Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wpc-admin-columns wpc-admin-columns N/A WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update LOW 2.0.6-2.1.0 2.1.1 July 1, 2026
wp-featured-screenshot wp-featured-screenshot N/A WP Featured Screenshot <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 1, 2026
wp-easy-poll-afo wp-easy-poll-afo N/A WP Easy Poll <= 2.2.9 - Reflected Cross-Site Scripting LOW *-2.2.9 July 1, 2026
wp-delete-user-accounts wp-delete-user-accounts N/A WP Delete User Accounts <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 1, 2026
woocommerce-loyal-customer woocommerce-loyal-customer N/A WooCommerce Loyal Customers <= 2.6 - Missing Authorization LOW *-2.6 July 1, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification LOW *-4.1.3 4.1.4 July 1, 2026
uncanny-learndash-toolkit uncanny-learndash-toolkit N/A Uncanny Toolkit for LearnDash <= 3.7.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.7.0.1 3.7.0.2 July 1, 2026
testimonial-free testimonial-free N/A Real Testimonials <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.6 3.1.7 July 1, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder sureforms N/A SureForms <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.3 1.4.4 July 1, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder sureforms N/A SureForms <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.3 1.4.4 July 1, 2026
skt-skill-bar skt-skill-bar N/A SKT Skill Bar <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 2.4 July 1, 2026
skt-blocks skt-blocks N/A SKT Blocks – Gutenberg based Page Builder <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8 1.9 July 1, 2026
skt-blocks skt-blocks N/A SKT Blocks – Gutenberg based Page Builder <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 2.0 July 1, 2026
site-mode site-mode N/A Coming Soon, Maintenance Mode <= 1.1.1 - Unauthenticated Local File Inclusion LOW *-1.1.1 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.7.1006 - Authenticated (Admin+) Server Side Request Forgery LOW *-1.7.1006 1.7.1007 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.1012 1.7.1013 July 1, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting LOW *-1.7.1012 1.7.1013 July 1, 2026
quadmenu quadmenu N/A WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update LOW *-3.2.0 3.2.1 July 1, 2026
product-tabs-for-woocommerce product-tabs-for-woocommerce N/A Additional Custom Product Tabs for WooCommerce <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.0 1.7.1 July 1, 2026
nepali-date-converter nepali-date-converter N/A Nepali Date Converter <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.8 3.0.0 July 1, 2026
mobile-pages mobile-pages
91
Mobile Pages <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 1, 2026
listings-for-buildium listings-for-buildium
93
Listings for Buildium <= 0.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1.5 0.1.6 July 1, 2026
kargo-entegrator kargo-entegrator
93
Kargo Entegratör <= 1.1.14 - Authenticated (Shop Manager+) SQL Injection LOW *-1.1.14 1.1.15 July 1, 2026
jet-engine jet-engine
93
JetEngine <= 3.6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.6.4.1 3.6.5 July 1, 2026
jet-blog jet-blog
93
JetBlog <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.3 2.4.3.1 July 1, 2026
inpost-gallery inpost-gallery
93
InPost Gallery <= 2.1.4.3 - Cross-Site Request Forgery LOW *-2.1.4.3 2.1.4.4 July 1, 2026
dsgvo-youtube dsgvo-youtube
93
DSGVO Youtube <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 1.5.2 July 1, 2026
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer clearfy
93
Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy' LOW *-2.3.2 2.3.3 July 1, 2026
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer clearfy
93
Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache LOW *-2.3.1 2.3.2 July 1, 2026
booking-and-rental-manager-for-woocommerce booking-and-rental-manager-for-woocommerce
93
Booking and Rental Manager <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion LOW *-2.2.8 2.2.9 July 1, 2026
advance-wp-query-search-filter advance-wp-query-search-filter
93
Advance WP Query Search Filter <= 1.0.10 - Reflected Cross-Site Scripting LOW *-1.0.10 July 1, 2026
add-product-frontend-for-woocommerce add-product-frontend-for-woocommerce
95
Add Product Frontend for WooCommerce <= 1.0.6 - Missing Authorization to Unauthenticated Arbitrary Content Deletion LOW *-1.0.6 July 1, 2026
acf-link-picker-field acf-link-picker-field
95
Advanced Custom Fields: Link Picker Field <= 1.2.8 - Reflected Cross-Site Scripting LOW *-1.2.8 July 1, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-2.6.22 2.6.23 July 1, 2026
z-companion z-companion N/A Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.1.1 1.1.2 July 1, 2026
cost-calculator-builder cost-calculator-builder
93
Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter LOW *-3.2.67 3.2.68 July 1, 2026
smtp-amazon-ses smtp-amazon-ses N/A SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs LOW *-1.8 1.9 July 1, 2026
affiliate-link-tracker affiliate-link-tracker
95
Affiliate Link Tracker <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.2 July 1, 2026
zephyr-project-manager zephyr-project-manager N/A Zephyr Project Manager <= 3.3.101 - Reflected Cross-Site Scripting LOW *-3.3.101 3.3.102 July 1, 2026
wpjobboard wpjobboard N/A WPJobBoard < 5.11.1 - Cross-Site Request Forgery to Remote Code Execution LOW [*, 5.11.1) 5.11.1 July 1, 2026
wpjobboard wpjobboard N/A WPJobBoard < 5.11.1 - Authenticated (Subscriber+) Path Traversal LOW [*, 5.11.1) 5.11.1 July 1, 2026
wp-secure-by-sitesecuritymonitorcom wp-secure-by-sitesecuritymonitorcom N/A wp secure <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 1, 2026
wp-hijri wp-hijri N/A WP-Hijri <= 1.5.3 - Reflected Cross-Site Scripting LOW *-1.5.3 July 1, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters wp-google-map-plugin
74
WP Maps – Display Google Maps Perfectly with Ease <= 4.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.7.1 4.7.2 July 1, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters wp-google-map-plugin
74
WP Maps – Display Google Maps Perfectly with Ease <= 4.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.7.1 4.7.2 July 1, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters wp-google-map-plugin
74
WP Maps – Display Google Maps Perfectly with Ease <= 4.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.7.1 4.7.2 July 1, 2026
wp-condition wp-condition N/A WordPress Health and Server Condition – Integrated with Google Page Speed <= 4.1.1 - Reflected Cross-Site Scripting LOW *-4.1.1 July 1, 2026
wp-businessdirectory wp-businessdirectory N/A WP-BusinessDirectory <= 3.1.2 - Reflected Cross-Site Scripting LOW *-3.1.2 3.1.3 July 1, 2026
wp-autokeyword wp-autokeyword N/A WP AutoKeyword <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 1, 2026
woo-tbc-payment-gateway woo-tbc-payment-gateway N/A WooCommerce TBC Credit Card Payment Gateway (Free) <= 2.0.0 - Reflected Cross-Site Scripting LOW *-2.0.0 July 1, 2026
webd-woocommerce-product-excel-importer-bulk-edit webd-woocommerce-product-excel-importer-bulk-edit N/A Product Excel Import Export & Bulk Edit for WooCommerce <= 4.7 - Reflected Cross-Site Scripting LOW *-4.7 July 1, 2026
web2application web2application N/A Web2application <= 6.0 - Reflected Cross-Site Scripting LOW *-6.0 July 1, 2026
wc-shipos-delivery wc-shipos-delivery N/A Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting LOW *-2.1.7 2.2.0 July 1, 2026
wc-estimate-and-quote wc-estimate-and-quote N/A WooCommerce Estimate and Quote <= 1.0.2.5 - Reflected Cross-Site Scripting LOW *-1.0.2.5 July 1, 2026
wallet-system-for-woocommerce wallet-system-for-woocommerce N/A Wallet System for WooCommerce <= 2.6.8 - Reflected Cross-Site Scripting LOW *-2.6.8 2.6.9 July 1, 2026
vice-versa vice-versa N/A Vice Versa <= 2.2.3 - Reflected Cross-Site Scripting LOW *-2.2.3 July 1, 2026
ux-sniff ux-sniff N/A UXsniff <= 1.2.8 - Reflected Cross-Site Scripting LOW *-1.2.8 July 1, 2026
terminal-africa terminal-africa N/A Terminal Africa <= 1.13.17 - Reflected Cross-Site Scripting LOW *-1.13.17 July 1, 2026
sync-posts sync-posts N/A Sync Posts <= 1.0 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.0 July 1, 2026
stop-registration-spam stop-registration-spam N/A Stop Registration Spam <= 1.24 - Reflected Cross-Site Scripting LOW *-1.24 July 1, 2026
spark-gf-failed-submissions spark-gf-failed-submissions N/A Spark GF Failed Submissions <= 1.3.5 - Reflected Cross-Site Scripting LOW *-1.3.5 1.3.6 July 1, 2026
solace-extra solace-extra N/A Solace Extra <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.3.1 1.3.2 July 1, 2026
simple-wp-events simple-wp-events N/A Simple WP Events <= 1.8.17 - Unauthenticated Sensitive Information Exposure LOW *-1.8.17 1.9.0 July 1, 2026
silvasoft-boekhouden silvasoft-boekhouden N/A Silvasoft boekhouden <= 3.0.6 - Reflected Cross-Site Scripting LOW *-3.0.6 3.0.7 July 1, 2026
service-booking-manager service-booking-manager N/A WpBookingly <= 1.2.1 - Unauthenticated PHP Object Injection LOW *-1.2.1 July 1, 2026
serped-net serped-net N/A SERPed.net <= 4.6 - Reflected Cross-Site Scripting LOW *-4.6 4.7 July 1, 2026
rselements-lite rselements-lite N/A RS Elements Elementor Addon <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.5 July 1, 2026
revampcrm-woocommerce revampcrm-woocommerce N/A Revamp CRM for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 1, 2026
restrict-user-registration restrict-user-registration N/A Restrict User Registration <= 1.0.1 Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
related-videos-for-jw-player related-videos-for-jw-player N/A Related Videos for JW Player <= 1.2.0 - Reflected Cross-Site Scripting LOW *-1.2.0 1.2.1 July 1, 2026
rankology-seo-all-in-one-seo-analytics rankology-seo-all-in-one-seo-analytics N/A Rankology SEO – On-site SEO <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-2.2.4 2.2.5 July 1, 2026
question-answer question-answer N/A Question Answer <= 1.2.70 - Reflected Cross-Site Scripting LOW *-1.2.70 1.2.71 July 1, 2026
ppv-live-webcams ppv-live-webcams N/A Paid Videochat Turnkey Site <= 7.3.11 - Authentication Bypass LOW *-7.3.11 7.3.12 July 1, 2026
posts-table-filterable posts-table-filterable N/A TableOn – WordPress Posts Table Filterable <= 1.0.4.3 - Unauthenticated PHP Object Injection LOW *-1.0.4.3 1.0.4.4 July 1, 2026
msrp-for-woocommerce msrp-for-woocommerce
93
MSRP (RRP) Pricing for WooCommerce <= 1.8.1 - Reflected Cross-Site Scripting LOW *-1.8.1 2.0.0 July 1, 2026
make-email-customizer-for-woocommerce make-email-customizer-for-woocommerce
89
Make Email Customizer for WooCommerce <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 July 1, 2026
lingotek-translation lingotek-translation
91
Ray Enterprise Translation <= 1.7.0 - Unauthenticated Local File Inclusion LOW *-1.7.0 1.7.1 July 1, 2026
linet-erp-woocommerce-integration linet-erp-woocommerce-integration
93
Linet ERP-Woocommerce Integration <= 3.5.12 - Authenticated (Admin+) Arbitrary File Read & Deletion LOW *-3.5.12 3.6.0 July 1, 2026
license-manager-for-woocommerce license-manager-for-woocommerce
93
License Manager for WooCommerce <= 3.0.9 - Reflected Cross-Site Scripting LOW *-3.0.9 3.0.10 July 1, 2026
license-envato license-envato
93
License For Envato <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 1.1.0 July 1, 2026
jet-compare-wishlist jet-compare-wishlist
93
JetCompareWishlist <= 1.5.9 - Authenticated (Contributor+) Local File Inclusion LOW *-1.5.9 1.5.10 July 1, 2026
ione360-configurator ione360-configurator
89
iONE360 configurator <= 2.0.57 - Reflected Cross-Site Scripting LOW *-2.0.57 July 1, 2026
instawp-connect instawp-connect
93
InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion LOW *-0.1.0.85 0.1.0.86 July 1, 2026
ical-feeds ical-feeds
91
iCal Feeds <= 1.5.3 - Reflected Cross-Site Scripting LOW *-1.5.3 July 1, 2026
hamburger-icon-menu-lite hamburger-icon-menu-lite
91
Hamburger Icon Menu Lite <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 1, 2026
gb-gallery-slideshow gb-gallery-slideshow
89
GB Gallery Slideshow <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 1, 2026
fs-poster fs-poster
93
FS Poster <= 6.5.8 - Reflected Cross-Site Scripting LOW *-6.5.8 6.5.9 July 1, 2026
flip-boxes flip-boxes
93
Cool Flipbox – Shortcode & Gutenberg Block <= 1.8.3 - Reflected Cross-Site Scripting LOW *-1.8.3 1.9.0 July 1, 2026
firedrum-email-marketing firedrum-email-marketing
93
FireDrum Email Marketing <= 1.64 - Reflected Cross-Site Scripting LOW *-1.64 1.65 July 1, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection LOW *-3.1.1 3.1.2 July 1, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-3.1.1 3.1.2 July 1, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting LOW *-3.1.1 3.1.2 July 1, 2026
empik-for-woocommerce empik-for-woocommerce
93
EmpikPlace for Woocommerce <= 1.4.3 - Authenticated (Subscriber+) PHP Object Injection LOW *-1.4.3 1.4.5 July 1, 2026
doppler-form doppler-form
93
Doppler Forms <= 2.4.6 - Missing Authorization LOW *-2.4.6 2.4.7 July 1, 2026
dn-shipping-by-weight dn-shipping-by-weight
93
DN Shipping by Weight for WooCommerce <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 1.2.1 July 1, 2026
crowdfunding-for-woocommerce crowdfunding-for-woocommerce
91
Crowdfunding for WooCommerce <= 3.1.12 - Reflected Cross-Site Scripting LOW *-3.1.12 3.1.13 July 1, 2026
credova-financial credova-financial
93
Credova_Financial <= 2.4.8 - Reflected Cross-Site Scripting LOW *-2.4.8 2.4.9 July 1, 2026
coming-soon-countdown coming-soon-countdown
91
Coming Soon Countdown <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 1, 2026
clinked-client-portal clinked-client-portal
91
Clinked Client Portal <= 1.10 - Reflected Cross-Site Scripting LOW *-1.10 July 1, 2026
cart66-cloud cart66-cloud
89
Cart66 Cloud <= 2.3.7 - Reflected Cross-Site Scripting LOW *-2.3.7 July 1, 2026
LOW

wpc-admin-columns

wpc-admin-columns

Score: N/A WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update Affected: 2.0.6-2.1.0 Patched: 2.1.1 Updated: July 1, 2026
LOW

wp-featured-screenshot

wp-featured-screenshot

Score: N/A WP Featured Screenshot <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

wp-easy-poll-afo

wp-easy-poll-afo

Score: N/A WP Easy Poll <= 2.2.9 - Reflected Cross-Site Scripting Affected: *-2.2.9 Patched: Updated: July 1, 2026
LOW

wp-delete-user-accounts

wp-delete-user-accounts

Score: N/A WP Delete User Accounts <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 1, 2026
LOW

woocommerce-loyal-customer

woocommerce-loyal-customer

Score: N/A WooCommerce Loyal Customers <= 2.6 - Missing Authorization Affected: *-2.6 Patched: Updated: July 1, 2026
LOW

uncanny-learndash-toolkit

uncanny-learndash-toolkit

Score: N/A Uncanny Toolkit for LearnDash <= 3.7.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0.1 Patched: 3.7.0.2 Updated: July 1, 2026
LOW

testimonial-free

testimonial-free

Score: N/A Real Testimonials <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.6 Patched: 3.1.7 Updated: July 1, 2026
LOW

skt-skill-bar

skt-skill-bar

Score: N/A SKT Skill Bar <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: 2.4 Updated: July 1, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks – Gutenberg based Page Builder <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: July 1, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks – Gutenberg based Page Builder <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: 2.0 Updated: July 1, 2026
LOW

site-mode

site-mode

Score: N/A Coming Soon, Maintenance Mode <= 1.1.1 - Unauthenticated Local File Inclusion Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

quadmenu

quadmenu

Score: N/A WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update Affected: *-3.2.0 Patched: 3.2.1 Updated: July 1, 2026
LOW

product-tabs-for-woocommerce

product-tabs-for-woocommerce

Score: N/A Additional Custom Product Tabs for WooCommerce <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.0 Patched: 1.7.1 Updated: July 1, 2026
LOW

nepali-date-converter

nepali-date-converter

Score: N/A Nepali Date Converter <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.8 Patched: 3.0.0 Updated: July 1, 2026
LOW

mobile-pages

mobile-pages

Score: 91/100 Mobile Pages <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 1, 2026
LOW

listings-for-buildium

listings-for-buildium

Score: 93/100 Listings for Buildium <= 0.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1.5 Patched: 0.1.6 Updated: July 1, 2026
LOW

kargo-entegrator

kargo-entegrator

Score: 93/100 Kargo Entegratör <= 1.1.14 - Authenticated (Shop Manager+) SQL Injection Affected: *-1.1.14 Patched: 1.1.15 Updated: July 1, 2026
LOW

jet-engine

jet-engine

Score: 93/100 JetEngine <= 3.6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.4.1 Patched: 3.6.5 Updated: July 1, 2026
LOW

jet-blog

jet-blog

Score: 93/100 JetBlog <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.3 Patched: 2.4.3.1 Updated: July 1, 2026
LOW

inpost-gallery

inpost-gallery

Score: 93/100 InPost Gallery <= 2.1.4.3 - Cross-Site Request Forgery Affected: *-2.1.4.3 Patched: 2.1.4.4 Updated: July 1, 2026
LOW

dsgvo-youtube

dsgvo-youtube

Score: 93/100 DSGVO Youtube <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: July 1, 2026
LOW

booking-and-rental-manager-for-woocommerce

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.8 Patched: 2.2.9 Updated: July 1, 2026
LOW

advance-wp-query-search-filter

advance-wp-query-search-filter

Score: 93/100 Advance WP Query Search Filter <= 1.0.10 - Reflected Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: July 1, 2026
LOW

add-product-frontend-for-woocommerce

add-product-frontend-for-woocommerce

Score: 95/100 Add Product Frontend for WooCommerce <= 1.0.6 - Missing Authorization to Unauthenticated Arbitrary Content Deletion Affected: *-1.0.6 Patched: Updated: July 1, 2026
LOW

acf-link-picker-field

acf-link-picker-field

Score: 95/100 Advanced Custom Fields: Link Picker Field <= 1.2.8 - Reflected Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: July 1, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.6.22 Patched: 2.6.23 Updated: July 1, 2026
LOW

z-companion

z-companion

Score: N/A Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

cost-calculator-builder

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter Affected: *-3.2.67 Patched: 3.2.68 Updated: July 1, 2026
LOW

smtp-amazon-ses

smtp-amazon-ses

Score: N/A SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs Affected: *-1.8 Patched: 1.9 Updated: July 1, 2026
LOW

affiliate-link-tracker

affiliate-link-tracker

Score: 95/100 Affiliate Link Tracker <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 1, 2026
LOW

zephyr-project-manager

zephyr-project-manager

Score: N/A Zephyr Project Manager <= 3.3.101 - Reflected Cross-Site Scripting Affected: *-3.3.101 Patched: 3.3.102 Updated: July 1, 2026
LOW

wpjobboard

wpjobboard

Score: N/A WPJobBoard < 5.11.1 - Cross-Site Request Forgery to Remote Code Execution Affected: [*, 5.11.1) Patched: 5.11.1 Updated: July 1, 2026
LOW

wpjobboard

wpjobboard

Score: N/A WPJobBoard < 5.11.1 - Authenticated (Subscriber+) Path Traversal Affected: [*, 5.11.1) Patched: 5.11.1 Updated: July 1, 2026
LOW

wp-secure-by-sitesecuritymonitorcom

wp-secure-by-sitesecuritymonitorcom

Score: N/A wp secure <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

wp-hijri

wp-hijri

Score: N/A WP-Hijri <= 1.5.3 - Reflected Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 1, 2026
LOW

wp-condition

wp-condition

Score: N/A WordPress Health and Server Condition – Integrated with Google Page Speed <= 4.1.1 - Reflected Cross-Site Scripting Affected: *-4.1.1 Patched: Updated: July 1, 2026
LOW

wp-businessdirectory

wp-businessdirectory

Score: N/A WP-BusinessDirectory <= 3.1.2 - Reflected Cross-Site Scripting Affected: *-3.1.2 Patched: 3.1.3 Updated: July 1, 2026
LOW

wp-autokeyword

wp-autokeyword

Score: N/A WP AutoKeyword <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

woo-tbc-payment-gateway

woo-tbc-payment-gateway

Score: N/A WooCommerce TBC Credit Card Payment Gateway (Free) <= 2.0.0 - Reflected Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

webd-woocommerce-product-excel-importer-bulk-edit

webd-woocommerce-product-excel-importer-bulk-edit

Score: N/A Product Excel Import Export & Bulk Edit for WooCommerce <= 4.7 - Reflected Cross-Site Scripting Affected: *-4.7 Patched: Updated: July 1, 2026
LOW

web2application

web2application

Score: N/A Web2application <= 6.0 - Reflected Cross-Site Scripting Affected: *-6.0 Patched: Updated: July 1, 2026
LOW

wc-shipos-delivery

wc-shipos-delivery

Score: N/A Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting Affected: *-2.1.7 Patched: 2.2.0 Updated: July 1, 2026
LOW

wc-estimate-and-quote

wc-estimate-and-quote

Score: N/A WooCommerce Estimate and Quote <= 1.0.2.5 - Reflected Cross-Site Scripting Affected: *-1.0.2.5 Patched: Updated: July 1, 2026
LOW

wallet-system-for-woocommerce

wallet-system-for-woocommerce

Score: N/A Wallet System for WooCommerce <= 2.6.8 - Reflected Cross-Site Scripting Affected: *-2.6.8 Patched: 2.6.9 Updated: July 1, 2026
LOW

vice-versa

vice-versa

Score: N/A Vice Versa <= 2.2.3 - Reflected Cross-Site Scripting Affected: *-2.2.3 Patched: Updated: July 1, 2026
LOW

ux-sniff

ux-sniff

Score: N/A UXsniff <= 1.2.8 - Reflected Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: July 1, 2026
LOW

terminal-africa

terminal-africa

Score: N/A Terminal Africa <= 1.13.17 - Reflected Cross-Site Scripting Affected: *-1.13.17 Patched: Updated: July 1, 2026
LOW

sync-posts

sync-posts

Score: N/A Sync Posts <= 1.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

stop-registration-spam

stop-registration-spam

Score: N/A Stop Registration Spam <= 1.24 - Reflected Cross-Site Scripting Affected: *-1.24 Patched: Updated: July 1, 2026
LOW

spark-gf-failed-submissions

spark-gf-failed-submissions

Score: N/A Spark GF Failed Submissions <= 1.3.5 - Reflected Cross-Site Scripting Affected: *-1.3.5 Patched: 1.3.6 Updated: July 1, 2026
LOW

solace-extra

solace-extra

Score: N/A Solace Extra <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

simple-wp-events

simple-wp-events

Score: N/A Simple WP Events <= 1.8.17 - Unauthenticated Sensitive Information Exposure Affected: *-1.8.17 Patched: 1.9.0 Updated: July 1, 2026
LOW

silvasoft-boekhouden

silvasoft-boekhouden

Score: N/A Silvasoft boekhouden <= 3.0.6 - Reflected Cross-Site Scripting Affected: *-3.0.6 Patched: 3.0.7 Updated: July 1, 2026
LOW

service-booking-manager

service-booking-manager

Score: N/A WpBookingly <= 1.2.1 - Unauthenticated PHP Object Injection Affected: *-1.2.1 Patched: Updated: July 1, 2026
LOW

serped-net

serped-net

Score: N/A SERPed.net <= 4.6 - Reflected Cross-Site Scripting Affected: *-4.6 Patched: 4.7 Updated: July 1, 2026
LOW

rselements-lite

rselements-lite

Score: N/A RS Elements Elementor Addon <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: Updated: July 1, 2026
LOW

revampcrm-woocommerce

revampcrm-woocommerce

Score: N/A Revamp CRM for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 1, 2026
LOW

restrict-user-registration

restrict-user-registration

Score: N/A Restrict User Registration <= 1.0.1 Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

related-videos-for-jw-player

related-videos-for-jw-player

Score: N/A Related Videos for JW Player <= 1.2.0 - Reflected Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

rankology-seo-all-in-one-seo-analytics

rankology-seo-all-in-one-seo-analytics

Score: N/A Rankology SEO – On-site SEO <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-2.2.4 Patched: 2.2.5 Updated: July 1, 2026
LOW

question-answer

question-answer

Score: N/A Question Answer <= 1.2.70 - Reflected Cross-Site Scripting Affected: *-1.2.70 Patched: 1.2.71 Updated: July 1, 2026
LOW

ppv-live-webcams

ppv-live-webcams

Score: N/A Paid Videochat Turnkey Site <= 7.3.11 - Authentication Bypass Affected: *-7.3.11 Patched: 7.3.12 Updated: July 1, 2026
LOW

posts-table-filterable

posts-table-filterable

Score: N/A TableOn – WordPress Posts Table Filterable <= 1.0.4.3 - Unauthenticated PHP Object Injection Affected: *-1.0.4.3 Patched: 1.0.4.4 Updated: July 1, 2026
LOW

msrp-for-woocommerce

msrp-for-woocommerce

Score: 93/100 MSRP (RRP) Pricing for WooCommerce <= 1.8.1 - Reflected Cross-Site Scripting Affected: *-1.8.1 Patched: 2.0.0 Updated: July 1, 2026
LOW

make-email-customizer-for-woocommerce

make-email-customizer-for-woocommerce

Score: 89/100 Make Email Customizer for WooCommerce <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

lingotek-translation

lingotek-translation

Score: 91/100 Ray Enterprise Translation <= 1.7.0 - Unauthenticated Local File Inclusion Affected: *-1.7.0 Patched: 1.7.1 Updated: July 1, 2026
LOW

linet-erp-woocommerce-integration

linet-erp-woocommerce-integration

Score: 93/100 Linet ERP-Woocommerce Integration <= 3.5.12 - Authenticated (Admin+) Arbitrary File Read & Deletion Affected: *-3.5.12 Patched: 3.6.0 Updated: July 1, 2026
LOW

license-manager-for-woocommerce

license-manager-for-woocommerce

Score: 93/100 License Manager for WooCommerce <= 3.0.9 - Reflected Cross-Site Scripting Affected: *-3.0.9 Patched: 3.0.10 Updated: July 1, 2026
LOW

license-envato

license-envato

Score: 93/100 License For Envato <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: 1.1.0 Updated: July 1, 2026
LOW

jet-compare-wishlist

jet-compare-wishlist

Score: 93/100 JetCompareWishlist <= 1.5.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.5.9 Patched: 1.5.10 Updated: July 1, 2026
LOW

ione360-configurator

ione360-configurator

Score: 89/100 iONE360 configurator <= 2.0.57 - Reflected Cross-Site Scripting Affected: *-2.0.57 Patched: Updated: July 1, 2026
LOW

instawp-connect

instawp-connect

Score: 93/100 InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion Affected: *-0.1.0.85 Patched: 0.1.0.86 Updated: July 1, 2026
LOW

ical-feeds

ical-feeds

Score: 91/100 iCal Feeds <= 1.5.3 - Reflected Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 1, 2026
LOW

hamburger-icon-menu-lite

hamburger-icon-menu-lite

Score: 91/100 Hamburger Icon Menu Lite <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

gb-gallery-slideshow

gb-gallery-slideshow

Score: 89/100 GB Gallery Slideshow <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

fs-poster

fs-poster

Score: 93/100 FS Poster <= 6.5.8 - Reflected Cross-Site Scripting Affected: *-6.5.8 Patched: 6.5.9 Updated: July 1, 2026
LOW

flip-boxes

flip-boxes

Score: 93/100 Cool Flipbox – Shortcode & Gutenberg Block <= 1.8.3 - Reflected Cross-Site Scripting Affected: *-1.8.3 Patched: 1.9.0 Updated: July 1, 2026
LOW

firedrum-email-marketing

firedrum-email-marketing

Score: 93/100 FireDrum Email Marketing <= 1.64 - Reflected Cross-Site Scripting Affected: *-1.64 Patched: 1.65 Updated: July 1, 2026
LOW

empik-for-woocommerce

empik-for-woocommerce

Score: 93/100 EmpikPlace for Woocommerce <= 1.4.3 - Authenticated (Subscriber+) PHP Object Injection Affected: *-1.4.3 Patched: 1.4.5 Updated: July 1, 2026
LOW

doppler-form

doppler-form

Score: 93/100 Doppler Forms <= 2.4.6 - Missing Authorization Affected: *-2.4.6 Patched: 2.4.7 Updated: July 1, 2026
LOW

dn-shipping-by-weight

dn-shipping-by-weight

Score: 93/100 DN Shipping by Weight for WooCommerce <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: 1.2.1 Updated: July 1, 2026
LOW

crowdfunding-for-woocommerce

crowdfunding-for-woocommerce

Score: 91/100 Crowdfunding for WooCommerce <= 3.1.12 - Reflected Cross-Site Scripting Affected: *-3.1.12 Patched: 3.1.13 Updated: July 1, 2026
LOW

credova-financial

credova-financial

Score: 93/100 Credova_Financial <= 2.4.8 - Reflected Cross-Site Scripting Affected: *-2.4.8 Patched: 2.4.9 Updated: July 1, 2026
LOW

coming-soon-countdown

coming-soon-countdown

Score: 91/100 Coming Soon Countdown <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 1, 2026
LOW

clinked-client-portal

clinked-client-portal

Score: 91/100 Clinked Client Portal <= 1.10 - Reflected Cross-Site Scripting Affected: *-1.10 Patched: Updated: July 1, 2026
LOW

cart66-cloud

cart66-cloud

Score: 89/100 Cart66 Cloud <= 2.3.7 - Reflected Cross-Site Scripting Affected: *-2.3.7 Patched: Updated: July 1, 2026

Showing 9801 to 9900 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 09:03 UTC.