Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

96

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
the-pack-addon the-pack-addon N/A The Pack Elementor addons <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 July 1, 2026
social-counter social-counter N/A Social Counter <= 2.0.5 - Authenticated (Administrator+) PHP Object Injection LOW *-2.0.5 2.1 July 1, 2026
simple-google-photos-grid simple-google-photos-grid N/A Simple Google Photos Grid <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-1.5 1.6 July 1, 2026
sf-booking sf-booking N/A Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' LOW *-5.1 6.0 July 1, 2026
send-from send-from N/A Send From <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2 2.3 July 1, 2026
scss-library scss-library N/A SCSS-Library <= 0.4.1 - Cross-Site Request Forgery LOW *-0.4.1 July 1, 2026
rrssb rrssb N/A RRSSB <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
responsive-lightbox responsive-lightbox N/A Responsive Lightbox & Gallery <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.0 2.5.1 July 1, 2026
repayment-calculator repayment-calculator N/A Loan Calculator <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 1, 2026
related-posts-via-taxonomies related-posts-via-taxonomies N/A Related Posts via Taxonomies <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
raphicon raphicon N/A RAphicon <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.2 July 1, 2026
print-science-designer print-science-designer N/A Print Science Designer <= 1.3.155 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.155 July 1, 2026
Prevent Direct Access – Protect WordPress Files prevent-direct-access
90
Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions LOW 2.8.6-2.8.8.2 2.8.8.3 July 1, 2026
Prevent Direct Access – Protect WordPress Files prevent-direct-access
90
Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure LOW *-2.8.8 2.8.8.1 July 1, 2026
plugin-central plugin-central N/A Plugin Central <= 2.5.1 - Cross-Site Request Forgery to Arbitrary File Deletion LOW *-2.5.1 July 1, 2026
peekaboo peekaboo N/A Peekaboo <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 1, 2026
paypal-express-checkout paypal-express-checkout N/A PayPal Express Checkout <= 2.1.2 - Cross-Site Request Forgery LOW *-2.1.2 July 1, 2026
occupancyplan occupancyplan N/A occupancyplan <= 1.0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.3.0 July 1, 2026
nepali-post-date nepali-post-date N/A Nepali Post Date <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.1.1 July 1, 2026
navegg navegg
91
Navegg Analytics <= 3.3.3 - Cross-Site Request Forgery LOW *-3.3.3 July 1, 2026
multi-column-taxonomy-list multi-column-taxonomy-list
91
Multi-Column Taxonomy List <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 July 1, 2026
modern-polls modern-polls
91
Modern Polls <= 1.0.10 - Cross-Site Request Forgery LOW *-1.0.10 July 1, 2026
mixcloud-embed mixcloud-embed
91
Mixcloud Embed <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.0 July 1, 2026
mini-twitter-feed mini-twitter-feed
91
Mini twitter feed <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0 July 1, 2026
milat-jquery-automatic-popup milat-jquery-automatic-popup
91
Milat jQuery Automatic Popup <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting LOW *-1.3.1 July 1, 2026
media-library-downloader media-library-downloader
93
Media Library Downloader <= 1.3.1 - Missing Authorization LOW *-1.3.1 1.3.2 July 1, 2026
landing-pages-and-domain-aliases landing-pages-and-domain-aliases
91
Landing pages and Domain aliases for WordPress <= 0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.8 July 1, 2026
inline-text-popup inline-text-popup
91
Inline Text Popup <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
image-hover-effects-for-visual-composer image-hover-effects-for-visual-composer
91
Image Hover Effects For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
image-content-show-hover image-content-show-hover
91
Image Style Hover <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 July 1, 2026
hashtagger hashtagger
91
Smart Hashtags [#hashtagger] <= 7.2.3 - Missing Authorization LOW *-7.2.3 July 1, 2026
hacklog-remote-attachment hacklog-remote-attachment
91
Hacklog Remote Attachment <= 1.3.2 - Cross-Site Request Forgery LOW *-1.3.2 July 1, 2026
guitar-tuner guitar-tuner
91
GTDB Guitar Tuners <= 4.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.2 July 1, 2026
gt-tabs gt-tabs
91
Tabs <= 4.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.0.3 July 1, 2026
google-news google-news
91
Google News <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.1 July 1, 2026
google-1 google-1
91
Peadig’s Google +1 Button <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.2 July 1, 2026
gna-search-shortcode gna-search-shortcode
91
GNA Search Shortcode <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9.5 July 1, 2026
floating-social-bar floating-social-bar
91
Floating Social Bar <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.7 July 1, 2026
flickr-shortcode-importer flickr-shortcode-importer
91
Flickr Shortcode Importer <= 2.2.3 - Authenticated (Administrator+) PHP Object Injection LOW *-2.2.3 July 1, 2026
fable-extra fable-extra
93
Fable Extra <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 1, 2026
external-markdown external-markdown
91
External Markdown <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.1 July 1, 2026
dropdown-content dropdown-content
91
Dropdown Content <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 1, 2026
drop-caps drop-caps
91
Drop Caps <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 1, 2026
custom-taxonomy-category-and-term-fields custom-taxonomy-category-and-term-fields
91
LSD Custom taxonomy and category meta <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.2 July 1, 2026
custom-post-popup custom-post-popup
91
WP Custom Post Popup <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
custom-functions custom-functions
91
Custom Functions Plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 1, 2026
covid-19-alert covid-19-alert
91
COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.1 July 1, 2026
confirm-user-registration confirm-user-registration
91
Confirm User Registration <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.5 July 1, 2026
cf7-calendar cf7-calendar
91
Contact Form 7 Calendar <= 3.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.1 July 1, 2026
carousel-of-post-images carousel-of-post-images
91
Carousel-of-post-images <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.07 July 1, 2026
call-now-coccoc-pht-blog call-now-coccoc-pht-blog
91
Call Now PHT Blog <= 2.4.1 - Cross-Site Request Forgery LOW *-2.4.1 July 1, 2026
business-contact-widget business-contact-widget
91
Business Contact Widget <= 2.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.7.0 July 1, 2026
bm-builder bm-builder
93
BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-3.16.2.1 3.16.3 July 1, 2026
blog-manager-wp blog-manager-wp
91
Blog Manager WP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
beerxml-shortcode beerxml-shortcode
93
BeerXML Shortcode <= 0.7.1 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-0.7.1 0.8 July 1, 2026
bbcode-deluxe bbcode-deluxe
91
BBCode Deluxe <= 2020.08.01.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2020.08.01.2 July 1, 2026
awesome-wp-image-gallery awesome-wp-image-gallery
89
Awesome Wp Image Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
availability availability
91
Availability Calendar <= 0.2.4 - Cross-Site Request Forgery LOW *-0.2.4 July 1, 2026
animate animate
95
Animate <= 0.5 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-0.5 July 1, 2026
aio-time-clock-lite aio-time-clock-lite
97
All in One Time Clock Lite <= 1.3.325 - Cross-Site Request Forgery LOW *-1.3.325 1.3.326 July 1, 2026
advanced-lazy-load advanced-lazy-load
95
Advanced lazy load <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6.0 July 1, 2026
ableplayer ableplayer
97
Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter LOW *-1.2.1 1.2.2 July 1, 2026
ableplayer ableplayer
97
Able Player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 July 1, 2026
360-view 360-view
95
360 View <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 1, 2026
advanced-accordion-block advanced-accordion-block
97
Advanced Accordion Gutenberg Block <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-5.0.2 5.0.3 July 1, 2026
embed-lottie-player embed-lottie-player
93
Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload LOW *-1.1.8 1.2.0 July 1, 2026
elex-bulk-edit-products-prices-attributes-for-woocommerce-basic elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
93
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection LOW *-1.4.9 1.5.0 July 1, 2026
WPMasterToolKit (WPMTK) – All in one plugin wpmastertoolkit N/A WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write LOW *-1.15.0 2.6.0 July 1, 2026
database-toolset database-toolset
87
Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion LOW *-1.8.4 July 1, 2026
fusedesk fusedesk
91
FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter LOW *-6.7 6.8 July 1, 2026
verification-sms-targetsms verification-sms-targetsms N/A Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution LOW *-1.5 July 1, 2026
xelion-webchat xelion-webchat N/A Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update LOW *-9.1.0 9.2.0 July 1, 2026
buddy-press-force-password-change buddy-press-force-password-change
91
Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update LOW *-0.1 July 1, 2026
frontend-login-and-registration-blocks frontend-login-and-registration-blocks
93
Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset LOW *-1.0.8 1.0.9 July 1, 2026
flynax-bridge flynax-bridge
93
Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover LOW *-2.2.0 2.2.1 July 1, 2026
flynax-bridge flynax-bridge
93
Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update LOW *-2.2.0 2.2.1 July 1, 2026
xc-woo-google-cloud-print xc-woo-google-cloud-print N/A Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure LOW *-4.1 July 1, 2026
amz-configurator-core amz-configurator-core
95
Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.4.7 July 1, 2026
my-tickets my-tickets
93
My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation LOW *-2.0.16 2.0.17 July 1, 2026
mangboard mangboard
93
MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer LOW *-1.8.6 1.8.7 July 1, 2026
powerpress powerpress N/A PowerPress Podcasting plugin by Blubrry <= 11.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-11.12.5 11.12.6 July 1, 2026
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation LOW *-5.1.2 5.1.3 July 1, 2026
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter LOW *-5.1.2 5.1.3 July 1, 2026
wpeventplus wpeventplus N/A WordPress Events Calendar Registration & Tickets <= 2.6.0 - Reflected Cross-Site Scripting LOW *-2.6.0 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 7.2.5 - Reflected Cross-Site Scripting LOW *-7.2.5 7.2.6 July 1, 2026
webtexttool webtexttool N/A Textmetrics <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.6.2 3.6.3 July 1, 2026
watu watu N/A Watu Quiz <= 3.4.3 - Authenticated (Administrator+) SQL Injection LOW *-3.4.3 3.4.4 July 1, 2026
visualcomposer visualcomposer N/A Visual Composer Website Builder <= 45.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-45.10.0 45.11.0 July 1, 2026
vikrestaurants vikrestaurants N/A VikRestaurants Table Reservations and Take-Away <= 1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.3 1.4 July 1, 2026
v-form v-form N/A VForm <= 3.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.14 3.1.15 July 1, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration <= 4.1.5 - Reflected Cross-Site Scripting LOW *-4.1.5 4.2.0 July 1, 2026
ulisting ulisting N/A uListing <= 2.2.0 - Authenticated (Administrator+) PHP Object Injection LOW *-2.2.0 July 1, 2026
uicore-elements uicore-elements N/A UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-1.0.16 1.2.0 July 1, 2026
theme-switcha theme-switcha N/A Theme Switcha <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4 3.4.1 July 1, 2026
sky-elementor-addons sky-elementor-addons N/A Sky Addons for Elementor <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.1 3.0.3 July 1, 2026
skt-blocks skt-blocks N/A SKT Blocks <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 2.1 July 1, 2026
sirv sirv N/A Sirv <= 7.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.5.3 7.5.4 July 1, 2026
simple-download-counter simple-download-counter N/A Simple Download Counter <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2 2.2.1 July 1, 2026
simple-calendar-for-elementor simple-calendar-for-elementor N/A Simple calendar for Elementor <= 1.6.4 - Cross-Site Request Forgery LOW *-1.6.4 1.6.5 July 1, 2026
seriously-simple-podcasting seriously-simple-podcasting N/A Seriously Simple Podcasting <= 3.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.9.0 3.10.0 July 1, 2026
LOW

the-pack-addon

the-pack-addon

Score: N/A The Pack Elementor addons <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: July 1, 2026
LOW

social-counter

social-counter

Score: N/A Social Counter <= 2.0.5 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.0.5 Patched: 2.1 Updated: July 1, 2026
LOW

simple-google-photos-grid

simple-google-photos-grid

Score: N/A Simple Google Photos Grid <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.5 Patched: 1.6 Updated: July 1, 2026
LOW

sf-booking

sf-booking

Score: N/A Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' Affected: *-5.1 Patched: 6.0 Updated: July 1, 2026
LOW

send-from

send-from

Score: N/A Send From <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: July 1, 2026
LOW

scss-library

scss-library

Score: N/A SCSS-Library <= 0.4.1 - Cross-Site Request Forgery Affected: *-0.4.1 Patched: Updated: July 1, 2026
LOW

rrssb

rrssb

Score: N/A RRSSB <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

responsive-lightbox

responsive-lightbox

Score: N/A Responsive Lightbox & Gallery <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: 2.5.1 Updated: July 1, 2026
LOW

repayment-calculator

repayment-calculator

Score: N/A Loan Calculator <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

related-posts-via-taxonomies

related-posts-via-taxonomies

Score: N/A Related Posts via Taxonomies <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

raphicon

raphicon

Score: N/A RAphicon <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: Updated: July 1, 2026
LOW

print-science-designer

print-science-designer

Score: N/A Print Science Designer <= 1.3.155 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.155 Patched: Updated: July 1, 2026
LOW

Prevent Direct Access – Protect WordPress Files

prevent-direct-access

Score: 90/100 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions Affected: 2.8.6-2.8.8.2 Patched: 2.8.8.3 Updated: July 1, 2026
LOW

Prevent Direct Access – Protect WordPress Files

prevent-direct-access

Score: 90/100 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure Affected: *-2.8.8 Patched: 2.8.8.1 Updated: July 1, 2026
LOW

plugin-central

plugin-central

Score: N/A Plugin Central <= 2.5.1 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-2.5.1 Patched: Updated: July 1, 2026
LOW

peekaboo

peekaboo

Score: N/A Peekaboo <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

paypal-express-checkout

paypal-express-checkout

Score: N/A PayPal Express Checkout <= 2.1.2 - Cross-Site Request Forgery Affected: *-2.1.2 Patched: Updated: July 1, 2026
LOW

occupancyplan

occupancyplan

Score: N/A occupancyplan <= 1.0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3.0 Patched: Updated: July 1, 2026
LOW

nepali-post-date

nepali-post-date

Score: N/A Nepali Post Date <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.1 Patched: Updated: July 1, 2026
LOW

navegg

navegg

Score: 91/100 Navegg Analytics <= 3.3.3 - Cross-Site Request Forgery Affected: *-3.3.3 Patched: Updated: July 1, 2026
LOW

multi-column-taxonomy-list

multi-column-taxonomy-list

Score: 91/100 Multi-Column Taxonomy List <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 1, 2026
LOW

modern-polls

modern-polls

Score: 91/100 Modern Polls <= 1.0.10 - Cross-Site Request Forgery Affected: *-1.0.10 Patched: Updated: July 1, 2026
LOW

mixcloud-embed

mixcloud-embed

Score: 91/100 Mixcloud Embed <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: July 1, 2026
LOW

mini-twitter-feed

mini-twitter-feed

Score: 91/100 Mini twitter feed <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 1, 2026
LOW

milat-jquery-automatic-popup

milat-jquery-automatic-popup

Score: 91/100 Milat jQuery Automatic Popup <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting Affected: *-1.3.1 Patched: Updated: July 1, 2026
LOW

media-library-downloader

media-library-downloader

Score: 93/100 Media Library Downloader <= 1.3.1 - Missing Authorization Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

landing-pages-and-domain-aliases

landing-pages-and-domain-aliases

Score: 91/100 Landing pages and Domain aliases for WordPress <= 0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.8 Patched: Updated: July 1, 2026
LOW

inline-text-popup

inline-text-popup

Score: 91/100 Inline Text Popup <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

image-hover-effects-for-visual-composer

image-hover-effects-for-visual-composer

Score: 91/100 Image Hover Effects For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

image-content-show-hover

image-content-show-hover

Score: 91/100 Image Style Hover <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 1, 2026
LOW

hashtagger

hashtagger

Score: 91/100 Smart Hashtags [#hashtagger] <= 7.2.3 - Missing Authorization Affected: *-7.2.3 Patched: Updated: July 1, 2026
LOW

hacklog-remote-attachment

hacklog-remote-attachment

Score: 91/100 Hacklog Remote Attachment <= 1.3.2 - Cross-Site Request Forgery Affected: *-1.3.2 Patched: Updated: July 1, 2026
LOW

guitar-tuner

guitar-tuner

Score: 91/100 GTDB Guitar Tuners <= 4.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.2 Patched: Updated: July 1, 2026
LOW

gt-tabs

gt-tabs

Score: 91/100 Tabs <= 4.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.3 Patched: Updated: July 1, 2026
LOW

google-news

google-news

Score: 91/100 Google News <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.1 Patched: Updated: July 1, 2026
LOW

google-1

google-1

Score: 91/100 Peadig’s Google +1 Button <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.2 Patched: Updated: July 1, 2026
LOW

gna-search-shortcode

gna-search-shortcode

Score: 91/100 GNA Search Shortcode <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.5 Patched: Updated: July 1, 2026
LOW

floating-social-bar

floating-social-bar

Score: 91/100 Floating Social Bar <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: July 1, 2026
LOW

flickr-shortcode-importer

flickr-shortcode-importer

Score: 91/100 Flickr Shortcode Importer <= 2.2.3 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.2.3 Patched: Updated: July 1, 2026
LOW

fable-extra

fable-extra

Score: 93/100 Fable Extra <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 1, 2026
LOW

external-markdown

external-markdown

Score: 91/100 External Markdown <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 1, 2026
LOW

dropdown-content

dropdown-content

Score: 91/100 Dropdown Content <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 1, 2026
LOW

drop-caps

drop-caps

Score: 91/100 Drop Caps <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

custom-taxonomy-category-and-term-fields

custom-taxonomy-category-and-term-fields

Score: 91/100 LSD Custom taxonomy and category meta <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: July 1, 2026
LOW

custom-post-popup

custom-post-popup

Score: 91/100 WP Custom Post Popup <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

custom-functions

custom-functions

Score: 91/100 Custom Functions Plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

covid-19-alert

covid-19-alert

Score: 91/100 COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 1, 2026
LOW

confirm-user-registration

confirm-user-registration

Score: 91/100 Confirm User Registration <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: Updated: July 1, 2026
LOW

cf7-calendar

cf7-calendar

Score: 91/100 Contact Form 7 Calendar <= 3.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: July 1, 2026
LOW

carousel-of-post-images

carousel-of-post-images

Score: 91/100 Carousel-of-post-images <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.07 Patched: Updated: July 1, 2026
LOW

call-now-coccoc-pht-blog

call-now-coccoc-pht-blog

Score: 91/100 Call Now PHT Blog <= 2.4.1 - Cross-Site Request Forgery Affected: *-2.4.1 Patched: Updated: July 1, 2026
LOW

business-contact-widget

business-contact-widget

Score: 91/100 Business Contact Widget <= 2.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.7.0 Patched: Updated: July 1, 2026
LOW

bm-builder

bm-builder

Score: 93/100 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.16.2.1 Patched: 3.16.3 Updated: July 1, 2026
LOW

blog-manager-wp

blog-manager-wp

Score: 91/100 Blog Manager WP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

beerxml-shortcode

beerxml-shortcode

Score: 93/100 BeerXML Shortcode <= 0.7.1 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-0.7.1 Patched: 0.8 Updated: July 1, 2026
LOW

bbcode-deluxe

bbcode-deluxe

Score: 91/100 BBCode Deluxe <= 2020.08.01.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2020.08.01.2 Patched: Updated: July 1, 2026
LOW

awesome-wp-image-gallery

awesome-wp-image-gallery

Score: 89/100 Awesome Wp Image Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

availability

availability

Score: 91/100 Availability Calendar <= 0.2.4 - Cross-Site Request Forgery Affected: *-0.2.4 Patched: Updated: July 1, 2026
LOW

animate

animate

Score: 95/100 Animate <= 0.5 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-0.5 Patched: Updated: July 1, 2026
LOW

aio-time-clock-lite

aio-time-clock-lite

Score: 97/100 All in One Time Clock Lite <= 1.3.325 - Cross-Site Request Forgery Affected: *-1.3.325 Patched: 1.3.326 Updated: July 1, 2026
LOW

advanced-lazy-load

advanced-lazy-load

Score: 95/100 Advanced lazy load <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.0 Patched: Updated: July 1, 2026
LOW

ableplayer

ableplayer

Score: 97/100 Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

ableplayer

ableplayer

Score: 97/100 Able Player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

360-view

360-view

Score: 95/100 360 View <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

advanced-accordion-block

advanced-accordion-block

Score: 97/100 Advanced Accordion Gutenberg Block <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-5.0.2 Patched: 5.0.3 Updated: July 1, 2026
LOW

embed-lottie-player

embed-lottie-player

Score: 93/100 Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload Affected: *-1.1.8 Patched: 1.2.0 Updated: July 1, 2026
LOW

elex-bulk-edit-products-prices-attributes-for-woocommerce-basic

elex-bulk-edit-products-prices-attributes-for-woocommerce-basic

Score: 93/100 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4.9 Patched: 1.5.0 Updated: July 1, 2026
LOW

WPMasterToolKit (WPMTK) – All in one plugin

wpmastertoolkit

Score: N/A WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write Affected: *-1.15.0 Patched: 2.6.0 Updated: July 1, 2026
LOW

database-toolset

database-toolset

Score: 87/100 Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion Affected: *-1.8.4 Patched: Updated: July 1, 2026
LOW

fusedesk

fusedesk

Score: 91/100 FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter Affected: *-6.7 Patched: 6.8 Updated: July 1, 2026
LOW

verification-sms-targetsms

verification-sms-targetsms

Score: N/A Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution Affected: *-1.5 Patched: Updated: July 1, 2026
LOW

xelion-webchat

xelion-webchat

Score: N/A Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-9.1.0 Patched: 9.2.0 Updated: July 1, 2026
LOW

buddy-press-force-password-change

buddy-press-force-password-change

Score: 91/100 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

frontend-login-and-registration-blocks

frontend-login-and-registration-blocks

Score: 93/100 Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset Affected: *-1.0.8 Patched: 1.0.9 Updated: July 1, 2026
LOW

flynax-bridge

flynax-bridge

Score: 93/100 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

flynax-bridge

flynax-bridge

Score: 93/100 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

xc-woo-google-cloud-print

xc-woo-google-cloud-print

Score: N/A Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure Affected: *-4.1 Patched: Updated: July 1, 2026
LOW

amz-configurator-core

amz-configurator-core

Score: 95/100 Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.4.7 Patched: Updated: July 1, 2026
LOW

my-tickets

my-tickets

Score: 93/100 My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.0.16 Patched: 2.0.17 Updated: July 1, 2026
LOW

mangboard

mangboard

Score: 93/100 MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer Affected: *-1.8.6 Patched: 1.8.7 Updated: July 1, 2026
LOW

powerpress

powerpress

Score: N/A PowerPress Podcasting plugin by Blubrry <= 11.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-11.12.5 Patched: 11.12.6 Updated: July 1, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation Affected: *-5.1.2 Patched: 5.1.3 Updated: July 1, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter Affected: *-5.1.2 Patched: 5.1.3 Updated: July 1, 2026
LOW

wpeventplus

wpeventplus

Score: N/A WordPress Events Calendar Registration & Tickets <= 2.6.0 - Reflected Cross-Site Scripting Affected: *-2.6.0 Patched: Updated: July 1, 2026
LOW

webtexttool

webtexttool

Score: N/A Textmetrics <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.6.2 Patched: 3.6.3 Updated: July 1, 2026
LOW

watu

watu

Score: N/A Watu Quiz <= 3.4.3 - Authenticated (Administrator+) SQL Injection Affected: *-3.4.3 Patched: 3.4.4 Updated: July 1, 2026
LOW

visualcomposer

visualcomposer

Score: N/A Visual Composer Website Builder <= 45.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-45.10.0 Patched: 45.11.0 Updated: July 1, 2026
LOW

vikrestaurants

vikrestaurants

Score: N/A VikRestaurants Table Reservations and Take-Away <= 1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.3 Patched: 1.4 Updated: July 1, 2026
LOW

v-form

v-form

Score: N/A VForm <= 3.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.14 Patched: 3.1.15 Updated: July 1, 2026
LOW

ulisting

ulisting

Score: N/A uListing <= 2.2.0 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.2.0 Patched: Updated: July 1, 2026
LOW

uicore-elements

uicore-elements

Score: N/A UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-1.0.16 Patched: 1.2.0 Updated: July 1, 2026
LOW

theme-switcha

theme-switcha

Score: N/A Theme Switcha <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4 Patched: 3.4.1 Updated: July 1, 2026
LOW

sky-elementor-addons

sky-elementor-addons

Score: N/A Sky Addons for Elementor <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: 3.0.3 Updated: July 1, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 1, 2026
LOW

sirv

sirv

Score: N/A Sirv <= 7.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.5.3 Patched: 7.5.4 Updated: July 1, 2026
LOW

simple-download-counter

simple-download-counter

Score: N/A Simple Download Counter <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2 Patched: 2.2.1 Updated: July 1, 2026
LOW

simple-calendar-for-elementor

simple-calendar-for-elementor

Score: N/A Simple calendar for Elementor <= 1.6.4 - Cross-Site Request Forgery Affected: *-1.6.4 Patched: 1.6.5 Updated: July 1, 2026
LOW

seriously-simple-podcasting

seriously-simple-podcasting

Score: N/A Seriously Simple Podcasting <= 3.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.9.0 Patched: 3.10.0 Updated: July 1, 2026

Showing 9401 to 9500 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 04:13 UTC.