Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
recover-wc-abandoned-cart recover-wc-abandoned-cart N/A Recover abandoned cart for WooCommerce <= 2.2 - Cross-Site Request Forgery LOW *-2.2 2.3 July 1, 2026
premmerce-woocommerce-wholesale-pricing premmerce-woocommerce-wholesale-pricing N/A Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Missing Authorization LOW *-1.1.10 1.1.11 July 1, 2026
post-in-page-for-elementor post-in-page-for-elementor N/A Post in page for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 1.0.2 July 1, 2026
mpl-publisher mpl-publisher
93
MPL-Publisher <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.18.0 2.18.1 July 1, 2026
majestic-support majestic-support
93
Majestic Support <= 1.0.7 - Authenticated (Contributor+) Local File Inclusion LOW *-1.0.7 1.0.8 July 1, 2026
list-last-changes list-last-changes
93
List Last Changes <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 July 1, 2026
linked-variation linked-variation
93
Advanced Linked Variations for Woocommerce <= 1.0.3 - Missing Authorization LOW *-1.0.3 1.0.4 July 1, 2026
link-library link-library
93
Link Library <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.8 7.8.1 July 1, 2026
HTML Forms – Simple WordPress Forms Plugin html-forms
86
HTML Forms <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.2 1.5.3 July 1, 2026
hospital-management hospital-management
83
Hospital Management System <= 47.0(20-11-2023) - Unauthenticated SQL Injection LOW * - 47.0(20-11-2023) July 1, 2026
hospital-management hospital-management
83
Hospital Management System <= 47.0(20-11-2023) - Unauthenticated Arbitrary File Upload LOW * - 47.0(20-11-2023) July 1, 2026
hospital-management hospital-management
83
Hospital Management System <= 47.0(20-11-2023) - Reflected Cross-Site Scripting LOW * - 47.0(20-11-2023) July 1, 2026
gutenkit-blocks-addon gutenkit-blocks-addon
93
GutenKit <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.2 2.2.3 July 1, 2026
frontend-dashboard frontend-dashboard
93
Frontend Dashboard <= 2.2.5 - Unauthenticated SQL Injection LOW *-2.2.5 2.2.6 July 1, 2026
evergreen-content-poster evergreen-content-poster
93
Evergreen Content Poster <= 1.4.5 - Missing Authorization LOW *-1.4.5 1.4.6 July 1, 2026
event-post event-post
91
Event post <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.9.11 5.10.0 July 1, 2026
easy-notify-lite easy-notify-lite
93
Popup Builder <= 1.1.35 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.1.35 1.1.37 July 1, 2026
custom-related-posts custom-related-posts
93
Custom Related Posts <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.4 1.7.5 July 1, 2026
control-listings control-listings
93
Control Listings <= 1.0.4.1 - Reflected Cross-Site Scripting LOW *-1.0.4.1 1.0.5 July 1, 2026
cm-answers cm-answers
93
CM Answers <= 3.3.3 - Cross-Site Request Forgery LOW *-3.3.3 3.3.4 July 1, 2026
cm-ad-changer cm-ad-changer
93
CM Ad Changer <= 2.0.5 - Cross-Site Request Forgery LOW *-2.0.5 2.0.6 July 1, 2026
Message Filter for Contact Form 7 cf7-message-filter
89
Message Filter for Contact Form 7 <= 1.6.3.2 - Authenticated (Administrator+) SQL Injection LOW *-1.6.3.2 1.6.33 July 1, 2026
car-park-booking-system-for-wordpress car-park-booking-system-for-wordpress
91
Car Park Booking System for WordPress <= 2.6 - Missing Authorization LOW *-2.6 July 1, 2026
appointment-booking-calendar appointment-booking-calendar
97
Appointment Booking Calendar <= 1.3.92 - Cross-Site Request Forgery to SQL Injection LOW *-1.3.92 1.3.93 July 1, 2026
appointment-booking-calendar appointment-booking-calendar
97
Appointment Booking Calendar <= 1.3.92 - Missing Authorization LOW *-1.3.92 1.3.93 July 1, 2026
alttext-ai alttext-ai
97
Download Alt Text AI <= 1.9.93 - Missing Authorization LOW *-1.9.93 1.9.94 July 1, 2026
affiliate-toolkit-starter affiliate-toolkit-starter
95
affiliate-toolkit <= 3.7.3 - Cross-Site Request Forgery LOW *-3.7.3 3.7.4 July 1, 2026
tax-switch-for-woocommerce tax-switch-for-woocommerce N/A Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter LOW *-1.4.2 1.4.3 July 1, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload LOW 11.4-11.4.5 11.4.6 July 1, 2026
wp-jquery-lightbox wp-jquery-lightbox N/A LightPress Lightbox <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.3 2.3.4 July 1, 2026
wp-import-export-lite wp-import-export-lite N/A WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting LOW *-3.9.27 3.9.28 July 1, 2026
wp-foodbakery wp-foodbakery N/A WP FoodBakery <= 3.3 - Unauthenticated PHP Object Injection LOW *-3.3 July 1, 2026
rewardsystem rewardsystem N/A SUMO Reward Points <= 30.7.0 - Unauthenticated Local File Inclusion LOW *-30.7.0 July 1, 2026
revy revy N/A Revy <= 2.1 - Authenticated (Subscriber+) SQL Injection LOW *-2.1 July 1, 2026
product-lister-ebay product-lister-ebay N/A Product Lister for eBay <= 2.0.9 - Unauthenticated Local File Inclusion LOW *-2.0.9 July 1, 2026
ocean-extra ocean-extra N/A Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.4.6 2.4.7 July 1, 2026
ocean-extra ocean-extra N/A Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.4.6 2.4.7 July 1, 2026
ocean-extra ocean-extra N/A Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' LOW *-2.4.6 2.4.7 July 1, 2026
memberpress memberpress
93
Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.11.37 1.12.0 July 1, 2026
license-envato license-envato
93
License For Envato <= 1.0.0 - Unauthenticated Local File Inclusion LOW *-1.0.0 1.1.0 July 1, 2026
hospital-management hospital-management
83
Hospital Management System <= 47.0(20-11-2023) - Authenticated (Subscriber+) SQL Injection LOW * - 47.0(20-11-2023) July 1, 2026
foodbakery-sticky-cart foodbakery-sticky-cart
91
Foodbakery Sticky Cart <= 3.2 - Unauthenticated PHP Object Injection LOW *-3.2 July 1, 2026
fat-services-booking fat-services-booking
86
FAT Services Booking <= 5.6 - Authenticated (Subscriber+) SQL Injection LOW *-5.6 July 1, 2026
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
85
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Local File Inclusion LOW *-2.4.37 July 1, 2026
easy-fancybox easy-fancybox
93
Firelight Lightbox <= 2.3.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.14 2.3.15 July 1, 2026
checkout-field-visibility-for-woocommerce checkout-field-visibility-for-woocommerce
93
Checkout Field Visibility for WooCommerce <= 1.3.0 - Unauthenticated Local File Inclusion LOW *-1.3.0 1.4.0 July 1, 2026
capturly-optimize-your-website capturly-optimize-your-website
93
Capturly <= 2.0.1 - Unauthenticated Local File Inclusion LOW *-2.0.1 2.0.2 July 1, 2026
appsero-helper appsero-helper
97
Appsero Helper <= 1.3.4 - Authenticated (Subscriber+) SQL Injection LOW *-1.3.4 1.3.5 July 1, 2026
anything-popup anything-popup
95
Anything Popup <= 7.3 - Reflected Cross-Site Scripting LOW *-7.3 July 1, 2026
analyticswp analyticswp
95
AnalyticsWP <= 2.1.2 - Unauthenticated SQL Injection LOW *-2.1.2 2.1.5 July 1, 2026
acf-google-font-selector-field acf-google-font-selector-field
95
ACF: Google Font Selector <= 3.0.1 - Reflected Cross-Site Scripting LOW *-3.0.1 July 1, 2026
sb-chart-block sb-chart-block N/A SB Chart block <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter LOW *-1.2.6 1.3.1 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion LOW *-3.3.12 3.3.13 July 1, 2026
wp-headers-and-footers wp-headers-and-footers N/A WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-3.1.1 3.1.2 July 1, 2026
user-registration-pro user-registration-pro N/A User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion LOW *-5.1.3 5.2.0 July 1, 2026
urbango-membership urbango-membership N/A UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation LOW *-1.0.4 1.1 July 1, 2026
themesflat-addons-for-elementor themesflat-addons-for-elementor N/A Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.5 2.2.6 July 1, 2026
kiotvietsync kiotvietsync
83
KiotViet Sync <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.8.5 July 1, 2026
jobwp jobwp
93
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection LOW *-2.3.9 2.4.0 July 1, 2026
jet-reviews jet-reviews
93
JetReviews <= 2.3.6 - Authenticated (Contributor+) Local File Inclusion LOW *-2.3.6 2.3.7 July 1, 2026
elementor_widget_clever_radio_player elementor_widget_clever_radio_player
93
CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read LOW *-2.4 2.5 July 1, 2026
debug-log-manager debug-log-manager
93
Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting LOW *-2.3.4 2.3.5 July 1, 2026
booking-and-rental-manager-for-woocommerce booking-and-rental-manager-for-woocommerce
93
Booking and Rental Manager <= 2.3.6 - Missing Authorization LOW *-2.3.6 2.3.7 July 1, 2026
bdthemes-element-pack-lite bdthemes-element-pack-lite
93
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting LOW *-5.10.28 5.10.29 July 1, 2026
analyticswp analyticswp
95
AnalyticsWP <= 2.0.0 - Missing Authorization LOW *-2.0.0 July 1, 2026
analyticswp analyticswp
95
AnalyticsWP <= 2.1.2 - Unauthenticated Sensitive Information Exposure LOW *-2.1.2 July 1, 2026
lastudio-element-kit lastudio-element-kit
93
LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget LOW *-1.4.9 1.5.0 July 1, 2026
Download Manager download-manager
63
Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-3.3.12 3.3.13 July 1, 2026
woo-coupon-usage woo-coupon-usage N/A Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter LOW *-6.3.0 6.3.1 July 1, 2026
piotnet-addons-for-elementor piotnet-addons-for-elementor N/A Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.36 July 1, 2026
customized-login customized-login
91
Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL LOW *-2.0.5 July 1, 2026
avatar avatar
89
Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-0.1.4 July 1, 2026
wpt-whatsapp wpt-whatsapp N/A WhatsApp Click to Chat Plugin for WordPress <= 2.2.12 - Unauthenticated Local File Inclusion LOW *-2.2.12 July 1, 2026
wplike2get wplike2get N/A wpLike2Get <= 1.2.9 - Unauthenticated Information Exposure LOW *-1.2.9 July 1, 2026
wp-video-robot wp-video-robot N/A WordPress Video Robot - The Ultimate Video Importer <= 1.20.0 - Reflected Cross-Site Scripting LOW *-1.20.0 July 1, 2026
wp-twitter-button wp-twitter-button N/A WP Twitter Button <= 1.4.1 - Cross-Site Request Forgery LOW *-1.4.1 July 1, 2026
wp-sticky-side-buttons wp-sticky-side-buttons N/A WP Sticky Side Buttons <= 2.1 - Cross-Site Request Forgery LOW *-2.1 July 1, 2026
wp-social-bookmarking wp-social-bookmarking N/A WP Social Bookmarking <= 3.6 - Cross-Site Request Forgery LOW *-3.6 July 1, 2026
wp-post-to-pdf-enhanced wp-post-to-pdf-enhanced N/A WP Post to PDF Enhanced <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.1 July 1, 2026
wp-google-map-gold wp-google-map-gold N/A Advanced Google Maps <= 5.8.4 - Missing Authorization LOW *-5.8.4 5.8.5 July 1, 2026
wp-data-logger wp-data-logger N/A WP Logger <= 2.2 - Missing Authorization LOW *-2.2 2.2.1 July 1, 2026
wp-cafe wp-cafe N/A WPCafe <= 2.2.32 - Authenticated (Contributor+) Local File Inclusion LOW *-2.2.32 2.2.33 July 1, 2026
web-directory-free web-directory-free N/A Web Directory Free <= 1.7.8 - Reflected Cross-Site Scripting LOW *-1.7.8 1.7.9 July 1, 2026
vitepos-lite vitepos-lite N/A Vitepos <= 3.1.7 - Missing Authorization LOW *-3.1.7 3.1.8 July 1, 2026
visucom-smart-sections visucom-smart-sections N/A Smart Sections Theme Builder - WPBakery Page Builder Addon <= 1.7.8 - Unauthenticated PHP Object Injection LOW *-1.7.8 July 1, 2026
verge3d verge3d N/A Verge3D <= 4.9.0 - Cross-Site Request Forgery LOW *-4.9.0 4.9.3 July 1, 2026
ultimate-store-kit ultimate-store-kit N/A Ultimate Store Kit Elementor Addons <= 2.4.0 - Unauthenticated PHP Object Injection LOW *-2.4.0 2.4.1 July 1, 2026
translit-it translit-it N/A translit it! <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6 July 1, 2026
theme-changer theme-changer N/A Theme Changer <= 1.4 - Cross-Site Request Forgery LOW *-1.4 1.5 July 1, 2026
taskbuilder taskbuilder N/A Taskbuilder <= 4.0.1 - Authenticated (Subscriber+) SQL Injection LOW *-4.0.1 4.0.2 July 1, 2026
szechenyi-2020-logo szechenyi-2020-logo N/A Széchenyi 2020 Logo <= 1.1 - Unauthenticated Local File Inclusion LOW *-1.1 1.2 July 1, 2026
superstorefinder-wp superstorefinder-wp N/A Super Store Finder <= 7.2 - Unauthenticated SQL Injection LOW *-7.2 7.5 July 1, 2026
style-manager style-manager N/A Style Manager <= 2.2.7 - Cross-Site Request Forgery to Settings Update LOW *-2.2.7 July 1, 2026
storecontrl-wp-connection storecontrl-wp-connection N/A StoreContrl Woocommerce <= 4.1.3 - Unauthenticated Arbitrary File Download LOW *-4.1.3 4.1.4 July 1, 2026
spice-blocks spice-blocks N/A Spice Blocks <= 2.0.7.4 - Missing Authorization LOW *-2.0.7.4 July 1, 2026
spam-stopper spam-stopper N/A spam-stopper <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.1.3 July 1, 2026
social-media-links social-media-links N/A Social Media Links <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.3 July 1, 2026
smart-agreements smart-agreements N/A Smart Agreements <= 1.0.3 - Unauthenticated Local File Inclusion LOW *-1.0.3 1.0.4 July 1, 2026
simple-sitemap simple-sitemap N/A Simple Sitemap – Create a Responsive HTML Sitemap <= 3.6.0 - Missing Authorization LOW *-3.6.0 3.6.1 July 1, 2026
sassy-social-share sassy-social-share N/A Sassy Social Share <= 3.3.73 - Open Redirect LOW *-3.3.73 3.3.74 July 1, 2026
LOW

recover-wc-abandoned-cart

recover-wc-abandoned-cart

Score: N/A Recover abandoned cart for WooCommerce <= 2.2 - Cross-Site Request Forgery Affected: *-2.2 Patched: 2.3 Updated: July 1, 2026
LOW

premmerce-woocommerce-wholesale-pricing

premmerce-woocommerce-wholesale-pricing

Score: N/A Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Missing Authorization Affected: *-1.1.10 Patched: 1.1.11 Updated: July 1, 2026
LOW

post-in-page-for-elementor

post-in-page-for-elementor

Score: N/A Post in page for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 1, 2026
LOW

mpl-publisher

mpl-publisher

Score: 93/100 MPL-Publisher <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.18.0 Patched: 2.18.1 Updated: July 1, 2026
LOW

majestic-support

majestic-support

Score: 93/100 Majestic Support <= 1.0.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

list-last-changes

list-last-changes

Score: 93/100 List Last Changes <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

linked-variation

linked-variation

Score: 93/100 Advanced Linked Variations for Woocommerce <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.8 Patched: 7.8.1 Updated: July 1, 2026
LOW

hospital-management

hospital-management

Score: 83/100 Hospital Management System <= 47.0(20-11-2023) - Unauthenticated SQL Injection Affected: * - 47.0(20-11-2023) Patched: Updated: July 1, 2026
LOW

hospital-management

hospital-management

Score: 83/100 Hospital Management System <= 47.0(20-11-2023) - Unauthenticated Arbitrary File Upload Affected: * - 47.0(20-11-2023) Patched: Updated: July 1, 2026
LOW

hospital-management

hospital-management

Score: 83/100 Hospital Management System <= 47.0(20-11-2023) - Reflected Cross-Site Scripting Affected: * - 47.0(20-11-2023) Patched: Updated: July 1, 2026
LOW

gutenkit-blocks-addon

gutenkit-blocks-addon

Score: 93/100 GutenKit <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: July 1, 2026
LOW

frontend-dashboard

frontend-dashboard

Score: 93/100 Frontend Dashboard <= 2.2.5 - Unauthenticated SQL Injection Affected: *-2.2.5 Patched: 2.2.6 Updated: July 1, 2026
LOW

evergreen-content-poster

evergreen-content-poster

Score: 93/100 Evergreen Content Poster <= 1.4.5 - Missing Authorization Affected: *-1.4.5 Patched: 1.4.6 Updated: July 1, 2026
LOW

event-post

event-post

Score: 91/100 Event post <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.9.11 Patched: 5.10.0 Updated: July 1, 2026
LOW

easy-notify-lite

easy-notify-lite

Score: 93/100 Popup Builder <= 1.1.35 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.1.35 Patched: 1.1.37 Updated: July 1, 2026
LOW

custom-related-posts

custom-related-posts

Score: 93/100 Custom Related Posts <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 1, 2026
LOW

control-listings

control-listings

Score: 93/100 Control Listings <= 1.0.4.1 - Reflected Cross-Site Scripting Affected: *-1.0.4.1 Patched: 1.0.5 Updated: July 1, 2026
LOW

cm-answers

cm-answers

Score: 93/100 CM Answers <= 3.3.3 - Cross-Site Request Forgery Affected: *-3.3.3 Patched: 3.3.4 Updated: July 1, 2026
LOW

cm-ad-changer

cm-ad-changer

Score: 93/100 CM Ad Changer <= 2.0.5 - Cross-Site Request Forgery Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.6.3.2 Patched: 1.6.33 Updated: July 1, 2026
LOW

car-park-booking-system-for-wordpress

car-park-booking-system-for-wordpress

Score: 91/100 Car Park Booking System for WordPress <= 2.6 - Missing Authorization Affected: *-2.6 Patched: Updated: July 1, 2026
LOW

appointment-booking-calendar

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.3.92 - Cross-Site Request Forgery to SQL Injection Affected: *-1.3.92 Patched: 1.3.93 Updated: July 1, 2026
LOW

appointment-booking-calendar

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.3.92 - Missing Authorization Affected: *-1.3.92 Patched: 1.3.93 Updated: July 1, 2026
LOW

alttext-ai

alttext-ai

Score: 97/100 Download Alt Text AI <= 1.9.93 - Missing Authorization Affected: *-1.9.93 Patched: 1.9.94 Updated: July 1, 2026
LOW

affiliate-toolkit-starter

affiliate-toolkit-starter

Score: 95/100 affiliate-toolkit <= 3.7.3 - Cross-Site Request Forgery Affected: *-3.7.3 Patched: 3.7.4 Updated: July 1, 2026
LOW

tax-switch-for-woocommerce

tax-switch-for-woocommerce

Score: N/A Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter Affected: *-1.4.2 Patched: 1.4.3 Updated: July 1, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload Affected: 11.4-11.4.5 Patched: 11.4.6 Updated: July 1, 2026
LOW

wp-jquery-lightbox

wp-jquery-lightbox

Score: N/A LightPress Lightbox <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.3 Patched: 2.3.4 Updated: July 1, 2026
LOW

wp-import-export-lite

wp-import-export-lite

Score: N/A WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting Affected: *-3.9.27 Patched: 3.9.28 Updated: July 1, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A WP FoodBakery <= 3.3 - Unauthenticated PHP Object Injection Affected: *-3.3 Patched: Updated: July 1, 2026
LOW

rewardsystem

rewardsystem

Score: N/A SUMO Reward Points <= 30.7.0 - Unauthenticated Local File Inclusion Affected: *-30.7.0 Patched: Updated: July 1, 2026
LOW

revy

revy

Score: N/A Revy <= 2.1 - Authenticated (Subscriber+) SQL Injection Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

product-lister-ebay

product-lister-ebay

Score: N/A Product Lister for eBay <= 2.0.9 - Unauthenticated Local File Inclusion Affected: *-2.0.9 Patched: Updated: July 1, 2026
LOW

ocean-extra

ocean-extra

Score: N/A Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.4.6 Patched: 2.4.7 Updated: July 1, 2026
LOW

ocean-extra

ocean-extra

Score: N/A Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.4.6 Patched: 2.4.7 Updated: July 1, 2026
LOW

ocean-extra

ocean-extra

Score: N/A Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' Affected: *-2.4.6 Patched: 2.4.7 Updated: July 1, 2026
LOW

memberpress

memberpress

Score: 93/100 Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.11.37 Patched: 1.12.0 Updated: July 1, 2026
LOW

license-envato

license-envato

Score: 93/100 License For Envato <= 1.0.0 - Unauthenticated Local File Inclusion Affected: *-1.0.0 Patched: 1.1.0 Updated: July 1, 2026
LOW

hospital-management

hospital-management

Score: 83/100 Hospital Management System <= 47.0(20-11-2023) - Authenticated (Subscriber+) SQL Injection Affected: * - 47.0(20-11-2023) Patched: Updated: July 1, 2026
LOW

foodbakery-sticky-cart

foodbakery-sticky-cart

Score: 91/100 Foodbakery Sticky Cart <= 3.2 - Unauthenticated PHP Object Injection Affected: *-3.2 Patched: Updated: July 1, 2026
LOW

fat-services-booking

fat-services-booking

Score: 86/100 FAT Services Booking <= 5.6 - Authenticated (Subscriber+) SQL Injection Affected: *-5.6 Patched: Updated: July 1, 2026
LOW

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

Score: 85/100 Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Local File Inclusion Affected: *-2.4.37 Patched: Updated: July 1, 2026
LOW

easy-fancybox

easy-fancybox

Score: 93/100 Firelight Lightbox <= 2.3.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.14 Patched: 2.3.15 Updated: July 1, 2026
LOW

checkout-field-visibility-for-woocommerce

checkout-field-visibility-for-woocommerce

Score: 93/100 Checkout Field Visibility for WooCommerce <= 1.3.0 - Unauthenticated Local File Inclusion Affected: *-1.3.0 Patched: 1.4.0 Updated: July 1, 2026
LOW

capturly-optimize-your-website

capturly-optimize-your-website

Score: 93/100 Capturly <= 2.0.1 - Unauthenticated Local File Inclusion Affected: *-2.0.1 Patched: 2.0.2 Updated: July 1, 2026
LOW

appsero-helper

appsero-helper

Score: 97/100 Appsero Helper <= 1.3.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.4 Patched: 1.3.5 Updated: July 1, 2026
LOW

anything-popup

anything-popup

Score: 95/100 Anything Popup <= 7.3 - Reflected Cross-Site Scripting Affected: *-7.3 Patched: Updated: July 1, 2026
LOW

analyticswp

analyticswp

Score: 95/100 AnalyticsWP <= 2.1.2 - Unauthenticated SQL Injection Affected: *-2.1.2 Patched: 2.1.5 Updated: July 1, 2026
LOW

acf-google-font-selector-field

acf-google-font-selector-field

Score: 95/100 ACF: Google Font Selector <= 3.0.1 - Reflected Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: July 1, 2026
LOW

sb-chart-block

sb-chart-block

Score: N/A SB Chart block <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter Affected: *-1.2.6 Patched: 1.3.1 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion Affected: *-3.3.12 Patched: 3.3.13 Updated: July 1, 2026
LOW

wp-headers-and-footers

wp-headers-and-footers

Score: N/A WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-3.1.1 Patched: 3.1.2 Updated: July 1, 2026
LOW

user-registration-pro

user-registration-pro

Score: N/A User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion Affected: *-5.1.3 Patched: 5.2.0 Updated: July 1, 2026
LOW

urbango-membership

urbango-membership

Score: N/A UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation Affected: *-1.0.4 Patched: 1.1 Updated: July 1, 2026
LOW

themesflat-addons-for-elementor

themesflat-addons-for-elementor

Score: N/A Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.5 Patched: 2.2.6 Updated: July 1, 2026
LOW

kiotvietsync

kiotvietsync

Score: 83/100 KiotViet Sync <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.8.5 Patched: Updated: July 1, 2026
LOW

jobwp

jobwp

Score: 93/100 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection Affected: *-2.3.9 Patched: 2.4.0 Updated: July 1, 2026
LOW

jet-reviews

jet-reviews

Score: 93/100 JetReviews <= 2.3.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.3.6 Patched: 2.3.7 Updated: July 1, 2026
LOW

elementor_widget_clever_radio_player

elementor_widget_clever_radio_player

Score: 93/100 CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read Affected: *-2.4 Patched: 2.5 Updated: July 1, 2026
LOW

debug-log-manager

debug-log-manager

Score: 93/100 Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: July 1, 2026
LOW

booking-and-rental-manager-for-woocommerce

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 2.3.6 - Missing Authorization Affected: *-2.3.6 Patched: 2.3.7 Updated: July 1, 2026
LOW

bdthemes-element-pack-lite

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting Affected: *-5.10.28 Patched: 5.10.29 Updated: July 1, 2026
LOW

analyticswp

analyticswp

Score: 95/100 AnalyticsWP <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

analyticswp

analyticswp

Score: 95/100 AnalyticsWP <= 2.1.2 - Unauthenticated Sensitive Information Exposure Affected: *-2.1.2 Patched: Updated: July 1, 2026
LOW

lastudio-element-kit

lastudio-element-kit

Score: 93/100 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget Affected: *-1.4.9 Patched: 1.5.0 Updated: July 1, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-3.3.12 Patched: 3.3.13 Updated: July 1, 2026
LOW

woo-coupon-usage

woo-coupon-usage

Score: N/A Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter Affected: *-6.3.0 Patched: 6.3.1 Updated: July 1, 2026
LOW

piotnet-addons-for-elementor

piotnet-addons-for-elementor

Score: N/A Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.36 Patched: Updated: July 1, 2026
LOW

customized-login

customized-login

Score: 91/100 Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL Affected: *-2.0.5 Patched: Updated: July 1, 2026
LOW

avatar

avatar

Score: 89/100 Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-0.1.4 Patched: Updated: July 1, 2026
LOW

wpt-whatsapp

wpt-whatsapp

Score: N/A WhatsApp Click to Chat Plugin for WordPress <= 2.2.12 - Unauthenticated Local File Inclusion Affected: *-2.2.12 Patched: Updated: July 1, 2026
LOW

wplike2get

wplike2get

Score: N/A wpLike2Get <= 1.2.9 - Unauthenticated Information Exposure Affected: *-1.2.9 Patched: Updated: July 1, 2026
LOW

wp-video-robot

wp-video-robot

Score: N/A WordPress Video Robot - The Ultimate Video Importer <= 1.20.0 - Reflected Cross-Site Scripting Affected: *-1.20.0 Patched: Updated: July 1, 2026
LOW

wp-twitter-button

wp-twitter-button

Score: N/A WP Twitter Button <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: Updated: July 1, 2026
LOW

wp-sticky-side-buttons

wp-sticky-side-buttons

Score: N/A WP Sticky Side Buttons <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

wp-social-bookmarking

wp-social-bookmarking

Score: N/A WP Social Bookmarking <= 3.6 - Cross-Site Request Forgery Affected: *-3.6 Patched: Updated: July 1, 2026
LOW

wp-post-to-pdf-enhanced

wp-post-to-pdf-enhanced

Score: N/A WP Post to PDF Enhanced <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

wp-google-map-gold

wp-google-map-gold

Score: N/A Advanced Google Maps <= 5.8.4 - Missing Authorization Affected: *-5.8.4 Patched: 5.8.5 Updated: July 1, 2026
LOW

wp-data-logger

wp-data-logger

Score: N/A WP Logger <= 2.2 - Missing Authorization Affected: *-2.2 Patched: 2.2.1 Updated: July 1, 2026
LOW

wp-cafe

wp-cafe

Score: N/A WPCafe <= 2.2.32 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.32 Patched: 2.2.33 Updated: July 1, 2026
LOW

web-directory-free

web-directory-free

Score: N/A Web Directory Free <= 1.7.8 - Reflected Cross-Site Scripting Affected: *-1.7.8 Patched: 1.7.9 Updated: July 1, 2026
LOW

vitepos-lite

vitepos-lite

Score: N/A Vitepos <= 3.1.7 - Missing Authorization Affected: *-3.1.7 Patched: 3.1.8 Updated: July 1, 2026
LOW

visucom-smart-sections

visucom-smart-sections

Score: N/A Smart Sections Theme Builder - WPBakery Page Builder Addon <= 1.7.8 - Unauthenticated PHP Object Injection Affected: *-1.7.8 Patched: Updated: July 1, 2026
LOW

verge3d

verge3d

Score: N/A Verge3D <= 4.9.0 - Cross-Site Request Forgery Affected: *-4.9.0 Patched: 4.9.3 Updated: July 1, 2026
LOW

ultimate-store-kit

ultimate-store-kit

Score: N/A Ultimate Store Kit Elementor Addons <= 2.4.0 - Unauthenticated PHP Object Injection Affected: *-2.4.0 Patched: 2.4.1 Updated: July 1, 2026
LOW

translit-it

translit-it

Score: N/A translit it! <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 1, 2026
LOW

theme-changer

theme-changer

Score: N/A Theme Changer <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: 1.5 Updated: July 1, 2026
LOW

taskbuilder

taskbuilder

Score: N/A Taskbuilder <= 4.0.1 - Authenticated (Subscriber+) SQL Injection Affected: *-4.0.1 Patched: 4.0.2 Updated: July 1, 2026
LOW

szechenyi-2020-logo

szechenyi-2020-logo

Score: N/A Széchenyi 2020 Logo <= 1.1 - Unauthenticated Local File Inclusion Affected: *-1.1 Patched: 1.2 Updated: July 1, 2026
LOW

superstorefinder-wp

superstorefinder-wp

Score: N/A Super Store Finder <= 7.2 - Unauthenticated SQL Injection Affected: *-7.2 Patched: 7.5 Updated: July 1, 2026
LOW

style-manager

style-manager

Score: N/A Style Manager <= 2.2.7 - Cross-Site Request Forgery to Settings Update Affected: *-2.2.7 Patched: Updated: July 1, 2026
LOW

storecontrl-wp-connection

storecontrl-wp-connection

Score: N/A StoreContrl Woocommerce <= 4.1.3 - Unauthenticated Arbitrary File Download Affected: *-4.1.3 Patched: 4.1.4 Updated: July 1, 2026
LOW

spice-blocks

spice-blocks

Score: N/A Spice Blocks <= 2.0.7.4 - Missing Authorization Affected: *-2.0.7.4 Patched: Updated: July 1, 2026
LOW

spam-stopper

spam-stopper

Score: N/A spam-stopper <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.1.3 Patched: Updated: July 1, 2026
LOW

social-media-links

social-media-links

Score: N/A Social Media Links <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

smart-agreements

smart-agreements

Score: N/A Smart Agreements <= 1.0.3 - Unauthenticated Local File Inclusion Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

simple-sitemap

simple-sitemap

Score: N/A Simple Sitemap – Create a Responsive HTML Sitemap <= 3.6.0 - Missing Authorization Affected: *-3.6.0 Patched: 3.6.1 Updated: July 1, 2026
LOW

sassy-social-share

sassy-social-share

Score: N/A Sassy Social Share <= 3.3.73 - Open Redirect Affected: *-3.3.73 Patched: 3.3.74 Updated: July 1, 2026

Showing 9501 to 9600 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 05:27 UTC.