Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
mobile-dj-manager	mobile-dj-manager	91	MDJM Event Management <= 1.7.6 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.7.6		June 30, 2026
infility-global	infility-global	81	Infility Global <= 2.13.4 - Reflected Cross-Site Scripting	LOW	*-2.13.4		June 30, 2026
image-shadow	image-shadow	91	Image Shadow <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-1.1.0		June 30, 2026
front-editor	front-editor	89	WP Front User Submit / Front Editor <= 4.9.3 - Reflected Cross-Site Scripting	LOW	*-4.9.3	4.9.4	June 30, 2026
flexo-countdown	flexo-countdown	91	Flexo Counter <= 1.0001 - Reflected Cross-Site Scripting	LOW	*-1.0001		June 30, 2026
evangtermine	evangtermine	91	Evangelische Termine <= 3.3 - Reflected Cross-Site Scripting	LOW	*-3.3		June 30, 2026
drag-and-drop-file-upload-wc-pro	drag-and-drop-file-upload-wc-pro	93	Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 5.0.6 - Unauthenticated Arbitrary File Upload	LOW	*-5.0.6	5.0.7	June 30, 2026
directiq-wp	directiq-wp	91	DirectIQ Email Marketing <= 2.0 - Unauthenticated SQL Injection	LOW	*-2.0		June 30, 2026
content-no-cache	content-no-cache	93	Content No Cache <= 0.1.4 - Unauthenticated Arbitrary Function Call	LOW	*-0.1.4	0.1.5	June 30, 2026
aiomatic-automatic-ai-content-writer	aiomatic-automatic-ai-content-writer	97	Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-2.5.0	2.5.1	June 30, 2026
abandoned-contact-form-7	abandoned-contact-form-7	95	Abandoned Contact Form 7 < 2.9 - Missing Authorization	LOW	[*, 2.9)	2.9	June 30, 2026
ecommerce-product-catalog	ecommerce-product-catalog	93	eCommerce Product Catalog <= 3.4.3 - Authenticated (Orders manager+) PHP Object Injection	LOW	*-3.4.3	3.4.4	June 30, 2026
download-counter	download-counter	91	Download Counter <= 1.4 - Unauthenticated Arbitrary File Read	LOW	*-1.4		June 30, 2026
bbpress-simple-advert-units	bbpress-simple-advert-units	91	bbpress Simple Advert Units <= 0.41 - Reflected Cross-Site Scripting	LOW	*-0.41		June 30, 2026
interactive-3d-flipbook-powered-physics-engine	interactive-3d-flipbook-powered-physics-engine	93	3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters	LOW	*-1.16.15	1.16.16	June 30, 2026
posts-table-filterable	posts-table-filterable	N/A	TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode	LOW	*-1.0.4.1	1.0.4.2	June 30, 2026
order-delivery-date	order-delivery-date	N/A	Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure	LOW	[2.0, 12.6.0)	12.6.0	June 30, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory	geodirectory	66	GeoDirectory <= 2.8.119 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.8.119	2.8.120	June 30, 2026
euro-fxref-currency-converter	euro-fxref-currency-converter	93	Euro FxRef Currency Converter <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via currency Shortcode	LOW	*-2.0.2	2.0.3	June 30, 2026
zara-4	zara-4	N/A	Zara 4 Image Compression <= 1.2.17.2 - Missing Authorization	LOW	*-1.2.17.2		June 30, 2026
zapier	zapier	N/A	Zapier for WordPress <= 1.5.2 - Missing Authorization	LOW	*-1.5.2	1.5.3	June 30, 2026
wph-recipes-manager	wph-recipes-manager	N/A	Recipes manager - WPH <= 1.0.4 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
wpcomplete	wpcomplete	N/A	WPComplete <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.9.5	2.9.5.1	June 30, 2026
wp-voting-contest	wp-voting-contest	N/A	WP Voting Contest <= 5.8 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-5.8		June 30, 2026
wp-user-stylesheet-switcher	wp-user-stylesheet-switcher	N/A	WP User Stylesheet Switcher <= v2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	* - v2.2.0		June 30, 2026
wp-user-profile-avatar	wp-user-profile-avatar	N/A	WP User Profile Avatar <= 1.0.6 - Missing Authorization	LOW	*-1.0.6		June 30, 2026
wp-thumb	wp-thumb	N/A	WPThumb <= 0.10 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-0.10		June 30, 2026
wp-stats-manager	wp-stats-manager	N/A	WP Visitor Statistics (Real Time Traffic) <= 8.4 - Missing Authorization	LOW	*-8.4	8.5	June 30, 2026
wp-roadmap	wp-roadmap	N/A	WP Roadmap <= 2.1.3 - Authenticated (Contributor+) SQL Injection	LOW	*-2.1.3	2.2.0	June 30, 2026
wp-register-profile-with-shortcode	wp-register-profile-with-shortcode	N/A	WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.6.2		June 30, 2026
wp-recall	wp-recall	N/A	WP-Recall <= 16.26.14 - Missing Authorization	LOW	*-16.26.14		June 30, 2026
wp-members	wp-members	N/A	WP-Members <= 3.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.5.4	3.5.4.1	June 30, 2026
wp-mailing-group	wp-mailing-group	N/A	Mailing Group Listserv <= 3.0.5 - Cross-Site Request Forgery	LOW	*-3.0.5		June 30, 2026
wp-jobsearch	wp-jobsearch	N/A	JobSearch < 3.0.6 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	[*, 3.0.6)	3.0.6	June 30, 2026
wp-inventory-manager	wp-inventory-manager	N/A	WP Inventory Manager <= 2.3.4 - Cross-Site Request Forgery	LOW	*-2.3.4	2.3.5	June 30, 2026
wp-fb-autoconnect	wp-fb-autoconnect	N/A	WP-FB-AutoConnect <= 4.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.6.3		June 30, 2026
wp-downloadcounter	wp-downloadcounter	N/A	WP-DownloadCounter <= 1.01 - Cross-Site Request Forgery	LOW	*-1.01		June 30, 2026
woocommerce-products-filter	woocommerce-products-filter	N/A	HUSKY <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.3.7	1.3.7.1	June 30, 2026
woocommerce-fortnox-integration	woocommerce-fortnox-integration	N/A	WooCommerce Fortnox Integration <= 4.5.5 - Missing Authorization	LOW	*-4.5.5	4.5.6	June 30, 2026
wc-style	wc-style	N/A	Change Cart button Colors WooCommerce <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
virtual-moderator	virtual-moderator	N/A	Virtual Moderator <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 30, 2026
video-list-manager	video-list-manager	N/A	Video List Manager <= 1.7 - Authenticated (Contributor+) SQL Injection	LOW	*-1.7		June 30, 2026
video-list-manager	video-list-manager	N/A	Video List Manager <= 1.7 - Missing Authorization	LOW	*-1.7		June 30, 2026
user-roles-and-capabilities	user-roles-and-capabilities	N/A	User Roles and Capabilities <= 1.2.6 - Missing Authorization	LOW	*-1.2.6		June 30, 2026
upstream	upstream	N/A	UpStream: a Project Management Plugin for WordPress <= 2.1.0 - Missing Authorization	LOW	*-2.1.0		June 30, 2026
tm-replace-howdy	tm-replace-howdy	N/A	TM Replace Howdy <= 1.4.2 - Cross-Site Request Forgery	LOW	*-1.4.2		June 30, 2026
tinynav	tinynav	N/A	TinyNav <= 1.4 - Cross-Site Request Forgery	LOW	*-1.4		June 30, 2026
tealium	tealium	N/A	Tealium <= 2.1.20 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.20	2.1.21	June 30, 2026
spoki	spoki	N/A	Spoki <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.16.0		June 30, 2026
sitekit	sitekit	N/A	Sitekit <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9	2.0	June 30, 2026
simple-sticky-footer	simple-sticky-footer	N/A	Simple Sticky Footer <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.5		June 30, 2026
sexy-contact-form	sexy-contact-form	N/A	Creative Contact Form <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 30, 2026
selling-commander-connector	selling-commander-connector	N/A	Selling Commander for WooCommerce <= 1.2.46 - Unauthenticated Privilege Escalation	LOW	*-1.2.46		June 30, 2026
scroll-to-up	scroll-to-up	N/A	Scroll UP <= 2.0 - Reflected Cross-Site Scripting	LOW	*-2.0		June 30, 2026
samandehi-logo-manager	samandehi-logo-manager	N/A	Logo Manager For Samandehi <= 0.5 - Cross-Site Request Forgery	LOW	*-0.5		June 30, 2026
related-products-manager-woocommerce	related-products-manager-woocommerce	N/A	Related Products Manager for WooCommerce <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.2	1.6.3	June 30, 2026
real-estate-manager	real-estate-manager	N/A	Real Estate Manager <= 7.3 - Cross-Site Request Forgery	LOW	*-7.3		June 30, 2026
real-estate-manager	real-estate-manager	N/A	Real Estate Manager <= 7.3 - Cross-Site Request Forgery	LOW	*-7.3		June 30, 2026
rdfa-breadcrumb	rdfa-breadcrumb	N/A	RDFa Breadcrumb <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.3		June 30, 2026
rafflepress	rafflepress	N/A	Giveaways and Contests by RafflePress <= 1.12.18 - Missing Authorization	LOW	*-1.12.18	1.12.19	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Full Path Disclosure	LOW	*-5.9.5.2	5.9.5.3	June 30, 2026
powerpress	powerpress	N/A	PowerPress Podcasting <= 11.13.11 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-11.13.11	11.13.12	June 30, 2026
post-and-page-builder	post-and-page-builder	N/A	Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Cross-Site Request Forgery	LOW	*-1.27.8	1.27.9	June 30, 2026
post-and-page-builder	post-and-page-builder	N/A	Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-1.27.8	1.27.9	June 30, 2026
pixelbeds-channel-manager-booking-engine	pixelbeds-channel-manager-booking-engine	N/A	PixelBeds Channel Manager and Hotel Booking Engine <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
pdpa-consent	pdpa-consent	N/A	PDPA Consent for Thailand <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.1		June 30, 2026
oganro-travel-portal-search-widget-for-hotelbeds-apitude-api	oganro-travel-portal-search-widget-for-hotelbeds-apitude-api	N/A	Oganro Travel Portal Search Widget for HotelBeds APITUDE API <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
oganro-reservation-widget	oganro-reservation-widget	N/A	XML Travel Portal Widget <= 2.0 - Cross-Site Request Forgery	LOW	*-2.0		June 30, 2026
notifier	notifier	N/A	WANotifier <= 2.7.12 - Missing Authorization	LOW	*-2.7.12	2.7.13	June 30, 2026
modern-footnotes	modern-footnotes	93	Modern Footnotes <= 1.4.19 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.19	1.4.20	June 30, 2026
Media Hygiene: Remove or Delete Unused Images and More!	media-hygiene	88	Media Hygiene <= 4.0.2 - Missing Authorization	LOW	*-4.0.2	4.0.3	June 30, 2026
live-sports-streamthunder	live-sports-streamthunder	91	Live Sports Streamthunder <= 2.1 - Cross-Site Request Forgery	LOW	*-2.1		June 30, 2026
knowledge-base-maker	knowledge-base-maker	91	Knowledge Base – Knowledge Base Maker <= 1.1.8 - Cross-Site Request Forgery	LOW	*-1.1.8		June 30, 2026
kata-plus	kata-plus	93	Kata Plus <= 1.5.3 - Missing Authorization	LOW	*-1.5.3	1.5.4	June 30, 2026
job-postings	job-postings	91	Jobs for WordPress <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.14	2.7.15	June 30, 2026
ip-based-login	ip-based-login	93	IP Based Login <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.4.2	2.4.3	June 30, 2026
inventory-presser	inventory-presser	93	Inventory Presser <= 15.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-15.2.6	15.2.7	June 30, 2026
integrate-contact-form-7-and-aweber	integrate-contact-form-7-and-aweber	93	Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization	LOW	*-0.1.42	0.1.43	June 30, 2026
innovs-woo-manager	innovs-woo-manager	91	WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily <= 1.2.4.5 - Missing Authorization	LOW	*-1.2.4.5		June 30, 2026
import-youtube-videos-as-wp-post	import-youtube-videos-as-wp-post	91	Import YouTube videos as WP Posts <= 2.1 - Missing Authorization	LOW	*-2.1		June 30, 2026
image-sizes-controller	image-sizes-controller	91	Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes <= 1.0.10 - Missing Authorization	LOW	*-1.0.10		June 30, 2026
hostel	hostel	93	Hostel <= 1.1.5.8 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.1.5.8	1.1.5.9	June 30, 2026
hostel	hostel	93	Hostel <= 1.1.5.7 - Reflected Cross-Site Scripting	LOW	*-1.1.5.7	1.1.5.8	June 30, 2026
handtalk	handtalk	93	Hand Talk <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-6.1	6.2	June 30, 2026
fyrebox-shortcode	fyrebox-shortcode	89	Fyrebox Quizzes <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.0		June 30, 2026
front-editor	front-editor	89	WP Front User Submit / Front Editor <= 4.9.4 - Cross-Site Request Forgery	LOW	*-4.9.4		June 30, 2026
File Manager Pro – Filester	filester	78	File Manager Pro <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.8.8	1.8.9	June 30, 2026
esselinknu-settings	esselinknu-settings	91	Esselink.nu Settings <= 2.94 - Cross-Site Request Forgery	LOW	*-2.94		June 30, 2026
enhanced-blocks	enhanced-blocks	91	Enhanced Blocks – Page Builder Blocks for Gutenberg <= 1.4.1 - Missing Authorization	LOW	*-1.4.1		June 30, 2026
elementor-pro	elementor-pro	93	Elementor Website Builder <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.29.0	3.29.1	June 30, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor Website Builder <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.29.0	3.29.1	June 30, 2026
eds-responsive-menu	eds-responsive-menu	87	eDS Responsive Menu <= 1.2 - Missing Authorization	LOW	*-1.2		June 30, 2026
easy-login-woocommerce	easy-login-woocommerce	93	Login/Signup Popup <= 2.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.9.4	2.9.5	June 30, 2026
easy-fancybox	easy-fancybox	93	Firelight Lightbox <= 2.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.16	2.3.17	June 30, 2026
download-attachments	download-attachments	91	Download Attachments <= 1.3.1 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.3.1	1.3.2	June 30, 2026
delucks-seo	delucks-seo	89	DELUCKS SEO <= 2.5.9 - Missing Authorization	LOW	*-2.5.9	2.6.0	June 30, 2026
customer-area	customer-area	89	WP Customer Area <= 8.2.5 - Missing Authorization	LOW	*-8.2.5		June 30, 2026
csv-importer-improved	csv-importer-improved	91	CSV Importer Improved <= 0.6.1 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-0.6.1		June 30, 2026
crm-erp-business-solution	crm-erp-business-solution	91	CRM ERP Business Solution <= 1.13 - Missing Authorization	LOW	*-1.13		June 30, 2026
cp-polls	cp-polls	93	CP Polls <= 1.0.81 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.81	1.0.82	June 30, 2026

LOW

mobile-dj-manager

Score: 91/100 MDJM Event Management <= 1.7.6 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.7.6 Patched: Updated: June 30, 2026

LOW

infility-global

Score: 81/100 Infility Global <= 2.13.4 - Reflected Cross-Site Scripting Affected: *-2.13.4 Patched: Updated: June 30, 2026

LOW

image-shadow

Score: 91/100 Image Shadow <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

front-editor

Score: 89/100 WP Front User Submit / Front Editor <= 4.9.3 - Reflected Cross-Site Scripting Affected: *-4.9.3 Patched: 4.9.4 Updated: June 30, 2026

LOW

flexo-countdown

Score: 91/100 Flexo Counter <= 1.0001 - Reflected Cross-Site Scripting Affected: *-1.0001 Patched: Updated: June 30, 2026

LOW

evangtermine

Score: 91/100 Evangelische Termine <= 3.3 - Reflected Cross-Site Scripting Affected: *-3.3 Patched: Updated: June 30, 2026

LOW

drag-and-drop-file-upload-wc-pro

Score: 93/100 Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 5.0.6 - Unauthenticated Arbitrary File Upload Affected: *-5.0.6 Patched: 5.0.7 Updated: June 30, 2026

LOW

directiq-wp

Score: 91/100 DirectIQ Email Marketing <= 2.0 - Unauthenticated SQL Injection Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

content-no-cache

Score: 93/100 Content No Cache <= 0.1.4 - Unauthenticated Arbitrary Function Call Affected: *-0.1.4 Patched: 0.1.5 Updated: June 30, 2026

LOW

aiomatic-automatic-ai-content-writer

Score: 97/100 Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026

LOW

abandoned-contact-form-7

Score: 95/100 Abandoned Contact Form 7 < 2.9 - Missing Authorization Affected: [*, 2.9) Patched: 2.9 Updated: June 30, 2026

LOW

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog <= 3.4.3 - Authenticated (Orders manager+) PHP Object Injection Affected: *-3.4.3 Patched: 3.4.4 Updated: June 30, 2026

LOW

download-counter

Score: 91/100 Download Counter <= 1.4 - Unauthenticated Arbitrary File Read Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

bbpress-simple-advert-units

Score: 91/100 bbpress Simple Advert Units <= 0.41 - Reflected Cross-Site Scripting Affected: *-0.41 Patched: Updated: June 30, 2026

LOW

interactive-3d-flipbook-powered-physics-engine

Score: 93/100 3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters Affected: *-1.16.15 Patched: 1.16.16 Updated: June 30, 2026

LOW

posts-table-filterable

Score: N/A TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode Affected: *-1.0.4.1 Patched: 1.0.4.2 Updated: June 30, 2026

LOW

order-delivery-date

Score: N/A Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure Affected: [2.0, 12.6.0) Patched: 12.6.0 Updated: June 30, 2026

LOW

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

geodirectory

Score: 66/100 GeoDirectory <= 2.8.119 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.119 Patched: 2.8.120 Updated: June 30, 2026

LOW

euro-fxref-currency-converter

Score: 93/100 Euro FxRef Currency Converter <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via currency Shortcode Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

zara-4

Score: N/A Zara 4 Image Compression <= 1.2.17.2 - Missing Authorization Affected: *-1.2.17.2 Patched: Updated: June 30, 2026

LOW

zapier

Score: N/A Zapier for WordPress <= 1.5.2 - Missing Authorization Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

wph-recipes-manager

Score: N/A Recipes manager - WPH <= 1.0.4 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

wpcomplete

Score: N/A WPComplete <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.5 Patched: 2.9.5.1 Updated: June 30, 2026

LOW

wp-voting-contest

Score: N/A WP Voting Contest <= 5.8 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-5.8 Patched: Updated: June 30, 2026

LOW

wp-user-stylesheet-switcher

Score: N/A WP User Stylesheet Switcher <= v2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: * - v2.2.0 Patched: Updated: June 30, 2026

LOW

wp-user-profile-avatar

Score: N/A WP User Profile Avatar <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

wp-thumb

Score: N/A WPThumb <= 0.10 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-0.10 Patched: Updated: June 30, 2026

LOW

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 8.4 - Missing Authorization Affected: *-8.4 Patched: 8.5 Updated: June 30, 2026

LOW

wp-roadmap

Score: N/A WP Roadmap <= 2.1.3 - Authenticated (Contributor+) SQL Injection Affected: *-2.1.3 Patched: 2.2.0 Updated: June 30, 2026

LOW

wp-register-profile-with-shortcode

Score: N/A WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.2 Patched: Updated: June 30, 2026

LOW

wp-recall

Score: N/A WP-Recall <= 16.26.14 - Missing Authorization Affected: *-16.26.14 Patched: Updated: June 30, 2026

LOW

wp-members

Score: N/A WP-Members <= 3.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.4 Patched: 3.5.4.1 Updated: June 30, 2026

LOW

wp-mailing-group

Score: N/A Mailing Group Listserv <= 3.0.5 - Cross-Site Request Forgery Affected: *-3.0.5 Patched: Updated: June 30, 2026

LOW

wp-jobsearch

Score: N/A JobSearch < 3.0.6 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: [*, 3.0.6) Patched: 3.0.6 Updated: June 30, 2026

LOW

wp-inventory-manager

Score: N/A WP Inventory Manager <= 2.3.4 - Cross-Site Request Forgery Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

wp-fb-autoconnect

Score: N/A WP-FB-AutoConnect <= 4.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.6.3 Patched: Updated: June 30, 2026

LOW

wp-downloadcounter

Score: N/A WP-DownloadCounter <= 1.01 - Cross-Site Request Forgery Affected: *-1.01 Patched: Updated: June 30, 2026

LOW

woocommerce-products-filter

Score: N/A HUSKY <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.7 Patched: 1.3.7.1 Updated: June 30, 2026

LOW

woocommerce-fortnox-integration

Score: N/A WooCommerce Fortnox Integration <= 4.5.5 - Missing Authorization Affected: *-4.5.5 Patched: 4.5.6 Updated: June 30, 2026

LOW

wc-style

Score: N/A Change Cart button Colors WooCommerce <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

virtual-moderator

Score: N/A Virtual Moderator <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

video-list-manager

Score: N/A Video List Manager <= 1.7 - Authenticated (Contributor+) SQL Injection Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

video-list-manager

Score: N/A Video List Manager <= 1.7 - Missing Authorization Affected: *-1.7 Patched: Updated: June 30, 2026

LOW

user-roles-and-capabilities

Score: N/A User Roles and Capabilities <= 1.2.6 - Missing Authorization Affected: *-1.2.6 Patched: Updated: June 30, 2026

LOW

upstream

Score: N/A UpStream: a Project Management Plugin for WordPress <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: Updated: June 30, 2026

LOW

tm-replace-howdy

Score: N/A TM Replace Howdy <= 1.4.2 - Cross-Site Request Forgery Affected: *-1.4.2 Patched: Updated: June 30, 2026

LOW

tinynav

Score: N/A TinyNav <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

tealium

Score: N/A Tealium <= 2.1.20 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.20 Patched: 2.1.21 Updated: June 30, 2026

LOW

spoki

Score: N/A Spoki <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.16.0 Patched: Updated: June 30, 2026

LOW

sitekit

Score: N/A Sitekit <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: 2.0 Updated: June 30, 2026

LOW

simple-sticky-footer

Score: N/A Simple Sticky Footer <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

sexy-contact-form

Score: N/A Creative Contact Form <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

selling-commander-connector

Score: N/A Selling Commander for WooCommerce <= 1.2.46 - Unauthenticated Privilege Escalation Affected: *-1.2.46 Patched: Updated: June 30, 2026

LOW

scroll-to-up

Score: N/A Scroll UP <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

samandehi-logo-manager

Score: N/A Logo Manager For Samandehi <= 0.5 - Cross-Site Request Forgery Affected: *-0.5 Patched: Updated: June 30, 2026

LOW

related-products-manager-woocommerce

Score: N/A Related Products Manager for WooCommerce <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

real-estate-manager

Score: N/A Real Estate Manager <= 7.3 - Cross-Site Request Forgery Affected: *-7.3 Patched: Updated: June 30, 2026

LOW

real-estate-manager

Score: N/A Real Estate Manager <= 7.3 - Cross-Site Request Forgery Affected: *-7.3 Patched: Updated: June 30, 2026

LOW

rdfa-breadcrumb

Score: N/A RDFa Breadcrumb <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

rafflepress

Score: N/A Giveaways and Contests by RafflePress <= 1.12.18 - Missing Authorization Affected: *-1.12.18 Patched: 1.12.19 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Full Path Disclosure Affected: *-5.9.5.2 Patched: 5.9.5.3 Updated: June 30, 2026

LOW

powerpress

Score: N/A PowerPress Podcasting <= 11.13.11 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-11.13.11 Patched: 11.13.12 Updated: June 30, 2026

LOW

post-and-page-builder

Score: N/A Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Cross-Site Request Forgery Affected: *-1.27.8 Patched: 1.27.9 Updated: June 30, 2026

LOW

post-and-page-builder

Score: N/A Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.27.8 Patched: 1.27.9 Updated: June 30, 2026

LOW

pixelbeds-channel-manager-booking-engine

Score: N/A PixelBeds Channel Manager and Hotel Booking Engine <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

pdpa-consent

Score: N/A PDPA Consent for Thailand <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

oganro-travel-portal-search-widget-for-hotelbeds-apitude-api

Score: N/A Oganro Travel Portal Search Widget for HotelBeds APITUDE API <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

oganro-reservation-widget

Score: N/A XML Travel Portal Widget <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

notifier

Score: N/A WANotifier <= 2.7.12 - Missing Authorization Affected: *-2.7.12 Patched: 2.7.13 Updated: June 30, 2026

LOW

modern-footnotes

Score: 93/100 Modern Footnotes <= 1.4.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.19 Patched: 1.4.20 Updated: June 30, 2026

LOW

Media Hygiene: Remove or Delete Unused Images and More!

media-hygiene

Score: 88/100 Media Hygiene <= 4.0.2 - Missing Authorization Affected: *-4.0.2 Patched: 4.0.3 Updated: June 30, 2026

LOW

live-sports-streamthunder

Score: 91/100 Live Sports Streamthunder <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

knowledge-base-maker

Score: 91/100 Knowledge Base – Knowledge Base Maker <= 1.1.8 - Cross-Site Request Forgery Affected: *-1.1.8 Patched: Updated: June 30, 2026

LOW

kata-plus

Score: 93/100 Kata Plus <= 1.5.3 - Missing Authorization Affected: *-1.5.3 Patched: 1.5.4 Updated: June 30, 2026

LOW

job-postings

Score: 91/100 Jobs for WordPress <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.14 Patched: 2.7.15 Updated: June 30, 2026

LOW

ip-based-login

Score: 93/100 IP Based Login <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.2 Patched: 2.4.3 Updated: June 30, 2026

LOW

inventory-presser

Score: 93/100 Inventory Presser <= 15.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-15.2.6 Patched: 15.2.7 Updated: June 30, 2026

LOW

integrate-contact-form-7-and-aweber

Score: 93/100 Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization Affected: *-0.1.42 Patched: 0.1.43 Updated: June 30, 2026

LOW

innovs-woo-manager

Score: 91/100 WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily <= 1.2.4.5 - Missing Authorization Affected: *-1.2.4.5 Patched: Updated: June 30, 2026

LOW

import-youtube-videos-as-wp-post

Score: 91/100 Import YouTube videos as WP Posts <= 2.1 - Missing Authorization Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

image-sizes-controller

Score: 91/100 Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes <= 1.0.10 - Missing Authorization Affected: *-1.0.10 Patched: Updated: June 30, 2026

LOW

hostel

Score: 93/100 Hostel <= 1.1.5.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.5.8 Patched: 1.1.5.9 Updated: June 30, 2026

LOW

hostel

Score: 93/100 Hostel <= 1.1.5.7 - Reflected Cross-Site Scripting Affected: *-1.1.5.7 Patched: 1.1.5.8 Updated: June 30, 2026

LOW

handtalk

Score: 93/100 Hand Talk <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.1 Patched: 6.2 Updated: June 30, 2026

LOW

fyrebox-shortcode

Score: 89/100 Fyrebox Quizzes <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: June 30, 2026

LOW

front-editor

Score: 89/100 WP Front User Submit / Front Editor <= 4.9.4 - Cross-Site Request Forgery Affected: *-4.9.4 Patched: Updated: June 30, 2026

LOW

File Manager Pro – Filester

filester

Score: 78/100 File Manager Pro <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.8 Patched: 1.8.9 Updated: June 30, 2026

LOW

esselinknu-settings

Score: 91/100 Esselink.nu Settings <= 2.94 - Cross-Site Request Forgery Affected: *-2.94 Patched: Updated: June 30, 2026

LOW

enhanced-blocks

Score: 91/100 Enhanced Blocks – Page Builder Blocks for Gutenberg <= 1.4.1 - Missing Authorization Affected: *-1.4.1 Patched: Updated: June 30, 2026

LOW

elementor-pro

Score: 93/100 Elementor Website Builder <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.29.0 Patched: 3.29.1 Updated: June 30, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor Website Builder <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.29.0 Patched: 3.29.1 Updated: June 30, 2026

LOW

eds-responsive-menu

Score: 87/100 eDS Responsive Menu <= 1.2 - Missing Authorization Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

easy-login-woocommerce

Score: 93/100 Login/Signup Popup <= 2.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.9.4 Patched: 2.9.5 Updated: June 30, 2026

LOW

easy-fancybox

Score: 93/100 Firelight Lightbox <= 2.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.16 Patched: 2.3.17 Updated: June 30, 2026

LOW

download-attachments

Score: 91/100 Download Attachments <= 1.3.1 - Unauthenticated Insecure Direct Object Reference Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

delucks-seo

Score: 89/100 DELUCKS SEO <= 2.5.9 - Missing Authorization Affected: *-2.5.9 Patched: 2.6.0 Updated: June 30, 2026

LOW

customer-area

Score: 89/100 WP Customer Area <= 8.2.5 - Missing Authorization Affected: *-8.2.5 Patched: Updated: June 30, 2026

LOW

csv-importer-improved

Score: 91/100 CSV Importer Improved <= 0.6.1 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-0.6.1 Patched: Updated: June 30, 2026

LOW

crm-erp-business-solution

Score: 91/100 CRM ERP Business Solution <= 1.13 - Missing Authorization Affected: *-1.13 Patched: Updated: June 30, 2026

LOW

cp-polls

Score: 93/100 CP Polls <= 1.0.81 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.81 Patched: 1.0.82 Updated: June 30, 2026

Showing 8101 to 8200 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 12:14 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List