Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
hover-effects	hover-effects	93	Hover Effects <= 2.1.2 - Authenticated (Administrator+) SQL Injection	LOW	*-2.1.2	2.1.3	June 30, 2026
hidepost	hidepost	89	HidePost <= 2.3.8 - Cross-Site Request Forgery	LOW	*-2.3.8		June 30, 2026
hide-admin-bar-from-front-end	hide-admin-bar-from-front-end	91	Hide Admin Bar From Front End <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 30, 2026
grand-media	grand-media	91	Gmedia Photo Gallery <= 1.23.0 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.23.0	1.24.0	June 30, 2026
gf-google-address-autocomplete	gf-google-address-autocomplete	93	Address Autocomplete via Google for Gravity Forms <= 1.3.4 - Cross-Site Request Forgery	LOW	*-1.3.4	1.3.5	June 30, 2026
free-downloads-edd	free-downloads-edd	91	Free Downloads EDD <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
forum-server	forum-server	89	WP Forum Server <= 1.8.2 - Cross-Site Request Forgery	LOW	*-1.8.2		June 30, 2026
forum-server	forum-server	89	WP Forum Server <= 1.8.2 - Authenticated (Administrator+) SQL Injection	LOW	*-1.8.2		June 30, 2026
football-pool	football-pool	93	Football Pool <= 2.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.12.5	2.12.6	June 30, 2026
file-manager-plugin-for-wordpress	file-manager-plugin-for-wordpress	91	File Manager Plugin For Wordpress <= 7.5 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-7.5		June 30, 2026
ec-stars-rating	ec-stars-rating	91	EC Stars Rating <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.11		June 30, 2026
easy-sticky-sidebar	easy-sticky-sidebar	93	WordPress CTA <= 1.7.0 - Cross-Site Request Forgery	LOW	*-1.7.0	1.7.1	June 30, 2026
devnex-addons-for-elementor	devnex-addons-for-elementor	89	Devnex Addons For Elementor <= 1.0.9 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.0.9		June 30, 2026
dashboard-widget-sidebar	dashboard-widget-sidebar	91	Dashboard Widget Sidebar <= 1.2.3 - Missing Authorization	LOW	*-1.2.3		June 30, 2026
cyrlitera	cyrlitera	93	Cyrlitera <= 1.3.0 - Cross-Site Request Forgery	LOW	*-1.3.0	1.3.1	June 30, 2026
cron-logger	cron-logger	91	Cron Logger <= 1.3.0 - Missing Authorization	LOW	*-1.3.0		June 30, 2026
cookiebot	cookiebot	93	Cookiebot <= 4.5.8 - Cross-Site Request Forgery	LOW	*-4.5.8	4.5.9	June 30, 2026
contact-form-7-hide-success-message	contact-form-7-hide-success-message	91	Contact Form – 7 : Hide Success Message <= 1.1.4 - Missing Authorization	LOW	*-1.1.4		June 30, 2026
cms-blocks	cms-blocks	91	CMS Blocks <= 1.1 - Missing Authorization	LOW	*-1.1		June 30, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	ChatBot <= 6.7.3 - Missing Authorization	LOW	*-6.7.3	6.7.5	June 30, 2026
Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)	burst-statistics	74	Burst Statistics <= 2.0.6 - Cross-Site Request Forgery	LOW	*-2.0.6	2.0.8	June 30, 2026
beauty-contact-popup-form	beauty-contact-popup-form	91	Beauty Contact Popup Form <= 6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-6.0		June 30, 2026
audio-editor-recorder	audio-editor-recorder	93	Audio Editor & Recorder <= 2.2.3 - Unauthenticated Information Exposure	LOW	*-2.2.3	2.2.4	June 30, 2026
aioseo-multibyte-descriptions	aioseo-multibyte-descriptions	95	Aioseo Multibyte Descriptions <= 0.0.6 - Cross-Site Request Forgery	LOW	*-0.0.6		June 30, 2026
additional-order-filters-for-woocommerce	additional-order-filters-for-woocommerce	97	Additional Order Filters for WooCommerce <= 1.22 - Cross-Site Request Forgery	LOW	*-1.22	1.23	June 30, 2026
add-replace-affiliate-links-for-amazon	add-replace-affiliate-links-for-amazon	95	Add & Replace Affiliate Links for Amazon <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.6		June 30, 2026
accept-stripe-payments-using-contact-form-7	accept-stripe-payments-using-contact-form-7	97	Accept Stripe Payments Using Contact Form 7 <= 3.0 - Unauthenticated Information Exposure	LOW	*-3.0	3.1	June 30, 2026
accept-authorize-net-payments-using-contact-form-7	accept-authorize-net-payments-using-contact-form-7	97	Accept Authorize.NET Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure	LOW	*-2.5	2.6	June 30, 2026
the-pack-addon	the-pack-addon	N/A	The Pack Elementor addon <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.4	2.1.5	June 30, 2026
osomblocks	osomblocks	N/A	Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter	LOW	*-1.2.1	1.2.2	June 30, 2026
fl3r-accessibility-suite	fl3r-accessibility-suite	91	FL3R Accessibility Suite <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode	LOW	*-1.4		June 30, 2026
ab-testing-for-wp	ab-testing-for-wp	95	A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.18.2		June 30, 2026
vr-calendar-sync	vr-calendar-sync	N/A	VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync	LOW	*-2.4.7		June 30, 2026
ismobile	ismobile	93	isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter	LOW	*-1.1.1	1.1.2	June 30, 2026
wp-wall	wp-wall	N/A	WP Wall <= 1.7.3 - Reflected Cross-Site Scripting	LOW	*-1.7.3		June 30, 2026
wp-recall	wp-recall	N/A	WP-Recall <= 16.26.14 - Reflected Cross-Site Scripting	LOW	*-16.26.14		June 30, 2026
wp-jobsearch	wp-jobsearch	N/A	JobSearch < 3.0.6 - Reflected Cross-Site Scripting	LOW	[*, 3.0.6)	3.0.6	June 30, 2026
video-list-manager	video-list-manager	N/A	Video List Manager <= 1.7 - Reflected Cross-Site Scripting	LOW	*-1.7		June 30, 2026
vgw-metis	vgw-metis	N/A	VG WORT METIS <= 2.0.1 - Missing Authorization	LOW	*-2.0.1		June 30, 2026
valvepress-rankie	valvepress-rankie	N/A	Rankie <= 1.8.2 - Reflected Cross-Site Scripting	LOW	*-1.8.2	1.8.3	June 30, 2026
team-showcase-cm	team-showcase-cm	N/A	Team Showcase < 25.05.13 - Reflected Cross-Site Scripting	LOW	[*, 25.05.13)	25.05.13	June 30, 2026
stop-user-enumeration	stop-user-enumeration	N/A	Stop User Enumeration <= 1.7.2 - Protection Mechanism Bypass	LOW	*-1.7.2	1.7.3	June 30, 2026
simple-payment	simple-payment	N/A	Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin	LOW	1.3.6-2.3.8	2.3.9	June 30, 2026
sb-breadcrumbs	sb-breadcrumbs	N/A	SB Breadcrumbs <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
ninja-tables	ninja-tables	N/A	Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery	LOW	*-5.0.18	5.0.19	June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI	LOW	*-3.10.2.1	3.10.2.2	June 30, 2026
Mollie Payments for WooCommerce	mollie-payments-for-woocommerce	92	Mollie Payments for WooCommerce <= 8.0.2 - Unauthenticated Insecure Direct Object Reference	LOW	*-8.0.2	8.0.3	June 30, 2026
content-manager-light	content-manager-light	89	Content Manager Light <= 3.2 - Reflected Cross-Site Scripting	LOW	*-3.2		June 30, 2026
acf-frontend-form-element	acf-frontend-form-element	97	Frontend Admin by DynamiApps <= 3.28.7 - Authenticated (Editor+) Arbitrary File Deletion	LOW	*-3.28.7	3.28.8	June 30, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets	LOW	*-1.7.1028	1.7.1029	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module	LOW	3.5.11-3.5.19	3.5.20	June 30, 2026
mdl-shortcodes	mdl-shortcodes	93	Modern Design Library <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter	LOW	*-1.1.4	1.1.5	June 30, 2026
drive-folder-embeder	drive-folder-embeder	91	Drive Folder Embedder <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter	LOW	*-1.1.0		June 30, 2026
charitable	charitable	93	Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings	LOW	*-1.8.6.1	1.8.6.2	June 30, 2026
import-products-to-wc	import-products-to-wc	89	Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation	LOW	*-1.2.7		June 30, 2026
web-cam	web-cam	N/A	web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter	LOW	*-3.0	3.1	June 30, 2026
homerunner-smartcheckout	homerunner-smartcheckout	93	Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.30	1.0.31	June 30, 2026
namasha-by-mdesign	namasha-by-mdesign	N/A	Namasha By Mdesign <= 1.2.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via playicon_title Parameter	LOW	*-1.2.00	1.2.05	June 30, 2026
the-countdown	the-countdown	N/A	The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter	LOW	*-2.0.1		June 30, 2026
post-rating-and-review	post-rating-and-review	N/A	Post Rating and Review <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter	LOW	*-1.3.4		June 30, 2026
vgw-metis	vgw-metis	N/A	VG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update	LOW	*-2.0.0	2.0.1	June 30, 2026
wp-photonav	wp-photonav	N/A	WP-PhotoNav <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode	LOW	*-1.2.2		June 30, 2026
wp-registration	wp-registration	N/A	Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation	LOW	*-6.3	6.4	June 30, 2026
gc-social-wall	gc-social-wall	91	GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.15		June 30, 2026
wp-easy-events	wp-easy-events	N/A	Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1.0	4.2.0	June 30, 2026
wp-soundsystem	wp-soundsystem	N/A	WP SoundSystem <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode	LOW	*-3.4.2		June 30, 2026
responsive-food-and-drink-menu	responsive-food-and-drink-menu	N/A	Responsive Food and Drink Menu <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_pdf_menus Shortcode	LOW	*-2.3		June 30, 2026
post-carousel-slider-for-elementor	post-carousel-slider-for-elementor	N/A	Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function	LOW	*-1.6.0	1.7.0	June 30, 2026
tournament-bracket-generator	tournament-bracket-generator	N/A	Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode	LOW	*-1.0.0		June 30, 2026
timezonecalculator	timezonecalculator	N/A	TimeZoneCalculator <= 3.37 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.37		June 30, 2026
image-editor-by-pixo	image-editor-by-pixo	91	Image Editor by Pixo <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter	LOW	*-2.3.6	2.3.7	June 30, 2026
responsive-owl-carousel	responsive-owl-carousel	N/A	Owl carousel responsive <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter	LOW	*-1.9		June 30, 2026
enigma-buttons	enigma-buttons	91	e.nigma buttons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.3		June 30, 2026
wp-masonry-infinite-scroll	wp-masonry-infinite-scroll	N/A	WP Masonry & Infinite Scroll <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2	2.3	June 30, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates <= 7.2.0 - Missing Authorization	LOW	*-7.2.0	7.2.1	June 30, 2026
serped-net	serped-net	N/A	SERPed.net <= 4.6 - Unauthenticated Local File Inclusion	LOW	*-4.6	4.7	June 30, 2026
fw-gallery	fw-gallery	87	FW Gallery <= 8.0.0 - Unauthenticated Local File Inclusion	LOW	*-8.0.0		June 30, 2026
davenport	davenport	91	Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Unauthenticated Local File Inclusion	LOW	*-1.3		June 30, 2026
ctuser	ctuser	91	CTUsers <= 1.0.0 - Unauthenticated Local File Inclusion	LOW	*-1.0.0		June 30, 2026
everest-forms-pro	everest-forms-pro	93	Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion	LOW	*-1.9.4	1.9.5	June 30, 2026
so-widgets-bundle	so-widgets-bundle	N/A	SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute	LOW	*-1.68.5	1.69.0	June 30, 2026
zikzag-core	zikzag-core	N/A	Zikzag Core <= 1.4.5 - Unauthenticated Local File Inclusion	LOW	*-1.4.5	1.4.6	June 30, 2026
wc-dropi-integration	wc-dropi-integration	N/A	Dropify <= 4.6.9 - Reflected Cross-Site Scripting	LOW	*-4.6.9		June 30, 2026
thememove-core	thememove-core	N/A	ThemeMove Core <= 1.4.2 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-1.4.2		June 30, 2026
smartpay	smartpay	N/A	WP SmartPay <= 2.7.13 - Authenticated (Subscriber+) Account Takeover	LOW	*-2.7.13	2.8.0	June 30, 2026
gg-bought-together	gg-bought-together	91	GG Bought Together for WooCommerce <= 1.0.2 - Unauthenticated SQL Injection	LOW	*-1.0.2		June 30, 2026
fw-food-menu	fw-food-menu	89	FW Food Menu <= 6.0.0 - Unauthenticated Arbitrary File Deletion	LOW	*-6.0.0		June 30, 2026
drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon	drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon	91	Drop Uploader for CF7 - Drag&Drop File Uploader Addon <= 2.4.1 - Unauthenticated Arbitrary File Upload	LOW	*-2.4.1		June 30, 2026
conference-scheduler	conference-scheduler	93	Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter	LOW	*-2.5.1	2.5.2	June 30, 2026
xili-dictionary	xili-dictionary	N/A	xili-dictionary <= 2.12.5.2 - Reflected Cross-Site Scripting	LOW	*-2.12.5.2		June 30, 2026
wpkit-elementor	wpkit-elementor	N/A	WPKit For Elementor <= 1.1.0 - Missing Authorization to Unauthenticated Arbitrary Options Update	LOW	*-1.1.0		June 30, 2026
wpcrm	wpcrm	N/A	WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - Reflected Cross-Site Scripting	LOW	*-3.2.0		June 30, 2026
wp-optimize-by-xtraffic	wp-optimize-by-xtraffic	N/A	WP Optimize By xTraffic <= 5.1.6 - Unauthenticated PHP Object Injection	LOW	*-5.1.6		June 30, 2026
wp-event-solution	wp-event-solution	N/A	Eventin <= 4.0.28 - Reflected Cross-Site Scripting	LOW	*-4.0.28	4.0.29	June 30, 2026
trusty-whistleblowing-solution	trusty-whistleblowing-solution	N/A	Trusty Whistleblowing <= 2.0.1 - Missing Authorization	LOW	*-2.0.1	2.0.2	June 30, 2026
qc-simple-link-directory	qc-simple-link-directory	N/A	Simple Link Directory < 14.8.1 - Authenticated (Subscriber+) SQL Injection	LOW	[*, 14.8.1)	14.8.1	June 30, 2026
photo-express-for-google	photo-express-for-google	N/A	Photo Express for Google <= 0.3.2 - Reflected Cross-Site Scripting	LOW	*-0.3.2		June 30, 2026
ova-brw	ova-brw	N/A	BRW <= 1.8.7 - Unauthenticated Local File Inclusion	LOW	*-1.8.7	1.8.8	June 30, 2026
off-canvas-sidebars	off-canvas-sidebars	N/A	Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.4 - Reflected Cross-Site Scripting	LOW	*-0.5.8.4	0.5.8.5	June 30, 2026
national-weather-service-alerts	national-weather-service-alerts	N/A	National Weather Service Alerts <= 1.3.5 - Unauthenticated Local File Inclusion	LOW	*-1.3.5		June 30, 2026

LOW

hover-effects

Score: 93/100 Hover Effects <= 2.1.2 - Authenticated (Administrator+) SQL Injection Affected: *-2.1.2 Patched: 2.1.3 Updated: June 30, 2026

LOW

hidepost

Score: 89/100 HidePost <= 2.3.8 - Cross-Site Request Forgery Affected: *-2.3.8 Patched: Updated: June 30, 2026

LOW

hide-admin-bar-from-front-end

Score: 91/100 Hide Admin Bar From Front End <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

grand-media

Score: 91/100 Gmedia Photo Gallery <= 1.23.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.23.0 Patched: 1.24.0 Updated: June 30, 2026

LOW

gf-google-address-autocomplete

Score: 93/100 Address Autocomplete via Google for Gravity Forms <= 1.3.4 - Cross-Site Request Forgery Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

free-downloads-edd

Score: 91/100 Free Downloads EDD <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

forum-server

Score: 89/100 WP Forum Server <= 1.8.2 - Cross-Site Request Forgery Affected: *-1.8.2 Patched: Updated: June 30, 2026

LOW

forum-server

Score: 89/100 WP Forum Server <= 1.8.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.8.2 Patched: Updated: June 30, 2026

LOW

football-pool

Score: 93/100 Football Pool <= 2.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.12.5 Patched: 2.12.6 Updated: June 30, 2026

LOW

file-manager-plugin-for-wordpress

Score: 91/100 File Manager Plugin For Wordpress <= 7.5 - Authenticated (Admin+) Arbitrary File Upload Affected: *-7.5 Patched: Updated: June 30, 2026

LOW

ec-stars-rating

Score: 91/100 EC Stars Rating <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.11 Patched: Updated: June 30, 2026

LOW

easy-sticky-sidebar

Score: 93/100 WordPress CTA <= 1.7.0 - Cross-Site Request Forgery Affected: *-1.7.0 Patched: 1.7.1 Updated: June 30, 2026

LOW

devnex-addons-for-elementor

Score: 89/100 Devnex Addons For Elementor <= 1.0.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0.9 Patched: Updated: June 30, 2026

LOW

dashboard-widget-sidebar

Score: 91/100 Dashboard Widget Sidebar <= 1.2.3 - Missing Authorization Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

cyrlitera

Score: 93/100 Cyrlitera <= 1.3.0 - Cross-Site Request Forgery Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

cron-logger

Score: 91/100 Cron Logger <= 1.3.0 - Missing Authorization Affected: *-1.3.0 Patched: Updated: June 30, 2026

LOW

cookiebot

Score: 93/100 Cookiebot <= 4.5.8 - Cross-Site Request Forgery Affected: *-4.5.8 Patched: 4.5.9 Updated: June 30, 2026

LOW

contact-form-7-hide-success-message

Score: 91/100 Contact Form – 7 : Hide Success Message <= 1.1.4 - Missing Authorization Affected: *-1.1.4 Patched: Updated: June 30, 2026

LOW

cms-blocks

Score: 91/100 CMS Blocks <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 ChatBot <= 6.7.3 - Missing Authorization Affected: *-6.7.3 Patched: 6.7.5 Updated: June 30, 2026

LOW

Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

burst-statistics

Score: 74/100 Burst Statistics <= 2.0.6 - Cross-Site Request Forgery Affected: *-2.0.6 Patched: 2.0.8 Updated: June 30, 2026

LOW

beauty-contact-popup-form

Score: 91/100 Beauty Contact Popup Form <= 6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.0 Patched: Updated: June 30, 2026

LOW

audio-editor-recorder

Score: 93/100 Audio Editor & Recorder <= 2.2.3 - Unauthenticated Information Exposure Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

aioseo-multibyte-descriptions

Score: 95/100 Aioseo Multibyte Descriptions <= 0.0.6 - Cross-Site Request Forgery Affected: *-0.0.6 Patched: Updated: June 30, 2026

LOW

additional-order-filters-for-woocommerce

Score: 97/100 Additional Order Filters for WooCommerce <= 1.22 - Cross-Site Request Forgery Affected: *-1.22 Patched: 1.23 Updated: June 30, 2026

LOW

add-replace-affiliate-links-for-amazon

Score: 95/100 Add & Replace Affiliate Links for Amazon <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

accept-stripe-payments-using-contact-form-7

Score: 97/100 Accept Stripe Payments Using Contact Form 7 <= 3.0 - Unauthenticated Information Exposure Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

accept-authorize-net-payments-using-contact-form-7

Score: 97/100 Accept Authorize.NET Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026

LOW

the-pack-addon

Score: N/A The Pack Elementor addon <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

osomblocks

Score: N/A Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

fl3r-accessibility-suite

Score: 91/100 FL3R Accessibility Suite <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

ab-testing-for-wp

Score: 95/100 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.18.2 Patched: Updated: June 30, 2026

LOW

vr-calendar-sync

Score: N/A VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync Affected: *-2.4.7 Patched: Updated: June 30, 2026

LOW

ismobile

Score: 93/100 isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026

LOW

wp-wall

Score: N/A WP Wall <= 1.7.3 - Reflected Cross-Site Scripting Affected: *-1.7.3 Patched: Updated: June 30, 2026

LOW

wp-recall

Score: N/A WP-Recall <= 16.26.14 - Reflected Cross-Site Scripting Affected: *-16.26.14 Patched: Updated: June 30, 2026

LOW

wp-jobsearch

Score: N/A JobSearch < 3.0.6 - Reflected Cross-Site Scripting Affected: [*, 3.0.6) Patched: 3.0.6 Updated: June 30, 2026

LOW

video-list-manager

Score: N/A Video List Manager <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

vgw-metis

Score: N/A VG WORT METIS <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

valvepress-rankie

Score: N/A Rankie <= 1.8.2 - Reflected Cross-Site Scripting Affected: *-1.8.2 Patched: 1.8.3 Updated: June 30, 2026

LOW

team-showcase-cm

Score: N/A Team Showcase < 25.05.13 - Reflected Cross-Site Scripting Affected: [*, 25.05.13) Patched: 25.05.13 Updated: June 30, 2026

LOW

stop-user-enumeration

Score: N/A Stop User Enumeration <= 1.7.2 - Protection Mechanism Bypass Affected: *-1.7.2 Patched: 1.7.3 Updated: June 30, 2026

LOW

simple-payment

Score: N/A Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin Affected: 1.3.6-2.3.8 Patched: 2.3.9 Updated: June 30, 2026

LOW

sb-breadcrumbs

Score: N/A SB Breadcrumbs <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

ninja-tables

Score: N/A Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery Affected: *-5.0.18 Patched: 5.0.19 Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI Affected: *-3.10.2.1 Patched: 3.10.2.2 Updated: June 30, 2026

LOW

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

Score: 92/100 Mollie Payments for WooCommerce <= 8.0.2 - Unauthenticated Insecure Direct Object Reference Affected: *-8.0.2 Patched: 8.0.3 Updated: June 30, 2026

LOW

content-manager-light

Score: 89/100 Content Manager Light <= 3.2 - Reflected Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 30, 2026

LOW

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.28.7 - Authenticated (Editor+) Arbitrary File Deletion Affected: *-3.28.7 Patched: 3.28.8 Updated: June 30, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets Affected: *-1.7.1028 Patched: 1.7.1029 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module Affected: 3.5.11-3.5.19 Patched: 3.5.20 Updated: June 30, 2026

LOW

mdl-shortcodes

Score: 93/100 Modern Design Library <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

drive-folder-embeder

Score: 91/100 Drive Folder Embedder <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

charitable

Score: 93/100 Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings Affected: *-1.8.6.1 Patched: 1.8.6.2 Updated: June 30, 2026

LOW

import-products-to-wc

Score: 89/100 Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation Affected: *-1.2.7 Patched: Updated: June 30, 2026

LOW

web-cam

Score: N/A web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

homerunner-smartcheckout

Score: 93/100 Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.30 Patched: 1.0.31 Updated: June 30, 2026

LOW

namasha-by-mdesign

Score: N/A Namasha By Mdesign <= 1.2.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via playicon_title Parameter Affected: *-1.2.00 Patched: 1.2.05 Updated: June 30, 2026

LOW

the-countdown

Score: N/A The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

post-rating-and-review

Score: N/A Post Rating and Review <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter Affected: *-1.3.4 Patched: Updated: June 30, 2026

LOW

vgw-metis

Score: N/A VG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

wp-photonav

Score: N/A WP-PhotoNav <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

wp-registration

Score: N/A Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation Affected: *-6.3 Patched: 6.4 Updated: June 30, 2026

LOW

gc-social-wall

Score: 91/100 GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.15 Patched: Updated: June 30, 2026

LOW

wp-easy-events

Score: N/A Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.2.0 Updated: June 30, 2026

LOW

wp-soundsystem

Score: N/A WP SoundSystem <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode Affected: *-3.4.2 Patched: Updated: June 30, 2026

LOW

responsive-food-and-drink-menu

Score: N/A Responsive Food and Drink Menu <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_pdf_menus Shortcode Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

post-carousel-slider-for-elementor

Score: N/A Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function Affected: *-1.6.0 Patched: 1.7.0 Updated: June 30, 2026

LOW

tournament-bracket-generator

Score: N/A Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

timezonecalculator

Score: N/A TimeZoneCalculator <= 3.37 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.37 Patched: Updated: June 30, 2026

LOW

image-editor-by-pixo

Score: 91/100 Image Editor by Pixo <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter Affected: *-2.3.6 Patched: 2.3.7 Updated: June 30, 2026

LOW

responsive-owl-carousel

Score: N/A Owl carousel responsive <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter Affected: *-1.9 Patched: Updated: June 30, 2026

LOW

enigma-buttons

Score: 91/100 e.nigma buttons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

wp-masonry-infinite-scroll

Score: N/A WP Masonry & Infinite Scroll <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates <= 7.2.0 - Missing Authorization Affected: *-7.2.0 Patched: 7.2.1 Updated: June 30, 2026

LOW

serped-net

Score: N/A SERPed.net <= 4.6 - Unauthenticated Local File Inclusion Affected: *-4.6 Patched: 4.7 Updated: June 30, 2026

LOW

fw-gallery

Score: 87/100 FW Gallery <= 8.0.0 - Unauthenticated Local File Inclusion Affected: *-8.0.0 Patched: Updated: June 30, 2026

LOW

davenport

Score: 91/100 Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Unauthenticated Local File Inclusion Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

ctuser

Score: 91/100 CTUsers <= 1.0.0 - Unauthenticated Local File Inclusion Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

everest-forms-pro

Score: 93/100 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion Affected: *-1.9.4 Patched: 1.9.5 Updated: June 30, 2026

LOW

so-widgets-bundle

Score: N/A SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute Affected: *-1.68.5 Patched: 1.69.0 Updated: June 30, 2026

LOW

zikzag-core

Score: N/A Zikzag Core <= 1.4.5 - Unauthenticated Local File Inclusion Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026

LOW

wc-dropi-integration

Score: N/A Dropify <= 4.6.9 - Reflected Cross-Site Scripting Affected: *-4.6.9 Patched: Updated: June 30, 2026

LOW

thememove-core

Score: N/A ThemeMove Core <= 1.4.2 - Authenticated (Subscriber+) PHP Object Injection Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

smartpay

Score: N/A WP SmartPay <= 2.7.13 - Authenticated (Subscriber+) Account Takeover Affected: *-2.7.13 Patched: 2.8.0 Updated: June 30, 2026

LOW

gg-bought-together

Score: 91/100 GG Bought Together for WooCommerce <= 1.0.2 - Unauthenticated SQL Injection Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

fw-food-menu

Score: 89/100 FW Food Menu <= 6.0.0 - Unauthenticated Arbitrary File Deletion Affected: *-6.0.0 Patched: Updated: June 30, 2026

LOW

drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon

Score: 91/100 Drop Uploader for CF7 - Drag&Drop File Uploader Addon <= 2.4.1 - Unauthenticated Arbitrary File Upload Affected: *-2.4.1 Patched: Updated: June 30, 2026

LOW

conference-scheduler

Score: 93/100 Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

xili-dictionary

Score: N/A xili-dictionary <= 2.12.5.2 - Reflected Cross-Site Scripting Affected: *-2.12.5.2 Patched: Updated: June 30, 2026

LOW

wpkit-elementor

Score: N/A WPKit For Elementor <= 1.1.0 - Missing Authorization to Unauthenticated Arbitrary Options Update Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

wpcrm

Score: N/A WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - Reflected Cross-Site Scripting Affected: *-3.2.0 Patched: Updated: June 30, 2026

LOW

wp-optimize-by-xtraffic

Score: N/A WP Optimize By xTraffic <= 5.1.6 - Unauthenticated PHP Object Injection Affected: *-5.1.6 Patched: Updated: June 30, 2026

LOW

wp-event-solution

Score: N/A Eventin <= 4.0.28 - Reflected Cross-Site Scripting Affected: *-4.0.28 Patched: 4.0.29 Updated: June 30, 2026

LOW

trusty-whistleblowing-solution

Score: N/A Trusty Whistleblowing <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

qc-simple-link-directory

Score: N/A Simple Link Directory < 14.8.1 - Authenticated (Subscriber+) SQL Injection Affected: [*, 14.8.1) Patched: 14.8.1 Updated: June 30, 2026

LOW

photo-express-for-google

Score: N/A Photo Express for Google <= 0.3.2 - Reflected Cross-Site Scripting Affected: *-0.3.2 Patched: Updated: June 30, 2026

LOW

ova-brw

Score: N/A BRW <= 1.8.7 - Unauthenticated Local File Inclusion Affected: *-1.8.7 Patched: 1.8.8 Updated: June 30, 2026

LOW

off-canvas-sidebars

Score: N/A Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.4 - Reflected Cross-Site Scripting Affected: *-0.5.8.4 Patched: 0.5.8.5 Updated: June 30, 2026

LOW

national-weather-service-alerts

Score: N/A National Weather Service Alerts <= 1.3.5 - Unauthenticated Local File Inclusion Affected: *-1.3.5 Patched: Updated: June 30, 2026

Showing 8001 to 8100 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 10:59 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List