Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
modal-survey modal-survey
87
Modal Survey <= 2.0.2.0.1 - Unauthenticated SQL Injection LOW *-2.0.2.0.1 July 1, 2026
modal-survey modal-survey
87
Modal Survey <= 2.0.2.0.1 - Unauthenticated Local File Inclusion LOW *-2.0.2.0.1 July 1, 2026
membership-for-woocommerce membership-for-woocommerce
93
Membership For WooCommerce <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8.0 2.8.1 July 1, 2026
melapress-login-security melapress-login-security
93
MelaPress Login Security <= 2.1.0 - Authenticated (Administrator+) PHP Object Injection LOW *-2.1.0 2.1.1 July 1, 2026
mediavine-control-panel mediavine-control-panel
93
Mediavine Control Panel <= 2.10.6 - Unauthenticated Information Exposure LOW *-2.10.6 2.10.7 July 1, 2026
logo-carousel-slider logo-carousel-slider
91
Logo Carousel Slider <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.3 July 1, 2026
liveforms liveforms
91
Live Forms <= 4.8.4 - Missing Authorization LOW *-4.8.4 4.8.5 July 1, 2026
listdom listdom
93
Listdom <= 4.0.0 - Open Redirect LOW *-4.0.0 4.1.0 July 1, 2026
Kadence WooCommerce Email Designer kadence-woocommerce-email-designer
90
Kadence WooCommerce Email Designer <= 1.5.14 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.5.14 1.5.15 July 1, 2026
internal-link-finder internal-link-finder
93
Internal Link Optimiser <= 5.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-5.1.3 5.1.4 July 1, 2026
html5-audio-player html5-audio-player
93
Html5 Audio Player <= 2.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.28 2.3.0 July 1, 2026
hostel hostel
93
Hostel <= 1.1.5.6 - Authenticated (Administrator+) SQL Injection LOW *-1.1.5.6 1.1.5.7 July 1, 2026
helpgent helpgent
91
HelpGent <= 2.2.4 - Unauthenticated PHP Object Injection LOW *-2.2.4 July 1, 2026
goodbarber goodbarber
93
GoodBarber <= 1.0.26 - Open Redirect LOW *-1.0.26 1.0.27 July 1, 2026
fast-ebay-listings fast-ebay-listings
93
Fast eBay Listings <= 2.12.15 - Open Redirect LOW *-2.12.15 2.12.16 July 1, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
85
Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Information Disclosure LOW *-6.1.9 6.1.10 July 1, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
85
Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.1.9 6.1.10 July 1, 2026
element-ready-lite element-ready-lite
93
ElementsReady Addons for Elementor <= 6.6.2 - Cross-Site Request Forgery LOW *-6.6.2 6.6.3 July 1, 2026
editor-wysiwyg-background-color editor-wysiwyg-background-color
91
Editor Wysiwyg Background Color <= 1.0 - Missing Authorization LOW *-1.0 July 1, 2026
dynamic-post dynamic-post
93
Dynamic Post <= 5.03 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-5.03 5.04 July 1, 2026
custom-css custom-css
93
Custom CSS, JS & PHP <= 2.4.1 - Cross-Site Request Forgery to Remote Code Exectuiron LOW *-2.4.1 2.4.2 July 1, 2026
cost-calculator-builder cost-calculator-builder
93
Cost Calculator Builder <= 3.2.65 - Unauthenticated SQL Injection LOW *-3.2.65 3.2.68 July 1, 2026
conditional-shipping-for-woocommerce conditional-shipping-for-woocommerce
93
Conditional Shipping for WooCommerce <= 3.4.0 - Cross-Site Request Forgery LOW *-3.4.0 3.4.1 July 1, 2026
Conditional Payments for WooCommerce conditional-payments-for-woocommerce
95
Conditional Payments for WooCommerce <= 3.3.0 - Cross-Site Request Forgery LOW *-3.3.0 3.3.1 July 1, 2026
church-admin church-admin
93
Church Admin <= 5.0.9 - Unauthenticated Information Disclosure LOW *-5.0.9 5.0.10 July 1, 2026
church-admin church-admin
93
Church Admin <= 5.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.0.23 5.0.24 July 1, 2026
checkout-for-paypal checkout-for-paypal
93
Checkout for PayPal <= 1.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.38 1.0.39 July 1, 2026
Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce
98
Checkout Files Upload for WooCommerce <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.0 2.2.1 July 1, 2026
bulk-term-editor bulk-term-editor
91
Bulk Term Editor <= 1.1.4 - Cross-Site Request Forgery LOW *-1.1.4 July 1, 2026
bring-fraktguiden-for-woocommerce bring-fraktguiden-for-woocommerce
93
Bring Fraktguiden for WooCommerce <= 1.11.4 - Missing Authorization LOW *-1.11.4 1.11.5 July 1, 2026
bma-lite-appointment-booking-and-scheduling bma-lite-appointment-booking-and-scheduling
93
BMA Lite <= 1.4.2 - Authenticated (Administrator+) SQL Injection LOW *-1.4.2 1.4.3 July 1, 2026
basic-interactive-world-map basic-interactive-world-map
91
Basic Interactive World Map <= 2.7 - Cross-Site Request Forgery to Settings Update LOW *-2.7 July 1, 2026
author-work-in-progress-bar author-work-in-progress-bar
91
Author WIP Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
attendance-manager attendance-manager
89
Attendance Manager <= 0.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.6.2 July 1, 2026
asgaros-forum asgaros-forum
97
Asgaros Forum <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.1 3.3.0 July 1, 2026
administrator-z administrator-z
95
Administrator Z <= 2025.03.28 - Authenticated (Admin+) Directory Traversal LOW *-2025.03.28 2025.03.30 July 1, 2026
activedemand activedemand
97
ActiveDEMAND <= 0.2.46 - Missing Authorization LOW *-0.2.46 0.2.47 July 1, 2026
wp-staging-pro wp-staging-pro N/A WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function LOW *-6.1.2 6.1.3 July 1, 2026
Contact Form 7 contact-form-7
97
Contact Form 7 <= 6.0.5 - Order Replay Vulnerability LOW *-6.0.5 6.0.6 July 1, 2026
contact-form-by-supsystic contact-form-by-supsystic
93
Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action LOW *-1.7.29 1.7.30 July 1, 2026
profile-builder profile-builder N/A User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.13.6 3.13.7 July 1, 2026
wps-team wps-team N/A Team Members <= 3.4.4 - Authenticated (Contributor+) PHP Object Injection LOW *-3.4.4 3.4.5 July 1, 2026
wp-donate wp-donate N/A WP Donate <= 2.0 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
wooms wooms N/A WooMS <= 9.12 - Reflected Cross-Site Scripting LOW *-9.12 July 1, 2026
unlimited-timeline unlimited-timeline N/A Unlimited Timeline < 1.6.1 - Missing Authorization LOW [*, 1.6.1) 1.6.1 July 1, 2026
ulisting ulisting N/A uListing <= 2.2.0 - Authenticated (Subscriber+) PHP Object Injection LOW *-2.2.0 July 1, 2026
tourmaster tourmaster N/A Tourmaster < 5.4.1 - Reflected Cross-Site Scripting LOW [*, 5.4.1) 5.4.1 July 1, 2026
sign-up-sheets sign-up-sheets N/A Sign-up Sheets <= 2.3.0.1 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.3.0.1 2.3.1 July 1, 2026
real-estate-manager real-estate-manager N/A Real Estate Manager <= 7.3 - Unauthenticated Remote Code Execution LOW *-7.3 July 1, 2026
push-notification-by-feedify push-notification-by-feedify N/A Feedify – Web Push Notifications <= 2.4.5 - Reflected Cross-Site Scripting LOW *-2.4.5 2.4.6 July 1, 2026
pdf2post pdf2post N/A PDF 2 Post <= 2.4.0 - Authenticated (Subscriber+) Remote Code Execution LOW *-2.4.0 July 1, 2026
office-locator office-locator N/A Office Locator <= 1.3.0 - Unauthenticated SQL Injection LOW *-1.3.0 July 1, 2026
mapsvg-lite-interactive-vector-maps mapsvg-lite-interactive-vector-maps
93
MapSVG Lite <= 8.6.4 - Authenticated (Contributor+) Arbitrary File Upload LOW *-8.6.4 8.6.5 July 1, 2026
macro-admin-email-data-optin-calculator macro-admin-email-data-optin-calculator
91
Macro Calculator with Admin Email Optin & Data <= 1.0 - Unauthenticated Information Disclosure LOW *-1.0 July 1, 2026
kiotvietsync kiotvietsync
83
KiotViet Sync <= 1.8.4 - Authenticated (Subscriber+) SQL Injection LOW *-1.8.4 1.8.5 July 1, 2026
kata-plus kata-plus
93
Kata Plus <= 1.5.3 - Unauthenticated PHP Object Injection LOW *-1.5.3 1.5.4 July 1, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Unauthenticated SQL Injection LOW *-2.0.2 July 1, 2026
jet-tricks jet-tricks
93
JetTricks <= 1.5.1 - Missing Authorization LOW *-1.5.1 1.5.1.1 July 1, 2026
jet-popup jet-popup
93
JetPopup <= 2.0.11 - Missing Authorization LOW *-2.0.11 2.0.12 July 1, 2026
jet-menu jet-menu
93
JetMenu <= 2.4.9 - Missing Authorization LOW *-2.4.9 2.4.9.1 July 1, 2026
jet-blog jet-blog
93
JetBlog <= 2.4.3 - Missing Authorization LOW *-2.4.3 2.4.3.1 July 1, 2026
hockeydata-los hockeydata-los
91
hockeydata LOS <= 1.2.4 - Unauthenticated Local File Inclusion LOW *-1.2.4 July 1, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support <= 1.2.5 - Reflected Cross-Site Scripting LOW *-1.2.5 1.2.6 July 1, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support <= 1.2.6 - Unauthenticated Sensitive Information Exposure LOW *-1.2.6 1.2.7 July 1, 2026
fs-poster fs-poster
93
FS Poster <= 6.5.8 - Missing Authorization LOW *-6.5.8 7.1.8 July 1, 2026
embedding-barcodes-into-product-pages-and-orders embedding-barcodes-into-product-pages-and-orders
93
Barcode Generator for WooCommerce <= 2.0.4 - Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-2.0.4 2.0.5 July 1, 2026
contest-code-checker contest-code-checker
91
Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.6 - Reflected Cross-Site Scripting LOW *-2.0.6 July 1, 2026
awesome-logo-carousel-block awesome-logo-carousel-block
93
Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter LOW *-2.1.6 2.1.7 July 1, 2026
poll-wp poll-wp N/A TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter LOW *-2.4.6 2.4.7 July 1, 2026
woocommerce-products-without-featured-images woocommerce-products-without-featured-images N/A WooCommerce Products without featured images <= 0.1 - Cross-Site Request Forgery LOW *-0.1 July 1, 2026
void-elementor-whmcs-elements void-elementor-whmcs-elements N/A Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1.2 July 1, 2026
verowa-connect verowa-connect N/A Verowa Connect <= 3.0.4 - Reflected Cross-Site Scripting LOW *-3.0.4 3.0.5 July 1, 2026
turitop-booking-system turitop-booking-system N/A TuriTop Booking System <= 1.0.10 - Authenticated (Subscriber+) PHP Object Injection LOW *-1.0.10 July 1, 2026
tp-gallery-slider tp-gallery-slider N/A T&P Gallery Slider <= 1.2 - Unauthenticated Stored Cross-Site Scripting LOW *-1.2 July 1, 2026
totalprocessing-card-payments totalprocessing-card-payments N/A Nomupay Payment Processing Gateway <= 7.1.6 - Reflected Cross-Site Scripting LOW *-7.1.6 7.1.7 July 1, 2026
testimonial-slider-showcase-pro testimonial-slider-showcase-pro N/A Testimonial Slider And Showcase Pro <= 2.1.7 - Authenticated (Subscriber+) Local File Inclusion LOW *-2.1.7 July 1, 2026
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates responsive-addons-for-elementor N/A Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag' LOW *-1.6.9 1.6.9.1 July 1, 2026
question-answer question-answer N/A Question Answer <= 1.2.70 - Authenticated (Subscriber+) PHP Object Injection LOW *-1.2.70 July 1, 2026
projectopia-core projectopia-core N/A Projectopia <= 5.1.18 - Unauthenticated Privilege Escalation via Account Takeover LOW *-5.1.18 July 1, 2026
posts-table-filterable posts-table-filterable N/A TableOn – WordPress Posts Table Filterable <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 1, 2026
otpless otpless N/A OTP-less one tap Sign in <= 2.0.58 - Reflected Cross-Site Scripting LOW *-2.0.58 2.0.59 July 1, 2026
newsletter newsletter N/A Newsletter <= 8.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-8.7.0 8.7.1 July 1, 2026
my-auctions-allegro-free-edition my-auctions-allegro-free-edition
89
My auctions allegro <= 3.6.33 - Cross-Site Request Forgery LOW *-3.6.33 3.6.34 July 1, 2026
movylo-widget movylo-widget
91
Movylo Marketing Automation <= 2.0.7 - Reflected Cross-Site Scripting LOW *-2.0.7 July 1, 2026
mobile-app-for-woocommerce mobile-app-for-woocommerce
91
ShopApper <= 0.4.53 - Unauthenticated Stored Cross-Site Scripting LOW *-0.4.53 July 1, 2026
material-dashboard material-dashboard
93
Material Dashboard <= 1.4.6 - Unauthenticated Privilege Escalation LOW *-1.4.6 1.4.7 July 1, 2026
local-magic local-magic
89
Local Magic <= 2.6.0 - Unauthenticated SQL Injection LOW *-2.6.0 July 1, 2026
landing-page-cat landing-page-cat
93
Landing Page Cat <= 1.7.8 - Reflected Cross-Site Scripting LOW *-1.7.8 1.7.9 July 1, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Unauthenticated Arbitrary File Upload LOW *-2.0.2 July 1, 2026
import-from-yml import-from-yml
93
Import from YML <= 3.1.17 - Reflected Cross-Site Scripting LOW *-3.1.17 4.0.0 July 1, 2026
expresstechsoftwares-memberpress-discord-add-on expresstechsoftwares-memberpress-discord-add-on
93
MemberPress Discord Addon <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 1.1.2 July 1, 2026
enable-wp-debug-toggle enable-wp-debug-toggle
91
WP_DEBUG Toggle <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 1, 2026
email-shortcode email-shortcode
91
Event Espresso – Custom Email Template Shortcode <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 1, 2026
crudlab-scroll-to-top crudlab-scroll-to-top
91
CRUDLab Scroll to Top <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 1, 2026
course-booking-system course-booking-system
93
Course Booking System <= 6.1.2 - Reflected Cross-Site Scripting LOW *-6.1.2 6.1.3 July 1, 2026
all-push-notification all-push-notification
92
All push notification for WP <= 1.5.3 - Reflected Cross-Site Scripting LOW *-1.5.3 July 1, 2026
1-jquery-photo-gallery-slideshow-flash 1-jquery-photo-gallery-slideshow-flash
95
ZooEffect <= 1.11 - Reflected Cross-Site Scripting LOW *-1.11 July 1, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update LOW *-4.1.3 4.1.4 July 1, 2026
cart66-cloud cart66-cloud
89
Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure LOW *-2.3.7 July 1, 2026
developer-toolbar developer-toolbar
91
Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure LOW *-1.0.3 July 1, 2026
LOW

modal-survey

modal-survey

Score: 87/100 Modal Survey <= 2.0.2.0.1 - Unauthenticated SQL Injection Affected: *-2.0.2.0.1 Patched: Updated: July 1, 2026
LOW

modal-survey

modal-survey

Score: 87/100 Modal Survey <= 2.0.2.0.1 - Unauthenticated Local File Inclusion Affected: *-2.0.2.0.1 Patched: Updated: July 1, 2026
LOW

membership-for-woocommerce

membership-for-woocommerce

Score: 93/100 Membership For WooCommerce <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: July 1, 2026
LOW

melapress-login-security

melapress-login-security

Score: 93/100 MelaPress Login Security <= 2.1.0 - Authenticated (Administrator+) PHP Object Injection Affected: *-2.1.0 Patched: 2.1.1 Updated: July 1, 2026
LOW

mediavine-control-panel

mediavine-control-panel

Score: 93/100 Mediavine Control Panel <= 2.10.6 - Unauthenticated Information Exposure Affected: *-2.10.6 Patched: 2.10.7 Updated: July 1, 2026
LOW

logo-carousel-slider

logo-carousel-slider

Score: 91/100 Logo Carousel Slider <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.3 Patched: Updated: July 1, 2026
LOW

liveforms

liveforms

Score: 91/100 Live Forms <= 4.8.4 - Missing Authorization Affected: *-4.8.4 Patched: 4.8.5 Updated: July 1, 2026
LOW

listdom

listdom

Score: 93/100 Listdom <= 4.0.0 - Open Redirect Affected: *-4.0.0 Patched: 4.1.0 Updated: July 1, 2026
LOW

Kadence WooCommerce Email Designer

kadence-woocommerce-email-designer

Score: 90/100 Kadence WooCommerce Email Designer <= 1.5.14 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.5.14 Patched: 1.5.15 Updated: July 1, 2026
LOW

internal-link-finder

internal-link-finder

Score: 93/100 Internal Link Optimiser <= 5.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.1.3 Patched: 5.1.4 Updated: July 1, 2026
LOW

html5-audio-player

html5-audio-player

Score: 93/100 Html5 Audio Player <= 2.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.28 Patched: 2.3.0 Updated: July 1, 2026
LOW

hostel

hostel

Score: 93/100 Hostel <= 1.1.5.6 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.5.6 Patched: 1.1.5.7 Updated: July 1, 2026
LOW

helpgent

helpgent

Score: 91/100 HelpGent <= 2.2.4 - Unauthenticated PHP Object Injection Affected: *-2.2.4 Patched: Updated: July 1, 2026
LOW

goodbarber

goodbarber

Score: 93/100 GoodBarber <= 1.0.26 - Open Redirect Affected: *-1.0.26 Patched: 1.0.27 Updated: July 1, 2026
LOW

fast-ebay-listings

fast-ebay-listings

Score: 93/100 Fast eBay Listings <= 2.12.15 - Open Redirect Affected: *-2.12.15 Patched: 2.12.16 Updated: July 1, 2026
LOW

element-ready-lite

element-ready-lite

Score: 93/100 ElementsReady Addons for Elementor <= 6.6.2 - Cross-Site Request Forgery Affected: *-6.6.2 Patched: 6.6.3 Updated: July 1, 2026
LOW

editor-wysiwyg-background-color

editor-wysiwyg-background-color

Score: 91/100 Editor Wysiwyg Background Color <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

dynamic-post

dynamic-post

Score: 93/100 Dynamic Post <= 5.03 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-5.03 Patched: 5.04 Updated: July 1, 2026
LOW

custom-css

custom-css

Score: 93/100 Custom CSS, JS & PHP <= 2.4.1 - Cross-Site Request Forgery to Remote Code Exectuiron Affected: *-2.4.1 Patched: 2.4.2 Updated: July 1, 2026
LOW

cost-calculator-builder

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.2.65 - Unauthenticated SQL Injection Affected: *-3.2.65 Patched: 3.2.68 Updated: July 1, 2026
LOW

conditional-shipping-for-woocommerce

conditional-shipping-for-woocommerce

Score: 93/100 Conditional Shipping for WooCommerce <= 3.4.0 - Cross-Site Request Forgery Affected: *-3.4.0 Patched: 3.4.1 Updated: July 1, 2026
LOW

Conditional Payments for WooCommerce

conditional-payments-for-woocommerce

Score: 95/100 Conditional Payments for WooCommerce <= 3.3.0 - Cross-Site Request Forgery Affected: *-3.3.0 Patched: 3.3.1 Updated: July 1, 2026
LOW

church-admin

church-admin

Score: 93/100 Church Admin <= 5.0.9 - Unauthenticated Information Disclosure Affected: *-5.0.9 Patched: 5.0.10 Updated: July 1, 2026
LOW

church-admin

church-admin

Score: 93/100 Church Admin <= 5.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.23 Patched: 5.0.24 Updated: July 1, 2026
LOW

checkout-for-paypal

checkout-for-paypal

Score: 93/100 Checkout for PayPal <= 1.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.38 Patched: 1.0.39 Updated: July 1, 2026
LOW

Checkout Files Upload for WooCommerce

checkout-files-upload-woocommerce

Score: 98/100 Checkout Files Upload for WooCommerce <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: 2.2.1 Updated: July 1, 2026
LOW

bulk-term-editor

bulk-term-editor

Score: 91/100 Bulk Term Editor <= 1.1.4 - Cross-Site Request Forgery Affected: *-1.1.4 Patched: Updated: July 1, 2026
LOW

bring-fraktguiden-for-woocommerce

bring-fraktguiden-for-woocommerce

Score: 93/100 Bring Fraktguiden for WooCommerce <= 1.11.4 - Missing Authorization Affected: *-1.11.4 Patched: 1.11.5 Updated: July 1, 2026
LOW

bma-lite-appointment-booking-and-scheduling

bma-lite-appointment-booking-and-scheduling

Score: 93/100 BMA Lite <= 1.4.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.4.2 Patched: 1.4.3 Updated: July 1, 2026
LOW

basic-interactive-world-map

basic-interactive-world-map

Score: 91/100 Basic Interactive World Map <= 2.7 - Cross-Site Request Forgery to Settings Update Affected: *-2.7 Patched: Updated: July 1, 2026
LOW

author-work-in-progress-bar

author-work-in-progress-bar

Score: 91/100 Author WIP Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

attendance-manager

attendance-manager

Score: 89/100 Attendance Manager <= 0.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6.2 Patched: Updated: July 1, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.3.0 Updated: July 1, 2026
LOW

administrator-z

administrator-z

Score: 95/100 Administrator Z <= 2025.03.28 - Authenticated (Admin+) Directory Traversal Affected: *-2025.03.28 Patched: 2025.03.30 Updated: July 1, 2026
LOW

activedemand

activedemand

Score: 97/100 ActiveDEMAND <= 0.2.46 - Missing Authorization Affected: *-0.2.46 Patched: 0.2.47 Updated: July 1, 2026
LOW

wp-staging-pro

wp-staging-pro

Score: N/A WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function Affected: *-6.1.2 Patched: 6.1.3 Updated: July 1, 2026
LOW

Contact Form 7

contact-form-7

Score: 97/100 Contact Form 7 <= 6.0.5 - Order Replay Vulnerability Affected: *-6.0.5 Patched: 6.0.6 Updated: July 1, 2026
LOW

contact-form-by-supsystic

contact-form-by-supsystic

Score: 93/100 Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action Affected: *-1.7.29 Patched: 1.7.30 Updated: July 1, 2026
LOW

profile-builder

profile-builder

Score: N/A User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.13.6 Patched: 3.13.7 Updated: July 1, 2026
LOW

wps-team

wps-team

Score: N/A Team Members <= 3.4.4 - Authenticated (Contributor+) PHP Object Injection Affected: *-3.4.4 Patched: 3.4.5 Updated: July 1, 2026
LOW

wp-donate

wp-donate

Score: N/A WP Donate <= 2.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

wooms

wooms

Score: N/A WooMS <= 9.12 - Reflected Cross-Site Scripting Affected: *-9.12 Patched: Updated: July 1, 2026
LOW

unlimited-timeline

unlimited-timeline

Score: N/A Unlimited Timeline < 1.6.1 - Missing Authorization Affected: [*, 1.6.1) Patched: 1.6.1 Updated: July 1, 2026
LOW

ulisting

ulisting

Score: N/A uListing <= 2.2.0 - Authenticated (Subscriber+) PHP Object Injection Affected: *-2.2.0 Patched: Updated: July 1, 2026
LOW

tourmaster

tourmaster

Score: N/A Tourmaster < 5.4.1 - Reflected Cross-Site Scripting Affected: [*, 5.4.1) Patched: 5.4.1 Updated: July 1, 2026
LOW

sign-up-sheets

sign-up-sheets

Score: N/A Sign-up Sheets <= 2.3.0.1 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.3.0.1 Patched: 2.3.1 Updated: July 1, 2026
LOW

real-estate-manager

real-estate-manager

Score: N/A Real Estate Manager <= 7.3 - Unauthenticated Remote Code Execution Affected: *-7.3 Patched: Updated: July 1, 2026
LOW

push-notification-by-feedify

push-notification-by-feedify

Score: N/A Feedify – Web Push Notifications <= 2.4.5 - Reflected Cross-Site Scripting Affected: *-2.4.5 Patched: 2.4.6 Updated: July 1, 2026
LOW

pdf2post

pdf2post

Score: N/A PDF 2 Post <= 2.4.0 - Authenticated (Subscriber+) Remote Code Execution Affected: *-2.4.0 Patched: Updated: July 1, 2026
LOW

office-locator

office-locator

Score: N/A Office Locator <= 1.3.0 - Unauthenticated SQL Injection Affected: *-1.3.0 Patched: Updated: July 1, 2026
LOW

mapsvg-lite-interactive-vector-maps

mapsvg-lite-interactive-vector-maps

Score: 93/100 MapSVG Lite <= 8.6.4 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-8.6.4 Patched: 8.6.5 Updated: July 1, 2026
LOW

macro-admin-email-data-optin-calculator

macro-admin-email-data-optin-calculator

Score: 91/100 Macro Calculator with Admin Email Optin & Data <= 1.0 - Unauthenticated Information Disclosure Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

kiotvietsync

kiotvietsync

Score: 83/100 KiotViet Sync <= 1.8.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.8.4 Patched: 1.8.5 Updated: July 1, 2026
LOW

kata-plus

kata-plus

Score: 93/100 Kata Plus <= 1.5.3 - Unauthenticated PHP Object Injection Affected: *-1.5.3 Patched: 1.5.4 Updated: July 1, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Unauthenticated SQL Injection Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

jet-tricks

jet-tricks

Score: 93/100 JetTricks <= 1.5.1 - Missing Authorization Affected: *-1.5.1 Patched: 1.5.1.1 Updated: July 1, 2026
LOW

jet-popup

jet-popup

Score: 93/100 JetPopup <= 2.0.11 - Missing Authorization Affected: *-2.0.11 Patched: 2.0.12 Updated: July 1, 2026
LOW

jet-menu

jet-menu

Score: 93/100 JetMenu <= 2.4.9 - Missing Authorization Affected: *-2.4.9 Patched: 2.4.9.1 Updated: July 1, 2026
LOW

jet-blog

jet-blog

Score: 93/100 JetBlog <= 2.4.3 - Missing Authorization Affected: *-2.4.3 Patched: 2.4.3.1 Updated: July 1, 2026
LOW

hockeydata-los

hockeydata-los

Score: 91/100 hockeydata LOS <= 1.2.4 - Unauthenticated Local File Inclusion Affected: *-1.2.4 Patched: Updated: July 1, 2026
LOW

fs-poster

fs-poster

Score: 93/100 FS Poster <= 6.5.8 - Missing Authorization Affected: *-6.5.8 Patched: 7.1.8 Updated: July 1, 2026
LOW

embedding-barcodes-into-product-pages-and-orders

embedding-barcodes-into-product-pages-and-orders

Score: 93/100 Barcode Generator for WooCommerce <= 2.0.4 - Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-2.0.4 Patched: 2.0.5 Updated: July 1, 2026
LOW

contest-code-checker

contest-code-checker

Score: 91/100 Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.6 - Reflected Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: July 1, 2026
LOW

awesome-logo-carousel-block

awesome-logo-carousel-block

Score: 93/100 Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter Affected: *-2.1.6 Patched: 2.1.7 Updated: July 1, 2026
LOW

poll-wp

poll-wp

Score: N/A TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter Affected: *-2.4.6 Patched: 2.4.7 Updated: July 1, 2026
LOW

woocommerce-products-without-featured-images

woocommerce-products-without-featured-images

Score: N/A WooCommerce Products without featured images <= 0.1 - Cross-Site Request Forgery Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

void-elementor-whmcs-elements

void-elementor-whmcs-elements

Score: N/A Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1.2 Patched: Updated: July 1, 2026
LOW

verowa-connect

verowa-connect

Score: N/A Verowa Connect <= 3.0.4 - Reflected Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

turitop-booking-system

turitop-booking-system

Score: N/A TuriTop Booking System <= 1.0.10 - Authenticated (Subscriber+) PHP Object Injection Affected: *-1.0.10 Patched: Updated: July 1, 2026
LOW

tp-gallery-slider

tp-gallery-slider

Score: N/A T&P Gallery Slider <= 1.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

totalprocessing-card-payments

totalprocessing-card-payments

Score: N/A Nomupay Payment Processing Gateway <= 7.1.6 - Reflected Cross-Site Scripting Affected: *-7.1.6 Patched: 7.1.7 Updated: July 1, 2026
LOW

testimonial-slider-showcase-pro

testimonial-slider-showcase-pro

Score: N/A Testimonial Slider And Showcase Pro <= 2.1.7 - Authenticated (Subscriber+) Local File Inclusion Affected: *-2.1.7 Patched: Updated: July 1, 2026
LOW

question-answer

question-answer

Score: N/A Question Answer <= 1.2.70 - Authenticated (Subscriber+) PHP Object Injection Affected: *-1.2.70 Patched: Updated: July 1, 2026
LOW

projectopia-core

projectopia-core

Score: N/A Projectopia <= 5.1.18 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-5.1.18 Patched: Updated: July 1, 2026
LOW

posts-table-filterable

posts-table-filterable

Score: N/A TableOn – WordPress Posts Table Filterable <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 1, 2026
LOW

otpless

otpless

Score: N/A OTP-less one tap Sign in <= 2.0.58 - Reflected Cross-Site Scripting Affected: *-2.0.58 Patched: 2.0.59 Updated: July 1, 2026
LOW

newsletter

newsletter

Score: N/A Newsletter <= 8.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-8.7.0 Patched: 8.7.1 Updated: July 1, 2026
LOW

my-auctions-allegro-free-edition

my-auctions-allegro-free-edition

Score: 89/100 My auctions allegro <= 3.6.33 - Cross-Site Request Forgery Affected: *-3.6.33 Patched: 3.6.34 Updated: July 1, 2026
LOW

movylo-widget

movylo-widget

Score: 91/100 Movylo Marketing Automation <= 2.0.7 - Reflected Cross-Site Scripting Affected: *-2.0.7 Patched: Updated: July 1, 2026
LOW

mobile-app-for-woocommerce

mobile-app-for-woocommerce

Score: 91/100 ShopApper <= 0.4.53 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.4.53 Patched: Updated: July 1, 2026
LOW

material-dashboard

material-dashboard

Score: 93/100 Material Dashboard <= 1.4.6 - Unauthenticated Privilege Escalation Affected: *-1.4.6 Patched: 1.4.7 Updated: July 1, 2026
LOW

local-magic

local-magic

Score: 89/100 Local Magic <= 2.6.0 - Unauthenticated SQL Injection Affected: *-2.6.0 Patched: Updated: July 1, 2026
LOW

landing-page-cat

landing-page-cat

Score: 93/100 Landing Page Cat <= 1.7.8 - Reflected Cross-Site Scripting Affected: *-1.7.8 Patched: 1.7.9 Updated: July 1, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Unauthenticated Arbitrary File Upload Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

import-from-yml

import-from-yml

Score: 93/100 Import from YML <= 3.1.17 - Reflected Cross-Site Scripting Affected: *-3.1.17 Patched: 4.0.0 Updated: July 1, 2026
LOW

expresstechsoftwares-memberpress-discord-add-on

expresstechsoftwares-memberpress-discord-add-on

Score: 93/100 MemberPress Discord Addon <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

enable-wp-debug-toggle

enable-wp-debug-toggle

Score: 91/100 WP_DEBUG Toggle <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

email-shortcode

email-shortcode

Score: 91/100 Event Espresso – Custom Email Template Shortcode <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

crudlab-scroll-to-top

crudlab-scroll-to-top

Score: 91/100 CRUDLab Scroll to Top <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

course-booking-system

course-booking-system

Score: 93/100 Course Booking System <= 6.1.2 - Reflected Cross-Site Scripting Affected: *-6.1.2 Patched: 6.1.3 Updated: July 1, 2026
LOW

all-push-notification

all-push-notification

Score: 92/100 All push notification for WP <= 1.5.3 - Reflected Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 1, 2026
LOW

1-jquery-photo-gallery-slideshow-flash

1-jquery-photo-gallery-slideshow-flash

Score: 95/100 ZooEffect <= 1.11 - Reflected Cross-Site Scripting Affected: *-1.11 Patched: Updated: July 1, 2026
LOW

cart66-cloud

cart66-cloud

Score: 89/100 Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure Affected: *-2.3.7 Patched: Updated: July 1, 2026
LOW

developer-toolbar

developer-toolbar

Score: 91/100 Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure Affected: *-1.0.3 Patched: Updated: July 1, 2026

Showing 9701 to 9800 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 07:53 UTC.