Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36313

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
theplus_elementor_addon theplus_elementor_addon N/A The Plus Addons for Elementor Pro <= 6.3.6 - Missing Authorization LOW *-6.3.6 6.3.7 June 30, 2026
school-management school-management N/A School Management <= 92.0.0 - Reflected Cross-Site Scripting LOW *-92.0.0 June 30, 2026
school-management school-management N/A School Management <= 92.0.0 - Authenticated (Subscriber+) SQL Injection LOW *-92.0.0 June 30, 2026
inprosysmedia-likes-dislikes-post inprosysmedia-likes-dislikes-post
89
 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection LOW *-1.0.0 June 30, 2026
hospital-management hospital-management
83
 Hospital Management System <= 47.0(20-11-2023) - Authenticated (Subscriber+) Arbitrary File Upload LOW * - 47.0(20-11-2023) June 30, 2026
gdlr-hotel gdlr-hotel
87
 Goodlayers Hotel <= 3.1.4 - Unauthenticated PHP Object Injection LOW *-3.1.4 June 30, 2026
gdlr-hotel gdlr-hotel
87
 Goodlayers Hotel <= 3.1.4 - Reflected Cross-Site Scripting LOW *-3.1.4 June 30, 2026
gdlr-hostel gdlr-hostel
87
 Goodlayers Hostel <= 3.1.2 - Unauthenticated PHP Object Injection LOW *-3.1.2 June 30, 2026
gdlr-hostel gdlr-hostel
87
 Goodlayers Hostel <= 3.1.2 - Reflected Cross-Site Scripting LOW *-3.1.2 June 30, 2026
formularios-de-contacto-salesup formularios-de-contacto-salesup
91
 Formulario de contacto SalesUp! <= 1.0.14 - Reflected Cross-Site Scripting LOW *-1.0.14 June 30, 2026
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
85
 Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Privilege Escalation LOW *-2.4.37 June 30, 2026
dzs-zoomsounds dzs-zoomsounds
83
 ZoomSounds <= 6.91 - Unauthenticated PHP Object Injection LOW *-6.91 June 30, 2026
dzs-videogallery dzs-videogallery
91
 DZS Video Gallery <= 12.39 - Unauthenticated PHP Object Injection LOW *-12.39 12.40 June 30, 2026
church-management church-management
86
 WPCHURCH <= 2.7.0 - Reflected Cross-Site Scripting LOW *-2.7.0 June 30, 2026
ymm-search ymm-search N/A Year Make Model Search for WooCommerce <= 1.0.11 - Cross-Site Request Forgery LOW *-1.0.11 1.0.12 June 30, 2026
xpro-addons-beaver-builder-elementor xpro-addons-beaver-builder-elementor N/A Xpro Addons For Beaver Builder – Lite <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.5 1.5.6 June 30, 2026
wpadverts wpadverts N/A WPAdverts <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.3 2.2.4 June 30, 2026
WP User Manager – User Profile Builder & Membership wp-user-manager
83
 User Manager <= 2.9.12 - Authenticated (Subscriber+) PHP Object Injection LOW *-2.9.12 2.9.13 June 30, 2026
wp-mapa-politico-spain wp-mapa-politico-spain N/A WP Mapa Politico España <= 3.8.0 - Cross-Site Request Forgery LOW *-3.8.0 3.8.1 June 30, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.3.2 - Unauthenticated Insecure Direct Object Reference LOW *-2.3.2 2.3.3 June 30, 2026
wp-image-mask wp-image-mask N/A WP Image Mask <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.2 3.1.3 June 30, 2026
woocommerce-for-japan woocommerce-for-japan N/A Japanized For WooCommerce <= 2.6.40 - Cross-Site Request Forgery LOW *-2.6.40 2.6.41 June 30, 2026
woo-dynamic-pricing-discounts-lite woo-dynamic-pricing-discounts-lite N/A Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross-Site Request Forgery LOW *-2.0.3 June 30, 2026
wish-list-for-woocommerce wish-list-for-woocommerce N/A Wishlist for WooCommerce <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.2 3.2.3 June 30, 2026
visualcomposer visualcomposer N/A Visual Composer Website Builder <= 45.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-45.11.0 45.12.0 June 30, 2026
videowhisper-live-streaming-integration videowhisper-live-streaming-integration N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.2.4 - Cross-Site Request Forgery LOW *-6.2.4 6.2.5 June 30, 2026
user-profile-meta user-profile-meta N/A User Profile Meta Manager <= 1.02 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.02 June 30, 2026
url-rewrite-analyzer url-rewrite-analyzer N/A Url Rewrite Analyzer <= 1.3.3 - Missing Authorization LOW *-1.3.3 1.3.4 June 30, 2026
url-coupons-for-woocommerce-by-algoritmika url-coupons-for-woocommerce-by-algoritmika N/A Coupons & Add to Cart by URL Links for WooCommerce <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.7 1.7.8 June 30, 2026
ultimate-blocks ultimate-blocks N/A Ultimate Blocks <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.0 3.3.1 June 30, 2026
The Events Calendar the-events-calendar N/A The Events Calendar <= 6.11.2.1 - Missing Authorization LOW *-6.11.2.1 6.12.0 June 30, 2026
skt-blocks skt-blocks N/A SKT Blocks <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2 2.3 June 30, 2026
simplelightbox simplelightbox N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library LOW *-2.14.4 June 30, 2026
rsvpmaker rsvpmaker N/A RSVPMarker <= 11.5.6 - Authenticated (Contributor+) SQL Injection LOW *-11.5.6 11.5.7 June 30, 2026
rootspersona rootspersona N/A Rootspersona <= 3.7.5 - Missing Authorization LOW *-3.7.5 June 30, 2026
rootspersona rootspersona N/A Rootspersona <= 3.7.5 - Cross-Site Request Forgery LOW *-3.7.5 June 30, 2026
recaptcha-for-all recaptcha-for-all N/A reCAPTCHA for all <= 2.26 - Cross-Site Request Forgery LOW *-2.26 2.27 June 30, 2026
projectopia-core projectopia-core N/A Projectopia <= 5.1.17 - Missing Authorization LOW *-5.1.17 5.1.18 June 30, 2026
profit-products-tables-for-woocommerce profit-products-tables-for-woocommerce N/A Active Products Tables for WooCommerce <= 1.0.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6.8 1.0.6.9 June 30, 2026
product-notes-for-woocommerce product-notes-for-woocommerce N/A Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.0 3.1.1 June 30, 2026
product-code-for-woocommerce product-code-for-woocommerce N/A Product Code for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Database Update LOW *-1.5.0 1.5.1 June 30, 2026
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin pretty-link N/A Shortlinks by Pretty Links <= 3.6.15 - Missing Authorization LOW *-3.6.15 3.6.16 June 30, 2026
ninja-gdpr-compliance ninja-gdpr-compliance N/A GDPR CCPA Compliance Support <= 2.7.3 - Missing Authorization LOW *-2.7.3 2.7.4 June 30, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
66
 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library LOW *-3.59.4 3.59.5 June 30, 2026
newsletter newsletter N/A Newsletter <= 8.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-8.8.4 8.8.5 June 30, 2026
newsletter newsletter N/A Newsletter <= 8.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-8.8.4 8.8.5 June 30, 2026
majestic-support majestic-support
93
 Majestic Support <= 1.1.0 - Missing Authorization LOW *-1.1.0 1.1.1 June 30, 2026
legal-pages legal-pages
93
 Legal Pages <= 1.4.5 - Missing Authorization LOW *-1.4.5 1.4.6 June 30, 2026
import-facebook-events import-facebook-events
93
 Import Social Events <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.5 1.8.6 June 30, 2026
global-shop-discount-for-woocommerce global-shop-discount-for-woocommerce
93
 Sitewide Discount for WooCommerce: Apply Discount to All Products <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 2.2.2 June 30, 2026
getwid-megamenu getwid-megamenu
93
 Mega Menu Block <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 June 30, 2026
form-maker form-maker
93
 Form Maker by 10Web <= 1.15.33 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.15.33 1.15.34 June 30, 2026
falang falang
93
 Falang multilanguage <= 1.3.61 - Cross-Site Request Forgery LOW *-1.3.61 1.3.62 June 30, 2026
exclusive-addons-for-elementor exclusive-addons-for-elementor
93
 Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.7.9 2.7.9.1 June 30, 2026
embed-and-integrate-etsy-shop embed-and-integrate-etsy-shop
91
 Embed and Integrate Etsy Shop <= 1.0.4 - Missing Authorization LOW *-1.0.4 June 30, 2026
elementinvader-addons-for-elementor elementinvader-addons-for-elementor
93
 ElementInvader Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.5 1.3.6 June 30, 2026
ean-for-woocommerce ean-for-woocommerce
93
 EAN for WooCommerce <= 5.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.4.6 5.4.7 June 30, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
 MultiVendorX <= 4.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.22 4.2.23 June 30, 2026
custom-emails-for-woocommerce custom-emails-for-woocommerce
93
 Additional Custom Emails & Recipients for WooCommerce <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.5.1 3.5.2 June 30, 2026
cost-of-goods-for-woocommerce cost-of-goods-for-woocommerce
93
 Cost of Goods for WooCommerce <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.7.0 3.7.1 June 30, 2026
cost-calculator-builder cost-calculator-builder
93
 Cost Calculator Builder <= 3.2.74 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.2.74 3.5.0 June 30, 2026
bunnycdn bunnycdn
93
 bunny.net <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.0 2.3.1 June 30, 2026
bot-for-telegram-on-woocommerce bot-for-telegram-on-woocommerce
91
 Bot for Telegram on WooCommerce <= 1.2.6 - Missing Authorization LOW *-1.2.6 1.2.7 June 30, 2026
back-button-widget back-button-widget
93
 Back Button Widget <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.8 1.7.0 June 30, 2026
awcode-toolkit awcode-toolkit
93
 AWcode Toolkit <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.18 1.0.19 June 30, 2026
automatorwp automatorwp
93
 AutomatorWP <= 5.2.1.3 - Authenticated (Administrator+) SQL Injection LOW *-5.2.1.3 5.2.2 June 30, 2026
amount-left-free-shipping-woocommerce amount-left-free-shipping-woocommerce
97
 Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.6 2.4.7 June 30, 2026
affiliates-manager-google-recaptcha-integration affiliates-manager-google-recaptcha-integration
97
 Affiliates Manager Google reCAPTCHA Integration <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 June 30, 2026
add-to-cart-button-labels-for-woocommerce add-to-cart-button-labels-for-woocommerce
97
 Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.2 2.2.3 June 30, 2026
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic all-in-one-seo-pack
88
 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL LOW *-4.8.1.1 4.8.2 June 30, 2026
bux-woocommerce bux-woocommerce
91
 Bux Woocommerce <= 1.2.3 - Missing Authorization LOW *-1.2.3 June 30, 2026
bold-page-builder bold-page-builder
86
 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter LOW *-5.3.5 5.3.6 June 30, 2026
Booking Calendar booking
71
 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode LOW *-10.11.1 10.11.2 June 30, 2026
wp-members wp-members N/A WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode LOW *-3.5.2 3.5.3 June 30, 2026
wpbot-pro wpbot-pro N/A WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-13.6.2 13.7.0 June 30, 2026
crawlomatic-multipage-scraper-post-generator crawlomatic-multipage-scraper-post-generator
93
 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload LOW *-2.6.8.1 2.6.8.2 June 30, 2026
rss-feed-post-generator-echo rss-feed-post-generator-echo N/A Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload LOW *-5.4.8.1 5.4.8.2 June 30, 2026
x-addons-elementor x-addons-elementor N/A X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.16 1.0.17 June 30, 2026
wpeventplus wpeventplus N/A WordPress Events Calendar Registration & Tickets <= 2.6.0 - Unauthenticated PHP Object Injection LOW *-2.6.0 June 30, 2026
wpc-product-options wpc-product-options N/A WPC Product Options for WooCommerce < 3.1.3 - Authenticated (Subscriber+) Local File Inclusion LOW [*, 3.1.3) 3.1.3 June 30, 2026
wp-pinterest-automatic wp-pinterest-automatic N/A Pinterest Automatic Pin <= 4.18.2 - Missing Authorization LOW *-4.18.2 June 30, 2026
wp-notes-widget wp-notes-widget N/A WP Notes Widget <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 June 30, 2026
wp-jobhunt wp-jobhunt N/A WP JobHunt <= 7.1 - Unauthenticated Insecure Direct Object Reference LOW *-7.1 June 30, 2026
Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs wp-expand-tabs-free
91
 WP Tabs <= 2.2.12 - Authenticated (Administrator+) PHP Object Injection LOW *-2.2.12 2.2.13 June 30, 2026
wp-auto-spinner wp-auto-spinner N/A Wordpress Auto Spinner <= 3.25.0 - Missing Authorization LOW *-3.25.0 3.26.0 June 30, 2026
wp_ultimatetoursbuilder wp_ultimatetoursbuilder N/A WP Ultimate Tours Builder <= 1.055 - Cross-Site Request Forgery LOW *-1.055 June 30, 2026
woocommerce-pos woocommerce-pos N/A WooCommerce POS <= 1.7.8 - Missing Authorization LOW *-1.7.8 1.7.9 June 30, 2026
woocommerce-multi-currency woocommerce-multi-currency N/A CURCY <= 2.3.7 - Missing Authorization to Arbitrary Shortcode Execution LOW *-2.3.7 June 30, 2026
wishlist wishlist N/A Wishlist <= 2.1.0 - Authenticated (Subscriber+) Information Exposure LOW *-2.1.0 June 30, 2026
wishlist wishlist N/A Wishlist <= 2.1.0 - Missing Authorization LOW *-2.1.0 June 30, 2026
wise-chat wise-chat N/A Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-3.3.2 3.3.4 June 30, 2026
whmpress whmpress N/A WHMpress <= 6.2-revision-9 - Unauthenticated Local File Inclusion LOW * - 6.2-revision-9 June 30, 2026
whmpress whmpress N/A WHMpress <= 6.2-revision-9 - Authenticated (Contributor+) Local File Inclusion LOW * - 6.2-revision-9 June 30, 2026
wc-affiliate wc-affiliate N/A WC Affiliate <= 2.16 - Authenticated (Subscriber+) PHP Object Injection LOW *-2.16 2.17 June 30, 2026
valvepress-rankie valvepress-rankie N/A Rankie < 1.8.2 - Missing Authorization LOW [*, 1.8.2) 1.8.2 June 30, 2026
validar-certificados-de-cursos validar-certificados-de-cursos N/A ValidateCertify <= 1.6.4 - Cross-Site Request Forgery LOW *-1.6.4 1.6.5 June 30, 2026
universal-video-player-and-bg universal-video-player-and-bg N/A Video Player & FullScreen Video Background <= 2.4.1 - Authenticated (Administrator+) SQL Injection LOW *-2.4.1 June 30, 2026
uncanny-learndash-toolkit uncanny-learndash-toolkit N/A Uncanny Toolkit for LearnDash <= 3.7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.7.0.2 3.7.0.3 June 30, 2026
ultraaddons-elementor-lite ultraaddons-elementor-lite N/A UltraAddons Elementor Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 June 30, 2026
uber-classic uber-classic N/A UberSlider < 2.6 - Authenticated (Contributor+) SQL Injection LOW [*, 2.6) 2.6 June 30, 2026
LOW

theplus_elementor_addon

theplus_elementor_addon

Score: N/A The Plus Addons for Elementor Pro <= 6.3.6 - Missing Authorization Affected: *-6.3.6 Patched: 6.3.7 Updated: June 30, 2026
LOW

school-management

school-management

Score: N/A School Management <= 92.0.0 - Reflected Cross-Site Scripting Affected: *-92.0.0 Patched: Updated: June 30, 2026
LOW

school-management

school-management

Score: N/A School Management <= 92.0.0 - Authenticated (Subscriber+) SQL Injection Affected: *-92.0.0 Patched: Updated: June 30, 2026
LOW

inprosysmedia-likes-dislikes-post

inprosysmedia-likes-dislikes-post

Score: 89/100 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: June 30, 2026
LOW

hospital-management

hospital-management

Score: 83/100 Hospital Management System <= 47.0(20-11-2023) - Authenticated (Subscriber+) Arbitrary File Upload Affected: * - 47.0(20-11-2023) Patched: Updated: June 30, 2026
LOW

gdlr-hotel

gdlr-hotel

Score: 87/100 Goodlayers Hotel <= 3.1.4 - Unauthenticated PHP Object Injection Affected: *-3.1.4 Patched: Updated: June 30, 2026
LOW

gdlr-hotel

gdlr-hotel

Score: 87/100 Goodlayers Hotel <= 3.1.4 - Reflected Cross-Site Scripting Affected: *-3.1.4 Patched: Updated: June 30, 2026
LOW

gdlr-hostel

gdlr-hostel

Score: 87/100 Goodlayers Hostel <= 3.1.2 - Unauthenticated PHP Object Injection Affected: *-3.1.2 Patched: Updated: June 30, 2026
LOW

gdlr-hostel

gdlr-hostel

Score: 87/100 Goodlayers Hostel <= 3.1.2 - Reflected Cross-Site Scripting Affected: *-3.1.2 Patched: Updated: June 30, 2026
LOW

formularios-de-contacto-salesup

formularios-de-contacto-salesup

Score: 91/100 Formulario de contacto SalesUp! <= 1.0.14 - Reflected Cross-Site Scripting Affected: *-1.0.14 Patched: Updated: June 30, 2026
LOW

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

Score: 85/100 Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Privilege Escalation Affected: *-2.4.37 Patched: Updated: June 30, 2026
LOW

dzs-zoomsounds

dzs-zoomsounds

Score: 83/100 ZoomSounds <= 6.91 - Unauthenticated PHP Object Injection Affected: *-6.91 Patched: Updated: June 30, 2026
LOW

dzs-videogallery

dzs-videogallery

Score: 91/100 DZS Video Gallery <= 12.39 - Unauthenticated PHP Object Injection Affected: *-12.39 Patched: 12.40 Updated: June 30, 2026
LOW

church-management

church-management

Score: 86/100 WPCHURCH <= 2.7.0 - Reflected Cross-Site Scripting Affected: *-2.7.0 Patched: Updated: June 30, 2026
LOW

ymm-search

ymm-search

Score: N/A Year Make Model Search for WooCommerce <= 1.0.11 - Cross-Site Request Forgery Affected: *-1.0.11 Patched: 1.0.12 Updated: June 30, 2026
LOW

xpro-addons-beaver-builder-elementor

xpro-addons-beaver-builder-elementor

Score: N/A Xpro Addons For Beaver Builder – Lite <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026
LOW

wpadverts

wpadverts

Score: N/A WPAdverts <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026
LOW

wp-mapa-politico-spain

wp-mapa-politico-spain

Score: N/A WP Mapa Politico España <= 3.8.0 - Cross-Site Request Forgery Affected: *-3.8.0 Patched: 3.8.1 Updated: June 30, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.3.2 - Unauthenticated Insecure Direct Object Reference Affected: *-2.3.2 Patched: 2.3.3 Updated: June 30, 2026
LOW

wp-image-mask

wp-image-mask

Score: N/A WP Image Mask <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.2 Patched: 3.1.3 Updated: June 30, 2026
LOW

woocommerce-for-japan

woocommerce-for-japan

Score: N/A Japanized For WooCommerce <= 2.6.40 - Cross-Site Request Forgery Affected: *-2.6.40 Patched: 2.6.41 Updated: June 30, 2026
LOW

woo-dynamic-pricing-discounts-lite

woo-dynamic-pricing-discounts-lite

Score: N/A Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross-Site Request Forgery Affected: *-2.0.3 Patched: Updated: June 30, 2026
LOW

wish-list-for-woocommerce

wish-list-for-woocommerce

Score: N/A Wishlist for WooCommerce <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.2 Patched: 3.2.3 Updated: June 30, 2026
LOW

visualcomposer

visualcomposer

Score: N/A Visual Composer Website Builder <= 45.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-45.11.0 Patched: 45.12.0 Updated: June 30, 2026
LOW

videowhisper-live-streaming-integration

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.2.4 - Cross-Site Request Forgery Affected: *-6.2.4 Patched: 6.2.5 Updated: June 30, 2026
LOW

user-profile-meta

user-profile-meta

Score: N/A User Profile Meta Manager <= 1.02 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.02 Patched: Updated: June 30, 2026
LOW

url-rewrite-analyzer

url-rewrite-analyzer

Score: N/A Url Rewrite Analyzer <= 1.3.3 - Missing Authorization Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026
LOW

url-coupons-for-woocommerce-by-algoritmika

url-coupons-for-woocommerce-by-algoritmika

Score: N/A Coupons & Add to Cart by URL Links for WooCommerce <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.7 Patched: 1.7.8 Updated: June 30, 2026
LOW

ultimate-blocks

ultimate-blocks

Score: N/A Ultimate Blocks <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.0 Patched: 3.3.1 Updated: June 30, 2026
LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.11.2.1 - Missing Authorization Affected: *-6.11.2.1 Patched: 6.12.0 Updated: June 30, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026
LOW

simplelightbox

simplelightbox

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library Affected: *-2.14.4 Patched: Updated: June 30, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMarker <= 11.5.6 - Authenticated (Contributor+) SQL Injection Affected: *-11.5.6 Patched: 11.5.7 Updated: June 30, 2026
LOW

rootspersona

rootspersona

Score: N/A Rootspersona <= 3.7.5 - Missing Authorization Affected: *-3.7.5 Patched: Updated: June 30, 2026
LOW

rootspersona

rootspersona

Score: N/A Rootspersona <= 3.7.5 - Cross-Site Request Forgery Affected: *-3.7.5 Patched: Updated: June 30, 2026
LOW

recaptcha-for-all

recaptcha-for-all

Score: N/A reCAPTCHA for all <= 2.26 - Cross-Site Request Forgery Affected: *-2.26 Patched: 2.27 Updated: June 30, 2026
LOW

projectopia-core

projectopia-core

Score: N/A Projectopia <= 5.1.17 - Missing Authorization Affected: *-5.1.17 Patched: 5.1.18 Updated: June 30, 2026
LOW

profit-products-tables-for-woocommerce

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce <= 1.0.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6.8 Patched: 1.0.6.9 Updated: June 30, 2026
LOW

product-notes-for-woocommerce

product-notes-for-woocommerce

Score: N/A Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.0 Patched: 3.1.1 Updated: June 30, 2026
LOW

product-code-for-woocommerce

product-code-for-woocommerce

Score: N/A Product Code for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Database Update Affected: *-1.5.0 Patched: 1.5.1 Updated: June 30, 2026
LOW

ninja-gdpr-compliance

ninja-gdpr-compliance

Score: N/A GDPR CCPA Compliance Support <= 2.7.3 - Missing Authorization Affected: *-2.7.3 Patched: 2.7.4 Updated: June 30, 2026
LOW

newsletter

newsletter

Score: N/A Newsletter <= 8.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-8.8.4 Patched: 8.8.5 Updated: June 30, 2026
LOW

newsletter

newsletter

Score: N/A Newsletter <= 8.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-8.8.4 Patched: 8.8.5 Updated: June 30, 2026
LOW

majestic-support

majestic-support

Score: 93/100 Majestic Support <= 1.1.0 - Missing Authorization Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026
LOW

legal-pages

legal-pages

Score: 93/100 Legal Pages <= 1.4.5 - Missing Authorization Affected: *-1.4.5 Patched: 1.4.6 Updated: June 30, 2026
LOW

import-facebook-events

import-facebook-events

Score: 93/100 Import Social Events <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.5 Patched: 1.8.6 Updated: June 30, 2026
LOW

global-shop-discount-for-woocommerce

global-shop-discount-for-woocommerce

Score: 93/100 Sitewide Discount for WooCommerce: Apply Discount to All Products <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: June 30, 2026
LOW

getwid-megamenu

getwid-megamenu

Score: 93/100 Mega Menu Block <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.33 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.15.33 Patched: 1.15.34 Updated: June 30, 2026
LOW

falang

falang

Score: 93/100 Falang multilanguage <= 1.3.61 - Cross-Site Request Forgery Affected: *-1.3.61 Patched: 1.3.62 Updated: June 30, 2026
LOW

exclusive-addons-for-elementor

exclusive-addons-for-elementor

Score: 93/100 Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.7.9 Patched: 2.7.9.1 Updated: June 30, 2026
LOW

embed-and-integrate-etsy-shop

embed-and-integrate-etsy-shop

Score: 91/100 Embed and Integrate Etsy Shop <= 1.0.4 - Missing Authorization Affected: *-1.0.4 Patched: Updated: June 30, 2026
LOW

elementinvader-addons-for-elementor

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.5 Patched: 1.3.6 Updated: June 30, 2026
LOW

ean-for-woocommerce

ean-for-woocommerce

Score: 93/100 EAN for WooCommerce <= 5.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.4.6 Patched: 5.4.7 Updated: June 30, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 MultiVendorX <= 4.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.22 Patched: 4.2.23 Updated: June 30, 2026
LOW

custom-emails-for-woocommerce

custom-emails-for-woocommerce

Score: 93/100 Additional Custom Emails & Recipients for WooCommerce <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.1 Patched: 3.5.2 Updated: June 30, 2026
LOW

cost-of-goods-for-woocommerce

cost-of-goods-for-woocommerce

Score: 93/100 Cost of Goods for WooCommerce <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0 Patched: 3.7.1 Updated: June 30, 2026
LOW

cost-calculator-builder

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.2.74 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.74 Patched: 3.5.0 Updated: June 30, 2026
LOW

bunnycdn

bunnycdn

Score: 93/100 bunny.net <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: 2.3.1 Updated: June 30, 2026
LOW

bot-for-telegram-on-woocommerce

bot-for-telegram-on-woocommerce

Score: 91/100 Bot for Telegram on WooCommerce <= 1.2.6 - Missing Authorization Affected: *-1.2.6 Patched: 1.2.7 Updated: June 30, 2026
LOW

back-button-widget

back-button-widget

Score: 93/100 Back Button Widget <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.8 Patched: 1.7.0 Updated: June 30, 2026
LOW

awcode-toolkit

awcode-toolkit

Score: 93/100 AWcode Toolkit <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.18 Patched: 1.0.19 Updated: June 30, 2026
LOW

automatorwp

automatorwp

Score: 93/100 AutomatorWP <= 5.2.1.3 - Authenticated (Administrator+) SQL Injection Affected: *-5.2.1.3 Patched: 5.2.2 Updated: June 30, 2026
LOW

amount-left-free-shipping-woocommerce

amount-left-free-shipping-woocommerce

Score: 97/100 Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.6 Patched: 2.4.7 Updated: June 30, 2026
LOW

affiliates-manager-google-recaptcha-integration

affiliates-manager-google-recaptcha-integration

Score: 97/100 Affiliates Manager Google reCAPTCHA Integration <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026
LOW

add-to-cart-button-labels-for-woocommerce

add-to-cart-button-labels-for-woocommerce

Score: 97/100 Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026
LOW

bux-woocommerce

bux-woocommerce

Score: 91/100 Bux Woocommerce <= 1.2.3 - Missing Authorization Affected: *-1.2.3 Patched: Updated: June 30, 2026
LOW

bold-page-builder

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter Affected: *-5.3.5 Patched: 5.3.6 Updated: June 30, 2026
LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode Affected: *-10.11.1 Patched: 10.11.2 Updated: June 30, 2026
LOW

wp-members

wp-members

Score: N/A WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode Affected: *-3.5.2 Patched: 3.5.3 Updated: June 30, 2026
LOW

wpbot-pro

wpbot-pro

Score: N/A WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-13.6.2 Patched: 13.7.0 Updated: June 30, 2026
LOW

crawlomatic-multipage-scraper-post-generator

crawlomatic-multipage-scraper-post-generator

Score: 93/100 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload Affected: *-2.6.8.1 Patched: 2.6.8.2 Updated: June 30, 2026
LOW

rss-feed-post-generator-echo

rss-feed-post-generator-echo

Score: N/A Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload Affected: *-5.4.8.1 Patched: 5.4.8.2 Updated: June 30, 2026
LOW

x-addons-elementor

x-addons-elementor

Score: N/A X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.16 Patched: 1.0.17 Updated: June 30, 2026
LOW

wpeventplus

wpeventplus

Score: N/A WordPress Events Calendar Registration & Tickets <= 2.6.0 - Unauthenticated PHP Object Injection Affected: *-2.6.0 Patched: Updated: June 30, 2026
LOW

wpc-product-options

wpc-product-options

Score: N/A WPC Product Options for WooCommerce < 3.1.3 - Authenticated (Subscriber+) Local File Inclusion Affected: [*, 3.1.3) Patched: 3.1.3 Updated: June 30, 2026
LOW

wp-pinterest-automatic

wp-pinterest-automatic

Score: N/A Pinterest Automatic Pin <= 4.18.2 - Missing Authorization Affected: *-4.18.2 Patched: Updated: June 30, 2026
LOW

wp-notes-widget

wp-notes-widget

Score: N/A WP Notes Widget <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 30, 2026
LOW

wp-jobhunt

wp-jobhunt

Score: N/A WP JobHunt <= 7.1 - Unauthenticated Insecure Direct Object Reference Affected: *-7.1 Patched: Updated: June 30, 2026
LOW

wp-auto-spinner

wp-auto-spinner

Score: N/A Wordpress Auto Spinner <= 3.25.0 - Missing Authorization Affected: *-3.25.0 Patched: 3.26.0 Updated: June 30, 2026
LOW

wp_ultimatetoursbuilder

wp_ultimatetoursbuilder

Score: N/A WP Ultimate Tours Builder <= 1.055 - Cross-Site Request Forgery Affected: *-1.055 Patched: Updated: June 30, 2026
LOW

woocommerce-pos

woocommerce-pos

Score: N/A WooCommerce POS <= 1.7.8 - Missing Authorization Affected: *-1.7.8 Patched: 1.7.9 Updated: June 30, 2026
LOW

woocommerce-multi-currency

woocommerce-multi-currency

Score: N/A CURCY <= 2.3.7 - Missing Authorization to Arbitrary Shortcode Execution Affected: *-2.3.7 Patched: Updated: June 30, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 2.1.0 - Authenticated (Subscriber+) Information Exposure Affected: *-2.1.0 Patched: Updated: June 30, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: Updated: June 30, 2026
LOW

wise-chat

wise-chat

Score: N/A Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-3.3.2 Patched: 3.3.4 Updated: June 30, 2026
LOW

whmpress

whmpress

Score: N/A WHMpress <= 6.2-revision-9 - Unauthenticated Local File Inclusion Affected: * - 6.2-revision-9 Patched: Updated: June 30, 2026
LOW

whmpress

whmpress

Score: N/A WHMpress <= 6.2-revision-9 - Authenticated (Contributor+) Local File Inclusion Affected: * - 6.2-revision-9 Patched: Updated: June 30, 2026
LOW

wc-affiliate

wc-affiliate

Score: N/A WC Affiliate <= 2.16 - Authenticated (Subscriber+) PHP Object Injection Affected: *-2.16 Patched: 2.17 Updated: June 30, 2026
LOW

valvepress-rankie

valvepress-rankie

Score: N/A Rankie < 1.8.2 - Missing Authorization Affected: [*, 1.8.2) Patched: 1.8.2 Updated: June 30, 2026
LOW

validar-certificados-de-cursos

validar-certificados-de-cursos

Score: N/A ValidateCertify <= 1.6.4 - Cross-Site Request Forgery Affected: *-1.6.4 Patched: 1.6.5 Updated: June 30, 2026
LOW

universal-video-player-and-bg

universal-video-player-and-bg

Score: N/A Video Player & FullScreen Video Background <= 2.4.1 - Authenticated (Administrator+) SQL Injection Affected: *-2.4.1 Patched: Updated: June 30, 2026
LOW

uncanny-learndash-toolkit

uncanny-learndash-toolkit

Score: N/A Uncanny Toolkit for LearnDash <= 3.7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0.2 Patched: 3.7.0.3 Updated: June 30, 2026
LOW

ultraaddons-elementor-lite

ultraaddons-elementor-lite

Score: N/A UltraAddons Elementor Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: June 30, 2026
LOW

uber-classic

uber-classic

Score: N/A UberSlider < 2.6 - Authenticated (Contributor+) SQL Injection Affected: [*, 2.6) Patched: 2.6 Updated: June 30, 2026

Showing 8801 to 8900 of 36313 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 20:44 UTC.