Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

83

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
better-search better-search
93
Better Search <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.0 4.1.1 July 1, 2026
beds24-online-booking beds24-online-booking
93
Beds24 Online Booking <= 2.0.29 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.29 2.0.30 July 1, 2026
Ultimate Before After Image Slider & Gallery – BEAF beaf-before-and-after-gallery
91
BEAF <= 4.6.10 - Authenticated (Admin+) Arbitrary File Upload LOW *-4.6.10 4.6.11 July 1, 2026
beacon-by beacon-by
93
Beacon Lead Magnets and Lead Capture <= 1.5.8 - Cross-Site Request Forgery LOW *-1.5.8 1.5.9 July 1, 2026
axima-payment-gateway axima-payment-gateway
93
Pays – WooCommerce Payment Gateway <= 2.6 - Cross-Site Request Forgery LOW *-2.6 2.7 July 1, 2026
awin-advertiser-tracking awin-advertiser-tracking
93
Awin – Advertiser Tracking for WooCommerce <= 2.0.0 - Cross-Site Request Forgery LOW *-2.0.0 2.0.1 July 1, 2026
awesome-gallery awesome-gallery
89
Awesome Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
aweos-wp-lock aweos-wp-lock
93
AWEOS WP Lock <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.8 1.4.9 July 1, 2026
amazon-product-in-a-post-plugin amazon-product-in-a-post-plugin
95
Amazon Product in a Post <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.2.2 July 1, 2026
ajax-load-more ajax-load-more
97
Ajax Load More <= 7.3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.3.1.2 7.3.1.3 July 1, 2026
activity-link-preview-for-buddypress activity-link-preview-for-buddypress
97
Wbcom Designs - Activity Link Preview For BuddyPress <= 1.4.4 - Unauthenticated Server-Side Request Forgery LOW *-1.4.4 1.6.0 July 1, 2026
aco-woo-dynamic-pricing aco-woo-dynamic-pricing
97
Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - Authenticated (Shop manager+) SQL Injection LOW *-4.5.8 4.5.9 July 1, 2026
accessibility-toolbar accessibility-toolbar
95
Web Accessibility with Max Access <= 2.0.9 - Cross-Site Request Forgery LOW *-2.0.9 2.1.0 July 1, 2026
ablocks ablocks
95
aBlocks <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.2 1.9.3 July 1, 2026
frontend-dashboard frontend-dashboard
93
Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function LOW 1.0-2.2.6 2.2.7 July 1, 2026
where-did-they-go-from-here where-did-they-go-from-here N/A WZ Followed Posts – Display what visitors are reading <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.0 3.1.1 July 1, 2026
login-lockdown login-lockdown
93
Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting LOW *-2.11 2.12 July 1, 2026
relevanssi-premium relevanssi-premium N/A Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights LOW *-2.27.4 2.27.5 July 1, 2026
relevanssi relevanssi N/A Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights LOW *-4.24.3 4.24.4 July 1, 2026
wpshop wpshop N/A WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover LOW 2.0.0-2.6.0 2.6.1 July 1, 2026
xavins-list-subpages xavins-list-subpages N/A Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 1, 2026
cardealerpress cardealerpress
93
CarDealerPress <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter LOW *-6.8.2505.00 6.8.2505.01 July 1, 2026
multiple-post-type-order multiple-post-type-order
91
Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode LOW *-1.10.0 July 1, 2026
woocommerce-multiple-addresses woocommerce-multiple-addresses N/A Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.0.7.1 July 1, 2026
peprodev-ups peprodev-ups N/A PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover LOW 1.9.1-7.5.2 8.0.0 July 1, 2026
peprodev-ups peprodev-ups N/A PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration LOW 1.9.1-7.5.2 8.0.0 July 1, 2026
peprodev-ups peprodev-ups N/A PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function LOW 1.9.1-7.5.2 8.0.0 July 1, 2026
smartpay smartpay N/A Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure LOW 1.1.0-2.7.13 2.8.0 July 1, 2026
search-exclude search-exclude N/A Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification LOW *-2.4.9 2.5.0 July 1, 2026
wpshop wpshop N/A WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation LOW 2.0.0-2.6.0 2.6.1 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.1017 1.7.1018 July 1, 2026
pgs-core pgs-core N/A PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection LOW *-5.8.0 5.9.0 July 1, 2026
pgs-core pgs-core N/A PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions LOW *-5.8.0 5.9.0 July 1, 2026
pgs-core pgs-core N/A PGS Core <= 5.8.0 - Unauthenticated SQL Injection LOW *-5.8.0 5.9.0 July 1, 2026
cision-block cision-block
93
Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-4.3.0 4.4.0 July 1, 2026
Depicter — Popup & Slider Builder depicter
95
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter LOW *-3.6.1 3.6.2 July 1, 2026
layoutboxx layoutboxx
91
LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution LOW *-0.3.1 July 1, 2026
ahathat ahathat
92
AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion LOW *-1.6 July 1, 2026
short-tax-post short-tax-post N/A Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update LOW *-2.1.2 July 1, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion LOW *-4.2.1 4.2.2 July 1, 2026
short-tax-post short-tax-post N/A Reales WP STPT <= 2.1.2 - Unauthorized User Registration LOW *-2.1.2 July 1, 2026
external-image-replace external-image-replace
89
External image replace <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload LOW *-1.0.8 July 1, 2026
envolve-plugin envolve-plugin
93
Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion LOW *-1.0 1.1.0 July 1, 2026
captivatesync-trade captivatesync-trade
93
Captivate Sync <= 3.0.3 - Unauthenticated PHP Object Injection LOW *-3.0.3 3.2.2 July 1, 2026
buddyboss-platform-pro buddyboss-platform-pro
93
BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider LOW *-2.7.01 2.7.10 July 1, 2026
surveyjs surveyjs N/A SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-1.12.32 1.12.33 July 1, 2026
abundatrade-plugin abundatrade-plugin
95
Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.8.02 July 1, 2026
personizely personizely N/A Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter LOW *-0.10 0.11 July 1, 2026
job-listings job-listings
91
Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function LOW 0.1-0.1.1 July 1, 2026
subpage-view subpage-view N/A Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.3 July 1, 2026
advanced-reorder-image-text-slider advanced-reorder-image-text-slider
95
Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
xavins-review-ratings xavins-review-ratings N/A Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.0 July 1, 2026
vertical-response-newsletter-widget vertical-response-newsletter-widget N/A VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 July 1, 2026
woo-category-slider-by-pluginever woo-category-slider-by-pluginever N/A Product Category Slider for WooCommerce <= 4.3.4 - Authenticated (Contributor+) Local File Inclusion LOW *-4.3.4 4.3.5 July 1, 2026
visual-builder visual-builder N/A Visual Builder <= 1.2.2 - Missing Authorization LOW *-1.2.2 1.3 July 1, 2026
totalprocessing-card-payments totalprocessing-card-payments N/A Nomupay Payment Processing Gateway <= 7.1.7 - Authenticated (Shop Manager+) Arbitrary File Download LOW *-7.1.7 7.1.8 July 1, 2026
theme-blvd-sliders theme-blvd-sliders N/A Theme Blvd Sliders <= 1.2.5 - Reflected Cross-Site Scripting LOW *-1.2.5 July 1, 2026
section-widget section-widget N/A Section Widget <= 3.3.1 - Reflected Cross-Site Scripting LOW *-3.3.1 July 1, 2026
occupancyplan occupancyplan N/A occupancyplan <= 1.0.3.0 - Cross-Site Request Forgery to SQL Injection LOW *-1.0.3.0 July 1, 2026
ms-registration ms-registration
89
Custom Login and Registration <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
likecoin likecoin
93
Web3Press <= 3.2.0 - Authenticated (Contributor+) Arbitrary File Read LOW *-3.2.0 3.3.0 July 1, 2026
kstats-reloaded kstats-reloaded
91
kStats Reloaded <= 0.7.4 - Reflected Cross-Site Scripting LOW *-0.7.4 July 1, 2026
igit-related-posts-with-thumb-images-after-posts igit-related-posts-with-thumb-images-after-posts
93
IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-4.5.3 5.0 July 1, 2026
ec-authorizenet ec-authorizenet
91
EC Authorize.net <= 0.3.3 - Reflected Cross-Site Scripting LOW *-0.3.3 July 1, 2026
database-toolset database-toolset
87
Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files LOW *-1.8.4 July 1, 2026
crossword-compiler-puzzles crossword-compiler-puzzles
91
Crossword Compiler Puzzles <= 14.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-14.5 14.6 July 1, 2026
category-widget category-widget
91
Category Widget <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 July 1, 2026
alink-tap alink-tap
95
Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.1 July 1, 2026
ultimate-woocommerce-auction-pro ultimate-woocommerce-auction-pro N/A Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id' LOW *-1.5.2 1.5.3 July 1, 2026
sitepress-multilingual-cms sitepress-multilingual-cms N/A WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode LOW 3.6.0-4.7.3 4.7.4 July 1, 2026
taxonomy-chain-menu taxonomy-chain-menu N/A Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode LOW *-1.0.8 2.0.9 July 1, 2026
td-composer td-composer N/A tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes LOW *-5.4 5.4.1 July 1, 2026
formality formality
93
Formality <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter LOW *-1.5.8 1.5.9 July 1, 2026
kiwichat kiwichat
91
KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter LOW *-6.2 July 1, 2026
otpless otpless N/A OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation LOW 2.0.14-2.0.59 July 1, 2026
gmapsmania gmapsmania
91
GmapsMania <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1 July 1, 2026
yame-linkinbio yame-linkinbio N/A Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure LOW *-0.9.0 July 1, 2026
flynax-bridge flynax-bridge
93
Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion LOW *-2.2.0 2.2.1 July 1, 2026
scw-seat-reservation scw-seat-reservation N/A Advance Seat Reservation Management for WooCommerce <= 3.3 - Unauthenticated SQL Injection LOW *-3.3 3.4 July 1, 2026
mstore-api mstore-api
93
MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation LOW *-4.17.4 4.17.5 July 1, 2026
g5plus-auteur g5plus-auteur
87
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-7.1 July 1, 2026
g5plus-auteur g5plus-auteur
87
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates LOW *-7.1 July 1, 2026
g5plus-auteur g5plus-auteur
87
Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload LOW *-7.1 July 1, 2026
full-customer full-customer
93
FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection LOW *-3.1.25 3.1.26 July 1, 2026
flynax-bridge flynax-bridge
93
Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation LOW *-2.2.0 2.2.1 July 1, 2026
buddyboss-platform buddyboss-platform
93
BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' LOW *-2.8.50 2.8.51 July 1, 2026
buddyboss-platform buddyboss-platform
93
BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' LOW *-2.8.50 2.8.51 July 1, 2026
buddyboss-platform buddyboss-platform
93
BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function LOW *-2.8.50 2.8.51 July 1, 2026
blog2social blog2social
93
Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-8.3.3 8.4.0 July 1, 2026
beyot-framework beyot-framework
87
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-6.0.6 July 1, 2026
beyot-framework beyot-framework
87
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates LOW *-6.0.6 July 1, 2026
beyot-framework beyot-framework
87
Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload LOW *-6.0.6 July 1, 2026
benaa-framework benaa-framework
87
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-4.0.0 July 1, 2026
benaa-framework benaa-framework
87
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates LOW *-4.0.0 July 1, 2026
benaa-framework benaa-framework
87
Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload LOW *-4.0.0 July 1, 2026
april-framework april-framework
93
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-5.1 July 1, 2026
april-framework april-framework
93
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates LOW *-5.1 July 1, 2026
april-framework april-framework
93
Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload LOW *-5.1 July 1, 2026
ap-plugin-scripteo ap-plugin-scripteo
85
Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection LOW *-4.88 4.89 July 1, 2026
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-5.1.3 5.1.4 July 1, 2026
LOW

better-search

better-search

Score: 93/100 Better Search <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.1.1 Updated: July 1, 2026
LOW

beds24-online-booking

beds24-online-booking

Score: 93/100 Beds24 Online Booking <= 2.0.29 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.29 Patched: 2.0.30 Updated: July 1, 2026
LOW

beacon-by

beacon-by

Score: 93/100 Beacon Lead Magnets and Lead Capture <= 1.5.8 - Cross-Site Request Forgery Affected: *-1.5.8 Patched: 1.5.9 Updated: July 1, 2026
LOW

axima-payment-gateway

axima-payment-gateway

Score: 93/100 Pays – WooCommerce Payment Gateway <= 2.6 - Cross-Site Request Forgery Affected: *-2.6 Patched: 2.7 Updated: July 1, 2026
LOW

awin-advertiser-tracking

awin-advertiser-tracking

Score: 93/100 Awin – Advertiser Tracking for WooCommerce <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: 2.0.1 Updated: July 1, 2026
LOW

awesome-gallery

awesome-gallery

Score: 89/100 Awesome Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

aweos-wp-lock

aweos-wp-lock

Score: 93/100 AWEOS WP Lock <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.8 Patched: 1.4.9 Updated: July 1, 2026
LOW

amazon-product-in-a-post-plugin

amazon-product-in-a-post-plugin

Score: 95/100 Amazon Product in a Post <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.2.2 Patched: Updated: July 1, 2026
LOW

ajax-load-more

ajax-load-more

Score: 97/100 Ajax Load More <= 7.3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.3.1.2 Patched: 7.3.1.3 Updated: July 1, 2026
LOW

activity-link-preview-for-buddypress

activity-link-preview-for-buddypress

Score: 97/100 Wbcom Designs - Activity Link Preview For BuddyPress <= 1.4.4 - Unauthenticated Server-Side Request Forgery Affected: *-1.4.4 Patched: 1.6.0 Updated: July 1, 2026
LOW

aco-woo-dynamic-pricing

aco-woo-dynamic-pricing

Score: 97/100 Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - Authenticated (Shop manager+) SQL Injection Affected: *-4.5.8 Patched: 4.5.9 Updated: July 1, 2026
LOW

accessibility-toolbar

accessibility-toolbar

Score: 95/100 Web Accessibility with Max Access <= 2.0.9 - Cross-Site Request Forgery Affected: *-2.0.9 Patched: 2.1.0 Updated: July 1, 2026
LOW

ablocks

ablocks

Score: 95/100 aBlocks <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.2 Patched: 1.9.3 Updated: July 1, 2026
LOW

frontend-dashboard

frontend-dashboard

Score: 93/100 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function Affected: 1.0-2.2.6 Patched: 2.2.7 Updated: July 1, 2026
LOW

where-did-they-go-from-here

where-did-they-go-from-here

Score: N/A WZ Followed Posts – Display what visitors are reading <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.0 Patched: 3.1.1 Updated: July 1, 2026
LOW

login-lockdown

login-lockdown

Score: 93/100 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting Affected: *-2.11 Patched: 2.12 Updated: July 1, 2026
LOW

relevanssi-premium

relevanssi-premium

Score: N/A Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights Affected: *-2.27.4 Patched: 2.27.5 Updated: July 1, 2026
LOW

relevanssi

relevanssi

Score: N/A Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights Affected: *-4.24.3 Patched: 4.24.4 Updated: July 1, 2026
LOW

wpshop

wpshop

Score: N/A WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: 2.0.0-2.6.0 Patched: 2.6.1 Updated: July 1, 2026
LOW

xavins-list-subpages

xavins-list-subpages

Score: N/A Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

cardealerpress

cardealerpress

Score: 93/100 CarDealerPress <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter Affected: *-6.8.2505.00 Patched: 6.8.2505.01 Updated: July 1, 2026
LOW

multiple-post-type-order

multiple-post-type-order

Score: 91/100 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode Affected: *-1.10.0 Patched: Updated: July 1, 2026
LOW

woocommerce-multiple-addresses

woocommerce-multiple-addresses

Score: N/A Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.7.1 Patched: Updated: July 1, 2026
LOW

peprodev-ups

peprodev-ups

Score: N/A PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover Affected: 1.9.1-7.5.2 Patched: 8.0.0 Updated: July 1, 2026
LOW

peprodev-ups

peprodev-ups

Score: N/A PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration Affected: 1.9.1-7.5.2 Patched: 8.0.0 Updated: July 1, 2026
LOW

peprodev-ups

peprodev-ups

Score: N/A PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function Affected: 1.9.1-7.5.2 Patched: 8.0.0 Updated: July 1, 2026
LOW

smartpay

smartpay

Score: N/A Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure Affected: 1.1.0-2.7.13 Patched: 2.8.0 Updated: July 1, 2026
LOW

search-exclude

search-exclude

Score: N/A Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification Affected: *-2.4.9 Patched: 2.5.0 Updated: July 1, 2026
LOW

wpshop

wpshop

Score: N/A WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation Affected: 2.0.0-2.6.0 Patched: 2.6.1 Updated: July 1, 2026
LOW

pgs-core

pgs-core

Score: N/A PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection Affected: *-5.8.0 Patched: 5.9.0 Updated: July 1, 2026
LOW

pgs-core

pgs-core

Score: N/A PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions Affected: *-5.8.0 Patched: 5.9.0 Updated: July 1, 2026
LOW

pgs-core

pgs-core

Score: N/A PGS Core <= 5.8.0 - Unauthenticated SQL Injection Affected: *-5.8.0 Patched: 5.9.0 Updated: July 1, 2026
LOW

cision-block

cision-block

Score: 93/100 Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-4.3.0 Patched: 4.4.0 Updated: July 1, 2026
LOW

Depicter — Popup & Slider Builder

depicter

Score: 95/100 Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter Affected: *-3.6.1 Patched: 3.6.2 Updated: July 1, 2026
LOW

layoutboxx

layoutboxx

Score: 91/100 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution Affected: *-0.3.1 Patched: Updated: July 1, 2026
LOW

ahathat

ahathat

Score: 92/100 AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion Affected: *-1.6 Patched: Updated: July 1, 2026
LOW

short-tax-post

short-tax-post

Score: N/A Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update Affected: *-2.1.2 Patched: Updated: July 1, 2026
LOW

short-tax-post

short-tax-post

Score: N/A Reales WP STPT <= 2.1.2 - Unauthorized User Registration Affected: *-2.1.2 Patched: Updated: July 1, 2026
LOW

external-image-replace

external-image-replace

Score: 89/100 External image replace <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.0.8 Patched: Updated: July 1, 2026
LOW

envolve-plugin

envolve-plugin

Score: 93/100 Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion Affected: *-1.0 Patched: 1.1.0 Updated: July 1, 2026
LOW

captivatesync-trade

captivatesync-trade

Score: 93/100 Captivate Sync <= 3.0.3 - Unauthenticated PHP Object Injection Affected: *-3.0.3 Patched: 3.2.2 Updated: July 1, 2026
LOW

buddyboss-platform-pro

buddyboss-platform-pro

Score: 93/100 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider Affected: *-2.7.01 Patched: 2.7.10 Updated: July 1, 2026
LOW

surveyjs

surveyjs

Score: N/A SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-1.12.32 Patched: 1.12.33 Updated: July 1, 2026
LOW

abundatrade-plugin

abundatrade-plugin

Score: 95/100 Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.8.02 Patched: Updated: July 1, 2026
LOW

personizely

personizely

Score: N/A Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter Affected: *-0.10 Patched: 0.11 Updated: July 1, 2026
LOW

job-listings

job-listings

Score: 91/100 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function Affected: 0.1-0.1.1 Patched: Updated: July 1, 2026
LOW

subpage-view

subpage-view

Score: N/A Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 1, 2026
LOW

advanced-reorder-image-text-slider

advanced-reorder-image-text-slider

Score: 95/100 Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

xavins-review-ratings

xavins-review-ratings

Score: N/A Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 1, 2026
LOW

vertical-response-newsletter-widget

vertical-response-newsletter-widget

Score: N/A VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 1, 2026
LOW

woo-category-slider-by-pluginever

woo-category-slider-by-pluginever

Score: N/A Product Category Slider for WooCommerce <= 4.3.4 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.3.4 Patched: 4.3.5 Updated: July 1, 2026
LOW

visual-builder

visual-builder

Score: N/A Visual Builder <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.3 Updated: July 1, 2026
LOW

totalprocessing-card-payments

totalprocessing-card-payments

Score: N/A Nomupay Payment Processing Gateway <= 7.1.7 - Authenticated (Shop Manager+) Arbitrary File Download Affected: *-7.1.7 Patched: 7.1.8 Updated: July 1, 2026
LOW

theme-blvd-sliders

theme-blvd-sliders

Score: N/A Theme Blvd Sliders <= 1.2.5 - Reflected Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: July 1, 2026
LOW

section-widget

section-widget

Score: N/A Section Widget <= 3.3.1 - Reflected Cross-Site Scripting Affected: *-3.3.1 Patched: Updated: July 1, 2026
LOW

occupancyplan

occupancyplan

Score: N/A occupancyplan <= 1.0.3.0 - Cross-Site Request Forgery to SQL Injection Affected: *-1.0.3.0 Patched: Updated: July 1, 2026
LOW

ms-registration

ms-registration

Score: 89/100 Custom Login and Registration <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

likecoin

likecoin

Score: 93/100 Web3Press <= 3.2.0 - Authenticated (Contributor+) Arbitrary File Read Affected: *-3.2.0 Patched: 3.3.0 Updated: July 1, 2026
LOW

kstats-reloaded

kstats-reloaded

Score: 91/100 kStats Reloaded <= 0.7.4 - Reflected Cross-Site Scripting Affected: *-0.7.4 Patched: Updated: July 1, 2026
LOW

igit-related-posts-with-thumb-images-after-posts

igit-related-posts-with-thumb-images-after-posts

Score: 93/100 IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.5.3 Patched: 5.0 Updated: July 1, 2026
LOW

ec-authorizenet

ec-authorizenet

Score: 91/100 EC Authorize.net <= 0.3.3 - Reflected Cross-Site Scripting Affected: *-0.3.3 Patched: Updated: July 1, 2026
LOW

database-toolset

database-toolset

Score: 87/100 Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files Affected: *-1.8.4 Patched: Updated: July 1, 2026
LOW

crossword-compiler-puzzles

crossword-compiler-puzzles

Score: 91/100 Crossword Compiler Puzzles <= 14.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-14.5 Patched: 14.6 Updated: July 1, 2026
LOW

category-widget

category-widget

Score: 91/100 Category Widget <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

alink-tap

alink-tap

Score: 95/100 Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: July 1, 2026
LOW

ultimate-woocommerce-auction-pro

ultimate-woocommerce-auction-pro

Score: N/A Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id' Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

sitepress-multilingual-cms

sitepress-multilingual-cms

Score: N/A WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode Affected: 3.6.0-4.7.3 Patched: 4.7.4 Updated: July 1, 2026
LOW

taxonomy-chain-menu

taxonomy-chain-menu

Score: N/A Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode Affected: *-1.0.8 Patched: 2.0.9 Updated: July 1, 2026
LOW

td-composer

td-composer

Score: N/A tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes Affected: *-5.4 Patched: 5.4.1 Updated: July 1, 2026
LOW

formality

formality

Score: 93/100 Formality <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter Affected: *-1.5.8 Patched: 1.5.9 Updated: July 1, 2026
LOW

kiwichat

kiwichat

Score: 91/100 KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter Affected: *-6.2 Patched: Updated: July 1, 2026
LOW

otpless

otpless

Score: N/A OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation Affected: 2.0.14-2.0.59 Patched: Updated: July 1, 2026
LOW

gmapsmania

gmapsmania

Score: 91/100 GmapsMania <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

yame-linkinbio

yame-linkinbio

Score: N/A Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure Affected: *-0.9.0 Patched: Updated: July 1, 2026
LOW

flynax-bridge

flynax-bridge

Score: 93/100 Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

scw-seat-reservation

scw-seat-reservation

Score: N/A Advance Seat Reservation Management for WooCommerce <= 3.3 - Unauthenticated SQL Injection Affected: *-3.3 Patched: 3.4 Updated: July 1, 2026
LOW

mstore-api

mstore-api

Score: 93/100 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation Affected: *-4.17.4 Patched: 4.17.5 Updated: July 1, 2026
LOW

g5plus-auteur

g5plus-auteur

Score: 87/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-7.1 Patched: Updated: July 1, 2026
LOW

g5plus-auteur

g5plus-auteur

Score: 87/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates Affected: *-7.1 Patched: Updated: July 1, 2026
LOW

g5plus-auteur

g5plus-auteur

Score: 87/100 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-7.1 Patched: Updated: July 1, 2026
LOW

full-customer

full-customer

Score: 93/100 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection Affected: *-3.1.25 Patched: 3.1.26 Updated: July 1, 2026
LOW

flynax-bridge

flynax-bridge

Score: 93/100 Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

buddyboss-platform

buddyboss-platform

Score: 93/100 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' Affected: *-2.8.50 Patched: 2.8.51 Updated: July 1, 2026
LOW

buddyboss-platform

buddyboss-platform

Score: 93/100 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' Affected: *-2.8.50 Patched: 2.8.51 Updated: July 1, 2026
LOW

buddyboss-platform

buddyboss-platform

Score: 93/100 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function Affected: *-2.8.50 Patched: 2.8.51 Updated: July 1, 2026
LOW

blog2social

blog2social

Score: 93/100 Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.3.3 Patched: 8.4.0 Updated: July 1, 2026
LOW

beyot-framework

beyot-framework

Score: 87/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-6.0.6 Patched: Updated: July 1, 2026
LOW

beyot-framework

beyot-framework

Score: 87/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates Affected: *-6.0.6 Patched: Updated: July 1, 2026
LOW

beyot-framework

beyot-framework

Score: 87/100 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-6.0.6 Patched: Updated: July 1, 2026
LOW

benaa-framework

benaa-framework

Score: 87/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.0.0 Patched: Updated: July 1, 2026
LOW

benaa-framework

benaa-framework

Score: 87/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates Affected: *-4.0.0 Patched: Updated: July 1, 2026
LOW

benaa-framework

benaa-framework

Score: 87/100 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-4.0.0 Patched: Updated: July 1, 2026
LOW

april-framework

april-framework

Score: 93/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-5.1 Patched: Updated: July 1, 2026
LOW

april-framework

april-framework

Score: 93/100 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates Affected: *-5.1 Patched: Updated: July 1, 2026
LOW

april-framework

april-framework

Score: 93/100 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-5.1 Patched: Updated: July 1, 2026
LOW

ap-plugin-scripteo

ap-plugin-scripteo

Score: 85/100 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection Affected: *-4.88 Patched: 4.89 Updated: July 1, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.1.3 Patched: 5.1.4 Updated: July 1, 2026

Showing 9201 to 9300 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 01:44 UTC.