Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
valvepress-rankie	valvepress-rankie	N/A	Rankie < 1.8.2 - Missing Authorization	LOW	[*, 1.8.2)	1.8.2	June 30, 2026
validar-certificados-de-cursos	validar-certificados-de-cursos	N/A	ValidateCertify <= 1.6.4 - Cross-Site Request Forgery	LOW	*-1.6.4	1.6.5	June 30, 2026
universal-video-player-and-bg	universal-video-player-and-bg	N/A	Video Player & FullScreen Video Background <= 2.4.1 - Authenticated (Administrator+) SQL Injection	LOW	*-2.4.1		June 30, 2026
uncanny-learndash-toolkit	uncanny-learndash-toolkit	N/A	Uncanny Toolkit for LearnDash <= 3.7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.7.0.2	3.7.0.3	June 30, 2026
ultraaddons-elementor-lite	ultraaddons-elementor-lite	N/A	UltraAddons Elementor Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.0		June 30, 2026
uber-classic	uber-classic	N/A	UberSlider < 2.6 - Authenticated (Contributor+) SQL Injection	LOW	[*, 2.6)	2.6	June 30, 2026
ti-woocommerce-wishlist	ti-woocommerce-wishlist	N/A	TI WooCommerce Wishlist <= 2.9.2 - Unauthenticated Arbitrary File Upload	LOW	*-2.9.2	2.10.0	June 30, 2026
tainacan	tainacan	N/A	Tainacan <= 0.21.14 - Unauthenticated Arbitrary File Deletion	LOW	*-0.21.14	0.21.15	June 30, 2026
staggs	staggs	N/A	STAGGS <= 2.11.0 - Unauthenticated Arbitrary File Upload	LOW	*-2.11.0	2.12.0	June 30, 2026
spotlight-social-photo-feeds-premium	spotlight-social-photo-feeds-premium	N/A	Spotlight - Social Media Feeds (Premium) <= 1.7.1 - Unauthenticated Information Exposure	LOW	*-1.7.1	1.7.2	June 30, 2026
shorten-url	shorten-url	N/A	Short URL <= 1.6.8 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.6.8		June 30, 2026
shayanweb-admin-fontchanger	shayanweb-admin-fontchanger	N/A	ShayanWeb Admin FontChanger <= 1.9.1 - Cross-Site Request Forgery	LOW	*-1.9.1	1.10	June 30, 2026
sharespine-woocommerce-connector	sharespine-woocommerce-connector	N/A	Sharespine Woocommerce Connector <= 4.7.55 - Missing Authorization	LOW	*-4.7.55	4.8.56	June 30, 2026
salon-booking-plugin-pro-cc	salon-booking-plugin-pro-cc	N/A	Salon Booking Pro <= 10.10.2 - Missing Authorization	LOW	*-10.10.2		June 30, 2026
rs-wp-books-showcase	rs-wp-books-showcase	N/A	RS WP Book Showcase <= 6.7.41 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-6.7.41		June 30, 2026
quickcal	quickcal	N/A	QuickCal <= 1.0.15 - Cross-Site Request Forgery to Privilege Escalation	LOW	*-1.0.15	1.0.16	June 30, 2026
quickcal	quickcal	N/A	QuickCal <= 1.0.15 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-1.0.15	1.0.16	June 30, 2026
qc-simple-link-directory	qc-simple-link-directory	N/A	Simple Link Directory Pro < 14.8.1 - Missing Authorization	LOW	[*, 14.8.1)	14.8.1	June 30, 2026
push-notification-mobile-and-web-app	push-notification-mobile-and-web-app	N/A	Push notification for Mobile and Web app <= 2.0.3 - Missing Authorization	LOW	*-2.0.3	2.0.4	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.5.1 - Missing Authorization	LOW	*-5.9.5.1	5.9.5.2	June 30, 2026
printcart-integration	printcart-integration	N/A	Printcart Web to Print Product Designer for WooCommerce <= 2.3.9 - Unauthenticated Arbitrary File Upload	LOW	*-2.3.9	2.4.0	June 30, 2026
printcart-integration	printcart-integration	N/A	Printcart Web to Print Product Designer for WooCommerce <= 2.4.0 - Unauthenticated SQL Injection	LOW	*-2.4.0	2.4.1	June 30, 2026
pixel-formbuilder	pixel-formbuilder	N/A	Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3	1.0.4	June 30, 2026
pdf-viewer-for-wordpress	pdf-viewer-for-wordpress	N/A	TNC FlipBook <= 12.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-12.1.0	12.3.2	June 30, 2026
ninja-tables-pro	ninja-tables-pro	N/A	Ninja Tables Pro <= 5.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.0.17	5.0.18	June 30, 2026
nasa-core	nasa-core	91	Nasa Core < 6.4.4 - Authenticated (Contributor+) Local File Inclusion	LOW	[*, 6.4.4)	6.4.4	June 30, 2026
multimedia-carousel	multimedia-carousel	93	Multimedia Responsive Carousel with Image Video Audio Support <= 2.6.0 - Authenticated (Contributor+) SQL Injection	LOW	*-2.6.0	2.6.1	June 30, 2026
mapsvg-lite-interactive-vector-maps	mapsvg-lite-interactive-vector-maps	93	MapSVG Lite <= 8.6.9 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-8.6.9	8.6.10	June 30, 2026
mapsvg	mapsvg	91	MapSVG <= 8.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-8.5.31	8.6.11	June 30, 2026
mapsvg	mapsvg	91	MapSVG < 8.6.13 - Missing Authorization	LOW	[*, 8.6.13)	8.6.13	June 30, 2026
mapsvg	mapsvg	91	MapSVG <= 8.5.34 - Unauthenticated Arbitrary Shortcode Execution	LOW	*-8.5.34	8.6.11	June 30, 2026
magic-carousel	magic-carousel	93	Magic Responsive Slider and Carousel WordPress <= 1.6 - Authenticated (Contributor+) SQL Injection	LOW	[*, 1.6)	1.6	June 30, 2026
lupsonline-link-netwerk	lupsonline-link-netwerk	93	SEO Flow by LupsOnline <= 2.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.2.1	3.0.0	June 30, 2026
lbg-audio8-html5-radio_ads	lbg-audio8-html5-radio_ads	89	SHOUT <= 3.5.3 - Authenticated (Contributor+) SQL Injection	LOW	*-3.5.3		June 30, 2026
lbg-audio7_html5_full_width_sticky_pro	lbg-audio7_html5_full_width_sticky_pro	91	Apollo <= 3.6.3 - Authenticated (Contributor+) SQL Injection	LOW	*-3.6.3		June 30, 2026
lbg-audio5-html5-shoutcast_sticky	lbg-audio5-html5-shoutcast_sticky	89	Sticky Radio Player <= 3.4 - Authenticated (Contributor+) SQL Injection	LOW	*-3.4		June 30, 2026
lbg-audio3-html5	lbg-audio3-html5	91	Sticky HTML5 Music Player <= 3.1.6 - Authenticated (Contributor+) SQL Injection	LOW	*-3.1.6		June 30, 2026
lbg-audio2-html5	lbg-audio2-html5	91	Responsive HTML5 Audio Player PRO With Playlist <= 3.5.7 - Authenticated (Contributor+) SQL Injection	LOW	*-3.5.7		June 30, 2026
lbg-audio1-html5	lbg-audio1-html5	91	Chameleon HTML5 Audio Player With/Without Playlist <= 3.5.6 - Authenticated (Contributor+) SQL Injection	LOW	*-3.5.6		June 30, 2026
jupiterx-core	jupiterx-core	93	Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG	LOW	*-4.8.12	4.9.1	June 30, 2026
interview	interview	91	Interview <= 1.01 - Authenticated (Contributor+) SQL Injection	LOW	*-1.01		June 30, 2026
import-export-for-woocommerce	import-export-for-woocommerce	87	Import Export For WooCommerce <= 1.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.6.2		June 30, 2026
gym-management	gym-management	83	WPGYM < 67.8.0 - Unauthenticated SQL Injection	LOW	[*, 67.8.0)	67.8.0	June 30, 2026
fat-services-booking	fat-services-booking	86	FAT Services Booking <= 5.5 - Authenticated (Contributor+) Local File Inclusion	LOW	*-5.5		June 30, 2026
facturante	facturante	93	Facturante <= 1.11 - Unauthenticated SQL Injection	LOW	*-1.11	1.13	June 30, 2026
eventon-lite	eventon-lite	93	EventON <= 2.4.4 - Missing Authorization	LOW	*-2.4.4	2.4.5	June 30, 2026
eventon	eventon	86	EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-4.9.6	4.9.7	June 30, 2026
eventon	eventon	86	EventON (Pro) <= 4.9.9 - Missing Authorization	LOW	*-4.9.9		June 30, 2026
eventer	eventer	89	Eventer <= 3.9.6 - Unauthenticated SQL Injection	LOW	*-3.9.6		June 30, 2026
eventer	eventer	89	Eventer <= 3.9.6 - Missing Authorization	LOW	*-3.9.6		June 30, 2026
estatik-mortgage-calculator	estatik-mortgage-calculator	86	Mortgage Calculator Estatik <= 2.0.12 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.0.12		June 30, 2026
dot-htmlphpxml-etc-pages	dot-htmlphpxml-etc-pages	89	Dot html,php,xml etc pages <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
dokan-pro	dokan-pro	91	Dokan Pro <= 3.14.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.14.5		June 30, 2026
dc-woocommerce-multi-vendor	dc-woocommerce-multi-vendor	93	MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion	LOW	*-4.2.22	4.2.23	June 30, 2026
css3_web_pricing_tables_grids	css3_web_pricing_tables_grids	93	CSS3 Compare Pricing Tables for WordPress <= 11.6 - Missing Authorization	LOW	*-11.6	11.7	June 30, 2026
css3_tooltips	css3_tooltips	93	CSS3 Tooltips for WordPress <= 1.8 - Missing Authorization	LOW	*-1.8	1.9	June 30, 2026
css3_accordions	css3_accordions	93	CSS3 Accordions for WordPress <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-3.0	3.1	June 30, 2026
css3_accordions	css3_accordions	93	CSS3 Accordions for WordPress <= 3.0 - Missing Authorization	LOW	*-3.0	3.1	June 30, 2026
circular_countdown	circular_countdown	91	CountDown Pro WP Plugin <= 2.7 - Authenticated (Contributor+) SQL Injection	LOW	*-2.7		June 30, 2026
church-management	church-management	86	WPCHURCH <= 2.7.0 - Unauthenticated Local File Inclusion	LOW	*-2.7.0		June 30, 2026
broadstreet	broadstreet	93	Broadstreet <= 1.51.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.51.2	1.51.3	June 30, 2026
bertha-ai-free	bertha-ai-free	89	BERTHA AI <= 1.12.11 - Missing Authorization	LOW	*-1.12.11		June 30, 2026
bdthemes-element-pack	bdthemes-element-pack	93	Element Pack Pro <= 7.21.0 - Cross-Site Request Forgery	LOW	*-7.21.0	8.0.0	June 30, 2026
bdthemes-element-pack	bdthemes-element-pack	93	Element Pack Pro <= 7.21.0 - Missing Authorization	LOW	*-7.21.0	8.0.0	June 30, 2026
audio4-html5	audio4-html5	93	Radio Player Shoutcast & Icecast WordPress Plugin <= 4.4.6 - Authenticated (Contributor+) SQL Injection	LOW	*-4.4.6	4.4.7	June 30, 2026
audio-comments	audio-comments	91	Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.4		June 30, 2026
arconix-shortcodes	arconix-shortcodes	95	Arconix Shortcodes <= 2.1.16 - Reflected Cross-Site Scripting	LOW	*-2.1.16	2.1.17	June 30, 2026
aptivada-for-wp	aptivada-for-wp	95	Aptivada for WP <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.0		June 30, 2026
ap-plugin-scripteo	ap-plugin-scripteo	85	Ads Pro Plugin <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.0		June 30, 2026
alt-monitoring	alt-monitoring	95	AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.0.3		June 30, 2026
6storage-rentals	6storage-rentals	92	6Storage Rentals <= 2.19.4 - Missing Authorization	LOW	*-2.19.4		June 30, 2026
wp2leads	wp2leads	N/A	WP2LEADS <= 3.5.0 - Cross-Site Request Forgery	LOW	*-3.5.0	3.5.1	June 30, 2026
tours	tours	N/A	Tours <= 1.0.0 - Missing Authorization	LOW	*-1.0.0	1.0.1	June 30, 2026
ti-woocommerce-wishlist	ti-woocommerce-wishlist	N/A	TI WooCommerce Wishlist <= 2.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.10.0	2.11.0	June 30, 2026
salon-booking-system	salon-booking-system	N/A	Salon booking system <= 10.16 - Cross-Site Request Forgery to Arbitrary Post/Page Deletion	LOW	*-10.16	10.17	June 30, 2026
posts-per-cat	posts-per-cat	N/A	Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.2	1.5.0	June 30, 2026
front-end-only-users	front-end-only-users	89	Front End Users <= 3.2.32 - Missing Authorization to Information Exposure	LOW	*-3.2.32		June 30, 2026
experto-cta-widget	experto-cta-widget	93	Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Missing Authorization to Unauthenticated Settings Update	LOW	*-1.1.1	1.2.1	June 30, 2026
drag-and-drop-file-upload-for-elementor-forms	drag-and-drop-file-upload-for-elementor-forms	93	Drag and Drop File Upload for Elementor Forms <= 1.4.3 - Unauthenticated Arbitrary File Deletion	LOW	*-1.4.3	1.5.0	June 30, 2026
weluka-lite	weluka-lite	N/A	Weluka Lite <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.3		June 30, 2026
eg-series	eg-series	91	EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.1.1		June 30, 2026
bon-toolkit	bon-toolkit	91	Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.2		June 30, 2026
baiduseo	baiduseo	93	百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload	LOW	*-2.0.6	2.0.7	June 30, 2026
wp-content-security-policy	wp-content-security-policy	N/A	WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields	LOW	*-2.3		June 30, 2026
wpbot-pro	wpbot-pro	N/A	WPBot Pro Wordpress Chatbot <= 12.7.0 - Unauthenticated PHP Object Injection	LOW	*-12.7.0		June 30, 2026
wp-ticketbai	wp-ticketbai	N/A	TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion	LOW	*-3.18	3.19	June 30, 2026
uipress-lite	uipress-lite	N/A	UiPress lite \| Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution	LOW	*-3.5.07	3.5.08	June 30, 2026
file-provider	file-provider	89	File Provider <= 1.2.3 - Cross-Site Request Forgery to Item Deletion	LOW	*-1.2.3		June 30, 2026
file-provider	file-provider	89	File Provider <= 1.2.3 - Unauthenticated SQL Injection	LOW	*-1.2.3		June 30, 2026
file-manager-advanced-shortcode	file-manager-advanced-shortcode	93	File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode	LOW	*-2.5.4	2.6.0	June 30, 2026
advanced-file-manager-pro-premium	advanced-file-manager-pro-premium	97	File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode	LOW	*-2.5.6	2.6.0	June 30, 2026
uncanny-automator	uncanny-automator	N/A	Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function	LOW	*-6.4.0.1	6.4.0.2	June 30, 2026
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider	post-slider-and-carousel	N/A	Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider <= 3.2.9 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.2.9	3.2.10	June 30, 2026
peepso-files	peepso-files	N/A	PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download	LOW	*-6.4.6.0	6.4.6.1	June 30, 2026
ninja-forms-webhooks	ninja-forms-webhooks	N/A	Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook	LOW	*-3.0.7	3.0.8	June 30, 2026
newsletter	newsletter	N/A	Newsletter <= 8.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-8.8.1	8.8.2	June 30, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference	LOW	*-5.1.92	5.1.93	June 30, 2026
grandconference-custom-post	grandconference-custom-post	93	Grand Conference Theme Custom Post Type < 2.6.4 - Reflected Cross-Site Scripting	LOW	[*, 2.6.4)	2.6.4	June 30, 2026
fancybox-for-wordpress	fancybox-for-wordpress	93	FancyBox for WordPress <= 3.3.5 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.3.5	3.3.6	June 30, 2026
custom-404-pro	custom-404-pro	91	Custom 404 Pro <= 3.12.0 - Cross-Site Request Forgery	LOW	*-3.12.0	3.12.1	June 30, 2026

LOW

valvepress-rankie

Score: N/A Rankie < 1.8.2 - Missing Authorization Affected: [*, 1.8.2) Patched: 1.8.2 Updated: June 30, 2026

LOW

validar-certificados-de-cursos

Score: N/A ValidateCertify <= 1.6.4 - Cross-Site Request Forgery Affected: *-1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

universal-video-player-and-bg

Score: N/A Video Player & FullScreen Video Background <= 2.4.1 - Authenticated (Administrator+) SQL Injection Affected: *-2.4.1 Patched: Updated: June 30, 2026

LOW

uncanny-learndash-toolkit

Score: N/A Uncanny Toolkit for LearnDash <= 3.7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0.2 Patched: 3.7.0.3 Updated: June 30, 2026

LOW

ultraaddons-elementor-lite

Score: N/A UltraAddons Elementor Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

uber-classic

Score: N/A UberSlider < 2.6 - Authenticated (Contributor+) SQL Injection Affected: [*, 2.6) Patched: 2.6 Updated: June 30, 2026

LOW

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist <= 2.9.2 - Unauthenticated Arbitrary File Upload Affected: *-2.9.2 Patched: 2.10.0 Updated: June 30, 2026

LOW

tainacan

Score: N/A Tainacan <= 0.21.14 - Unauthenticated Arbitrary File Deletion Affected: *-0.21.14 Patched: 0.21.15 Updated: June 30, 2026

LOW

staggs

Score: N/A STAGGS <= 2.11.0 - Unauthenticated Arbitrary File Upload Affected: *-2.11.0 Patched: 2.12.0 Updated: June 30, 2026

LOW

spotlight-social-photo-feeds-premium

Score: N/A Spotlight - Social Media Feeds (Premium) <= 1.7.1 - Unauthenticated Information Exposure Affected: *-1.7.1 Patched: 1.7.2 Updated: June 30, 2026

LOW

shorten-url

Score: N/A Short URL <= 1.6.8 - Authenticated (Subscriber+) SQL Injection Affected: *-1.6.8 Patched: Updated: June 30, 2026

LOW

shayanweb-admin-fontchanger

Score: N/A ShayanWeb Admin FontChanger <= 1.9.1 - Cross-Site Request Forgery Affected: *-1.9.1 Patched: 1.10 Updated: June 30, 2026

LOW

sharespine-woocommerce-connector

Score: N/A Sharespine Woocommerce Connector <= 4.7.55 - Missing Authorization Affected: *-4.7.55 Patched: 4.8.56 Updated: June 30, 2026

LOW

salon-booking-plugin-pro-cc

Score: N/A Salon Booking Pro <= 10.10.2 - Missing Authorization Affected: *-10.10.2 Patched: Updated: June 30, 2026

LOW

rs-wp-books-showcase

Score: N/A RS WP Book Showcase <= 6.7.41 - Unauthenticated Arbitrary Shortcode Execution Affected: *-6.7.41 Patched: Updated: June 30, 2026

LOW

quickcal

Score: N/A QuickCal <= 1.0.15 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.0.15 Patched: 1.0.16 Updated: June 30, 2026

LOW

quickcal

Score: N/A QuickCal <= 1.0.15 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-1.0.15 Patched: 1.0.16 Updated: June 30, 2026

LOW

qc-simple-link-directory

Score: N/A Simple Link Directory Pro < 14.8.1 - Missing Authorization Affected: [*, 14.8.1) Patched: 14.8.1 Updated: June 30, 2026

LOW

push-notification-mobile-and-web-app

Score: N/A Push notification for Mobile and Web app <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: 2.0.4 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.5.1 - Missing Authorization Affected: *-5.9.5.1 Patched: 5.9.5.2 Updated: June 30, 2026

LOW

printcart-integration

Score: N/A Printcart Web to Print Product Designer for WooCommerce <= 2.3.9 - Unauthenticated Arbitrary File Upload Affected: *-2.3.9 Patched: 2.4.0 Updated: June 30, 2026

LOW

printcart-integration

Score: N/A Printcart Web to Print Product Designer for WooCommerce <= 2.4.0 - Unauthenticated SQL Injection Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

pixel-formbuilder

Score: N/A Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

pdf-viewer-for-wordpress

Score: N/A TNC FlipBook <= 12.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-12.1.0 Patched: 12.3.2 Updated: June 30, 2026

LOW

ninja-tables-pro

Score: N/A Ninja Tables Pro <= 5.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.17 Patched: 5.0.18 Updated: June 30, 2026

LOW

nasa-core

Score: 91/100 Nasa Core < 6.4.4 - Authenticated (Contributor+) Local File Inclusion Affected: [*, 6.4.4) Patched: 6.4.4 Updated: June 30, 2026

LOW

multimedia-carousel

Score: 93/100 Multimedia Responsive Carousel with Image Video Audio Support <= 2.6.0 - Authenticated (Contributor+) SQL Injection Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026

LOW

mapsvg-lite-interactive-vector-maps

Score: 93/100 MapSVG Lite <= 8.6.9 - Unauthenticated Arbitrary Shortcode Execution Affected: *-8.6.9 Patched: 8.6.10 Updated: June 30, 2026

LOW

mapsvg

Score: 91/100 MapSVG <= 8.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.5.31 Patched: 8.6.11 Updated: June 30, 2026

LOW

mapsvg

Score: 91/100 MapSVG < 8.6.13 - Missing Authorization Affected: [*, 8.6.13) Patched: 8.6.13 Updated: June 30, 2026

LOW

mapsvg

Score: 91/100 MapSVG <= 8.5.34 - Unauthenticated Arbitrary Shortcode Execution Affected: *-8.5.34 Patched: 8.6.11 Updated: June 30, 2026

LOW

magic-carousel

Score: 93/100 Magic Responsive Slider and Carousel WordPress <= 1.6 - Authenticated (Contributor+) SQL Injection Affected: [*, 1.6) Patched: 1.6 Updated: June 30, 2026

LOW

lupsonline-link-netwerk

Score: 93/100 SEO Flow by LupsOnline <= 2.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 3.0.0 Updated: June 30, 2026

LOW

lbg-audio8-html5-radio_ads

Score: 89/100 SHOUT <= 3.5.3 - Authenticated (Contributor+) SQL Injection Affected: *-3.5.3 Patched: Updated: June 30, 2026

LOW

lbg-audio7_html5_full_width_sticky_pro

Score: 91/100 Apollo <= 3.6.3 - Authenticated (Contributor+) SQL Injection Affected: *-3.6.3 Patched: Updated: June 30, 2026

LOW

lbg-audio5-html5-shoutcast_sticky

Score: 89/100 Sticky Radio Player <= 3.4 - Authenticated (Contributor+) SQL Injection Affected: *-3.4 Patched: Updated: June 30, 2026

LOW

lbg-audio3-html5

Score: 91/100 Sticky HTML5 Music Player <= 3.1.6 - Authenticated (Contributor+) SQL Injection Affected: *-3.1.6 Patched: Updated: June 30, 2026

LOW

lbg-audio2-html5

Score: 91/100 Responsive HTML5 Audio Player PRO With Playlist <= 3.5.7 - Authenticated (Contributor+) SQL Injection Affected: *-3.5.7 Patched: Updated: June 30, 2026

LOW

lbg-audio1-html5

Score: 91/100 Chameleon HTML5 Audio Player With/Without Playlist <= 3.5.6 - Authenticated (Contributor+) SQL Injection Affected: *-3.5.6 Patched: Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG Affected: *-4.8.12 Patched: 4.9.1 Updated: June 30, 2026

LOW

interview

Score: 91/100 Interview <= 1.01 - Authenticated (Contributor+) SQL Injection Affected: *-1.01 Patched: Updated: June 30, 2026

LOW

import-export-for-woocommerce

Score: 87/100 Import Export For WooCommerce <= 1.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.2 Patched: Updated: June 30, 2026

LOW

gym-management

Score: 83/100 WPGYM < 67.8.0 - Unauthenticated SQL Injection Affected: [*, 67.8.0) Patched: 67.8.0 Updated: June 30, 2026

LOW

fat-services-booking

Score: 86/100 FAT Services Booking <= 5.5 - Authenticated (Contributor+) Local File Inclusion Affected: *-5.5 Patched: Updated: June 30, 2026

LOW

facturante

Score: 93/100 Facturante <= 1.11 - Unauthenticated SQL Injection Affected: *-1.11 Patched: 1.13 Updated: June 30, 2026

LOW

eventon-lite

Score: 93/100 EventON <= 2.4.4 - Missing Authorization Affected: *-2.4.4 Patched: 2.4.5 Updated: June 30, 2026

LOW

Score: 86/100 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.9.6 Patched: 4.9.7 Updated: June 30, 2026

LOW

eventon

Score: 86/100 EventON (Pro) <= 4.9.9 - Missing Authorization Affected: *-4.9.9 Patched: Updated: June 30, 2026

LOW

eventer

Score: 89/100 Eventer <= 3.9.6 - Unauthenticated SQL Injection Affected: *-3.9.6 Patched: Updated: June 30, 2026

LOW

eventer

Score: 89/100 Eventer <= 3.9.6 - Missing Authorization Affected: *-3.9.6 Patched: Updated: June 30, 2026

LOW

estatik-mortgage-calculator

Score: 86/100 Mortgage Calculator Estatik <= 2.0.12 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.12 Patched: Updated: June 30, 2026

LOW

dot-htmlphpxml-etc-pages

Score: 89/100 Dot html,php,xml etc pages <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

dokan-pro

Score: 91/100 Dokan Pro <= 3.14.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.14.5 Patched: Updated: June 30, 2026

LOW

dc-woocommerce-multi-vendor

Score: 93/100 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion Affected: *-4.2.22 Patched: 4.2.23 Updated: June 30, 2026

LOW

css3_web_pricing_tables_grids

Score: 93/100 CSS3 Compare Pricing Tables for WordPress <= 11.6 - Missing Authorization Affected: *-11.6 Patched: 11.7 Updated: June 30, 2026

LOW

css3_tooltips

Score: 93/100 CSS3 Tooltips for WordPress <= 1.8 - Missing Authorization Affected: *-1.8 Patched: 1.9 Updated: June 30, 2026

LOW

css3_accordions

Score: 93/100 CSS3 Accordions for WordPress <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

css3_accordions

Score: 93/100 CSS3 Accordions for WordPress <= 3.0 - Missing Authorization Affected: *-3.0 Patched: 3.1 Updated: June 30, 2026

LOW

circular_countdown

Score: 91/100 CountDown Pro WP Plugin <= 2.7 - Authenticated (Contributor+) SQL Injection Affected: *-2.7 Patched: Updated: June 30, 2026

LOW

church-management

Score: 86/100 WPCHURCH <= 2.7.0 - Unauthenticated Local File Inclusion Affected: *-2.7.0 Patched: Updated: June 30, 2026

LOW

broadstreet

Score: 93/100 Broadstreet <= 1.51.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.51.2 Patched: 1.51.3 Updated: June 30, 2026

LOW

bertha-ai-free

Score: 89/100 BERTHA AI <= 1.12.11 - Missing Authorization Affected: *-1.12.11 Patched: Updated: June 30, 2026

LOW

bdthemes-element-pack

Score: 93/100 Element Pack Pro <= 7.21.0 - Cross-Site Request Forgery Affected: *-7.21.0 Patched: 8.0.0 Updated: June 30, 2026

LOW

bdthemes-element-pack

Score: 93/100 Element Pack Pro <= 7.21.0 - Missing Authorization Affected: *-7.21.0 Patched: 8.0.0 Updated: June 30, 2026

LOW

audio4-html5

Score: 93/100 Radio Player Shoutcast & Icecast WordPress Plugin <= 4.4.6 - Authenticated (Contributor+) SQL Injection Affected: *-4.4.6 Patched: 4.4.7 Updated: June 30, 2026

LOW

audio-comments

Score: 91/100 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.16 - Reflected Cross-Site Scripting Affected: *-2.1.16 Patched: 2.1.17 Updated: June 30, 2026

LOW

aptivada-for-wp

Score: 95/100 Aptivada for WP <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0 Patched: Updated: June 30, 2026

LOW

alt-monitoring

Score: 95/100 AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

6storage-rentals

Score: 92/100 6Storage Rentals <= 2.19.4 - Missing Authorization Affected: *-2.19.4 Patched: Updated: June 30, 2026

LOW

wp2leads

Score: N/A WP2LEADS <= 3.5.0 - Cross-Site Request Forgery Affected: *-3.5.0 Patched: 3.5.1 Updated: June 30, 2026

LOW

tours

Score: N/A Tours <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist <= 2.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.10.0 Patched: 2.11.0 Updated: June 30, 2026

LOW

salon-booking-system

Score: N/A Salon booking system <= 10.16 - Cross-Site Request Forgery to Arbitrary Post/Page Deletion Affected: *-10.16 Patched: 10.17 Updated: June 30, 2026

LOW

posts-per-cat

Score: N/A Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.5.0 Updated: June 30, 2026

LOW

front-end-only-users

Score: 89/100 Front End Users <= 3.2.32 - Missing Authorization to Information Exposure Affected: *-3.2.32 Patched: Updated: June 30, 2026

LOW

experto-cta-widget

Score: 93/100 Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.1 Patched: 1.2.1 Updated: June 30, 2026

LOW

drag-and-drop-file-upload-for-elementor-forms

Score: 93/100 Drag and Drop File Upload for Elementor Forms <= 1.4.3 - Unauthenticated Arbitrary File Deletion Affected: *-1.4.3 Patched: 1.5.0 Updated: June 30, 2026

LOW

weluka-lite

Score: N/A Weluka Lite <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

eg-series

Score: 91/100 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.1 Patched: Updated: June 30, 2026

LOW

bon-toolkit

Score: 91/100 Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: June 30, 2026

LOW

baiduseo

Score: 93/100 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload Affected: *-2.0.6 Patched: 2.0.7 Updated: June 30, 2026

LOW

wp-content-security-policy

Score: N/A WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

wpbot-pro

Score: N/A WPBot Pro Wordpress Chatbot <= 12.7.0 - Unauthenticated PHP Object Injection Affected: *-12.7.0 Patched: Updated: June 30, 2026

LOW

wp-ticketbai

Score: N/A TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion Affected: *-3.18 Patched: 3.19 Updated: June 30, 2026

LOW

uipress-lite

Score: N/A UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution Affected: *-3.5.07 Patched: 3.5.08 Updated: June 30, 2026

LOW

file-provider

Score: 89/100 File Provider <= 1.2.3 - Cross-Site Request Forgery to Item Deletion Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

file-provider

Score: 89/100 File Provider <= 1.2.3 - Unauthenticated SQL Injection Affected: *-1.2.3 Patched: Updated: June 30, 2026

LOW

file-manager-advanced-shortcode

Score: 93/100 File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode Affected: *-2.5.4 Patched: 2.6.0 Updated: June 30, 2026

LOW

advanced-file-manager-pro-premium

Score: 97/100 File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode Affected: *-2.5.6 Patched: 2.6.0 Updated: June 30, 2026

LOW

uncanny-automator

Score: N/A Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function Affected: *-6.4.0.1 Patched: 6.4.0.2 Updated: June 30, 2026

LOW

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

post-slider-and-carousel

Score: N/A Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider <= 3.2.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.9 Patched: 3.2.10 Updated: June 30, 2026

LOW

peepso-files

Score: N/A PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download Affected: *-6.4.6.0 Patched: 6.4.6.1 Updated: June 30, 2026

LOW

ninja-forms-webhooks

Score: N/A Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook Affected: *-3.0.7 Patched: 3.0.8 Updated: June 30, 2026

LOW

newsletter

Score: N/A Newsletter <= 8.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-8.8.1 Patched: 8.8.2 Updated: June 30, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference Affected: *-5.1.92 Patched: 5.1.93 Updated: June 30, 2026

LOW

grandconference-custom-post

Score: 93/100 Grand Conference Theme Custom Post Type < 2.6.4 - Reflected Cross-Site Scripting Affected: [*, 2.6.4) Patched: 2.6.4 Updated: June 30, 2026

LOW

fancybox-for-wordpress

Score: 93/100 FancyBox for WordPress <= 3.3.5 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.3.5 Patched: 3.3.6 Updated: June 30, 2026

LOW

custom-404-pro

Score: 91/100 Custom 404 Pro <= 3.12.0 - Cross-Site Request Forgery Affected: *-3.12.0 Patched: 3.12.1 Updated: June 30, 2026

Showing 8901 to 9000 of 36319 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 22:03 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List