Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36306Across tracked plugins
Affected Plugins
92With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| agile-store-locator | agile-store-locator |
97
|
Store Locator WordPress <= 1.5.1 - Authenticated (Administrator+) SQL Injection | LOW | *-1.5.1 | 1.5.2 | June 30, 2026 | |
| advanced-post-list | advanced-post-list |
95
|
Advanced Post List <= 0.5.6.2 - Cross-Site Request Forgery | LOW | *-0.5.6.2 | June 30, 2026 | ||
| admin-note | admin-note |
95
|
Admin Notes <= 1.1 - Cross-Site Request Forgery | LOW | *-1.1 | June 30, 2026 | ||
| acf-yandex-maps-field | acf-yandex-maps-field |
95
|
ACF: Yandex Maps Field <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.1 | June 30, 2026 | ||
| abbie-expander | abbie-expander |
95
|
Abbie Expander <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.1 | June 30, 2026 | ||
| 6storage-rentals | 6storage-rentals |
92
|
6Storage Rentals <= 2.19.6 - Missing Authorization | LOW | *-2.19.6 | June 30, 2026 | ||
| 404-page | 404-page |
97
|
404 Page by SeedProd <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.0.1 | 1.0.2 | June 30, 2026 | |
| hypercomments | hypercomments |
89
|
HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update | LOW | *-1.2.2 | June 30, 2026 | ||
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
92
|
Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters | LOW | *-1.44.1 | 1.44.2 | June 30, 2026 | |
| wp-user-frontend-pro | wp-user-frontend-pro | N/A | WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion | LOW | *-4.1.3 | 4.1.4 | June 30, 2026 | |
| wp-user-frontend-pro | wp-user-frontend-pro | N/A | WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload | LOW | *-4.1.3 | 4.1.4 | June 30, 2026 | |
| wp-time-capsule | wp-time-capsule | N/A | Backup and Staging by WP Time Capsule <= 1.22.23 - Reflected Cross-Site Scripting | LOW | *-1.22.23 | 1.22.24 | June 30, 2026 | |
| wishlist | wishlist | N/A | Wishlist <= 2.1.0 - Reflected Cross-Site Scripting | LOW | *-2.1.0 | June 30, 2026 | ||
| spice-blocks | spice-blocks | N/A | Spice Blocks <= 2.0.7.4 - Unauthenticated Arbitrary File Download | LOW | *-2.0.7.4 | 2.0.7.5 | June 30, 2026 | |
| smart-wishlist-for-more-convert | smart-wishlist-for-more-convert | N/A | MC Woocommerce Wishlist <= 1.9.1 - Reflected Cross-Site Scripting | LOW | *-1.9.1 | 1.9.2 | June 30, 2026 | |
| iwjob | iwjob |
89
|
InWave Jobs <= 3.5.8 - Missing Authorization | LOW | *-3.5.8 | June 30, 2026 | ||
| icegram-rainmaker | icegram-rainmaker |
93
|
Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Missing Authorization | LOW | *-1.3.18 | 1.3.19 | June 30, 2026 | |
| elfsight-contact-form | elfsight-contact-form |
91
|
elfsight Contact Form widget <= 2.3.1 - Unauthenticated Information Exposure | LOW | *-2.3.1 | June 30, 2026 | ||
| dc-woocommerce-multi-vendor | dc-woocommerce-multi-vendor |
93
|
MultiVendorX <= 4.2.22 - Unauthenticated Information Exposure | LOW | *-4.2.22 | 4.2.23 | June 30, 2026 | |
| a-team-showcase | a-team-showcase |
95
|
Team Builder <= 1.5.7 - Missing Authorization | LOW | *-1.5.7 | June 30, 2026 | ||
| sunshine-photo-cart | sunshine-photo-cart | N/A | Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation | LOW | *-3.4.11 | 3.4.12 | June 30, 2026 | |
| wp-easy-contact | wp-easy-contact | N/A | Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.0.0 | 4.0.1 | June 30, 2026 | |
| woofilter-pro | woofilter-pro | N/A | Product Filter Pro < 2.9.6 - Unauthenticated SQL Injection | LOW | [*, 2.9.6) | 2.9.6 | June 30, 2026 | |
| woocommerce-ultimate-gift-card | woocommerce-ultimate-gift-card | N/A | WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates <= 2.9.6 - Unauthenticated SQL Injection | LOW | *-2.9.6 | 2.9.7 | June 30, 2026 | |
| woocommerce-photo-reviews | woocommerce-photo-reviews | N/A | WooCommerce Photo Reviews - Review Reminders - Review for Discounts <= 1.3.13 - Reflected Cross-Site Scripting | LOW | *-1.3.13 | June 30, 2026 | ||
| wc-myparcel-belgium | wc-myparcel-belgium | N/A | WC MyParcel Belgium <= 4.5.5-beta - Reflected Cross-Site Scripting | LOW | * - 4.5.5-beta | 4.5.6 | June 30, 2026 | |
| usc-e-shop | usc-e-shop | N/A | Welcart e-Commerce <= 2.11.13 - Authenticated (Editor+) Arbitrary File Deletion | LOW | *-2.11.13 | 2.11.14 | June 30, 2026 | |
| stm-motors-events | stm-motors-events | N/A | Motors - Events <= 1.4.7 - Unauthenticated Local File Inclusion | LOW | *-1.4.7 | June 30, 2026 | ||
| seofy-core | seofy-core | N/A | Seofy Core <= 1.6.8 - Unauthenticated Local File Inclusion | LOW | *-1.6.8 | 1.6.11 | June 30, 2026 | |
| revolution_video_player | revolution_video_player | N/A | Revolution Video Player <= 2.9.2 - Reflected Cross-Site Scripting | LOW | *-2.9.2 | June 30, 2026 | ||
| recover-wc-abandoned-cart | recover-wc-abandoned-cart | N/A | Recover abandoned cart for WooCommerce <= 2.5 - Unauthenticated SQL Injection | LOW | *-2.5 | June 30, 2026 | ||
| nasa-core | nasa-core | N/A | Nasa Core < 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | [*, 6.4.1) | 6.4.1 | June 30, 2026 | |
| mystyle-custom-product-designer | mystyle-custom-product-designer | N/A | MyStyle Custom Product Designer <= 3.21.1 - Unauthenticated SQL Injection | LOW | *-3.21.1 | 3.21.2 | June 30, 2026 | |
| multi-crypto-currency-payment | multi-crypto-currency-payment | N/A | Multi CryptoCurrency Payments <= 2.0.3 - Unauthenticated SQL Injection | LOW | *-2.0.3 | June 30, 2026 | ||
| leadcapture | leadcapture |
93
|
WP Lead Capturing Pages < 2.6 - Unauthenticated SQL Injection | LOW | [*, 2.6) | 2.6 | June 30, 2026 | |
| lbg-audio8-html5-radio_ads | lbg-audio8-html5-radio_ads |
89
|
SHOUT <= 3.5.3 - Reflected Cross-Site Scripting | LOW | *-3.5.3 | June 30, 2026 | ||
| lbg-audio5-html5-shoutcast_sticky | lbg-audio5-html5-shoutcast_sticky |
89
|
Sticky Radio Player <= 3.4 - Reflected Cross-Site Scripting | LOW | *-3.4 | June 30, 2026 | ||
| excel-like-price-change-for-woocommerce-and-wp-e-commerce-light | excel-like-price-change-for-woocommerce-and-wp-e-commerce-light |
85
|
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated SQL Injection | LOW | *-2.4.37 | June 30, 2026 | ||
| employee-directory | employee-directory |
91
|
Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.5.0 | 4.5.1 | June 30, 2026 | |
| elementor_widget_universal_video_player | elementor_widget_universal_video_player |
91
|
Universal Video Player <= 1.4.0 - Reflected Cross-Site Scripting | LOW | *-1.4.0 | June 30, 2026 | ||
| dzs-zoomsounds | dzs-zoomsounds |
83
|
ZoomSounds <= 6.91 - Reflected Cross-Site Scripting | LOW | *-6.91 | June 30, 2026 | ||
| church-management | church-management |
86
|
WPCHURCH <= 2.7.0 - Unauthenticated SQL Injection | LOW | *-2.7.0 | June 30, 2026 | ||
| category-icon | category-icon |
93
|
Category Icon <= 1.0.1 - Authenticated (Author+) XML External Entity Injection | LOW | *-1.0.1 | 1.0.2 | June 30, 2026 | |
| campus-directory | campus-directory |
93
|
Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9.0 | 1.9.1 | June 30, 2026 | |
| music-player-for-elementor | music-player-for-elementor | N/A | Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter | LOW | *-2.4.6 | 2.4.7 | June 30, 2026 | |
| Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | popup-maker | N/A | Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter | LOW | *-1.20.4 | 1.20.5 | June 30, 2026 | |
| profile-builder | profile-builder | N/A | Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes | LOW | *-3.13.8 | 3.13.9 | June 30, 2026 | |
| Shared Files – Frontend File Upload Form & Secure File Sharing | shared-files |
78
|
Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function | LOW | *-1.7.48 | 1.7.49 | June 30, 2026 | |
| vayu-blocks | vayu-blocks | N/A | Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter | LOW | *-1.3.1 | 1.3.2 | June 30, 2026 | |
| file-manager | file-manager |
93
|
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads | LOW | *-6.7 | 6.8 | June 30, 2026 | |
| wp-plugin-info-card | wp-plugin-info-card | N/A | WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter | LOW | *-5.3.1 | 5.4.0 | June 30, 2026 | |
| woo-gift-cards-lite | woo-gift-cards-lite | N/A | Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function | LOW | *-3.1.4 | 3.1.5 | June 30, 2026 | |
| Broken Link Checker | broken-link-checker |
68
|
Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View | LOW | *-2.4.4 | 2.4.5 | June 30, 2026 | |
| comments-import-export-woocommerce | comments-import-export-woocommerce |
93
|
WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-2.4.3 | 2.4.4 | June 30, 2026 | |
| wpforo-advanced-attachments | wpforo-advanced-attachments | N/A | wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting | LOW | *-3.1.3 | 3.2.0 | June 30, 2026 | |
| uncanny-automator | uncanny-automator | N/A | Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.4.0.2 - Missing Authorization | LOW | *-6.4.0.2 | 6.5.0 | June 30, 2026 | |
| ocean-extra | ocean-extra | N/A | Ocean Extra <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.4.8 | 2.4.9 | June 30, 2026 | |
| ninja-tables | ninja-tables | N/A | Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution | LOW | *-5.0.18 | 5.0.19 | June 30, 2026 | |
| contact-forms | contact-forms |
93
|
Contact Forms by Cimatti Plugin <= 1.9.8 - Cross-Site Request Forgery | LOW | *-1.9.8 | 1.9.9 | June 30, 2026 | |
| wp-file-download | wp-file-download | N/A | WP File Download <= 6.2.5 - Reflected Cross-Site Scripting | LOW | *-6.2.5 | 6.2.6 | June 30, 2026 | |
| easync-booking | easync-booking |
93
|
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure | LOW | *-1.3.21 | 1.3.22 | June 30, 2026 | |
| psw-login-and-registration | psw-login-and-registration | N/A | PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function | LOW | *-1.12 | June 30, 2026 | ||
| daisycon | daisycon |
93
|
Daisycon prijsvergelijkers <= 4.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.9.0 | 5.0.0 | June 30, 2026 | |
| offsprout-page-builder | offsprout-page-builder | N/A | Offsprout Page Builder 2.2.1 - 2.15.2 - Authenticated (Contributor+) Privilege Escalation via permission_callback Function | LOW | 2.2.1-2.15.2 | June 30, 2026 | ||
| profitori | profitori | N/A | Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint | LOW | 2.0.6.0-2.1.1.3 | June 30, 2026 | ||
| fastspring | fastspring |
91
|
FastSpring <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.0.1 | June 30, 2026 | ||
| product-subtitle-for-woocommerce | product-subtitle-for-woocommerce | N/A | Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter | LOW | *-1.3.9 | 1.4.0 | June 30, 2026 | |
| wp-geometa | wp-geometa | N/A | WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function | LOW | 0.3.4-0.3.5 | June 30, 2026 | ||
| relevanssi-premium | relevanssi-premium | N/A | Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights | LOW | *-2.27.6 | 2.27.7 | June 30, 2026 | |
| relevanssi | relevanssi | N/A | Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights | LOW | *-4.24.5 | 4.24.6 | June 30, 2026 | |
| wp-pipes | wp-pipes | N/A | WP Pipes <= 1.4.2 - Unauthenticated Arbitrary File Deletion | LOW | *-1.4.2 | 1.4.3 | June 30, 2026 | |
| wp-guppy | wp-guppy | N/A | WP Guppy <= 4.3.3 - Authenticated (Subscriber+) SQL Injection | LOW | *-4.3.3 | June 30, 2026 | ||
| woocommerce-orders-customers-exporter | woocommerce-orders-customers-exporter | N/A | WooCommerce Orders & Customers Exporter <= 5.0 - Authenticated (Subscriber+) Information Exposure | LOW | *-5.0 | June 30, 2026 | ||
| woo-slider-pro-drag-drop-slider-builder-for-woocommerce | woo-slider-pro-drag-drop-slider-builder-for-woocommerce | N/A | Woo Slider Pro <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion | LOW | *-1.12 | June 30, 2026 | ||
| woo-producttables-pro | woo-producttables-pro | N/A | WBW Product Table PRO <= 2.2.6 - Unauthenticated SQL Injection | LOW | *-2.2.6 | 2.2.7 | June 30, 2026 | |
| wishlist | wishlist | N/A | Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.43 | 1.0.44 | June 30, 2026 | |
| widgetkit-for-elementor | widgetkit-for-elementor | N/A | WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.5.4 | 2.5.5 | June 30, 2026 | |
| the-plus-addons-for-elementor-page-builder | the-plus-addons-for-elementor-page-builder | N/A | The Plus Addons for Elementor Page Builder Lite <= 6.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.2.7 | 6.2.8 | June 30, 2026 | |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.7.1020 | 1.7.1021 | June 30, 2026 | |
| real-time-validation-for-gravity-forms | real-time-validation-for-gravity-forms | N/A | Real Time Validation for Gravity Forms <= 1.7.0 - Reflected Cross-Site Scripting | LOW | *-1.7.0 | June 30, 2026 | ||
| real-time-validation-for-gravity-forms | real-time-validation-for-gravity-forms | N/A | Real Time Validation for Gravity Forms <= 1.7.0 - Cross-Site Request Forgery | LOW | *-1.7.0 | June 30, 2026 | ||
| real-time-validation-for-gravity-forms | real-time-validation-for-gravity-forms | N/A | Real Time Validation for Gravity Forms <= 1.7.0 - Unauthenticated Local File Inclusion | LOW | *-1.7.0 | June 30, 2026 | ||
| newsletters-lite | newsletters-lite | N/A | Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion | LOW | *-4.9.9.9 | 4.10 | June 30, 2026 | |
| maxi-blocks | maxi-blocks |
93
|
MaxiBlocks <= 2.1.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | LOW | *-2.1.0 | 2.1.1 | June 30, 2026 | |
| history-log-by-click5 | history-log-by-click5 |
89
|
History Log by click5 <= 1.0.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-1.0.13 | June 30, 2026 | ||
| excel-like-price-change-for-woocommerce-and-wp-e-commerce-light | excel-like-price-change-for-woocommerce-and-wp-e-commerce-light |
85
|
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Arbitrary File Download | LOW | *-2.4.37 | June 30, 2026 | ||
| discount-and-dynamic-pricing | discount-and-dynamic-pricing |
93
|
Dynamic Pricing and Discount Rules <= 2.2.9 - Cross-Site Request Forgery | LOW | *-2.2.9 | 2.3.0 | June 30, 2026 | |
| dd-post-carousel | dd-post-carousel |
93
|
Custom Post Carousels with Owl <= 1.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4.11 | 1.4.12 | June 30, 2026 | |
| church-management | church-management |
86
|
WPCHURCH <= 2.7.0 - Authenticated (Subscriber+) Privilege Escalation | LOW | *-2.7.0 | June 30, 2026 | ||
| borderless | borderless |
93
|
Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.7.1 | 1.7.2 | June 30, 2026 | |
| blog-designer-pro | blog-designer-pro |
86
|
Blog Designer PRO for WordPress <= 3.4.7 - Reflected Cross-Site Scripting | LOW | *-3.4.7 | June 30, 2026 | ||
| bdthemes-element-pack-lite | bdthemes-element-pack-lite |
93
|
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | LOW | *-5.11.2 | 5.11.3 | June 30, 2026 | |
| affs | affs |
97
|
SUMO Affiliates Pro < 11.1.0 - Unauthenticated Arbitrary File Upload | LOW | [*, 11.1.0) | 11.1.0 | June 30, 2026 | |
| lastudio-element-kit | lastudio-element-kit |
93
|
LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets | LOW | *-1.5.2 | 1.5.3 | June 30, 2026 | |
| woo-slider-pro-drag-drop-slider-builder-for-woocommerce | woo-slider-pro-drag-drop-slider-builder-for-woocommerce | N/A | Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | LOW | *-1.12 | June 30, 2026 | ||
| opensheetmusicdisplay | opensheetmusicdisplay | N/A | OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter | LOW | *-1.4.0 | 1.4.1 | June 30, 2026 | |
| simple-page-access-restriction | simple-page-access-restriction | N/A | Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters | LOW | *-1.0.31 | 1.0.32 | June 30, 2026 | |
| featured-image-plus | featured-image-plus |
93
|
Featured Image Plus <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Featured Image Update | LOW | *-1.6.4 | 1.6.6 | June 30, 2026 | |
| ninjateam-telegram | ninjateam-telegram | N/A | NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter | LOW | *-1.1 | 1.2 | June 30, 2026 | |
| lastudio-element-kit | lastudio-element-kit |
93
|
LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter | LOW | *-1.5.2 | 1.5.3 | June 30, 2026 |
LOW
agile-store-locator
agile-store-locator
LOW
advanced-post-list
advanced-post-list
LOW
admin-note
admin-note
LOW
acf-yandex-maps-field
acf-yandex-maps-field
LOW
abbie-expander
abbie-expander
LOW
6storage-rentals
6storage-rentals
LOW
404-page
404-page
LOW
hypercomments
hypercomments
LOW
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator
LOW
wp-user-frontend-pro
wp-user-frontend-pro
LOW
wp-user-frontend-pro
wp-user-frontend-pro
LOW
wp-time-capsule
wp-time-capsule
LOW
wishlist
wishlist
LOW
spice-blocks
spice-blocks
LOW
smart-wishlist-for-more-convert
smart-wishlist-for-more-convert
LOW
iwjob
iwjob
LOW
icegram-rainmaker
icegram-rainmaker
LOW
elfsight-contact-form
elfsight-contact-form
LOW
dc-woocommerce-multi-vendor
dc-woocommerce-multi-vendor
LOW
a-team-showcase
a-team-showcase
LOW
sunshine-photo-cart
sunshine-photo-cart
LOW
wp-easy-contact
wp-easy-contact
LOW
woofilter-pro
woofilter-pro
LOW
woocommerce-ultimate-gift-card
woocommerce-ultimate-gift-card
LOW
woocommerce-photo-reviews
woocommerce-photo-reviews
LOW
wc-myparcel-belgium
wc-myparcel-belgium
LOW
usc-e-shop
usc-e-shop
LOW
stm-motors-events
stm-motors-events
LOW
seofy-core
seofy-core
LOW
revolution_video_player
revolution_video_player
LOW
recover-wc-abandoned-cart
recover-wc-abandoned-cart
LOW
nasa-core
nasa-core
LOW
mystyle-custom-product-designer
mystyle-custom-product-designer
LOW
multi-crypto-currency-payment
multi-crypto-currency-payment
LOW
leadcapture
leadcapture
LOW
lbg-audio8-html5-radio_ads
lbg-audio8-html5-radio_ads
LOW
lbg-audio5-html5-shoutcast_sticky
lbg-audio5-html5-shoutcast_sticky
LOW
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
LOW
employee-directory
employee-directory
LOW
elementor_widget_universal_video_player
elementor_widget_universal_video_player
LOW
dzs-zoomsounds
dzs-zoomsounds
LOW
church-management
church-management
LOW
category-icon
category-icon
LOW
campus-directory
campus-directory
LOW
music-player-for-elementor
music-player-for-elementor
LOW
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder
popup-maker
LOW
profile-builder
profile-builder
LOW
Shared Files – Frontend File Upload Form & Secure File Sharing
shared-files
LOW
vayu-blocks
vayu-blocks
LOW
file-manager
file-manager
LOW
wp-plugin-info-card
wp-plugin-info-card
LOW
woo-gift-cards-lite
woo-gift-cards-lite
LOW
Broken Link Checker
broken-link-checker
LOW
comments-import-export-woocommerce
comments-import-export-woocommerce
LOW
wpforo-advanced-attachments
wpforo-advanced-attachments
LOW
uncanny-automator
uncanny-automator
LOW
ocean-extra
ocean-extra
LOW
ninja-tables
ninja-tables
LOW
contact-forms
contact-forms
LOW
wp-file-download
wp-file-download
LOW
easync-booking
easync-booking
LOW
psw-login-and-registration
psw-login-and-registration
LOW
daisycon
daisycon
LOW
offsprout-page-builder
offsprout-page-builder
LOW
profitori
profitori
LOW
fastspring
fastspring
LOW
product-subtitle-for-woocommerce
product-subtitle-for-woocommerce
LOW
wp-geometa
wp-geometa
LOW
relevanssi-premium
relevanssi-premium
LOW
relevanssi
relevanssi
LOW
wp-pipes
wp-pipes
LOW
wp-guppy
wp-guppy
LOW
woocommerce-orders-customers-exporter
woocommerce-orders-customers-exporter
LOW
woo-slider-pro-drag-drop-slider-builder-for-woocommerce
woo-slider-pro-drag-drop-slider-builder-for-woocommerce
LOW
woo-producttables-pro
woo-producttables-pro
LOW
wishlist
wishlist
LOW
widgetkit-for-elementor
widgetkit-for-elementor
LOW
the-plus-addons-for-elementor-page-builder
the-plus-addons-for-elementor-page-builder
LOW
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
LOW
real-time-validation-for-gravity-forms
real-time-validation-for-gravity-forms
LOW
real-time-validation-for-gravity-forms
real-time-validation-for-gravity-forms
LOW
real-time-validation-for-gravity-forms
real-time-validation-for-gravity-forms
LOW
newsletters-lite
newsletters-lite
LOW
maxi-blocks
maxi-blocks
LOW
history-log-by-click5
history-log-by-click5
LOW
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
LOW
discount-and-dynamic-pricing
discount-and-dynamic-pricing
LOW
dd-post-carousel
dd-post-carousel
LOW
church-management
church-management
LOW
borderless
borderless
LOW
blog-designer-pro
blog-designer-pro
LOW
bdthemes-element-pack-lite
bdthemes-element-pack-lite
LOW
affs
affs
LOW
lastudio-element-kit
lastudio-element-kit
LOW
woo-slider-pro-drag-drop-slider-builder-for-woocommerce
woo-slider-pro-drag-drop-slider-builder-for-woocommerce
LOW
opensheetmusicdisplay
opensheetmusicdisplay
LOW
simple-page-access-restriction
simple-page-access-restriction
LOW
featured-image-plus
featured-image-plus
LOW
ninjateam-telegram
ninjateam-telegram
LOW
lastudio-element-kit
lastudio-element-kit
Showing 8601 to 8700 of 36306 results
Important: Review Required
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: June 30, 2026 at 18:25 UTC.