitemap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wp-permalink-translator

Score: N/A WP Permalink Translator <= 1.7.6 - Cross-Site Request Forgery Affected: *-1.7.6 Patched: Updated: June 30, 2026

LOW

wp-optimizer

Score: N/A WP Optimizer <= 2.3.6 - Cross-Site Request Forgery Affected: *-2.3.6 Patched: Updated: June 30, 2026

LOW

wp-gdpr-cookie-consen

Score: N/A WP GDPR Cookie Consent <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

wp-edit

Score: N/A WP Edit <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.4 Patched: Updated: June 30, 2026

LOW

wp-db-booster

Score: N/A WP DB Booster <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

wp-datatable

Score: N/A WP DataTable <= 0.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.7 Patched: Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.148 - Cross-Site Request Forgery Affected: *-1.2.148 Patched: 1.2.149 Updated: June 30, 2026

LOW

weblizar-companion

Score: N/A IS-theme-companion <= 1.57 - Cross-Site Request Forgery Affected: *-1.57 Patched: Updated: June 30, 2026

LOW

wc-spod

Score: N/A Spreadconnect <= 2.1.5 - Missing Authorization Affected: *-2.1.5 Patched: Updated: June 30, 2026

LOW

virusdie

Score: N/A Virusdie <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

twitch-tv-embed-suite

Score: N/A Twitch TV Embed Suite <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: Updated: June 30, 2026

LOW

track-everything

Score: N/A Track Everything <= 2.0.1 - Cross-Site Request Forgery Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

thumbnail-editor

Score: N/A Thumbnail Editor <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.3 Patched: Updated: June 30, 2026

LOW

theme-junkie-team-content

Score: N/A Theme Junkie Team Content <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 30, 2026

LOW

spolecznosciowa-6-pl-2013

Score: N/A Społecznościowa 6 PL 2013 <= 2.0.6 - Cross-Site Request Forgery Affected: *-2.0.6 Patched: Updated: June 30, 2026

LOW

smart-agenda-prise-de-rendez-vous-en-ligne

Score: N/A Smart Agenda <= 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.9 Patched: 5.0 Updated: June 30, 2026

LOW

slick-engagement

Score: N/A Slickstream <= 2.0.3 - Cross-Site Request Forgery Affected: *-2.0.3 Patched: 3.0.0 Updated: June 30, 2026

LOW

sertifier-certificates-open-badges

Score: N/A Sertifier Certificate & Badge Maker <= 1.21 - Missing Authorization Affected: *-1.21 Patched: Updated: June 30, 2026

LOW

rss-digest

Score: N/A RSS Digest <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

responsive-block-editor-addons

Score: N/A Responsive Blocks <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: June 30, 2026

LOW

replace

Score: N/A re.place <= 0.2.1 - Cross-Site Request Forgery Affected: *-0.2.1 Patched: Updated: June 30, 2026

LOW

relocate-upload

Score: N/A Relocate Upload <= 0.24.1 - Cross-Site Request Forgery Affected: *-0.24.1 Patched: Updated: June 30, 2026

LOW

raise-the-money

Score: N/A Raise The Money <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2 Patched: Updated: June 30, 2026

LOW

quick-favicon

Score: N/A Quick Favicon <= 0.22.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.22.8 Patched: Updated: June 30, 2026

LOW

pre-publish-post-checklist

Score: N/A Pre-Publish Post Checklist <= 3.1 - Missing Authorization Affected: *-3.1 Patched: Updated: June 30, 2026

LOW

popup-addon-for-ninja-forms

Score: N/A Popup addon for Ninja Forms <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4 Patched: 3.5 Updated: June 30, 2026

LOW

podcast-feed-player-widget

Score: N/A Podcast Feed Player Widget and Shortcode <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: June 30, 2026

LOW

plugin-inspector

Score: N/A Plugin Inspector <= 1.5 - Authenticated (Admin+) Arbitrary File Download Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

plationline

Score: N/A PlatiOnline Payments <= 7.0.0 - Missing Authorization Affected: *-7.0.0 Patched: 7.0.1 Updated: June 30, 2026

LOW

onionbuzz-viral-quiz

Score: N/A OnionBuzz <= 1.0.7 - Cross-Site Request Forgery Affected: *-1.0.7 Patched: Updated: June 30, 2026

LOW

onet-regenerate-thumbnails

Score: N/A ONet Regenerate Thumbnails <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

omnipress

Score: N/A Omnipress <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

nd-booking

Score: N/A Hotel Booking <= 3.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

navayan-subscribe

Score: N/A Navayan Subscribe <= 1.13 - Cross-Site Request Forgery Affected: *-1.13 Patched: Updated: June 30, 2026

LOW

my-wp-brand

Score: N/A My Wp Brand <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

my-resume-builder

Score: N/A My Resume Builder <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

leyka

Score: 89/100 Leyka <= 3.31.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.31.9 Patched: Updated: June 30, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0 Patched: 3.7.1.1 Updated: June 30, 2026

LOW

import-external-attachments

Score: 89/100 Import external attachments <= 1.5.12 - Cross-Site Request Forgery Affected: *-1.5.12 Patched: Updated: June 30, 2026

LOW

image-slider-with-description

Score: 91/100 Image Slider With Description <= 9.2 - Cross-Site Request Forgery Affected: *-9.2 Patched: Updated: June 30, 2026

LOW

image-cleanup

Score: 87/100 Image Cleanup <= 1.9.2 - Cross-Site Request Forgery Affected: *-1.9.2 Patched: Updated: June 30, 2026

LOW

icount

Score: 91/100 iCount Payment Gateway <= 2.0.6 - Missing Authorization Affected: *-2.0.6 Patched: Updated: June 30, 2026

LOW

hurrytimer

Score: 93/100 HurryTimer <= 2.13.1 - Missing Authorization Affected: *-2.13.1 Patched: 2.14.0 Updated: June 30, 2026

LOW

ht-slider-for-elementor

Score: 93/100 HT Slider For Elementor <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

ht-mega-for-wpbakery

Score: 93/100 HT Mega – Absolute Addons for WPBakery Page Builder <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

Showing 7901 to 8000 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 09:36 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List