Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity' LOW *-5.1.3 5.1.4 July 1, 2026
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference LOW *-5.1.3 5.1.4 July 1, 2026
wps-team wps-team N/A Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.1 3.4.2 July 1, 2026
nautic-pages nautic-pages
91
Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0 July 1, 2026
projectopia-core projectopia-core N/A Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion LOW *-5.1.16 5.1.17 July 1, 2026
ultimate-store-kit ultimate-store-kit N/A Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update LOW *-2.4.1 2.5.0 July 1, 2026
suretriggers suretriggers N/A OttoKit: All-in-One Automation Platform (Formerly SureTriggers) <= 1.0.82 - Unauthenticated Privilege Escalation LOW *-1.0.82 1.0.83 July 1, 2026
section-widget section-widget N/A Section Widget <= 3.3.1 - Unauthenticated Path Traversal LOW *-3.3.1 July 1, 2026
remote-images-grabber remote-images-grabber N/A Remote Images Grabber <= 0.6 - Reflected Cross-Site Scripting LOW *-0.6 July 1, 2026
page-views-count page-views-count N/A Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW 2.8.0-2.8.4 2.8.5 July 1, 2026
list-children list-children
93
List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1 2.2.0 July 1, 2026
gravityformswebhooks gravityformswebhooks
93
Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook LOW *-1.6.0 1.7.0 July 1, 2026
digits digits
93
Digits < 8.4.6.1 - Authentication Bypass via Weak OTP LOW [*, 8.4.6.1) 8.4.6.1 July 1, 2026
am-lottieplayer am-lottieplayer
95
AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File LOW *-3.5.3 3.5.4 July 1, 2026
td-subscription td-subscription N/A tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter LOW *-1.7 1.7.1 July 1, 2026
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
90
WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update LOW *-14.13.3 14.13.4 July 1, 2026
total-donations total-donations N/A Total Donations <= 3.0.8 - Unauthenticated Stored Cross-Site Scripting LOW *-3.0.8 July 1, 2026
syndicate-out syndicate-out N/A Syndicate Out <= 0.9 - Unauthenticated Stored Cross-Site Scripting LOW *-0.9 July 1, 2026
Seraphinite Accelerator seraphinite-accelerator
82
Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions LOW *-2.27.21 2.27.22 July 1, 2026
order-delivery-date order-delivery-date N/A Order Delivery Date for WP e-Commerce Pro <= 12.4.0 - Reflected Cross-Site Scripting LOW [*, 12.4.0) 12.4.0 July 1, 2026
custom-pc-builder-lite-for-woocommerce custom-pc-builder-lite-for-woocommerce
91
Custom PC Builder Lite for WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update LOW *-1.0.1 July 1, 2026
bp-messages-tool bp-messages-tool
93
BP Messages Tool <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 2.5 July 1, 2026
gutenverse gutenverse
93
Gutenverse <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via countdown Block LOW *-2.2.1 3.0.0 July 1, 2026
wp-meta-keywords-meta-description wp-meta-keywords-meta-description N/A Meta Keywords & Description <= 0.8 - Unauthenticated Local File Inclusion LOW *-0.8 July 1, 2026
secupress secupress N/A SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation LOW *-2.3.9 2.3.10 July 1, 2026
qi-blocks qi-blocks N/A Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block LOW *-1.3.6 1.4 July 1, 2026
qi-blocks qi-blocks N/A Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Counter Block LOW *-1.3.6 1.4 July 1, 2026
qi-blocks qi-blocks N/A Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ToC Block LOW *-1.3.6 1.4 July 1, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms – The Contact Form Builder That Grows With You <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.10.0 3.10.1 July 1, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms – The Contact Form Builder That Grows With You <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.10.0 3.10.1 July 1, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms – The Contact Form Builder That Grows With You <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.10.0 3.10.1 July 1, 2026
jupiterx-core jupiterx-core
93
Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR LOW *-4.8.11 4.8.12 July 1, 2026
add-custom-page-template add-custom-page-template
95
Add custom page template <= 2.0.1 - Authenticated (Administrator+) PHP Code Injection to Remote Code Execution LOW *-2.0.1 July 1, 2026
integracao-entre-eduzz-e-wc-powers integracao-entre-eduzz-e-wc-powers
91
Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-1.7.5 July 1, 2026
abcsubmit abcsubmit
95
Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution LOW *-1.2.4 July 1, 2026
xpro-elementor-addons-pro xpro-elementor-addons-pro N/A Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution LOW *-1.4.9 1.4.10 July 1, 2026
wp-quiz wp-quiz N/A WP Quiz <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.10 July 1, 2026
wp-mailing-group wp-mailing-group N/A Mailing Group Listserv <= 3.0.4 - Authenticated (Subscriber+) SQL Injection LOW *-3.0.4 3.0.5 July 1, 2026
wp-hrm-lite-human-resource-management-system wp-hrm-lite-human-resource-management-system N/A WP HRM LITE <= 1.1 - Unauthenticated SQL Injection LOW *-1.1 July 1, 2026
wp-easy-guide wp-easy-guide N/A Easy Guide <= 1.0.0 - Unauthenticated SQL Injection LOW *-1.0.0 July 1, 2026
wp-cyr-cho wp-cyr-cho N/A wp-cyr-cho <= 0.1 - Cross-Site Request Forgery LOW *-0.1 July 1, 2026
vegas-fullscreen-background-slider vegas-fullscreen-background-slider N/A WP Vegas <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2 July 1, 2026
tayori tayori N/A Tayori Form <= 1.2.9 - Reflected Cross-Site Scripting LOW *-1.2.9 July 1, 2026
simple-lightbox simple-lightbox N/A Simple Lightbox <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.3 2.9.4 July 1, 2026
seur seur N/A SEUR Oficial <= 2.2.23 - Unauthenticated Local File Inclusion LOW *-2.2.23 2.2.24 July 1, 2026
posts-for-page posts-for-page N/A Posts for Page <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 1, 2026
mycustomwidget mycustomwidget
91
My Custom Widgets <= 2.0.5 - Reflected Cross-Site Scripting LOW *-2.0.5 July 1, 2026
ms-registration ms-registration
89
Custom Login and Registration <= 1.0.0 - Missing Authorization LOW *-1.0.0 July 1, 2026
mad-mimi mad-mimi
91
Mad Mimi for WordPress <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 July 1, 2026
libro-de-reclamaciones libro-de-reclamaciones
91
Libro de Reclamaciones <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 1, 2026
kali-forms kali-forms
93
Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.2 2.4.3 July 1, 2026
icafe-library icafe-library
91
iCafe Library <= 1.8.3 - Authenticated (Editor+) SQL Injection LOW *-1.8.3 July 1, 2026
fable-extra fable-extra
93
Fable Extra <= 1.0.6 - Unauthenticated Local File Inclusion LOW *-1.0.6 1.0.7 July 1, 2026
fable-extra fable-extra
93
Fable Extra <= 1.0.6 - Unauthenticated SQL Injection LOW *-1.0.6 1.0.7 July 1, 2026
enhanced-paypal-shortcodes enhanced-paypal-shortcodes
91
Enhanced Paypal Shortcodes <= 0.5a - Authenticated (Contributor+) Stored Cross-Site Scripting LOW * - 0.5a July 1, 2026
easy-child-theme-creator easy-child-theme-creator
91
Easy Child Theme Creator <= 1.3.1 - Cross-Site Request Forgery LOW *-1.3.1 July 1, 2026
dms dms
91
Document Management System <= 1.24 - Reflected Cross-Site Scripting LOW *-1.24 July 1, 2026
crossword-compiler-puzzles crossword-compiler-puzzles
91
Crossword Compiler Puzzles <= 5.2 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-5.2 5.3 July 1, 2026
cookiebar cookiebar
91
cookieBAR <= 1.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7.0 July 1, 2026
checkbot checkbot
91
CheckBot <= 1.05 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.05 July 1, 2026
best-posts-summary best-posts-summary
91
Best Posts Summary <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
bdthemes-element-pack-lite bdthemes-element-pack-lite
93
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.10.29 5.10.30 July 1, 2026
author-box-with-different-description author-box-with-different-description
91
Author Box Plugin With Different Description <= 1.3.5 - Cross-Site Request Forgery LOW *-1.3.5 July 1, 2026
author-box-after-posts author-box-after-posts
91
Author Box After Posts <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 July 1, 2026
anps_theme_plugin anps_theme_plugin
97
Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution LOW *-1.1.1 1.1.2 July 1, 2026
aeropage-sync-for-airtable aeropage-sync-for-airtable
97
Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-3.2.0 3.3.0 July 1, 2026
aeropage-sync-for-airtable aeropage-sync-for-airtable
97
Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion LOW *-3.2.0 3.3.0 July 1, 2026
absolute-links absolute-links
95
Absolute Links <= 1.1.1 - Authenticated (Administrator+) SQL Injection LOW *-1.1.1 July 1, 2026
mayosis-core mayosis-core
91
Mayosis Core <= 5.4.1 - Unauthenticated Arbitrary File Read LOW *-5.4.1 5.4.2 July 1, 2026
1-decembrie-1918 1-decembrie-1918
95
1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW * - 1.dec.2012 July 1, 2026
admin-bookmarks admin-bookmarks
95
Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Site Scripting LOW *-0.1 July 1, 2026
ajax-comment-form-cst ajax-comment-form-cst
95
Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 1, 2026
add-google-plus-one-social-share-button add-google-plus-one-social-share-button
95
Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
bit-form bit-form
93
Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-2.18.3 2.18.4 July 1, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin woolentor-addons N/A ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter LOW *-3.1.2 3.1.3 July 1, 2026
wt-display-breeze wt-display-breeze N/A Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter LOW *-1.2.3 1.2.4 July 1, 2026
wp-fsqm-pro wp-fsqm-pro N/A eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting LOW *-4.18.0 4.19 July 1, 2026
zohocreator zohocreator N/A Zoho Creator Forms <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
zalo-official-live-chat zalo-official-live-chat N/A Zalo Official Live Chat <= 1.0.0 - Cross-Site Request Forgery LOW *-1.0.0 July 1, 2026
xpert-tab xpert-tab N/A Xpert Tab <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 1, 2026
WS Form LITE – Drag & Drop Contact Form Builder ws-form N/A WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure LOW *-1.10.35 1.10.36 July 1, 2026
ws-force-login-page ws-force-login-page N/A WS Force Login Page <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.3 3.0.4 July 1, 2026
wpzon wpzon N/A WpZon – Amazon Affiliate Plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 1, 2026
wpvn-username-changer wpvn-username-changer N/A WPVN <= 0.7.8 - Cross-Site Request Forgery LOW *-0.7.8 July 1, 2026
wp-tooltip wp-tooltip N/A Tooltip <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
wp-recaptcha-bp wp-recaptcha-bp N/A WP-reCAPTCHA-bp <= 4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.1 July 1, 2026
wp-jobsearch wp-jobsearch N/A JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins LOW *-2.9.2 July 1, 2026
wp-filter-post-categories wp-filter-post-categories N/A WP Filter Post Category <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.4 July 1, 2026
wp-customize-login-page wp-customize-login-page N/A WP Customize Login Page <= 1.6.5 - Missing Authorization LOW *-1.6.5 July 1, 2026
wp-customize-login-page wp-customize-login-page N/A WP Customize Login Page <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.5 July 1, 2026
wp-custom-cms-block wp-custom-cms-block N/A Wp Custom CMS Block <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 1, 2026
wp-cookie-consent wp-cookie-consent N/A WP Cookie Consent <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
wowhead-tooltips wowhead-tooltips N/A WoWHead Tooltips <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1 July 1, 2026
woozap woozap N/A WP AVCL Automation Helper (formerly WPFlyLeads) <= 3.4 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-3.4 July 1, 2026
wc-bulk-assign-linked-products wc-bulk-assign-linked-products N/A Bulk Assign Linked Products For WooCommerce <= 2.1 - Missing Authorization LOW *-2.1 July 1, 2026
vasaio-qr-code vasaio-qr-code N/A Vasaio QR Code <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.5 July 1, 2026
Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups. upsell-order-bump-offer-for-woocommerce N/A Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation LOW *-3.0.0 3.0.1 July 1, 2026
unsafe-mimetypes unsafe-mimetypes N/A Unsafe Mimetypes <= 0.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1.4 July 1, 2026
twitter-card-generator twitter-card-generator N/A Twitter Card Generator <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
time-based-greeting time-based-greeting N/A Time Based Greeting <= 2.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2.2 July 1, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity' Affected: *-5.1.3 Patched: 5.1.4 Updated: July 1, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference Affected: *-5.1.3 Patched: 5.1.4 Updated: July 1, 2026
LOW

wps-team

wps-team

Score: N/A Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.1 Patched: 3.4.2 Updated: July 1, 2026
LOW

nautic-pages

nautic-pages

Score: 91/100 Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

projectopia-core

projectopia-core

Score: N/A Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion Affected: *-5.1.16 Patched: 5.1.17 Updated: July 1, 2026
LOW

ultimate-store-kit

ultimate-store-kit

Score: N/A Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update Affected: *-2.4.1 Patched: 2.5.0 Updated: July 1, 2026
LOW

suretriggers

suretriggers

Score: N/A OttoKit: All-in-One Automation Platform (Formerly SureTriggers) <= 1.0.82 - Unauthenticated Privilege Escalation Affected: *-1.0.82 Patched: 1.0.83 Updated: July 1, 2026
LOW

section-widget

section-widget

Score: N/A Section Widget <= 3.3.1 - Unauthenticated Path Traversal Affected: *-3.3.1 Patched: Updated: July 1, 2026
LOW

remote-images-grabber

remote-images-grabber

Score: N/A Remote Images Grabber <= 0.6 - Reflected Cross-Site Scripting Affected: *-0.6 Patched: Updated: July 1, 2026
LOW

page-views-count

page-views-count

Score: N/A Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update Affected: 2.8.0-2.8.4 Patched: 2.8.5 Updated: July 1, 2026
LOW

list-children

list-children

Score: 93/100 List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1 Patched: 2.2.0 Updated: July 1, 2026
LOW

gravityformswebhooks

gravityformswebhooks

Score: 93/100 Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook Affected: *-1.6.0 Patched: 1.7.0 Updated: July 1, 2026
LOW

digits

digits

Score: 93/100 Digits < 8.4.6.1 - Authentication Bypass via Weak OTP Affected: [*, 8.4.6.1) Patched: 8.4.6.1 Updated: July 1, 2026
LOW

am-lottieplayer

am-lottieplayer

Score: 95/100 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File Affected: *-3.5.3 Patched: 3.5.4 Updated: July 1, 2026
LOW

td-subscription

td-subscription

Score: N/A tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter Affected: *-1.7 Patched: 1.7.1 Updated: July 1, 2026
LOW

total-donations

total-donations

Score: N/A Total Donations <= 3.0.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.0.8 Patched: Updated: July 1, 2026
LOW

syndicate-out

syndicate-out

Score: N/A Syndicate Out <= 0.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 1, 2026
LOW

Seraphinite Accelerator

seraphinite-accelerator

Score: 82/100 Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions Affected: *-2.27.21 Patched: 2.27.22 Updated: July 1, 2026
LOW

order-delivery-date

order-delivery-date

Score: N/A Order Delivery Date for WP e-Commerce Pro <= 12.4.0 - Reflected Cross-Site Scripting Affected: [*, 12.4.0) Patched: 12.4.0 Updated: July 1, 2026
LOW

custom-pc-builder-lite-for-woocommerce

custom-pc-builder-lite-for-woocommerce

Score: 91/100 Custom PC Builder Lite for WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

bp-messages-tool

bp-messages-tool

Score: 93/100 BP Messages Tool <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: 2.5 Updated: July 1, 2026
LOW

gutenverse

gutenverse

Score: 93/100 Gutenverse <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via countdown Block Affected: *-2.2.1 Patched: 3.0.0 Updated: July 1, 2026
LOW

wp-meta-keywords-meta-description

wp-meta-keywords-meta-description

Score: N/A Meta Keywords & Description <= 0.8 - Unauthenticated Local File Inclusion Affected: *-0.8 Patched: Updated: July 1, 2026
LOW

secupress

secupress

Score: N/A SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-2.3.9 Patched: 2.3.10 Updated: July 1, 2026
LOW

qi-blocks

qi-blocks

Score: N/A Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block Affected: *-1.3.6 Patched: 1.4 Updated: July 1, 2026
LOW

qi-blocks

qi-blocks

Score: N/A Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Counter Block Affected: *-1.3.6 Patched: 1.4 Updated: July 1, 2026
LOW

qi-blocks

qi-blocks

Score: N/A Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ToC Block Affected: *-1.3.6 Patched: 1.4 Updated: July 1, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR Affected: *-4.8.11 Patched: 4.8.12 Updated: July 1, 2026
LOW

add-custom-page-template

add-custom-page-template

Score: 95/100 Add custom page template <= 2.0.1 - Authenticated (Administrator+) PHP Code Injection to Remote Code Execution Affected: *-2.0.1 Patched: Updated: July 1, 2026
LOW

integracao-entre-eduzz-e-wc-powers

integracao-entre-eduzz-e-wc-powers

Score: 91/100 Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.7.5 Patched: Updated: July 1, 2026
LOW

abcsubmit

abcsubmit

Score: 95/100 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.2.4 Patched: Updated: July 1, 2026
LOW

xpro-elementor-addons-pro

xpro-elementor-addons-pro

Score: N/A Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution Affected: *-1.4.9 Patched: 1.4.10 Updated: July 1, 2026
LOW

wp-quiz

wp-quiz

Score: N/A WP Quiz <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.10 Patched: Updated: July 1, 2026
LOW

wp-mailing-group

wp-mailing-group

Score: N/A Mailing Group Listserv <= 3.0.4 - Authenticated (Subscriber+) SQL Injection Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

wp-easy-guide

wp-easy-guide

Score: N/A Easy Guide <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wp-cyr-cho

wp-cyr-cho

Score: N/A wp-cyr-cho <= 0.1 - Cross-Site Request Forgery Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

vegas-fullscreen-background-slider

vegas-fullscreen-background-slider

Score: N/A WP Vegas <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 1, 2026
LOW

tayori

tayori

Score: N/A Tayori Form <= 1.2.9 - Reflected Cross-Site Scripting Affected: *-1.2.9 Patched: Updated: July 1, 2026
LOW

simple-lightbox

simple-lightbox

Score: N/A Simple Lightbox <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.3 Patched: 2.9.4 Updated: July 1, 2026
LOW

seur

seur

Score: N/A SEUR Oficial <= 2.2.23 - Unauthenticated Local File Inclusion Affected: *-2.2.23 Patched: 2.2.24 Updated: July 1, 2026
LOW

posts-for-page

posts-for-page

Score: N/A Posts for Page <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

mycustomwidget

mycustomwidget

Score: 91/100 My Custom Widgets <= 2.0.5 - Reflected Cross-Site Scripting Affected: *-2.0.5 Patched: Updated: July 1, 2026
LOW

ms-registration

ms-registration

Score: 89/100 Custom Login and Registration <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

mad-mimi

mad-mimi

Score: 91/100 Mad Mimi for WordPress <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 1, 2026
LOW

libro-de-reclamaciones

libro-de-reclamaciones

Score: 91/100 Libro de Reclamaciones <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

kali-forms

kali-forms

Score: 93/100 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.2 Patched: 2.4.3 Updated: July 1, 2026
LOW

icafe-library

icafe-library

Score: 91/100 iCafe Library <= 1.8.3 - Authenticated (Editor+) SQL Injection Affected: *-1.8.3 Patched: Updated: July 1, 2026
LOW

fable-extra

fable-extra

Score: 93/100 Fable Extra <= 1.0.6 - Unauthenticated Local File Inclusion Affected: *-1.0.6 Patched: 1.0.7 Updated: July 1, 2026
LOW

fable-extra

fable-extra

Score: 93/100 Fable Extra <= 1.0.6 - Unauthenticated SQL Injection Affected: *-1.0.6 Patched: 1.0.7 Updated: July 1, 2026
LOW

enhanced-paypal-shortcodes

enhanced-paypal-shortcodes

Score: 91/100 Enhanced Paypal Shortcodes <= 0.5a - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: * - 0.5a Patched: Updated: July 1, 2026
LOW

easy-child-theme-creator

easy-child-theme-creator

Score: 91/100 Easy Child Theme Creator <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: Updated: July 1, 2026
LOW

dms

dms

Score: 91/100 Document Management System <= 1.24 - Reflected Cross-Site Scripting Affected: *-1.24 Patched: Updated: July 1, 2026
LOW

crossword-compiler-puzzles

crossword-compiler-puzzles

Score: 91/100 Crossword Compiler Puzzles <= 5.2 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-5.2 Patched: 5.3 Updated: July 1, 2026
LOW

cookiebar

cookiebar

Score: 91/100 cookieBAR <= 1.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.0 Patched: Updated: July 1, 2026
LOW

checkbot

checkbot

Score: 91/100 CheckBot <= 1.05 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.05 Patched: Updated: July 1, 2026
LOW

best-posts-summary

best-posts-summary

Score: 91/100 Best Posts Summary <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

bdthemes-element-pack-lite

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.29 Patched: 5.10.30 Updated: July 1, 2026
LOW

author-box-with-different-description

author-box-with-different-description

Score: 91/100 Author Box Plugin With Different Description <= 1.3.5 - Cross-Site Request Forgery Affected: *-1.3.5 Patched: Updated: July 1, 2026
LOW

author-box-after-posts

author-box-after-posts

Score: 91/100 Author Box After Posts <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 1, 2026
LOW

anps_theme_plugin

anps_theme_plugin

Score: 97/100 Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

aeropage-sync-for-airtable

aeropage-sync-for-airtable

Score: 97/100 Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-3.2.0 Patched: 3.3.0 Updated: July 1, 2026
LOW

aeropage-sync-for-airtable

aeropage-sync-for-airtable

Score: 97/100 Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion Affected: *-3.2.0 Patched: 3.3.0 Updated: July 1, 2026
LOW

absolute-links

absolute-links

Score: 95/100 Absolute Links <= 1.1.1 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

mayosis-core

mayosis-core

Score: 91/100 Mayosis Core <= 5.4.1 - Unauthenticated Arbitrary File Read Affected: *-5.4.1 Patched: 5.4.2 Updated: July 1, 2026
LOW

1-decembrie-1918

1-decembrie-1918

Score: 95/100 1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: * - 1.dec.2012 Patched: Updated: July 1, 2026
LOW

admin-bookmarks

admin-bookmarks

Score: 95/100 Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

ajax-comment-form-cst

ajax-comment-form-cst

Score: 95/100 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

add-google-plus-one-social-share-button

add-google-plus-one-social-share-button

Score: 95/100 Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

bit-form

bit-form

Score: 93/100 Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.18.3 Patched: 2.18.4 Updated: July 1, 2026
LOW

wt-display-breeze

wt-display-breeze

Score: N/A Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter Affected: *-1.2.3 Patched: 1.2.4 Updated: July 1, 2026
LOW

wp-fsqm-pro

wp-fsqm-pro

Score: N/A eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.18.0 Patched: 4.19 Updated: July 1, 2026
LOW

zohocreator

zohocreator

Score: N/A Zoho Creator Forms <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

zalo-official-live-chat

zalo-official-live-chat

Score: N/A Zalo Official Live Chat <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

xpert-tab

xpert-tab

Score: N/A Xpert Tab <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

WS Form LITE – Drag & Drop Contact Form Builder

ws-form

Score: N/A WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure Affected: *-1.10.35 Patched: 1.10.36 Updated: July 1, 2026
LOW

ws-force-login-page

ws-force-login-page

Score: N/A WS Force Login Page <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: July 1, 2026
LOW

wpzon

wpzon

Score: N/A WpZon – Amazon Affiliate Plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

wpvn-username-changer

wpvn-username-changer

Score: N/A WPVN <= 0.7.8 - Cross-Site Request Forgery Affected: *-0.7.8 Patched: Updated: July 1, 2026
LOW

wp-tooltip

wp-tooltip

Score: N/A Tooltip <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

wp-recaptcha-bp

wp-recaptcha-bp

Score: N/A WP-reCAPTCHA-bp <= 4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.1 Patched: Updated: July 1, 2026
LOW

wp-jobsearch

wp-jobsearch

Score: N/A JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins Affected: *-2.9.2 Patched: Updated: July 1, 2026
LOW

wp-filter-post-categories

wp-filter-post-categories

Score: N/A WP Filter Post Category <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.4 Patched: Updated: July 1, 2026
LOW

wp-customize-login-page

wp-customize-login-page

Score: N/A WP Customize Login Page <= 1.6.5 - Missing Authorization Affected: *-1.6.5 Patched: Updated: July 1, 2026
LOW

wp-customize-login-page

wp-customize-login-page

Score: N/A WP Customize Login Page <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.5 Patched: Updated: July 1, 2026
LOW

wp-custom-cms-block

wp-custom-cms-block

Score: N/A Wp Custom CMS Block <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

wp-cookie-consent

wp-cookie-consent

Score: N/A WP Cookie Consent <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

wowhead-tooltips

wowhead-tooltips

Score: N/A WoWHead Tooltips <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 1, 2026
LOW

woozap

woozap

Score: N/A WP AVCL Automation Helper (formerly WPFlyLeads) <= 3.4 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-3.4 Patched: Updated: July 1, 2026
LOW

wc-bulk-assign-linked-products

wc-bulk-assign-linked-products

Score: N/A Bulk Assign Linked Products For WooCommerce <= 2.1 - Missing Authorization Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

vasaio-qr-code

vasaio-qr-code

Score: N/A Vasaio QR Code <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: July 1, 2026
LOW

unsafe-mimetypes

unsafe-mimetypes

Score: N/A Unsafe Mimetypes <= 0.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1.4 Patched: Updated: July 1, 2026
LOW

twitter-card-generator

twitter-card-generator

Score: N/A Twitter Card Generator <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

time-based-greeting

time-based-greeting

Score: N/A Time Based Greeting <= 2.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2.2 Patched: Updated: July 1, 2026

Showing 9301 to 9400 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 02:56 UTC.