Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
rss-manager rss-manager N/A RSS Manager <= 0.06 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.06 July 1, 2026
revision-diet revision-diet N/A Revision Diet <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
review-wave-google-places-reviews review-wave-google-places-reviews N/A Review Wave – Google Places Reviews <= 1.4.7 - Cross-Site Request Forgery LOW *-1.4.7 July 1, 2026
redirect-to-welcome-or-landing-page redirect-to-welcome-or-landing-page N/A Redirect wordpress to welcome or landing page <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
rating-bws rating-bws N/A Rating by BestWebSoft <= 1.7 - Authenticated (Subscriber+) PHP Object Injection LOW *-1.7 July 1, 2026
quentn-wp quentn-wp N/A Quentn WP <= 1.2.8 - Unauthenticated SQL Injection LOW *-1.2.8 1.2.9 July 1, 2026
quentn-wp quentn-wp N/A Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation LOW *-1.2.8 1.2.9 July 1, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid <= 5.9.4.8 - Authenticated (Subscriber+) SQL Injection LOW *-5.9.4.8 5.9.4.9 July 1, 2026
payment-form-for-paypal-pro payment-form-for-paypal-pro N/A Payment Form for PayPal Pro <= 1.1.72 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.72 1.1.73 July 1, 2026
nd-booking nd-booking
91
Hotel Booking <= 3.6 - Unauthenticated Local File Inclusion LOW *-3.6 3.7 July 1, 2026
name-directory name-directory
93
Name Directory <= 1.30.0 - Missing Authorization LOW *-1.30.0 1.30.1 July 1, 2026
my-marginalia my-marginalia
91
My Marginalia <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.6 July 1, 2026
modal-survey modal-survey
87
Modal Survey <= 2.0.2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.2.0.1 July 1, 2026
mlanguage mlanguage
91
mLanguage <= 1.6.1 - Cross-Site Request Forgery LOW *-1.6.1 July 1, 2026
memberpress memberpress
93
Memberpress < 1.12.0 - Reflected Cross-Site Scripting LOW [*, 1.12.0) 1.12.0 July 1, 2026
maxbuttons maxbuttons
93
MaxButtons <= 9.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-9.8.3 9.8.4 July 1, 2026
Master Slider – Responsive Touch Slider master-slider
86
Master Slider <= 3.11.1 - Missing Authorization LOW *-3.11.1 3.11.2 July 1, 2026
lgpd-compliant-cookie-banner lgpd-compliant-cookie-banner
91
illow – Cookies Consent <= 0.2.0 - Cross-Site Request Forgery LOW *-0.2.0 July 1, 2026
jet-woo-builder jet-woo-builder
93
JetWooBuilder <= 2.1.18 - Missing Authorization LOW *-2.1.18 2.1.18.1 July 1, 2026
jet-tabs jet-tabs
93
JetTabs <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.7 2.2.8 July 1, 2026
jet-elements jet-elements
93
JetElements For Elementor <= 2.7.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.4.1 2.7.4.2 July 1, 2026
jet-elements jet-elements
93
JetElements For Elementor <= 2.7.4.1 - Missing Authorization LOW *-2.7.4.1 2.7.4.2 July 1, 2026
jet-blocks jet-blocks
93
JetBlocks For Elementor <= 1.3.16 - Missing Authorization LOW *-1.3.16 1.3.16.1 July 1, 2026
ip2location-variables ip2location-variables
93
IP2Location Variables <= 2.9.5 - Cross-Site Request Forgery LOW *-2.9.5 2.9.6 July 1, 2026
interactive-maps interactive-maps
93
Simple Maps <= 0.98 - Cross-Site Request Forgery LOW *-0.98 0.99 July 1, 2026
idraw idraw
91
I Draw <= 1.0 - Authenticated (Author+) Arbitrary File Upload LOW *-1.0 July 1, 2026
gravity-forms-css-themes-with-fontawesome-and-placeholder-support gravity-forms-css-themes-with-fontawesome-and-placeholder-support
91
Gravity Forms CSS Themes with Fontawesome and Placeholders <= 8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-8.5 July 1, 2026
fluent-community fluent-community
93
FluentCommunity <= 1.2.15 - Unauthenticated PHP Object Injection LOW *-1.2.15 1.3.1 July 1, 2026
fluent-boards fluent-boards
93
FluentBoards <= 1.47 - Unauthenticated PHP Object Injection LOW *-1.47 1.48 July 1, 2026
Docket Cache – Object Cache Accelerator docket-cache
80
Docket Cache <= 24.07.02 - Unauthenticated Local File Inclusion LOW *-24.07.02 24.07.03 July 1, 2026
debug-log-manager debug-log-manager
93
Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting LOW *-2.3.4 2.3.5 July 1, 2026
dashi dashi
93
Dashi <= 3.1.8 - Missing Authorization LOW *-3.1.8 3.1.9 July 1, 2026
dashboard-notepads dashboard-notepads
91
Dashboard Notepads <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.1 July 1, 2026
contact-form-vcard-generator contact-form-vcard-generator
87
Contact Form vCard Generator <= 2.4 - Reflected Cross-Site Scripting LOW *-2.4 July 1, 2026
cloak-front-end-email cloak-front-end-email
93
Cloak Front End Email <= 1.9.5 - Missing Authorization LOW *-1.9.5 1.9.6 July 1, 2026
bulk-page-stub-creator bulk-page-stub-creator
93
Bulk Page Stub Creator <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 1.2 July 1, 2026
bruteguard bruteguard
91
BruteGuard – Brute Force Login Protection <= 0.1.4 - Reflected Cross-Site Scripting LOW *-0.1.4 July 1, 2026
broken-links-remover broken-links-remover
91
Broken Links Remover <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.2 July 1, 2026
brid-video-easy-publish brid-video-easy-publish
91
Target Video Easy Publish <= 3.8.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-3.8.5 July 1, 2026
booster-plus-for-woocommerce booster-plus-for-woocommerce
93
Booster Plus for WooCommerce <= 7.2.4 - Reflected Cross-Site Scripting LOW *-7.2.4 7.2.5 July 1, 2026
booking-and-rental-manager-for-woocommerce booking-and-rental-manager-for-woocommerce
93
Booking and Rental Manager <= 2.2.8 - Missing Authorization LOW *-2.2.8 2.2.9 July 1, 2026
bknewsticker bknewsticker
91
Bknewsticker <= 1.0.5 - Cross-Site Request Forgery LOW *-1.0.5 July 1, 2026
bft-autoresponder bft-autoresponder
91
Arigato Autoresponder and Newsletter <= 2.7.2.4 - Reflected Cross-Site Scripting LOW *-2.7.2.4 2.7.2.5 July 1, 2026
bertha-ai-free bertha-ai-free
89
BERTHA AI <= 1.12.10.2 - Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-1.12.10.2 1.12.11 July 1, 2026
bbpress2-shortcode-whitelist bbpress2-shortcode-whitelist
91
bbPress2 shortcode whitelist <= 2.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2.1 July 1, 2026
avatar avatar
89
Avatar <= 0.1.4 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-0.1.4 July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 (17-08-2023) - Unauthenticated Arbitrary File Upload LOW * - 44.0 (17-08-2023) July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 (17-08-2023) - Unauthenticated Stored Cross-Site Scripting LOW * - 44.0 (17-08-2023) July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) SQL Injection LOW * - 44.0 (17-08-2023) July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 (17-08-2023) - Unauthenticated SQL Injection LOW * - 44.0 (17-08-2023) July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Privilege Escalation LOW * - 44.0 (17-08-2023) July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Arbitrary File Upload LOW * - 44.0 (17-08-2023) July 1, 2026
apartment-management apartment-management
88
WPAMS <= 44.0 - Unauthenticated Local File Inclusion LOW * - 44.0 (17-08-2023) July 1, 2026
anthologize anthologize
95
Anthologize <= 0.8.3 - Cross-Site Request Forgery LOW *-0.8.3 July 1, 2026
amazon-showcase-wordpress-widget amazon-showcase-wordpress-widget
95
Amazon Showcase WordPress Plugin <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2 July 1, 2026
ai-text-to-speech ai-text-to-speech
97
AI Text to Speech <= 3.0.3 - Missing Authorization LOW *-3.0.3 3.0.4 July 1, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
Advanced Dynamic Pricing for WooCommerce <= 4.9.3 - Cross-Site Request Forgery to Settings Update LOW *-4.9.3 4.9.5 July 1, 2026
adminquickbar adminquickbar
95
AdminQuickbar <= 1.9.1 - Reflected Cross-Site Scripting LOW *-1.9.1 1.9.2 July 1, 2026
add-to-header add-to-header
95
Add to Header <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' LOW *-1.42.0 1.42.1 July 1, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
Forminator <= 1.42.0 - Order Replay Vulnerability LOW *-1.42.0 1.42.1 July 1, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder fluentform
78
Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0.2 6.0.3 July 1, 2026
wp-editor wp-editor N/A WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read LOW *-1.2.9.1 1.2.9.2 July 1, 2026
wp-editor wp-editor N/A WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update LOW *-1.2.9.1 1.2.9.2 July 1, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager <= 3.3.200 - Missing Authorization LOW *-3.3.200 3.3.201 July 1, 2026
xelion-webchat xelion-webchat N/A Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Privilege Escalation LOW *-9.1.0 9.2.0 July 1, 2026
wptools wptools N/A WP Tools <= 5.18 - Cross-Site Request Forgery to Arbitrary File Renaming LOW *-5.18 5.19 July 1, 2026
wpcom-member wpcom-member N/A WPCOM Member <= 1.7.7 - Authenticated (Contributor+) Local File Inclusion LOW *-1.7.7 1.7.8 July 1, 2026
wpcasa wpcasa N/A WPCasa <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.2 1.4.0 July 1, 2026
wpadverts wpadverts N/A WPAdverts <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 2.2.2 July 1, 2026
wp-woocommerce-quickbooks wp-woocommerce-quickbooks N/A Integration for WooCommerce and QuickBooks <= 1.3.1 - Cross-Site Request Forgery LOW *-1.3.1 1.3.2 July 1, 2026
wp-subscription-forms wp-subscription-forms N/A WP Subscription Forms <= 1.2.3 - Missing Authorization LOW *-1.2.3 1.2.4 July 1, 2026
wp-simple-booking-calendar wp-simple-booking-calendar N/A WP Simple Booking Calendar <= 2.0.13 - Missing Authorization LOW *-2.0.13 2.0.14 July 1, 2026
wp-rest-api-authentication wp-rest-api-authentication N/A WordPress REST API Authentication <= 3.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW *-3.6.3 3.6.4 July 1, 2026
wp-posts-carousel wp-posts-carousel N/A WP Posts Carousel <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.10 1.3.11 July 1, 2026
wp-flipclock wp-flipclock N/A WP Flipclock <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.1 1.10 July 1, 2026
wp-ever-accounting wp-ever-accounting N/A Ever Accounting <= 2.1.5 - Cross-Site Request Forgery LOW *-2.1.5 2.1.6 July 1, 2026
wp-event-solution wp-event-solution N/A Eventin <= 4.0.25 - Authenticated (Contributor+) Local File Inclusion LOW *-4.0.25 4.0.26 July 1, 2026
WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards wp-data-access N/A WP Data Access <= 5.5.36 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.5.36 5.5.37 July 1, 2026
wp-advanced-search wp-advanced-search N/A WP-Advanced-Search <= 3.3.9.3 - Authenticated (Admin+) Arbitrary File Upload LOW *-3.3.9.3 July 1, 2026
woo-social-login woo-social-login N/A WooCommerce Social Login <= 2.8.2 - Cross-Site Request Forgery LOW *-2.8.2 2.8.3 July 1, 2026
Product Table & List Builder for WooCommerce Lite wc-product-table-lite N/A WooCommerce Product Table Lite <= 3.9.5 - Missing Authorization LOW *-3.9.5 3.9.6 July 1, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection LOW *-2.10.1 2.10.2 July 1, 2026
uix-shortcodes uix-shortcodes N/A Uix Shortcodes <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.4 2.0.5 July 1, 2026
travelfic-toolkit travelfic-toolkit N/A Travelfic Toolkit <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.3 July 1, 2026
themify-shortcodes themify-shortcodes N/A Themify Shortcodes <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.3 2.1.4 July 1, 2026
support-x support-x N/A CRM Perks <= 1.1.7 - Reflected Cross-Site Scripting LOW *-1.1.7 1.1.8 July 1, 2026
subscribe-to-unlock-lite subscribe-to-unlock-lite N/A Subscribe to Unlock Lite <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion LOW *-1.3.0 1.3.1 July 1, 2026
starfish-reviews starfish-reviews N/A Starfish Review Generation & Marketing <= 3.1.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-3.1.19 3.1.20 July 1, 2026
slazzer-background-changer slazzer-background-changer N/A Slazzer Background Changer <= 3.14 - Missing Authorization LOW *-3.14 July 1, 2026
site-search-360 site-search-360 N/A Site Search 360 <= 2.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.7 July 1, 2026
scriptless-social-sharing scriptless-social-sharing N/A Scriptless Social Sharing <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.0 3.3.1 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.977 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.977 1.3.979 July 1, 2026
right-click-disable-or-ban right-click-disable-or-ban N/A Right Click Disable OR Ban <= 1.1.17 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.17 1.2.0 July 1, 2026
responsive-block-editor-addons responsive-block-editor-addons N/A Responsive Blocks <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.2 2.0.3 July 1, 2026
rescue-shortcodes rescue-shortcodes N/A Rescue Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1 3.3 July 1, 2026
propertyhive propertyhive N/A PropertyHive <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.2 2.1.3 July 1, 2026
product-blocks product-blocks N/A WowStore <= 4.2.4 - Missing Authorization LOW *-4.2.4 4.2.5 July 1, 2026
password-protected password-protected N/A Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure LOW *-2.7.7 2.7.8 July 1, 2026
most-and-least-read-posts-widget most-and-least-read-posts-widget
93
Most And Least Read Posts Widget <= 2.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.20 2.5.21 July 1, 2026
LOW

rss-manager

rss-manager

Score: N/A RSS Manager <= 0.06 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.06 Patched: Updated: July 1, 2026
LOW

revision-diet

revision-diet

Score: N/A Revision Diet <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

review-wave-google-places-reviews

review-wave-google-places-reviews

Score: N/A Review Wave – Google Places Reviews <= 1.4.7 - Cross-Site Request Forgery Affected: *-1.4.7 Patched: Updated: July 1, 2026
LOW

redirect-to-welcome-or-landing-page

redirect-to-welcome-or-landing-page

Score: N/A Redirect wordpress to welcome or landing page <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

rating-bws

rating-bws

Score: N/A Rating by BestWebSoft <= 1.7 - Authenticated (Subscriber+) PHP Object Injection Affected: *-1.7 Patched: Updated: July 1, 2026
LOW

quentn-wp

quentn-wp

Score: N/A Quentn WP <= 1.2.8 - Unauthenticated SQL Injection Affected: *-1.2.8 Patched: 1.2.9 Updated: July 1, 2026
LOW

quentn-wp

quentn-wp

Score: N/A Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation Affected: *-1.2.8 Patched: 1.2.9 Updated: July 1, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.4.8 - Authenticated (Subscriber+) SQL Injection Affected: *-5.9.4.8 Patched: 5.9.4.9 Updated: July 1, 2026
LOW

payment-form-for-paypal-pro

payment-form-for-paypal-pro

Score: N/A Payment Form for PayPal Pro <= 1.1.72 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.72 Patched: 1.1.73 Updated: July 1, 2026
LOW

nd-booking

nd-booking

Score: 91/100 Hotel Booking <= 3.6 - Unauthenticated Local File Inclusion Affected: *-3.6 Patched: 3.7 Updated: July 1, 2026
LOW

name-directory

name-directory

Score: 93/100 Name Directory <= 1.30.0 - Missing Authorization Affected: *-1.30.0 Patched: 1.30.1 Updated: July 1, 2026
LOW

my-marginalia

my-marginalia

Score: 91/100 My Marginalia <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 1, 2026
LOW

modal-survey

modal-survey

Score: 87/100 Modal Survey <= 2.0.2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.2.0.1 Patched: Updated: July 1, 2026
LOW

mlanguage

mlanguage

Score: 91/100 mLanguage <= 1.6.1 - Cross-Site Request Forgery Affected: *-1.6.1 Patched: Updated: July 1, 2026
LOW

memberpress

memberpress

Score: 93/100 Memberpress < 1.12.0 - Reflected Cross-Site Scripting Affected: [*, 1.12.0) Patched: 1.12.0 Updated: July 1, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 MaxButtons <= 9.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-9.8.3 Patched: 9.8.4 Updated: July 1, 2026
LOW

lgpd-compliant-cookie-banner

lgpd-compliant-cookie-banner

Score: 91/100 illow – Cookies Consent <= 0.2.0 - Cross-Site Request Forgery Affected: *-0.2.0 Patched: Updated: July 1, 2026
LOW

jet-woo-builder

jet-woo-builder

Score: 93/100 JetWooBuilder <= 2.1.18 - Missing Authorization Affected: *-2.1.18 Patched: 2.1.18.1 Updated: July 1, 2026
LOW

jet-tabs

jet-tabs

Score: 93/100 JetTabs <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.7 Patched: 2.2.8 Updated: July 1, 2026
LOW

jet-elements

jet-elements

Score: 93/100 JetElements For Elementor <= 2.7.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.4.1 Patched: 2.7.4.2 Updated: July 1, 2026
LOW

jet-elements

jet-elements

Score: 93/100 JetElements For Elementor <= 2.7.4.1 - Missing Authorization Affected: *-2.7.4.1 Patched: 2.7.4.2 Updated: July 1, 2026
LOW

jet-blocks

jet-blocks

Score: 93/100 JetBlocks For Elementor <= 1.3.16 - Missing Authorization Affected: *-1.3.16 Patched: 1.3.16.1 Updated: July 1, 2026
LOW

ip2location-variables

ip2location-variables

Score: 93/100 IP2Location Variables <= 2.9.5 - Cross-Site Request Forgery Affected: *-2.9.5 Patched: 2.9.6 Updated: July 1, 2026
LOW

interactive-maps

interactive-maps

Score: 93/100 Simple Maps <= 0.98 - Cross-Site Request Forgery Affected: *-0.98 Patched: 0.99 Updated: July 1, 2026
LOW

idraw

idraw

Score: 91/100 I Draw <= 1.0 - Authenticated (Author+) Arbitrary File Upload Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

gravity-forms-css-themes-with-fontawesome-and-placeholder-support

gravity-forms-css-themes-with-fontawesome-and-placeholder-support

Score: 91/100 Gravity Forms CSS Themes with Fontawesome and Placeholders <= 8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-8.5 Patched: Updated: July 1, 2026
LOW

fluent-community

fluent-community

Score: 93/100 FluentCommunity <= 1.2.15 - Unauthenticated PHP Object Injection Affected: *-1.2.15 Patched: 1.3.1 Updated: July 1, 2026
LOW

fluent-boards

fluent-boards

Score: 93/100 FluentBoards <= 1.47 - Unauthenticated PHP Object Injection Affected: *-1.47 Patched: 1.48 Updated: July 1, 2026
LOW

debug-log-manager

debug-log-manager

Score: 93/100 Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: July 1, 2026
LOW

dashi

dashi

Score: 93/100 Dashi <= 3.1.8 - Missing Authorization Affected: *-3.1.8 Patched: 3.1.9 Updated: July 1, 2026
LOW

dashboard-notepads

dashboard-notepads

Score: 91/100 Dashboard Notepads <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 1, 2026
LOW

contact-form-vcard-generator

contact-form-vcard-generator

Score: 87/100 Contact Form vCard Generator <= 2.4 - Reflected Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 1, 2026
LOW

cloak-front-end-email

cloak-front-end-email

Score: 93/100 Cloak Front End Email <= 1.9.5 - Missing Authorization Affected: *-1.9.5 Patched: 1.9.6 Updated: July 1, 2026
LOW

bulk-page-stub-creator

bulk-page-stub-creator

Score: 93/100 Bulk Page Stub Creator <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: July 1, 2026
LOW

bruteguard

bruteguard

Score: 91/100 BruteGuard – Brute Force Login Protection <= 0.1.4 - Reflected Cross-Site Scripting Affected: *-0.1.4 Patched: Updated: July 1, 2026
LOW

broken-links-remover

broken-links-remover

Score: 91/100 Broken Links Remover <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 1, 2026
LOW

brid-video-easy-publish

brid-video-easy-publish

Score: 91/100 Target Video Easy Publish <= 3.8.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-3.8.5 Patched: Updated: July 1, 2026
LOW

booster-plus-for-woocommerce

booster-plus-for-woocommerce

Score: 93/100 Booster Plus for WooCommerce <= 7.2.4 - Reflected Cross-Site Scripting Affected: *-7.2.4 Patched: 7.2.5 Updated: July 1, 2026
LOW

booking-and-rental-manager-for-woocommerce

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 2.2.8 - Missing Authorization Affected: *-2.2.8 Patched: 2.2.9 Updated: July 1, 2026
LOW

bknewsticker

bknewsticker

Score: 91/100 Bknewsticker <= 1.0.5 - Cross-Site Request Forgery Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

bft-autoresponder

bft-autoresponder

Score: 91/100 Arigato Autoresponder and Newsletter <= 2.7.2.4 - Reflected Cross-Site Scripting Affected: *-2.7.2.4 Patched: 2.7.2.5 Updated: July 1, 2026
LOW

bertha-ai-free

bertha-ai-free

Score: 89/100 BERTHA AI <= 1.12.10.2 - Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-1.12.10.2 Patched: 1.12.11 Updated: July 1, 2026
LOW

bbpress2-shortcode-whitelist

bbpress2-shortcode-whitelist

Score: 91/100 bbPress2 shortcode whitelist <= 2.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 1, 2026
LOW

avatar

avatar

Score: 89/100 Avatar <= 0.1.4 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-0.1.4 Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 (17-08-2023) - Unauthenticated Arbitrary File Upload Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 (17-08-2023) - Unauthenticated Stored Cross-Site Scripting Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) SQL Injection Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 (17-08-2023) - Unauthenticated SQL Injection Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Privilege Escalation Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Arbitrary File Upload Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

apartment-management

apartment-management

Score: 88/100 WPAMS <= 44.0 - Unauthenticated Local File Inclusion Affected: * - 44.0 (17-08-2023) Patched: Updated: July 1, 2026
LOW

anthologize

anthologize

Score: 95/100 Anthologize <= 0.8.3 - Cross-Site Request Forgery Affected: *-0.8.3 Patched: Updated: July 1, 2026
LOW

amazon-showcase-wordpress-widget

amazon-showcase-wordpress-widget

Score: 95/100 Amazon Showcase WordPress Plugin <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 1, 2026
LOW

ai-text-to-speech

ai-text-to-speech

Score: 97/100 AI Text to Speech <= 3.0.3 - Missing Authorization Affected: *-3.0.3 Patched: 3.0.4 Updated: July 1, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.9.3 - Cross-Site Request Forgery to Settings Update Affected: *-4.9.3 Patched: 4.9.5 Updated: July 1, 2026
LOW

adminquickbar

adminquickbar

Score: 95/100 AdminQuickbar <= 1.9.1 - Reflected Cross-Site Scripting Affected: *-1.9.1 Patched: 1.9.2 Updated: July 1, 2026
LOW

add-to-header

add-to-header

Score: 95/100 Add to Header <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

wp-editor

wp-editor

Score: N/A WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Affected: *-1.2.9.1 Patched: 1.2.9.2 Updated: July 1, 2026
LOW

wp-editor

wp-editor

Score: N/A WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update Affected: *-1.2.9.1 Patched: 1.2.9.2 Updated: July 1, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.3.200 - Missing Authorization Affected: *-3.3.200 Patched: 3.3.201 Updated: July 1, 2026
LOW

xelion-webchat

xelion-webchat

Score: N/A Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-9.1.0 Patched: 9.2.0 Updated: July 1, 2026
LOW

wptools

wptools

Score: N/A WP Tools <= 5.18 - Cross-Site Request Forgery to Arbitrary File Renaming Affected: *-5.18 Patched: 5.19 Updated: July 1, 2026
LOW

wpcom-member

wpcom-member

Score: N/A WPCOM Member <= 1.7.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.7.7 Patched: 1.7.8 Updated: July 1, 2026
LOW

wpcasa

wpcasa

Score: N/A WPCasa <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.4.0 Updated: July 1, 2026
LOW

wpadverts

wpadverts

Score: N/A WPAdverts <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: July 1, 2026
LOW

wp-woocommerce-quickbooks

wp-woocommerce-quickbooks

Score: N/A Integration for WooCommerce and QuickBooks <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

wp-subscription-forms

wp-subscription-forms

Score: N/A WP Subscription Forms <= 1.2.3 - Missing Authorization Affected: *-1.2.3 Patched: 1.2.4 Updated: July 1, 2026
LOW

wp-simple-booking-calendar

wp-simple-booking-calendar

Score: N/A WP Simple Booking Calendar <= 2.0.13 - Missing Authorization Affected: *-2.0.13 Patched: 2.0.14 Updated: July 1, 2026
LOW

wp-rest-api-authentication

wp-rest-api-authentication

Score: N/A WordPress REST API Authentication <= 3.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update Affected: *-3.6.3 Patched: 3.6.4 Updated: July 1, 2026
LOW

wp-posts-carousel

wp-posts-carousel

Score: N/A WP Posts Carousel <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.10 Patched: 1.3.11 Updated: July 1, 2026
LOW

wp-flipclock

wp-flipclock

Score: N/A WP Flipclock <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.1 Patched: 1.10 Updated: July 1, 2026
LOW

wp-ever-accounting

wp-ever-accounting

Score: N/A Ever Accounting <= 2.1.5 - Cross-Site Request Forgery Affected: *-2.1.5 Patched: 2.1.6 Updated: July 1, 2026
LOW

wp-event-solution

wp-event-solution

Score: N/A Eventin <= 4.0.25 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.0.25 Patched: 4.0.26 Updated: July 1, 2026
LOW

wp-advanced-search

wp-advanced-search

Score: N/A WP-Advanced-Search <= 3.3.9.3 - Authenticated (Admin+) Arbitrary File Upload Affected: *-3.3.9.3 Patched: Updated: July 1, 2026
LOW

woo-social-login

woo-social-login

Score: N/A WooCommerce Social Login <= 2.8.2 - Cross-Site Request Forgery Affected: *-2.8.2 Patched: 2.8.3 Updated: July 1, 2026
LOW

uix-shortcodes

uix-shortcodes

Score: N/A Uix Shortcodes <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

travelfic-toolkit

travelfic-toolkit

Score: N/A Travelfic Toolkit <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.3 Updated: July 1, 2026
LOW

themify-shortcodes

themify-shortcodes

Score: N/A Themify Shortcodes <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.3 Patched: 2.1.4 Updated: July 1, 2026
LOW

support-x

support-x

Score: N/A CRM Perks <= 1.1.7 - Reflected Cross-Site Scripting Affected: *-1.1.7 Patched: 1.1.8 Updated: July 1, 2026
LOW

subscribe-to-unlock-lite

subscribe-to-unlock-lite

Score: N/A Subscribe to Unlock Lite <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.0 Patched: 1.3.1 Updated: July 1, 2026
LOW

starfish-reviews

starfish-reviews

Score: N/A Starfish Review Generation & Marketing <= 3.1.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.1.19 Patched: 3.1.20 Updated: July 1, 2026
LOW

slazzer-background-changer

slazzer-background-changer

Score: N/A Slazzer Background Changer <= 3.14 - Missing Authorization Affected: *-3.14 Patched: Updated: July 1, 2026
LOW

site-search-360

site-search-360

Score: N/A Site Search 360 <= 2.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.7 Patched: Updated: July 1, 2026
LOW

scriptless-social-sharing

scriptless-social-sharing

Score: N/A Scriptless Social Sharing <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.0 Patched: 3.3.1 Updated: July 1, 2026
LOW

right-click-disable-or-ban

right-click-disable-or-ban

Score: N/A Right Click Disable OR Ban <= 1.1.17 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.17 Patched: 1.2.0 Updated: July 1, 2026
LOW

responsive-block-editor-addons

responsive-block-editor-addons

Score: N/A Responsive Blocks <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: July 1, 2026
LOW

rescue-shortcodes

rescue-shortcodes

Score: N/A Rescue Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: 3.3 Updated: July 1, 2026
LOW

propertyhive

propertyhive

Score: N/A PropertyHive <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 1, 2026
LOW

product-blocks

product-blocks

Score: N/A WowStore <= 4.2.4 - Missing Authorization Affected: *-4.2.4 Patched: 4.2.5 Updated: July 1, 2026
LOW

password-protected

password-protected

Score: N/A Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure Affected: *-2.7.7 Patched: 2.7.8 Updated: July 1, 2026
LOW

most-and-least-read-posts-widget

most-and-least-read-posts-widget

Score: 93/100 Most And Least Read Posts Widget <= 2.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.20 Patched: 2.5.21 Updated: July 1, 2026

Showing 9601 to 9700 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 06:43 UTC.