Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36296

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
profiler-what-slowing-down	profiler-what-slowing-down	N/A	Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration	LOW	*-1.0.0		June 30, 2026
wp-map-block	wp-map-block	N/A	WP Map Block <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.2	2.0.3	June 30, 2026
responsive-lightbox	responsive-lightbox	N/A	Responsive Lightbox & Gallery <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.5.1	2.5.2	June 30, 2026
product-quantity-for-woocommerce	product-quantity-for-woocommerce	N/A	Min Max Step Quantity Limits Manager for WooCommerce <= 5.1.0 - Cross-Site Request Forgery	LOW	*-5.1.0	5.1.1	June 30, 2026
easy-fancybox	easy-fancybox	93	Firelight Lightbox <= 2.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.15	2.3.16	June 30, 2026
civi-framework	civi-framework	93	Civi Framework <= 2.1.6.3 - Cross-Site Request Forgery	LOW	*-2.1.6.3	2.1.6.4	June 30, 2026
buddypress-docs	buddypress-docs	93	BuddyPress Docs <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Document Read/Update	LOW	*-2.2.4	2.2.5	June 30, 2026
audio-editor-recorder	audio-editor-recorder	93	Audio Editor & Recorder <= 2.2.1 - Missing Authorization	LOW	*-2.2.1	2.2.2	June 30, 2026
domain-for-sale	domain-for-sale	93	Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter	LOW	*-3.0.10	3.0.11	June 30, 2026
Simple History – Track, Log, and Audit WordPress Changes	simple-history	77	Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode	LOW	*-5.8.1	5.8.2	June 30, 2026
stageshow	stageshow	N/A	StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter	LOW	*-10.0.3		June 30, 2026
devformatter	devformatter	91	Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS	LOW	*-2015.0.2.1		June 30, 2026
paged-gallery	paged-gallery	N/A	Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.7		June 30, 2026
runners-log	runners-log	N/A	Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.9.2		June 30, 2026
wp-online-users-stats	wp-online-users-stats	N/A	WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function	LOW	*-1.0.0		June 30, 2026
wp-online-users-stats	wp-online-users-stats	N/A	WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter	LOW	*-1.0.0		June 30, 2026
wp-addpub	wp-addpub	N/A	WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection	LOW	*-1.2.8		June 30, 2026
cpt-ajax-load-more	cpt-ajax-load-more	91	WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter	LOW	*-1.6.0		June 30, 2026
Hive Support \| AI-Powered Help Desk, Live Chat and Chatbot	hive-support	68	Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox	LOW	*-1.2.5	1.2.6	June 30, 2026
Hive Support \| AI-Powered Help Desk, Live Chat and Chatbot	hive-support	68	Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function	LOW	*-1.2.5	1.2.6	June 30, 2026
hide-it	hide-it	91	Hide It <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
esv-bible-shortcode-for-wordpress	esv-bible-shortcode-for-wordpress	91	ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.2		June 30, 2026
bns-featured-category	bns-featured-category	91	BNS Featured Category <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.8.2		June 30, 2026
stop-spammer-registrations-plugin	stop-spammer-registrations-plugin	N/A	Anti-Spam: Spam Protection \| Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions	LOW	*-2024.7	2025	June 30, 2026
wp-email-debug	wp-email-debug	N/A	WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset	LOW	1.0-1.2.0	1.2.1	June 30, 2026
knowledgebase	knowledgebase	93	Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.0	2.3.1	June 30, 2026
modern-events-calendar-lite	modern-events-calendar-lite	93	Modern Events Calendar <= 7.21.9 - Information Exposure	LOW	*-7.21.9	7.22	June 30, 2026
youtube-simple-gallery	youtube-simple-gallery	N/A	YouTube Simple Gallery <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.0		June 30, 2026
wptouch	wptouch	N/A	WPtouch <= 4.3.60 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.3.60	4.3.61	June 30, 2026
wptools	wptools	N/A	WP Tools <= 5.24 - Cross-Site Request Forgery	LOW	*-5.24	5.25	June 30, 2026
wpdm-premium-packages	wpdm-premium-packages	N/A	Premium Packages <= 6.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-6.0.5	6.0.7	June 30, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software	wp-travel-engine	N/A	WP Travel Engine <= 6.5.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-6.5.1	6.5.2	June 30, 2026
wp-time-slots-booking-form	wp-time-slots-booking-form	N/A	WP Time Slots Booking Form <= 1.2.30 - Cross-Site Request Forgery	LOW	*-1.2.30	1.2.31	June 30, 2026
wp-ticketbai	wp-ticketbai	N/A	TicketBAI Facturas para WooCommerce <= 3.21 - Missing Authorization	LOW	*-3.21		June 30, 2026
wp-text-expander	wp-text-expander	N/A	WP Text Expander <= 1.0.1 - Authenticated (Administrator+) SQL Injection	LOW	*-1.0.1		June 30, 2026
wp-table-builder	wp-table-builder	N/A	WP Table Builder <= 2.0.6 - Cross-Site Request Forgery	LOW	*-2.0.6	2.0.7	June 30, 2026
wp-social-widget	wp-social-widget	N/A	WP Social Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3	2.3.1	June 30, 2026
wp-shopify	wp-shopify	N/A	WP Shopify <= 1.5.9 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.5.9	1.6.0	June 30, 2026
wp-security-master	wp-security-master	N/A	WP Security Master <= 1.0.2 - Cross-Site Request Forgery	LOW	*-1.0.2		June 30, 2026
wp-recall	wp-recall	N/A	WP-Recall <= 16.26.14 - Cross-Site Request Forgery	LOW	*-16.26.14		June 30, 2026
wp-post-corrector	wp-post-corrector	N/A	WP Post Corrector <= 1.0.2 - Authenticated (Administrator+) SQL Injection	LOW	*-1.0.2		June 30, 2026
wp-page-loading	wp-page-loading	N/A	WP Page Loading <= 1.0.6 - Cross-Site Request Forgery	LOW	*-1.0.6	1.0.7	June 30, 2026
wp-multilang	wp-multilang	N/A	WP Multilang <= 2.4.19 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.4.19	2.4.19.1	June 30, 2026
wp-media-file-type-manager	wp-media-file-type-manager	N/A	WP Media File Type Manager <= 2.3.0 - Cross-Site Request Forgery to Settings Update	LOW	*-2.3.0		June 30, 2026
wp-maintenance-mode-site-under-construction	wp-maintenance-mode-site-under-construction	N/A	WP Maintenance Mode & Site Under Construction <= 4.3 - Cross-Site Request Forgery	LOW	*-4.3	4.4	June 30, 2026
wp-mail-options	wp-mail-options	N/A	WP Mail Options <= 0.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.2.3		June 30, 2026
wp-freemind	wp-freemind	N/A	Freemind Viewer <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
wp-featured-content-slider	wp-featured-content-slider	N/A	WP Featured Content Slider <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.6		June 30, 2026
wp-crm-system	wp-crm-system	N/A	WP-CRM System <= 3.4.2 - Missing Authorization	LOW	*-3.4.2	3.4.3	June 30, 2026
wp-compress-mainwp	wp-compress-mainwp	N/A	WP Compress for MainWP <= 6.30.32 - Missing Authorization	LOW	*-6.30.32	6.50.05	June 30, 2026
wp-biographia	wp-biographia	N/A	WP Biographia <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.0.0		June 30, 2026
wp-autokeyword	wp-autokeyword	N/A	WP AutoKeyword <= 1.0 - Missing Authorization	LOW	*-1.0		June 30, 2026
wordpress-easy-allopass	wordpress-easy-allopass	N/A	Wp Easy Allopass <= 4.1.1 - Cross-Site Request Forgery	LOW	*-4.1.1		June 30, 2026
wordlift	wordlift	N/A	WordLift <= 3.54.4 - Missing Authorization	LOW	*-3.54.4	3.54.5	June 30, 2026
wordapp	wordapp	95	Wordapp <= 1.7.0 - Missing Authorization	LOW	*-1.7.0		June 30, 2026
woocommerce-delivery-notes	woocommerce-delivery-notes	N/A	Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross-Site Request Forgery	LOW	*-5.5.0	5.6.0	June 30, 2026
woocommerce-all-currencies	woocommerce-all-currencies	N/A	All Currencies for WooCommerce <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4.4	2.4.5	June 30, 2026
woo-direct-checkout-lite	woo-direct-checkout-lite	N/A	Direct Checkout for WooCommerce Lite <= 1.0.3 - Missing Authorization	LOW	*-1.0.3		June 30, 2026
widgetize-pages-light	widgetize-pages-light	N/A	Widgetize Pages Light <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.0		June 30, 2026
webtoffee-product-feed	webtoffee-product-feed	N/A	Product Feed for WooCommerce <= 2.2.8 - Missing Authorization	LOW	*-2.2.8	2.2.9	June 30, 2026
webhotelier	webhotelier	N/A	WebHotelier <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.9.2	1.10.0	June 30, 2026
wc-vendors	wc-vendors	N/A	WC Vendors Marketplace <= 2.5.6 - Authenticated (Administrator+) SQL Injection	LOW	*-2.5.6	2.5.7	June 30, 2026
viral-loops-wp-integration	viral-loops-wp-integration	N/A	Viral Loops WP Integration <= 3.8.1 - Missing Authorization	LOW	*-3.8.1		June 30, 2026
viral-loops-wp-integration	viral-loops-wp-integration	N/A	Viral Loops WP Integration <= 3.8.1 - Missing Authorization	LOW	*-3.8.1		June 30, 2026
video-embeds	video-embeds	N/A	Video Embeds <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1.1		June 30, 2026
verge3d	verge3d	N/A	Verge3D <= 4.9.4 - Missing Authorization	LOW	*-4.9.4	4.9.5	June 30, 2026
ultimate-wp-mail	ultimate-wp-mail	N/A	Ultimate WP Mail <= 1.3.5 - Missing Authorization	LOW	*-1.3.5	1.3.6	June 30, 2026
trinity-audio	trinity-audio	N/A	Trinity Audio <= 5.20.0 - Missing Authorization	LOW	*-5.20.0	5.20.1	June 30, 2026
themehunk-megamenu-plus	themehunk-megamenu-plus	N/A	ThemeHunk <= 1.2.0 - Missing Authorization	LOW	*-1.2.0	1.2.1	June 30, 2026
the-holiday-calendar	the-holiday-calendar	N/A	The Holiday Calendar <= 1.18.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.18.2.1		June 30, 2026
testimonials-showcase	testimonials-showcase	N/A	Testimonials Showcase <= 1.9.16 - Missing Authorization	LOW	*-1.9.16	1.9.18	June 30, 2026
team-showcase-cm	team-showcase-cm	N/A	Team Showcase < 25.05.13 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	LOW	[*, 25.05.13)	25.05.13	June 30, 2026
team-showcase-cm	team-showcase-cm	N/A	Team Showcase < 25.05.13 - Missing Authorization	LOW	[*, 25.05.13)	25.05.13	June 30, 2026
taskbuilder	taskbuilder	N/A	Taskbuilder <= 4.0.7 - Missing Authorization	LOW	*-4.0.7	4.0.8	June 30, 2026
subscriptions-renewal-reminders	subscriptions-renewal-reminders	N/A	Subscription Renewal Reminders for WooCommerce <= 1.4.1 - Cross-Site Request Forgery to Notice Dismissal	LOW	*-1.4.1	1.4.2	June 30, 2026
sola-support-tickets	sola-support-tickets	N/A	Sola Support Ticket <= 3.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion	LOW	*-3.18		June 30, 2026
socialmark	socialmark	N/A	SocialMark <= 2.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-2.0.7		June 30, 2026
sina-extension-for-elementor	sina-extension-for-elementor	N/A	Sina Extension for Elementor <= 3.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.6.1	3.7.0	June 30, 2026
simple-nested-menu	simple-nested-menu	N/A	Simple Nested Menu <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
simple-membership	simple-membership	N/A	Simple Membership <= 4.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.6.3	4.6.4	June 30, 2026
simple-keyword-to-link	simple-keyword-to-link	N/A	Simple Keyword to Link <= 1.5 - Cross-Site Request Forgery	LOW	*-1.5		June 30, 2026
simple-google-static-map	simple-google-static-map	N/A	Simple Google Static Map <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
shortlinkspro	shortlinkspro	N/A	ShortLinks Pro <= 1.0.7 - Authenticated (Administrator+) SQL Injection	LOW	*-1.0.7	1.0.8	June 30, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Shortcodes Ultimate <= 7.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-7.3.5	7.4.0	June 30, 2026
shiftnav-responsive-mobile-menu	shiftnav-responsive-mobile-menu	N/A	ShiftNav – Responsive Mobile Menu <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8	1.8.1	June 30, 2026
sepa-girocode	sepa-girocode	N/A	SEPA Girocode <= 0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.5.1		June 30, 2026
search-with-typesense	search-with-typesense	N/A	Search with Typesense <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.10	2.0.11	June 30, 2026
rometheme-for-elementor	rometheme-for-elementor	N/A	RTMKit Addons for Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6.0	1.6.1	June 30, 2026
responsive-flipbooks	responsive-flipbooks	N/A	Responsive Flipbooks <= 1.0 - Missing Authorization	LOW	*-1.0		June 30, 2026
responsify-wp	responsify-wp	N/A	Responsify WP <= 1.9.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.9.11		June 30, 2026
recent-posts-slider-responsive	recent-posts-slider-responsive	N/A	Recent Posts Slider Responsive <= 1.0.1 - Cross-Site Request Forgery	LOW	*-1.0.1		June 30, 2026
read-more-login	read-more-login	N/A	Read More Login <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.3		June 30, 2026
raychat	raychat	N/A	Raychat <= 2.1.0 - Missing Authorization	LOW	*-2.1.0	2.2.0	June 30, 2026
quick-event-calendar	quick-event-calendar	N/A	Quick Event Calendar <= 1.4.9 - Cross-Site Request Forgery	LOW	*-1.4.9		June 30, 2026
profile-builder	profile-builder	N/A	Profile Builder <= 3.13.8 - Unauthenticated Content Spoofing	LOW	*-3.13.8	3.13.9	June 30, 2026
powies-uptime-robot	powies-uptime-robot	N/A	Powie's Uptime Robot <= 0.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.9.7		June 30, 2026
post-type-x	post-type-x	N/A	Product Catalog Simple <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.1	1.8.2	June 30, 2026
post-custom-templates-lite	post-custom-templates-lite	N/A	Post Custom Templates Lite <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.14		June 30, 2026
post-author	post-author	N/A	Post Author <= 1.1.1 - Cross-Site Request Forgery	LOW	*-1.1.1		June 30, 2026
portfolio-manager-powered-by-behance	portfolio-manager-powered-by-behance	N/A	Behance Portfolio Manager <= 1.7.4 - Missing Authorization	LOW	*-1.7.4		June 30, 2026

LOW

profiler-what-slowing-down

Score: N/A Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

wp-map-block

Score: N/A WP Map Block <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

product-quantity-for-woocommerce

Score: N/A Min Max Step Quantity Limits Manager for WooCommerce <= 5.1.0 - Cross-Site Request Forgery Affected: *-5.1.0 Patched: 5.1.1 Updated: June 30, 2026

LOW

easy-fancybox

Score: 93/100 Firelight Lightbox <= 2.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.15 Patched: 2.3.16 Updated: June 30, 2026

LOW

civi-framework

Score: 93/100 Civi Framework <= 2.1.6.3 - Cross-Site Request Forgery Affected: *-2.1.6.3 Patched: 2.1.6.4 Updated: June 30, 2026

LOW

buddypress-docs

Score: 93/100 BuddyPress Docs <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Document Read/Update Affected: *-2.2.4 Patched: 2.2.5 Updated: June 30, 2026

LOW

audio-editor-recorder

Score: 93/100 Audio Editor & Recorder <= 2.2.1 - Missing Authorization Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026

LOW

domain-for-sale

Score: 93/100 Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter Affected: *-3.0.10 Patched: 3.0.11 Updated: June 30, 2026

LOW

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Score: 77/100 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode Affected: *-5.8.1 Patched: 5.8.2 Updated: June 30, 2026

LOW

stageshow

Score: N/A StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter Affected: *-10.0.3 Patched: Updated: June 30, 2026

LOW

devformatter

Score: 91/100 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS Affected: *-2015.0.2.1 Patched: Updated: June 30, 2026

LOW

paged-gallery

Score: N/A Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.7 Patched: Updated: June 30, 2026

LOW

runners-log

Score: N/A Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.9.2 Patched: Updated: June 30, 2026

LOW

wp-online-users-stats

Score: N/A WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

wp-online-users-stats

Score: N/A WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

wp-addpub

Score: N/A WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection Affected: *-1.2.8 Patched: Updated: June 30, 2026

LOW

cpt-ajax-load-more

Score: 91/100 WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-1.6.0 Patched: Updated: June 30, 2026

LOW

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot

hive-support

Score: 68/100 Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot

hive-support

Score: 68/100 Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

hide-it

Score: 91/100 Hide It <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

esv-bible-shortcode-for-wordpress

Score: 91/100 ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

bns-featured-category

Score: 91/100 BNS Featured Category <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.2 Patched: Updated: June 30, 2026

LOW

stop-spammer-registrations-plugin

Score: N/A Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions Affected: *-2024.7 Patched: 2025 Updated: June 30, 2026

LOW

wp-email-debug

Score: N/A WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset Affected: 1.0-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

knowledgebase

Score: 93/100 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026

LOW

modern-events-calendar-lite

Score: 93/100 Modern Events Calendar <= 7.21.9 - Information Exposure Affected: *-7.21.9 Patched: 7.22 Updated: June 30, 2026

LOW

youtube-simple-gallery

Score: N/A YouTube Simple Gallery <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: June 30, 2026

LOW

wptouch

Score: N/A WPtouch <= 4.3.60 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.3.60 Patched: 4.3.61 Updated: June 30, 2026

LOW

wptools

Score: N/A WP Tools <= 5.24 - Cross-Site Request Forgery Affected: *-5.24 Patched: 5.25 Updated: June 30, 2026

LOW

wpdm-premium-packages

Score: N/A Premium Packages <= 6.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.0.5 Patched: 6.0.7 Updated: June 30, 2026

LOW

WP Travel Engine – Tour Booking Plugin – Tour Operator Software

wp-travel-engine

Score: N/A WP Travel Engine <= 6.5.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-6.5.1 Patched: 6.5.2 Updated: June 30, 2026

LOW

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.2.30 - Cross-Site Request Forgery Affected: *-1.2.30 Patched: 1.2.31 Updated: June 30, 2026

LOW

wp-ticketbai

Score: N/A TicketBAI Facturas para WooCommerce <= 3.21 - Missing Authorization Affected: *-3.21 Patched: Updated: June 30, 2026

LOW

wp-text-expander

Score: N/A WP Text Expander <= 1.0.1 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

wp-table-builder

Score: N/A WP Table Builder <= 2.0.6 - Cross-Site Request Forgery Affected: *-2.0.6 Patched: 2.0.7 Updated: June 30, 2026

LOW

wp-social-widget

Score: N/A WP Social Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: 2.3.1 Updated: June 30, 2026

LOW

wp-shopify

Score: N/A WP Shopify <= 1.5.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.5.9 Patched: 1.6.0 Updated: June 30, 2026

LOW

wp-security-master

Score: N/A WP Security Master <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wp-recall

Score: N/A WP-Recall <= 16.26.14 - Cross-Site Request Forgery Affected: *-16.26.14 Patched: Updated: June 30, 2026

LOW

wp-post-corrector

Score: N/A WP Post Corrector <= 1.0.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

wp-page-loading

Score: N/A WP Page Loading <= 1.0.6 - Cross-Site Request Forgery Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026

LOW

wp-multilang

Score: N/A WP Multilang <= 2.4.19 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.4.19 Patched: 2.4.19.1 Updated: June 30, 2026

LOW

wp-media-file-type-manager

Score: N/A WP Media File Type Manager <= 2.3.0 - Cross-Site Request Forgery to Settings Update Affected: *-2.3.0 Patched: Updated: June 30, 2026

LOW

wp-maintenance-mode-site-under-construction

Score: N/A WP Maintenance Mode & Site Under Construction <= 4.3 - Cross-Site Request Forgery Affected: *-4.3 Patched: 4.4 Updated: June 30, 2026

LOW

wp-mail-options

Score: N/A WP Mail Options <= 0.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2.3 Patched: Updated: June 30, 2026

LOW

wp-freemind

Score: N/A Freemind Viewer <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-featured-content-slider

Score: N/A WP Featured Content Slider <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6 Patched: Updated: June 30, 2026

LOW

wp-crm-system

Score: N/A WP-CRM System <= 3.4.2 - Missing Authorization Affected: *-3.4.2 Patched: 3.4.3 Updated: June 30, 2026

LOW

wp-compress-mainwp

Score: N/A WP Compress for MainWP <= 6.30.32 - Missing Authorization Affected: *-6.30.32 Patched: 6.50.05 Updated: June 30, 2026

LOW

wp-biographia

Score: N/A WP Biographia <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.0 Patched: Updated: June 30, 2026

LOW

wp-autokeyword

Score: N/A WP AutoKeyword <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wordpress-easy-allopass

Score: N/A Wp Easy Allopass <= 4.1.1 - Cross-Site Request Forgery Affected: *-4.1.1 Patched: Updated: June 30, 2026

LOW

wordlift

Score: N/A WordLift <= 3.54.4 - Missing Authorization Affected: *-3.54.4 Patched: 3.54.5 Updated: June 30, 2026

LOW

wordapp

Score: 95/100 Wordapp <= 1.7.0 - Missing Authorization Affected: *-1.7.0 Patched: Updated: June 30, 2026

LOW

woocommerce-delivery-notes

Score: N/A Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross-Site Request Forgery Affected: *-5.5.0 Patched: 5.6.0 Updated: June 30, 2026

LOW

woocommerce-all-currencies

Score: N/A All Currencies for WooCommerce <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.4 Patched: 2.4.5 Updated: June 30, 2026

LOW

woo-direct-checkout-lite

Score: N/A Direct Checkout for WooCommerce Lite <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

widgetize-pages-light

Score: N/A Widgetize Pages Light <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: June 30, 2026

LOW

webtoffee-product-feed

Score: N/A Product Feed for WooCommerce <= 2.2.8 - Missing Authorization Affected: *-2.2.8 Patched: 2.2.9 Updated: June 30, 2026

LOW

webhotelier

Score: N/A WebHotelier <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.2 Patched: 1.10.0 Updated: June 30, 2026

LOW

wc-vendors

Score: N/A WC Vendors Marketplace <= 2.5.6 - Authenticated (Administrator+) SQL Injection Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

viral-loops-wp-integration

Score: N/A Viral Loops WP Integration <= 3.8.1 - Missing Authorization Affected: *-3.8.1 Patched: Updated: June 30, 2026

LOW

viral-loops-wp-integration

Score: N/A Viral Loops WP Integration <= 3.8.1 - Missing Authorization Affected: *-3.8.1 Patched: Updated: June 30, 2026

LOW

video-embeds

Score: N/A Video Embeds <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: June 30, 2026

LOW

verge3d

Score: N/A Verge3D <= 4.9.4 - Missing Authorization Affected: *-4.9.4 Patched: 4.9.5 Updated: June 30, 2026

LOW

ultimate-wp-mail

Score: N/A Ultimate WP Mail <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: 1.3.6 Updated: June 30, 2026

LOW

trinity-audio

Score: N/A Trinity Audio <= 5.20.0 - Missing Authorization Affected: *-5.20.0 Patched: 5.20.1 Updated: June 30, 2026

LOW

themehunk-megamenu-plus

Score: N/A ThemeHunk <= 1.2.0 - Missing Authorization Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

the-holiday-calendar

Score: N/A The Holiday Calendar <= 1.18.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.18.2.1 Patched: Updated: June 30, 2026

LOW

testimonials-showcase

Score: N/A Testimonials Showcase <= 1.9.16 - Missing Authorization Affected: *-1.9.16 Patched: 1.9.18 Updated: June 30, 2026

LOW

team-showcase-cm

Score: N/A Team Showcase < 25.05.13 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: [*, 25.05.13) Patched: 25.05.13 Updated: June 30, 2026

LOW

team-showcase-cm

Score: N/A Team Showcase < 25.05.13 - Missing Authorization Affected: [*, 25.05.13) Patched: 25.05.13 Updated: June 30, 2026

LOW

taskbuilder

Score: N/A Taskbuilder <= 4.0.7 - Missing Authorization Affected: *-4.0.7 Patched: 4.0.8 Updated: June 30, 2026

LOW

subscriptions-renewal-reminders

Score: N/A Subscription Renewal Reminders for WooCommerce <= 1.4.1 - Cross-Site Request Forgery to Notice Dismissal Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026

LOW

sola-support-tickets

Score: N/A Sola Support Ticket <= 3.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-3.18 Patched: Updated: June 30, 2026

LOW

socialmark

Score: N/A SocialMark <= 2.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-2.0.7 Patched: Updated: June 30, 2026

LOW

sina-extension-for-elementor

Score: N/A Sina Extension for Elementor <= 3.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.6.1 Patched: 3.7.0 Updated: June 30, 2026

LOW

simple-nested-menu

Score: N/A Simple Nested Menu <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

simple-membership

Score: N/A Simple Membership <= 4.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.6.3 Patched: 4.6.4 Updated: June 30, 2026

LOW

simple-keyword-to-link

Score: N/A Simple Keyword to Link <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

simple-google-static-map

Score: N/A Simple Google Static Map <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

shortlinkspro

Score: N/A ShortLinks Pro <= 1.0.7 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

shortcodes-ultimate

Score: N/A Shortcodes Ultimate <= 7.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.3.5 Patched: 7.4.0 Updated: June 30, 2026

LOW

shiftnav-responsive-mobile-menu

Score: N/A ShiftNav – Responsive Mobile Menu <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: 1.8.1 Updated: June 30, 2026

LOW

sepa-girocode

Score: N/A SEPA Girocode <= 0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.5.1 Patched: Updated: June 30, 2026

LOW

search-with-typesense

Score: N/A Search with Typesense <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.10 Patched: 2.0.11 Updated: June 30, 2026

LOW

rometheme-for-elementor

Score: N/A RTMKit Addons for Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.6.1 Updated: June 30, 2026

LOW

responsive-flipbooks

Score: N/A Responsive Flipbooks <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

responsify-wp

Score: N/A Responsify WP <= 1.9.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.9.11 Patched: Updated: June 30, 2026

LOW

recent-posts-slider-responsive

Score: N/A Recent Posts Slider Responsive <= 1.0.1 - Cross-Site Request Forgery Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

read-more-login

Score: N/A Read More Login <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: June 30, 2026

LOW

raychat

Score: N/A Raychat <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: 2.2.0 Updated: June 30, 2026

LOW

quick-event-calendar

Score: N/A Quick Event Calendar <= 1.4.9 - Cross-Site Request Forgery Affected: *-1.4.9 Patched: Updated: June 30, 2026

LOW

profile-builder

Score: N/A Profile Builder <= 3.13.8 - Unauthenticated Content Spoofing Affected: *-3.13.8 Patched: 3.13.9 Updated: June 30, 2026

LOW

powies-uptime-robot

Score: N/A Powie's Uptime Robot <= 0.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.9.7 Patched: Updated: June 30, 2026

LOW

post-type-x

Score: N/A Product Catalog Simple <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.1 Patched: 1.8.2 Updated: June 30, 2026

LOW

post-custom-templates-lite

Score: N/A Post Custom Templates Lite <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.14 Patched: Updated: June 30, 2026

LOW

post-author

Score: N/A Post Author <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: Updated: June 30, 2026

LOW

portfolio-manager-powered-by-behance

Score: N/A Behance Portfolio Manager <= 1.7.4 - Missing Authorization Affected: *-1.7.4 Patched: Updated: June 30, 2026

Showing 8401 to 8500 of 36296 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 16:03 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List