Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

96

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
sidebar-manager-light sidebar-manager-light N/A Sidebar Manager Light <= 1.18 - Cross-Site Request Forgery LOW *-1.18 July 1, 2026
show-all-comments-in-one-page show-all-comments-in-one-page N/A Show All Comments <= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-7.0.1 July 1, 2026
seznam-webmaster seznam-webmaster N/A Seznam Webmaster <= 1.4.7 - Cross-Site Request Forgery LOW *-1.4.7 1.4.8 July 1, 2026
sendpulse-email-marketing-newsletter sendpulse-email-marketing-newsletter N/A SendPulse Email Marketing Newsletter <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 1, 2026
rs-wp-books-showcase rs-wp-books-showcase N/A RS WP Book Showcase <= 6.7.40 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.7.40 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.1017 1.7.1018 July 1, 2026
Robo Gallery – Photo & Image Slider robo-gallery N/A Robo Gallery <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.0.2 5.0.3 July 1, 2026
responsive-add-ons responsive-add-ons N/A Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Missing Authorization LOW *-3.1.9 3.2.0 July 1, 2026
really-simple-under-construction really-simple-under-construction N/A Really Simple Under Construction Page <= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.6 1.5.0 July 1, 2026
quran-text-multilanguage quran-text-multilanguage N/A Quran multilanguage Text & Audio <= 2.3.23 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.23 2.3.24 July 1, 2026
qs-dark-mode qs-dark-mode N/A QS Dark Mode <= 3.0 - Missing Authorization LOW *-3.0 July 1, 2026
pw-bulk-edit pw-bulk-edit N/A PW WooCommerce Bulk Edit <= 2.134 - Cross-Site Request Forgery LOW *-2.134 2.135 July 1, 2026
publishpress-authors publishpress-authors N/A PublishPress Authors <= 4.7.5 - Authenticated (Contributor+) Local File Inclusion LOW *-4.7.5 4.7.6 July 1, 2026
progress-bar progress-bar N/A Progress Bar <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.3 2.2.4 July 1, 2026
products-per-page-for-woocommerce products-per-page-for-woocommerce N/A Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.0 2.5.0 July 1, 2026
productive-commerce productive-commerce N/A Productive Commerce <= 1.1.22 - Unauthenticated SQL Injection LOW *-1.1.22 July 1, 2026
product-quantity-for-woocommerce product-quantity-for-woocommerce N/A Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.0.3 5.0.4 July 1, 2026
product-quantity-dropdown-for-woocommerce product-quantity-dropdown-for-woocommerce N/A Product Quantity Dropdown For Woocommerce <= 1.2 - Cross-Site Request Forgery LOW *-1.2 1.3 July 1, 2026
product-countdown-for-woocommerce product-countdown-for-woocommerce N/A Product Time Countdown for WooCommerce <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.2 1.6.3 July 1, 2026
polylang-supertext polylang-supertext N/A Supertext Translation and Proofreading <= 4.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.25 July 1, 2026
poll-maker poll-maker N/A Poll Maker <= 5.7.7 - Unauthenticated Race Condition to Multi-Vote LOW *-5.7.7 5.7.8 July 1, 2026
pgall-for-woocommerce pgall-for-woocommerce N/A 워드프레스 결제 심플페이 <= 5.2.11 - Cross-Site Request Forgery LOW *-5.2.11 5.3.3 July 1, 2026
pdf-for-woocommerce pdf-for-woocommerce N/A PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 5.3.8 - Authenticated (Administrator+) SQL Injection LOW *-5.3.8 5.4.0 July 1, 2026
ovation-elements ovation-elements N/A Ovation Elements <= 1.1.2 - Missing Authorization LOW *-1.1.2 1.1.3 July 1, 2026
ngg-smart-image-search ngg-smart-image-search N/A NGG Smart Image Search <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.3 3.4.1 July 1, 2026
new-contact-form-widget new-contact-form-widget N/A Contact Form Widget <= 1.4.6 - Cross-Site Request Forgery LOW *-1.4.6 1.4.7 July 1, 2026
nd-booking nd-booking
91
Hotel Booking <= 3.6 - Authenticated (Contributor+) Local File Inclusion LOW *-3.6 3.7 July 1, 2026
n360-splash-screen n360-splash-screen
93
N360 | Splash Screen <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 1, 2026
music-player-for-woocommerce music-player-for-woocommerce
93
Music Player for WooCommerce <= 1.5.1 - Missing Authorization LOW *-1.5.1 1.6.0 July 1, 2026
mollie-forms mollie-forms
93
Mollie Forms <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.12 2.7.13 July 1, 2026
meow-gallery meow-gallery
93
Meow Gallery <= 5.2.7 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-5.2.7 5.2.8 July 1, 2026
meks-flexible-shortcodes meks-flexible-shortcodes
93
Meks Flexible Shortcodes <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 1.3.7 July 1, 2026
Media Hygiene: Remove or Delete Unused Images and More! media-hygiene
88
Media Hygiene <= 4.0.0 - Missing Authorization LOW *-4.0.0 4.0.1 July 1, 2026
martins-free-and-easy-ad-network-get-more-visitors martins-free-and-easy-ad-network-get-more-visitors
91
Martins Free Monetized Ad Exchange Network <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
mail-mint mail-mint
93
Mail Mint <= 1.17.7 - Unauthenticated Sensitive Information Exposure LOW *-1.17.7 1.17.8 July 1, 2026
logo-showcase logo-showcase
93
Logo Showcase <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.4 3.0.5 July 1, 2026
locateandfilter locateandfilter
93
LocateAndFilter <= 1.6.16 - Missing Authorization LOW *-1.6.16 1.6.17 July 1, 2026
liveagent liveagent
93
LiveAgent <= 4.4.7 - Cross-Site Request Forgery LOW *-4.4.7 4.4.8 July 1, 2026
LiteSpeed Cache litespeed-cache
69
LiteSpeed Cache <= 7.0.1 - Authenticated (Editor+) Server-Side Request Forgery LOW *-7.0.1 7.1 July 1, 2026
listamester listamester
93
Listamester <= 2.3.6 - Cross-Site Request Forgery LOW *-2.3.6 2.3.7 July 1, 2026
List category posts list-category-posts
94
List category posts <= 0.91.0 - Authenticated (Contributor+) Local File Inclusion LOW *-0.91.0 0.92.0 July 1, 2026
lessbuttons lessbuttons
91
LessButtons Social Sharing and Statistics <= 1.6.1 - Cross-Site Request Forgery LOW *-1.6.1 July 1, 2026
jupiterx-core jupiterx-core
93
JupiterX Core <= 4.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.8.11 4.8.12 July 1, 2026
intelly-related-posts intelly-related-posts
93
Inline Related Posts <= 3.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.8.0 3.9.0 July 1, 2026
integrations-of-zoho-crm-with-elementor-form integrations-of-zoho-crm-with-elementor-form
91
Integrations of Zoho CRM with Elementor form <= 1.0.7 - Open Redirect LOW *-1.0.7 July 1, 2026
instantio instantio
93
Instantio <= 3.3.16 - Authenticated (Admin+) Arbitrary File Upload LOW *-3.3.16 3.3.17 July 1, 2026
hm-cool-author-box-widget hm-cool-author-box-widget
93
Cool Author Box <= 3.0.0 - Cross-Site Request Forgery LOW *-3.0.0 3.0.1 July 1, 2026
hash-form hash-form
93
Hash Form <= 1.2.8 - Cross-Site Request Forgery LOW *-1.2.8 1.2.9 July 1, 2026
gt3-photo-video-gallery gt3-photo-video-gallery
93
Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.7.25 2.7.7.26 July 1, 2026
gs-woo-variation-swatches gs-woo-variation-swatches
93
GS Variation Swatches for WooCommerce <= 3.0.4 - Missing Authorization LOW *-3.0.4 3.0.5 July 1, 2026
gs-testimonial gs-testimonial
93
GS Testimonial Slider <= 3.3.0 - Missing Authorization LOW *-3.3.0 3.3.1 July 1, 2026
gs-testimonial gs-testimonial
93
GS Testimonial Slider <= 3.2.9 - Unauthenticated Arbitrary Shortcode Execution LOW *-3.2.9 3.3.0 July 1, 2026
graphina-elementor-charts-and-graphs graphina-elementor-charts-and-graphs
93
Graphina <= 3.0.4 - Cross-Site Request Forgery to Local File Inclusion LOW *-3.0.4 3.0.5 July 1, 2026
graphina-elementor-charts-and-graphs graphina-elementor-charts-and-graphs
93
Graphina <= 3.0.4 - Missing Authorization LOW *-3.0.4 3.0.5 July 1, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power) gpt3-ai-content-generator
92
GPT3 AI Content Writer <= 1.9.14 - Cross-Site Request Forgery LOW *-1.9.14 1.9.15 July 1, 2026
giveasap giveasap
91
Simple Giveaways <= 2.48.2 - Cross-Site Request Forgery LOW *-2.48.2 July 1, 2026
gf-zendesk gf-zendesk
93
WP Gravity Forms Zendesk <= 1.1.2 - Open Redirect LOW *-1.1.2 1.1.3 July 1, 2026
gf-dynamics-crm gf-dynamics-crm
93
WP Gravity Forms Dynamics CRM <= 1.1.4 - Open Redirect LOW *-1.1.4 1.1.5 July 1, 2026
gamipress gamipress
93
GamiPress <= 7.3.7 - Authenticated (Contributor+) Local File Inclusion LOW *-7.3.7 7.3.8 July 1, 2026
front-editor front-editor
89
WP Front User Submit / Front Editor <= 4.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.9.3 July 1, 2026
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution file-manager-advanced
66
Advanced File Manager <= 5.3.1 - Missing Authorization to Notice Dismisaal LOW *-5.3.1 5.3.2 July 1, 2026
eventon-lite eventon-lite
93
EventON <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion LOW *-2.4.1 2.4.2 July 1, 2026
eu-vat-for-woocommerce eu-vat-for-woocommerce
93
Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.4.2 4.4.3 July 1, 2026
envo-extra envo-extra
93
Envo Extra <= 1.9.9 - Missing Authorization LOW *-1.9.9 1.9.10 July 1, 2026
email-notification-on-login email-notification-on-login
91
Email Notification on Login <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.1 July 1, 2026
elex-product-feed elex-product-feed
93
ELEX Product Feed for WooCommerce <= 3.1.2 - Authenticated (Administrator+) SQL Injection LOW *-3.1.2 3.1.3 July 1, 2026
ebook-store ebook-store
93
Ebook Store <= 5.8009 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.8009 5.8010 July 1, 2026
easyme-connect easyme-connect
93
EasyMe Connect <= 3.0.3 - Cross-Site Request Forgery LOW *-3.0.3 3.0.4 July 1, 2026
easy-replace-image easy-replace-image
93
Easy Replace Image <= 3.5.0 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-3.5.0 3.5.1 July 1, 2026
easy-paypal-events-tickets easy-paypal-events-tickets
93
Easy PayPal Events <= 1.2.2 - Cross-Site Request Forgery LOW *-1.2.2 1.3 July 1, 2026
easy-paypal-donation easy-paypal-donation
93
Accept Donations with PayPal <= 1.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.5 1.5 July 1, 2026
download-monitor download-monitor
93
Download Monitor <= 5.0.22 - Authenticated (Contributor+) Local File Inclusion LOW *-5.0.22 5.0.23 July 1, 2026
dofollow-case-by-case dofollow-case-by-case
93
DoFollow Case by Case <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.5.1 3.6.0 July 1, 2026
dofollow-case-by-case dofollow-case-by-case
93
DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery LOW *-3.5.1 3.6.0 July 1, 2026
display-remote-posts-block display-remote-posts-block
93
Display Remote Posts Block <= 1.1.0 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-1.1.0 1.1.1 July 1, 2026
delucks-seo delucks-seo
89
DELUCKS SEO <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.9 2.6.0 July 1, 2026
custom-checkout-fields-for-woocommerce custom-checkout-fields-for-woocommerce
93
Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.3 1.9.0 July 1, 2026
csv-mass-importer csv-mass-importer
91
CSV Mass Importer <= 1.2 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.2 July 1, 2026
credova-financial credova-financial
93
Credova_Financial <= 2.5.0 - Cross-Site Request Forgery LOW *-2.5.0 2.5.1 July 1, 2026
cozy-addons cozy-addons
93
Cozy Blocks <= 2.1.22 - Missing Authorization LOW *-2.1.22 2.1.23 July 1, 2026
cost-calculator-for-elementor cost-calculator-for-elementor
93
Cost Calculator for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.3 1.3.4 July 1, 2026
cookiecode cookiecode
91
CookieCode <= 2.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.4.4 July 1, 2026
contribuinte-checkout contribuinte-checkout
93
Contribuinte Checkout <= 2.0.03 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.03 2.0.04 July 1, 2026
contextual-related-posts contextual-related-posts
93
Contextual Related Posts <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.2 4.0.3 July 1, 2026
contentstudio contentstudio
93
ContentStudio <= 1.3.5 - Missing Authorization LOW *-1.3.5 1.3.7 July 1, 2026
content-control content-control
93
Content Control <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.1 2.6.2 July 1, 2026
contact-form-7-paypal-add-on contact-form-7-paypal-add-on
93
Contact Form 7 – PayPal & Stripe Add-on <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.4 2.4.1 July 1, 2026
color-your-bar color-your-bar
91
Color Your Bar <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
coinpayments-payment-gateway-for-woocommerce coinpayments-payment-gateway-for-woocommerce
93
CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - Unauthenticated PHP Object Injection LOW *-1.0.17 1.0.18 July 1, 2026
clickwhale clickwhale
93
ClickWhale <= 2.4.6 - Missing Authorization LOW *-2.4.6 2.4.7 July 1, 2026
charitable charitable
93
Charitable <= 1.8.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.8.5.1 1.8.5.2 July 1, 2026
cf7-submission-dom-tracking cf7-submission-dom-tracking
93
Submission DOM tracking for Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0 2.2 July 1, 2026
cc-bmi-calculator cc-bmi-calculator
93
CC BMI Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.0 2.1.1 July 1, 2026
cbxgooglemap cbxgooglemap
93
CBX Map for Google Map & OpenStreetMap <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.12 2.0.0 July 1, 2026
cart-tracking-for-woocommerce cart-tracking-for-woocommerce
93
Cart tracking for WooCommerce <= 1.0.17 - Authenticated (Administrator+) SQL Injection LOW *-1.0.17 1.0.18 July 1, 2026
calculate-prices-based-on-distance-for-woocommerce calculate-prices-based-on-distance-for-woocommerce
93
Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Missing Authorization LOW *-1.3.5 1.3.6 July 1, 2026
bulk-featured-image bulk-featured-image
87
Bulk Featured Image <= 1.2.1 - Missing Authorization LOW *-1.2.1 July 1, 2026
bold-page-builder bold-page-builder
86
Bold Page Builder <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.3.2 5.3.3 July 1, 2026
bold-page-builder bold-page-builder
86
Bold Page Builder <= 5.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.3.0 5.3.1 July 1, 2026
blockspare blockspare
93
Blockspare <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.9 3.2.10 July 1, 2026
LOW

sidebar-manager-light

sidebar-manager-light

Score: N/A Sidebar Manager Light <= 1.18 - Cross-Site Request Forgery Affected: *-1.18 Patched: Updated: July 1, 2026
LOW

show-all-comments-in-one-page

show-all-comments-in-one-page

Score: N/A Show All Comments <= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.0.1 Patched: Updated: July 1, 2026
LOW

seznam-webmaster

seznam-webmaster

Score: N/A Seznam Webmaster <= 1.4.7 - Cross-Site Request Forgery Affected: *-1.4.7 Patched: 1.4.8 Updated: July 1, 2026
LOW

sendpulse-email-marketing-newsletter

sendpulse-email-marketing-newsletter

Score: N/A SendPulse Email Marketing Newsletter <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 1, 2026
LOW

rs-wp-books-showcase

rs-wp-books-showcase

Score: N/A RS WP Book Showcase <= 6.7.40 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.7.40 Patched: Updated: July 1, 2026
LOW

Robo Gallery – Photo & Image Slider

robo-gallery

Score: N/A Robo Gallery <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.0.2 Patched: 5.0.3 Updated: July 1, 2026
LOW

responsive-add-ons

responsive-add-ons

Score: N/A Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Missing Authorization Affected: *-3.1.9 Patched: 3.2.0 Updated: July 1, 2026
LOW

really-simple-under-construction

really-simple-under-construction

Score: N/A Really Simple Under Construction Page <= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: 1.5.0 Updated: July 1, 2026
LOW

quran-text-multilanguage

quran-text-multilanguage

Score: N/A Quran multilanguage Text & Audio <= 2.3.23 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.23 Patched: 2.3.24 Updated: July 1, 2026
LOW

qs-dark-mode

qs-dark-mode

Score: N/A QS Dark Mode <= 3.0 - Missing Authorization Affected: *-3.0 Patched: Updated: July 1, 2026
LOW

pw-bulk-edit

pw-bulk-edit

Score: N/A PW WooCommerce Bulk Edit <= 2.134 - Cross-Site Request Forgery Affected: *-2.134 Patched: 2.135 Updated: July 1, 2026
LOW

publishpress-authors

publishpress-authors

Score: N/A PublishPress Authors <= 4.7.5 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.7.5 Patched: 4.7.6 Updated: July 1, 2026
LOW

progress-bar

progress-bar

Score: N/A Progress Bar <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: July 1, 2026
LOW

products-per-page-for-woocommerce

products-per-page-for-woocommerce

Score: N/A Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.0 Patched: 2.5.0 Updated: July 1, 2026
LOW

productive-commerce

productive-commerce

Score: N/A Productive Commerce <= 1.1.22 - Unauthenticated SQL Injection Affected: *-1.1.22 Patched: Updated: July 1, 2026
LOW

product-quantity-for-woocommerce

product-quantity-for-woocommerce

Score: N/A Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.3 Patched: 5.0.4 Updated: July 1, 2026
LOW

product-quantity-dropdown-for-woocommerce

product-quantity-dropdown-for-woocommerce

Score: N/A Product Quantity Dropdown For Woocommerce <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: 1.3 Updated: July 1, 2026
LOW

product-countdown-for-woocommerce

product-countdown-for-woocommerce

Score: N/A Product Time Countdown for WooCommerce <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: July 1, 2026
LOW

polylang-supertext

polylang-supertext

Score: N/A Supertext Translation and Proofreading <= 4.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.25 Patched: Updated: July 1, 2026
LOW

poll-maker

poll-maker

Score: N/A Poll Maker <= 5.7.7 - Unauthenticated Race Condition to Multi-Vote Affected: *-5.7.7 Patched: 5.7.8 Updated: July 1, 2026
LOW

pgall-for-woocommerce

pgall-for-woocommerce

Score: N/A 워드프레스 결제 심플페이 <= 5.2.11 - Cross-Site Request Forgery Affected: *-5.2.11 Patched: 5.3.3 Updated: July 1, 2026
LOW

pdf-for-woocommerce

pdf-for-woocommerce

Score: N/A PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 5.3.8 - Authenticated (Administrator+) SQL Injection Affected: *-5.3.8 Patched: 5.4.0 Updated: July 1, 2026
LOW

ovation-elements

ovation-elements

Score: N/A Ovation Elements <= 1.1.2 - Missing Authorization Affected: *-1.1.2 Patched: 1.1.3 Updated: July 1, 2026
LOW

ngg-smart-image-search

ngg-smart-image-search

Score: N/A NGG Smart Image Search <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.3 Patched: 3.4.1 Updated: July 1, 2026
LOW

new-contact-form-widget

new-contact-form-widget

Score: N/A Contact Form Widget <= 1.4.6 - Cross-Site Request Forgery Affected: *-1.4.6 Patched: 1.4.7 Updated: July 1, 2026
LOW

nd-booking

nd-booking

Score: 91/100 Hotel Booking <= 3.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.6 Patched: 3.7 Updated: July 1, 2026
LOW

n360-splash-screen

n360-splash-screen

Score: 93/100 N360 | Splash Screen <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 1, 2026
LOW

music-player-for-woocommerce

music-player-for-woocommerce

Score: 93/100 Music Player for WooCommerce <= 1.5.1 - Missing Authorization Affected: *-1.5.1 Patched: 1.6.0 Updated: July 1, 2026
LOW

mollie-forms

mollie-forms

Score: 93/100 Mollie Forms <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.12 Patched: 2.7.13 Updated: July 1, 2026
LOW

meow-gallery

meow-gallery

Score: 93/100 Meow Gallery <= 5.2.7 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-5.2.7 Patched: 5.2.8 Updated: July 1, 2026
LOW

meks-flexible-shortcodes

meks-flexible-shortcodes

Score: 93/100 Meks Flexible Shortcodes <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: July 1, 2026
LOW

martins-free-and-easy-ad-network-get-more-visitors

martins-free-and-easy-ad-network-get-more-visitors

Score: 91/100 Martins Free Monetized Ad Exchange Network <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

mail-mint

mail-mint

Score: 93/100 Mail Mint <= 1.17.7 - Unauthenticated Sensitive Information Exposure Affected: *-1.17.7 Patched: 1.17.8 Updated: July 1, 2026
LOW

logo-showcase

logo-showcase

Score: 93/100 Logo Showcase <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

locateandfilter

locateandfilter

Score: 93/100 LocateAndFilter <= 1.6.16 - Missing Authorization Affected: *-1.6.16 Patched: 1.6.17 Updated: July 1, 2026
LOW

liveagent

liveagent

Score: 93/100 LiveAgent <= 4.4.7 - Cross-Site Request Forgery Affected: *-4.4.7 Patched: 4.4.8 Updated: July 1, 2026
LOW

LiteSpeed Cache

litespeed-cache

Score: 69/100 LiteSpeed Cache <= 7.0.1 - Authenticated (Editor+) Server-Side Request Forgery Affected: *-7.0.1 Patched: 7.1 Updated: July 1, 2026
LOW

listamester

listamester

Score: 93/100 Listamester <= 2.3.6 - Cross-Site Request Forgery Affected: *-2.3.6 Patched: 2.3.7 Updated: July 1, 2026
LOW

List category posts

list-category-posts

Score: 94/100 List category posts <= 0.91.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-0.91.0 Patched: 0.92.0 Updated: July 1, 2026
LOW

lessbuttons

lessbuttons

Score: 91/100 LessButtons Social Sharing and Statistics <= 1.6.1 - Cross-Site Request Forgery Affected: *-1.6.1 Patched: Updated: July 1, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 JupiterX Core <= 4.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.8.11 Patched: 4.8.12 Updated: July 1, 2026
LOW

intelly-related-posts

intelly-related-posts

Score: 93/100 Inline Related Posts <= 3.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.8.0 Patched: 3.9.0 Updated: July 1, 2026
LOW

integrations-of-zoho-crm-with-elementor-form

integrations-of-zoho-crm-with-elementor-form

Score: 91/100 Integrations of Zoho CRM with Elementor form <= 1.0.7 - Open Redirect Affected: *-1.0.7 Patched: Updated: July 1, 2026
LOW

instantio

instantio

Score: 93/100 Instantio <= 3.3.16 - Authenticated (Admin+) Arbitrary File Upload Affected: *-3.3.16 Patched: 3.3.17 Updated: July 1, 2026
LOW

hm-cool-author-box-widget

hm-cool-author-box-widget

Score: 93/100 Cool Author Box <= 3.0.0 - Cross-Site Request Forgery Affected: *-3.0.0 Patched: 3.0.1 Updated: July 1, 2026
LOW

hash-form

hash-form

Score: 93/100 Hash Form <= 1.2.8 - Cross-Site Request Forgery Affected: *-1.2.8 Patched: 1.2.9 Updated: July 1, 2026
LOW

gt3-photo-video-gallery

gt3-photo-video-gallery

Score: 93/100 Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.7.25 Patched: 2.7.7.26 Updated: July 1, 2026
LOW

gs-woo-variation-swatches

gs-woo-variation-swatches

Score: 93/100 GS Variation Swatches for WooCommerce <= 3.0.4 - Missing Authorization Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

gs-testimonial

gs-testimonial

Score: 93/100 GS Testimonial Slider <= 3.3.0 - Missing Authorization Affected: *-3.3.0 Patched: 3.3.1 Updated: July 1, 2026
LOW

gs-testimonial

gs-testimonial

Score: 93/100 GS Testimonial Slider <= 3.2.9 - Unauthenticated Arbitrary Shortcode Execution Affected: *-3.2.9 Patched: 3.3.0 Updated: July 1, 2026
LOW

graphina-elementor-charts-and-graphs

graphina-elementor-charts-and-graphs

Score: 93/100 Graphina <= 3.0.4 - Cross-Site Request Forgery to Local File Inclusion Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

graphina-elementor-charts-and-graphs

graphina-elementor-charts-and-graphs

Score: 93/100 Graphina <= 3.0.4 - Missing Authorization Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

giveasap

giveasap

Score: 91/100 Simple Giveaways <= 2.48.2 - Cross-Site Request Forgery Affected: *-2.48.2 Patched: Updated: July 1, 2026
LOW

gf-zendesk

gf-zendesk

Score: 93/100 WP Gravity Forms Zendesk <= 1.1.2 - Open Redirect Affected: *-1.1.2 Patched: 1.1.3 Updated: July 1, 2026
LOW

gf-dynamics-crm

gf-dynamics-crm

Score: 93/100 WP Gravity Forms Dynamics CRM <= 1.1.4 - Open Redirect Affected: *-1.1.4 Patched: 1.1.5 Updated: July 1, 2026
LOW

gamipress

gamipress

Score: 93/100 GamiPress <= 7.3.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-7.3.7 Patched: 7.3.8 Updated: July 1, 2026
LOW

front-editor

front-editor

Score: 89/100 WP Front User Submit / Front Editor <= 4.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.9.3 Patched: Updated: July 1, 2026
LOW

eventon-lite

eventon-lite

Score: 93/100 EventON <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.4.1 Patched: 2.4.2 Updated: July 1, 2026
LOW

eu-vat-for-woocommerce

eu-vat-for-woocommerce

Score: 93/100 Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.4.2 Patched: 4.4.3 Updated: July 1, 2026
LOW

envo-extra

envo-extra

Score: 93/100 Envo Extra <= 1.9.9 - Missing Authorization Affected: *-1.9.9 Patched: 1.9.10 Updated: July 1, 2026
LOW

email-notification-on-login

email-notification-on-login

Score: 91/100 Email Notification on Login <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: July 1, 2026
LOW

elex-product-feed

elex-product-feed

Score: 93/100 ELEX Product Feed for WooCommerce <= 3.1.2 - Authenticated (Administrator+) SQL Injection Affected: *-3.1.2 Patched: 3.1.3 Updated: July 1, 2026
LOW

ebook-store

ebook-store

Score: 93/100 Ebook Store <= 5.8009 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.8009 Patched: 5.8010 Updated: July 1, 2026
LOW

easyme-connect

easyme-connect

Score: 93/100 EasyMe Connect <= 3.0.3 - Cross-Site Request Forgery Affected: *-3.0.3 Patched: 3.0.4 Updated: July 1, 2026
LOW

easy-replace-image

easy-replace-image

Score: 93/100 Easy Replace Image <= 3.5.0 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-3.5.0 Patched: 3.5.1 Updated: July 1, 2026
LOW

easy-paypal-events-tickets

easy-paypal-events-tickets

Score: 93/100 Easy PayPal Events <= 1.2.2 - Cross-Site Request Forgery Affected: *-1.2.2 Patched: 1.3 Updated: July 1, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Accept Donations with PayPal <= 1.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.5 Patched: 1.5 Updated: July 1, 2026
LOW

download-monitor

download-monitor

Score: 93/100 Download Monitor <= 5.0.22 - Authenticated (Contributor+) Local File Inclusion Affected: *-5.0.22 Patched: 5.0.23 Updated: July 1, 2026
LOW

dofollow-case-by-case

dofollow-case-by-case

Score: 93/100 DoFollow Case by Case <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5.1 Patched: 3.6.0 Updated: July 1, 2026
LOW

dofollow-case-by-case

dofollow-case-by-case

Score: 93/100 DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery Affected: *-3.5.1 Patched: 3.6.0 Updated: July 1, 2026
LOW

display-remote-posts-block

display-remote-posts-block

Score: 93/100 Display Remote Posts Block <= 1.1.0 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.1.0 Patched: 1.1.1 Updated: July 1, 2026
LOW

delucks-seo

delucks-seo

Score: 89/100 DELUCKS SEO <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.9 Patched: 2.6.0 Updated: July 1, 2026
LOW

custom-checkout-fields-for-woocommerce

custom-checkout-fields-for-woocommerce

Score: 93/100 Multiple Plugins by wpcodefactory <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.3 Patched: 1.9.0 Updated: July 1, 2026
LOW

csv-mass-importer

csv-mass-importer

Score: 91/100 CSV Mass Importer <= 1.2 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

credova-financial

credova-financial

Score: 93/100 Credova_Financial <= 2.5.0 - Cross-Site Request Forgery Affected: *-2.5.0 Patched: 2.5.1 Updated: July 1, 2026
LOW

cozy-addons

cozy-addons

Score: 93/100 Cozy Blocks <= 2.1.22 - Missing Authorization Affected: *-2.1.22 Patched: 2.1.23 Updated: July 1, 2026
LOW

cost-calculator-for-elementor

cost-calculator-for-elementor

Score: 93/100 Cost Calculator for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: 1.3.4 Updated: July 1, 2026
LOW

cookiecode

cookiecode

Score: 91/100 CookieCode <= 2.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.4 Patched: Updated: July 1, 2026
LOW

contribuinte-checkout

contribuinte-checkout

Score: 93/100 Contribuinte Checkout <= 2.0.03 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.03 Patched: 2.0.04 Updated: July 1, 2026
LOW

contextual-related-posts

contextual-related-posts

Score: 93/100 Contextual Related Posts <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.2 Patched: 4.0.3 Updated: July 1, 2026
LOW

contentstudio

contentstudio

Score: 93/100 ContentStudio <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: 1.3.7 Updated: July 1, 2026
LOW

content-control

content-control

Score: 93/100 Content Control <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.1 Patched: 2.6.2 Updated: July 1, 2026
LOW

contact-form-7-paypal-add-on

contact-form-7-paypal-add-on

Score: 93/100 Contact Form 7 – PayPal & Stripe Add-on <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.4.1 Updated: July 1, 2026
LOW

color-your-bar

color-your-bar

Score: 91/100 Color Your Bar <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

coinpayments-payment-gateway-for-woocommerce

coinpayments-payment-gateway-for-woocommerce

Score: 93/100 CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - Unauthenticated PHP Object Injection Affected: *-1.0.17 Patched: 1.0.18 Updated: July 1, 2026
LOW

clickwhale

clickwhale

Score: 93/100 ClickWhale <= 2.4.6 - Missing Authorization Affected: *-2.4.6 Patched: 2.4.7 Updated: July 1, 2026
LOW

charitable

charitable

Score: 93/100 Charitable <= 1.8.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.5.1 Patched: 1.8.5.2 Updated: July 1, 2026
LOW

cf7-submission-dom-tracking

cf7-submission-dom-tracking

Score: 93/100 Submission DOM tracking for Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.2 Updated: July 1, 2026
LOW

cc-bmi-calculator

cc-bmi-calculator

Score: 93/100 CC BMI Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.1.1 Updated: July 1, 2026
LOW

cbxgooglemap

cbxgooglemap

Score: 93/100 CBX Map for Google Map & OpenStreetMap <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.12 Patched: 2.0.0 Updated: July 1, 2026
LOW

cart-tracking-for-woocommerce

cart-tracking-for-woocommerce

Score: 93/100 Cart tracking for WooCommerce <= 1.0.17 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.17 Patched: 1.0.18 Updated: July 1, 2026
LOW

calculate-prices-based-on-distance-for-woocommerce

calculate-prices-based-on-distance-for-woocommerce

Score: 93/100 Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: 1.3.6 Updated: July 1, 2026
LOW

bulk-featured-image

bulk-featured-image

Score: 87/100 Bulk Featured Image <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: Updated: July 1, 2026
LOW

bold-page-builder

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.3.2 Patched: 5.3.3 Updated: July 1, 2026
LOW

bold-page-builder

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.3.0 Patched: 5.3.1 Updated: July 1, 2026
LOW

blockspare

blockspare

Score: 93/100 Blockspare <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.9 Patched: 3.2.10 Updated: July 1, 2026

Showing 9101 to 9200 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 00:34 UTC.