Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
frontend-dashboard	frontend-dashboard	93	Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function	LOW	1.0-2.2.7	2.2.8	June 30, 2026
frontend-dashboard	frontend-dashboard	93	Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function	LOW	1.5.10-2.2.7	2.2.8	June 30, 2026
newsletters-lite	newsletters-lite	N/A	Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter	LOW	*-4.9.9.8	4.9.9.9	June 30, 2026
relevanssi-premium	relevanssi-premium	N/A	Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection	LOW	*-2.27.5	2.27.6	June 30, 2026
relevanssi	relevanssi	N/A	Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection	LOW	*-4.24.4	4.24.5	June 30, 2026
wpfunnels	wpfunnels	N/A	WPFunnels <= 3.5.18 - Unauthenticated PHP Object Injection	LOW	*-3.5.18	3.5.19	June 30, 2026
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance	wp-optimize	76	WP-Optimize <= 4.1.1 - Authenticated (Admin+) SQL Injection	LOW	*-4.1.1	4.2.0	June 30, 2026
subaccounts-for-woocommerce	subaccounts-for-woocommerce	N/A	Subaccounts for WooCommerce <= 1.6.6 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	LOW	*-1.6.6	1.6.7	June 30, 2026
real-cookie-banner-pro	real-cookie-banner-pro	N/A	Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-5.1.5	5.1.6	June 30, 2026
real-cookie-banner	real-cookie-banner	N/A	Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-5.1.5	5.1.6	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.5.0 - Authenticated (Subscriber+) SQL Injection	LOW	*-5.9.5.0	5.9.5.1	June 30, 2026
opal-woo-custom-product-variation	opal-woo-custom-product-variation	N/A	Opal Woo Custom Product Variation <= 1.2.0 - Unauthenticated Arbitrary File Deletion	LOW	*-1.2.0	1.2.1	June 30, 2026
bns-twitter-follow-button	bns-twitter-follow-button	91	BNS Twitter Follow Button <= 0.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.3.8		June 30, 2026
b2i-investor-tools	b2i-investor-tools	93	B2i Investor Tools <= 1.0.7.9 - Reflected Cross-Site Scripting	LOW	*-1.0.7.9	1.0.8	June 30, 2026
premmerce-user-roles	premmerce-user-roles	N/A	Premmerce User Roles <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.13	1.0.14	June 30, 2026
premmerce-search	premmerce-search	N/A	Premmerce Product Search for WooCommerce <= 2.2.4 - Cross-Site Request Forgery	LOW	*-2.2.4	2.2.5	June 30, 2026
premmerce-search	premmerce-search	N/A	Premmerce Product Search for WooCommerce <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.4		June 30, 2026
premmerce	premmerce	N/A	Premmerce <= 1.3.19 - Cross-Site Request Forgery	LOW	*-1.3.19	1.3.20	June 30, 2026
sms-alert	sms-alert	N/A	SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode	LOW	*-3.8.1	3.8.2	June 30, 2026
sms-alert	sms-alert	N/A	SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function	LOW	*-3.8.1	3.8.2	June 30, 2026
jeg-elementor-kit	jeg-elementor-kit	93	Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets	LOW	*-2.6.12	2.6.13	June 30, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	wpforms-lite	70	WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter	LOW	*-1.9.5	1.9.5.1	June 30, 2026
wp-review	wp-review	N/A	WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields	LOW	*-5.3.5		June 30, 2026
wp-leads-builder-any-crm	wp-leads-builder-any-crm	N/A	Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	LOW	*-3.1	3.2	June 30, 2026
uncanny-automator	uncanny-automator	N/A	Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update	LOW	*-6.4.0.2	6.5.0	June 30, 2026
storekeeper-for-woocommerce	storekeeper-for-woocommerce	N/A	StoreKeeper for WooCommerce <= 14.4.4 - Unauthenticated Arbitrary File Upload	LOW	*-14.4.4	14.4.5	June 30, 2026
gearside-developer-dashboard	gearside-developer-dashboard	91	Gearside Developer Dashboard <= 1.0.72 - Reflected Cross-Site Scripting	LOW	*-1.0.72		June 30, 2026
funnelcockpit	funnelcockpit	93	FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting	LOW	*-1.4.3	1.4.4	June 30, 2026
belingogeo	belingogeo	93	belingoGeo <= 1.12.0 - Unauthenticated Arbitrary File Download	LOW	*-1.12.0	1.12.1	June 30, 2026
ajar-productions-in5-embed	ajar-productions-in5-embed	95	Ajar in5 Embed <= 3.1.5 - Unauthenticated Arbitrary File Upload	LOW	*-3.1.5		June 30, 2026
drag-and-drop-multiple-file-upload-for-woocommerce	drag-and-drop-multiple-file-upload-for-woocommerce	93	Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function	LOW	*-1.1.6	1.1.7	June 30, 2026
1-click-migration	1-click-migration	95	1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-2.2	2.3	June 30, 2026
imithemes-listing	imithemes-listing	93	IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset	LOW	*-3.3	3.4	June 30, 2026
xili-tidy-tags	xili-tidy-tags	N/A	xili-tidy-tags <= 1.12.06 - Reflected Cross-Site Scripting	LOW	*-1.12.06		June 30, 2026
wpbookit	wpbookit	N/A	WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover	LOW	*-1.0.2	1.0.3	June 30, 2026
wpbookit	wpbookit	N/A	WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update	LOW	*-1.0.2	1.0.3	June 30, 2026
wp-job-portal	wp-job-portal	N/A	WP Job Portal <= 2.3.1 - Unauthenticated Local File Inclusion	LOW	*-2.3.1	2.3.2	June 30, 2026
sms-alert	sms-alert	N/A	SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Unauthenticated SQL Injection	LOW	*-3.8.1	3.8.2	June 30, 2026
psw-login-and-registration	psw-login-and-registration	N/A	PSW Front-end Login & Registration <= 1.12 - Authentication Bypass	LOW	*-1.12		June 30, 2026
groundhogg	groundhogg	93	WordPress CRM, Email & Marketing Automation for WordPress \| Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion	LOW	*-4.1.1.2	4.1.2	June 30, 2026
frontend-login-and-registration-blocks	frontend-login-and-registration-blocks	93	Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover	LOW	*-1.1.1	1.2.0	June 30, 2026
eucookielaw	eucookielaw	93	EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read	LOW	*-2.7.2	2.7.3	June 30, 2026
envolve-plugin	envolve-plugin	93	Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file	LOW	*-1.0	1.1.0	June 30, 2026
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system	79	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-3.2.9	3.3.0	June 30, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode	coming-soon	68	Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-6.18.15	6.18.16	June 30, 2026
bmi-adultkid-calculator	bmi-adultkid-calculator	89	BMI Adult & Kid Calculator <= 1.2.2 - Reflected Cross-Site Scripting	LOW	*-1.2.2		June 30, 2026
contest-gallery	contest-gallery	93	Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter	LOW	*-26.0.6	26.0.7	June 30, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function	LOW	*-8.9.1	8.9.2	June 30, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting	LOW	*-8.9.1	8.9.2	June 30, 2026
wp-seo-structured-data-schema	wp-seo-structured-data-schema	N/A	WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-2.7.11	2.8.0	June 30, 2026
wp-event-solution	wp-event-solution	N/A	Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read	LOW	*-4.0.26	4.0.27	June 30, 2026
yaysmtp	yaysmtp	N/A	YaySMTP <= 2.6.4 - Authenticated (Administrator+) SQL Injection	LOW	*-2.6.4	2.6.5	June 30, 2026
xt-facebook-events	xt-facebook-events	N/A	XT Event Widget for Social Events <= 1.1.7 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.1.7	1.1.8	June 30, 2026
wpspeed	wpspeed	N/A	WPSpeed <= 2.6.5 - Cross-Site Request Forgery	LOW	*-2.6.5	2.6.6	June 30, 2026
wpadverts	wpadverts	N/A	WPAdverts <= 2.2.2 - Authenticated (Contributor+) Local File Inclusion	LOW	*-2.2.2	2.2.3	June 30, 2026
wp-webinarsystem	wp-webinarsystem	N/A	WebinarPress <= 1.33.27 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-1.33.27		June 30, 2026
wp-recall	wp-recall	N/A	WP-Recall <= 16.26.14 - Authenticated (Contributor+) Local File Inclusion	LOW	*-16.26.14		June 30, 2026
wp-podcasts-manager	wp-podcasts-manager	N/A	WP Podcasts Manager <= 1.3 - Cross-Site Request Forgery	LOW	*-1.3	1.4	June 30, 2026
wp-pipes	wp-pipes	N/A	WP Pipes <= 1.4.3 - Authenticated (Administrator+) Server-Side Request Forgery	LOW	*-1.4.3		June 30, 2026
wp-maintenance	wp-maintenance	N/A	WP Maintenance <= 6.1.9.7 - Authenticated (Administrator+) PHP Object Injection	LOW	*-6.1.9.7	6.1.9.8	June 30, 2026
wp-jquery-datatable	wp-jquery-datatable	N/A	WP jQuery DataTable <= 4.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.1.0		June 30, 2026
WP Hotel Booking	wp-hotel-booking	N/A	WP Hotel Booking <= 2.1.9 - Cross-Site Request Forgery	LOW	*-2.1.9	2.2.0	June 30, 2026
wp-fundraising-donation	wp-fundraising-donation	N/A	WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross-Site Request Forgery	LOW	*-1.7.3	1.7.4	June 30, 2026
wp-event-solution	wp-event-solution	N/A	Eventin <= 4.0.26 - Missing Authorization to Unauthenticated Privilege Escalation	LOW	*-4.0.26	4.0.27	June 30, 2026
wp-ecommerce-paypal	wp-ecommerce-paypal	N/A	Easy PayPal Buy Now Button <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0	2.0.1	June 30, 2026
wp-dpe-ges	wp-dpe-ges	N/A	WP DPE-GES <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6	1.7	June 30, 2026
wp-discord-invite	wp-discord-invite	N/A	WP Discord Invite <= 2.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.5.3	2.6.0	June 30, 2026
wp-crm-system	wp-crm-system	N/A	WP-CRM System <= 3.4.5 - Authenticated (Administrator+) PHP Object Injection	LOW	*-3.4.5	3.4.6	June 30, 2026
WP Compress – Instant Performance & Speed Optimization	wp-compress-image-optimizer	61	WP Compress <= 6.30.30 - Cross-Site Request Forgery	LOW	*-6.30.30	6.30.31	June 30, 2026
woobox	woobox	N/A	Woobox <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6	1.7	June 30, 2026
woobox	woobox	N/A	Woobox <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.6	1.7	June 30, 2026
woo-salesforce-plugin-crm-perks	woo-salesforce-plugin-crm-perks	N/A	Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirect	LOW	*-1.7.5	1.7.6	June 30, 2026
woc-open-close	woc-open-close	N/A	Open Close WooCommerce Store <= 4.9.5 - Authenticated (Contributor+) Local File Inclusion	LOW	*-4.9.5		June 30, 2026
wiki-embed	wiki-embed	N/A	Wiki Embed <= 1.4.6 - Cross-Site Request Forgery	LOW	*-1.4.6	1.4.7	June 30, 2026
widget-for-eventbrite-api	widget-for-eventbrite-api	N/A	Display Eventbrite Events <= 6.2.6 - Authenticated (Contributor+) Local File Inclusion	LOW	*-6.2.6	6.3	June 30, 2026
widget-countdown	widget-countdown	N/A	Widget Countdown <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.7.4	2.7.5	June 30, 2026
wemail	wemail	N/A	weMail <= 1.14.13 - Unauthenticated Sensitive Information Exposure	LOW	*-1.14.13	1.14.14	June 30, 2026
webappick-pdf-invoice-for-woocommerce	webappick-pdf-invoice-for-woocommerce	N/A	Challan <= 3.7.58 - Cross-Site Request Forgery to Arbitrary Options Update	LOW	*-3.7.58	3.7.59	June 30, 2026
void-visual-whmcs-element	void-visual-whmcs-element	N/A	WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.4.1		June 30, 2026
user-login-history	user-login-history	N/A	User Login History <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.1.6	2.1.7	June 30, 2026
ultimate-wp-mail	ultimate-wp-mail	N/A	Ultimate WP Mail <= 1.3.4 - Cross-Site Request Forgery	LOW	*-1.3.4	1.3.5	June 30, 2026
ultimate-wp-mail	ultimate-wp-mail	N/A	Ultimate WP Mail <= 1.3.4 - Authenticated (Contributor+) SQL Injection	LOW	*-1.3.4	1.3.5	June 30, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member	N/A	Ultimate Member <= 2.10.3 - Authenticated (Administrator+) Arbitrary Function Call	LOW	*-2.10.3	2.10.4	June 30, 2026
ultimate-blocks	ultimate-blocks	N/A	Ultimate Blocks <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.2.9	3.3.0	June 30, 2026
truebooker-appointment-booking	truebooker-appointment-booking	N/A	TrueBooker <= 1.0.7 - Cross-Site Request Forgery	LOW	*-1.0.7	1.0.8	June 30, 2026
trackship-for-woocommerce	trackship-for-woocommerce	N/A	TrackShip for WooCommerce <= 1.9.1 - Authenticated (Shop manager+) SQL Injection	LOW	*-1.9.1	1.9.2	June 30, 2026
top-10	top-10	N/A	Top 10 <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.1.0	4.1.1	June 30, 2026
time-clock	time-clock	N/A	Time Clock <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.3	1.3	June 30, 2026
themarketer	themarketer	N/A	theMarketer <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.4.7	1.4.8	June 30, 2026
terms-popup-on-user-login	terms-popup-on-user-login	N/A	Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.8	2.0.9	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data'	LOW	*-5.3	5.4	June 30, 2026
spostarbust	spostarbust	N/A	ELI's Related Posts Footer Links and Widget <= 1.2.04.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.2.04.20	1.2.04.25	June 30, 2026
spiraclethemes-site-library	spiraclethemes-site-library	N/A	Spiraclethemes Site Library <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.5.4	1.5.5	June 30, 2026
solace-extra	solace-extra	N/A	Solace Extra <= 1.3.1 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-1.3.1	1.3.2	June 30, 2026
soccer-live-scores	soccer-live-scores	N/A	Soccer Live Scores <= 1.0.5 - Cross-Site Request Forgery	LOW	*-1.0.5		June 30, 2026
smaily-for-wp	smaily-for-wp	N/A	Smaily for WP <= 3.1.6 - Cross-Site Request Forgery	LOW	*-3.1.6		June 30, 2026
skt-skill-bar	skt-skill-bar	N/A	SKT Skill Bar <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4	2.5	June 30, 2026
Simple File List	simple-file-list	90	Simple File List <= 6.1.13 - Missing Authorization to Unauthenticated Minor Settings Update	LOW	*-6.1.13	6.1.14	June 30, 2026
simple-calendar-for-elementor	simple-calendar-for-elementor	N/A	Simple calendar for Elementor <= 1.6.5 - Cross-Site Request Forgery	LOW	*-1.6.5	1.6.6	June 30, 2026
simple-blog-stats	simple-blog-stats	N/A	Simple Blog Stats <= 20250416 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-20250416	20250423	June 30, 2026

LOW

frontend-dashboard

Score: 93/100 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function Affected: 1.0-2.2.7 Patched: 2.2.8 Updated: June 30, 2026

LOW

frontend-dashboard

Score: 93/100 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function Affected: 1.5.10-2.2.7 Patched: 2.2.8 Updated: June 30, 2026

LOW

newsletters-lite

Score: N/A Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter Affected: *-4.9.9.8 Patched: 4.9.9.9 Updated: June 30, 2026

LOW

relevanssi-premium

Score: N/A Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection Affected: *-2.27.5 Patched: 2.27.6 Updated: June 30, 2026

LOW

relevanssi

Score: N/A Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection Affected: *-4.24.4 Patched: 4.24.5 Updated: June 30, 2026

LOW

wpfunnels

Score: N/A WPFunnels <= 3.5.18 - Unauthenticated PHP Object Injection Affected: *-3.5.18 Patched: 3.5.19 Updated: June 30, 2026

LOW

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Score: 76/100 WP-Optimize <= 4.1.1 - Authenticated (Admin+) SQL Injection Affected: *-4.1.1 Patched: 4.2.0 Updated: June 30, 2026

LOW

subaccounts-for-woocommerce

Score: N/A Subaccounts for WooCommerce <= 1.6.6 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: *-1.6.6 Patched: 1.6.7 Updated: June 30, 2026

LOW

real-cookie-banner-pro

Score: N/A Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.1.5 Patched: 5.1.6 Updated: June 30, 2026

LOW

real-cookie-banner

Score: N/A Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.1.5 Patched: 5.1.6 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.5.0 - Authenticated (Subscriber+) SQL Injection Affected: *-5.9.5.0 Patched: 5.9.5.1 Updated: June 30, 2026

LOW

opal-woo-custom-product-variation

Score: N/A Opal Woo Custom Product Variation <= 1.2.0 - Unauthenticated Arbitrary File Deletion Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

bns-twitter-follow-button

Score: 91/100 BNS Twitter Follow Button <= 0.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.8 Patched: Updated: June 30, 2026

LOW

b2i-investor-tools

Score: 93/100 B2i Investor Tools <= 1.0.7.9 - Reflected Cross-Site Scripting Affected: *-1.0.7.9 Patched: 1.0.8 Updated: June 30, 2026

LOW

premmerce-user-roles

Score: N/A Premmerce User Roles <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: 1.0.14 Updated: June 30, 2026

LOW

premmerce-search

Score: N/A Premmerce Product Search for WooCommerce <= 2.2.4 - Cross-Site Request Forgery Affected: *-2.2.4 Patched: 2.2.5 Updated: June 30, 2026

LOW

premmerce-search

Score: N/A Premmerce Product Search for WooCommerce <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.4 Patched: Updated: June 30, 2026

LOW

premmerce

Score: N/A Premmerce <= 1.3.19 - Cross-Site Request Forgery Affected: *-1.3.19 Patched: 1.3.20 Updated: June 30, 2026

LOW

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode Affected: *-3.8.1 Patched: 3.8.2 Updated: June 30, 2026

LOW

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function Affected: *-3.8.1 Patched: 3.8.2 Updated: June 30, 2026

LOW

jeg-elementor-kit

Score: 93/100 Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets Affected: *-2.6.12 Patched: 2.6.13 Updated: June 30, 2026

LOW

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

Score: 70/100 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter Affected: *-1.9.5 Patched: 1.9.5.1 Updated: June 30, 2026

LOW

wp-review

Score: N/A WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields Affected: *-5.3.5 Patched: Updated: June 30, 2026

LOW

wp-leads-builder-any-crm

Score: N/A Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.1 Patched: 3.2 Updated: June 30, 2026

LOW

uncanny-automator

Score: N/A Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Affected: *-6.4.0.2 Patched: 6.5.0 Updated: June 30, 2026

LOW

storekeeper-for-woocommerce

Score: N/A StoreKeeper for WooCommerce <= 14.4.4 - Unauthenticated Arbitrary File Upload Affected: *-14.4.4 Patched: 14.4.5 Updated: June 30, 2026

LOW

gearside-developer-dashboard

Score: 91/100 Gearside Developer Dashboard <= 1.0.72 - Reflected Cross-Site Scripting Affected: *-1.0.72 Patched: Updated: June 30, 2026

LOW

funnelcockpit

Score: 93/100 FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

belingogeo

Score: 93/100 belingoGeo <= 1.12.0 - Unauthenticated Arbitrary File Download Affected: *-1.12.0 Patched: 1.12.1 Updated: June 30, 2026

LOW

ajar-productions-in5-embed

Score: 95/100 Ajar in5 Embed <= 3.1.5 - Unauthenticated Arbitrary File Upload Affected: *-3.1.5 Patched: Updated: June 30, 2026

LOW

drag-and-drop-multiple-file-upload-for-woocommerce

Score: 93/100 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

1-click-migration

Score: 95/100 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

imithemes-listing

Score: 93/100 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset Affected: *-3.3 Patched: 3.4 Updated: June 30, 2026

LOW

xili-tidy-tags

Score: N/A xili-tidy-tags <= 1.12.06 - Reflected Cross-Site Scripting Affected: *-1.12.06 Patched: Updated: June 30, 2026

LOW

wpbookit

Score: N/A WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

wpbookit

Score: N/A WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update Affected: *-1.0.2 Patched: 1.0.3 Updated: June 30, 2026

LOW

wp-job-portal

Score: N/A WP Job Portal <= 2.3.1 - Unauthenticated Local File Inclusion Affected: *-2.3.1 Patched: 2.3.2 Updated: June 30, 2026

LOW

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Unauthenticated SQL Injection Affected: *-3.8.1 Patched: 3.8.2 Updated: June 30, 2026

LOW

psw-login-and-registration

Score: N/A PSW Front-end Login & Registration <= 1.12 - Authentication Bypass Affected: *-1.12 Patched: Updated: June 30, 2026

LOW

groundhogg

Score: 93/100 WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion Affected: *-4.1.1.2 Patched: 4.1.2 Updated: June 30, 2026

LOW

frontend-login-and-registration-blocks

Score: 93/100 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-1.1.1 Patched: 1.2.0 Updated: June 30, 2026

LOW

eucookielaw

Score: 93/100 EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read Affected: *-2.7.2 Patched: 2.7.3 Updated: June 30, 2026

LOW

envolve-plugin

Score: 93/100 Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file Affected: *-1.0 Patched: 1.1.0 Updated: June 30, 2026

LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-3.2.9 Patched: 3.3.0 Updated: June 30, 2026

LOW

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

Score: 68/100 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-6.18.15 Patched: 6.18.16 Updated: June 30, 2026

LOW

bmi-adultkid-calculator

Score: 89/100 BMI Adult & Kid Calculator <= 1.2.2 - Reflected Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-26.0.6 Patched: 26.0.7 Updated: June 30, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function Affected: *-8.9.1 Patched: 8.9.2 Updated: June 30, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting Affected: *-8.9.1 Patched: 8.9.2 Updated: June 30, 2026

LOW

wp-seo-structured-data-schema

Score: N/A WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings Affected: *-2.7.11 Patched: 2.8.0 Updated: June 30, 2026

LOW

wp-event-solution

Score: N/A Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read Affected: *-4.0.26 Patched: 4.0.27 Updated: June 30, 2026

LOW

yaysmtp

Score: N/A YaySMTP <= 2.6.4 - Authenticated (Administrator+) SQL Injection Affected: *-2.6.4 Patched: 2.6.5 Updated: June 30, 2026

LOW

xt-facebook-events

Score: N/A XT Event Widget for Social Events <= 1.1.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

wpspeed

Score: N/A WPSpeed <= 2.6.5 - Cross-Site Request Forgery Affected: *-2.6.5 Patched: 2.6.6 Updated: June 30, 2026

LOW

wpadverts

Score: N/A WPAdverts <= 2.2.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026

LOW

wp-webinarsystem

Score: N/A WebinarPress <= 1.33.27 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-1.33.27 Patched: Updated: June 30, 2026

LOW

wp-recall

Score: N/A WP-Recall <= 16.26.14 - Authenticated (Contributor+) Local File Inclusion Affected: *-16.26.14 Patched: Updated: June 30, 2026

LOW

wp-podcasts-manager

Score: N/A WP Podcasts Manager <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: 1.4 Updated: June 30, 2026

LOW

wp-pipes

Score: N/A WP Pipes <= 1.4.3 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-1.4.3 Patched: Updated: June 30, 2026

LOW

wp-maintenance

Score: N/A WP Maintenance <= 6.1.9.7 - Authenticated (Administrator+) PHP Object Injection Affected: *-6.1.9.7 Patched: 6.1.9.8 Updated: June 30, 2026

LOW

wp-jquery-datatable

Score: N/A WP jQuery DataTable <= 4.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: Updated: June 30, 2026

LOW

WP Hotel Booking

wp-hotel-booking

Score: N/A WP Hotel Booking <= 2.1.9 - Cross-Site Request Forgery Affected: *-2.1.9 Patched: 2.2.0 Updated: June 30, 2026

LOW

wp-fundraising-donation

Score: N/A WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross-Site Request Forgery Affected: *-1.7.3 Patched: 1.7.4 Updated: June 30, 2026

LOW

wp-event-solution

Score: N/A Eventin <= 4.0.26 - Missing Authorization to Unauthenticated Privilege Escalation Affected: *-4.0.26 Patched: 4.0.27 Updated: June 30, 2026

LOW

wp-ecommerce-paypal

Score: N/A Easy PayPal Buy Now Button <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

wp-dpe-ges

Score: N/A WP DPE-GES <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

wp-discord-invite

Score: N/A WP Discord Invite <= 2.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.5.3 Patched: 2.6.0 Updated: June 30, 2026

LOW

wp-crm-system

Score: N/A WP-CRM System <= 3.4.5 - Authenticated (Administrator+) PHP Object Injection Affected: *-3.4.5 Patched: 3.4.6 Updated: June 30, 2026

LOW

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Score: 61/100 WP Compress <= 6.30.30 - Cross-Site Request Forgery Affected: *-6.30.30 Patched: 6.30.31 Updated: June 30, 2026

LOW

woobox

Score: N/A Woobox <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

woobox

Score: N/A Woobox <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

woo-salesforce-plugin-crm-perks

Score: N/A Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirect Affected: *-1.7.5 Patched: 1.7.6 Updated: June 30, 2026

LOW

woc-open-close

Score: N/A Open Close WooCommerce Store <= 4.9.5 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.9.5 Patched: Updated: June 30, 2026

LOW

wiki-embed

Score: N/A Wiki Embed <= 1.4.6 - Cross-Site Request Forgery Affected: *-1.4.6 Patched: 1.4.7 Updated: June 30, 2026

LOW

widget-for-eventbrite-api

Score: N/A Display Eventbrite Events <= 6.2.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-6.2.6 Patched: 6.3 Updated: June 30, 2026

LOW

widget-countdown

Score: N/A Widget Countdown <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.4 Patched: 2.7.5 Updated: June 30, 2026

LOW

wemail

Score: N/A weMail <= 1.14.13 - Unauthenticated Sensitive Information Exposure Affected: *-1.14.13 Patched: 1.14.14 Updated: June 30, 2026

LOW

webappick-pdf-invoice-for-woocommerce

Score: N/A Challan <= 3.7.58 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-3.7.58 Patched: 3.7.59 Updated: June 30, 2026

LOW

void-visual-whmcs-element

Score: N/A WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4.1 Patched: Updated: June 30, 2026

LOW

user-login-history

Score: N/A User Login History <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: June 30, 2026

LOW

ultimate-wp-mail

Score: N/A Ultimate WP Mail <= 1.3.4 - Cross-Site Request Forgery Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

ultimate-wp-mail

Score: N/A Ultimate WP Mail <= 1.3.4 - Authenticated (Contributor+) SQL Injection Affected: *-1.3.4 Patched: 1.3.5 Updated: June 30, 2026

LOW

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Score: N/A Ultimate Member <= 2.10.3 - Authenticated (Administrator+) Arbitrary Function Call Affected: *-2.10.3 Patched: 2.10.4 Updated: June 30, 2026

LOW

ultimate-blocks

Score: N/A Ultimate Blocks <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.9 Patched: 3.3.0 Updated: June 30, 2026

LOW

truebooker-appointment-booking

Score: N/A TrueBooker <= 1.0.7 - Cross-Site Request Forgery Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

trackship-for-woocommerce

Score: N/A TrackShip for WooCommerce <= 1.9.1 - Authenticated (Shop manager+) SQL Injection Affected: *-1.9.1 Patched: 1.9.2 Updated: June 30, 2026

LOW

top-10

Score: N/A Top 10 <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.1.1 Updated: June 30, 2026

LOW

time-clock

Score: N/A Time Clock <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.3 Updated: June 30, 2026

LOW

themarketer

Score: N/A theMarketer <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

terms-popup-on-user-login

Score: N/A Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' Affected: *-5.3 Patched: 5.4 Updated: June 30, 2026

LOW

spostarbust

Score: N/A ELI's Related Posts Footer Links and Widget <= 1.2.04.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.04.20 Patched: 1.2.04.25 Updated: June 30, 2026

LOW

spiraclethemes-site-library

Score: N/A Spiraclethemes Site Library <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.4 Patched: 1.5.5 Updated: June 30, 2026

LOW

solace-extra

Score: N/A Solace Extra <= 1.3.1 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

soccer-live-scores

Score: N/A Soccer Live Scores <= 1.0.5 - Cross-Site Request Forgery Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

smaily-for-wp

Score: N/A Smaily for WP <= 3.1.6 - Cross-Site Request Forgery Affected: *-3.1.6 Patched: Updated: June 30, 2026

LOW

skt-skill-bar

Score: N/A SKT Skill Bar <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: 2.5 Updated: June 30, 2026

LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 6.1.13 - Missing Authorization to Unauthenticated Minor Settings Update Affected: *-6.1.13 Patched: 6.1.14 Updated: June 30, 2026

LOW

simple-calendar-for-elementor

Score: N/A Simple calendar for Elementor <= 1.6.5 - Cross-Site Request Forgery Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

simple-blog-stats

Score: N/A Simple Blog Stats <= 20250416 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-20250416 Patched: 20250423 Updated: June 30, 2026

Showing 9001 to 9100 of 36319 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 23:17 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List