Plugin: Download Manager
Vulnerability: Information Disclosure
Patched Version: 3.2.25
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.25)
Plugin: NotificationX
Vulnerability: SQL Injection
Patched Version: 2.3.9
Recommended Action: Update the WordPress NotificationX plugin to the latest available version (at least 2.3.9).
Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.0
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.0).
Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).
Plugin: Custom Content Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).
Plugin: MaxGalleria
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: WP Time Slots Booking Form
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.63
Recommended Action: Update the WordPress WP Time Slots Booking Form plugin to the latest available version (at least 1.1.63).
Plugin: CP Blocks
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.15
Recommended Action: Update the WordPress CP Blocks plugin to the latest available version (at least 1.0.15).
Plugin: Advanced iFrame
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2022
Recommended Action: Update the WordPress Advanced iFrame plugin to the latest available version (at least 2022).
Plugin: Contact Form & Lead Form Elementor Builder
Vulnerability: Other Vulnerability Type
Patched Version: 1.7.4
Recommended Action: Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version (at least 1.7.4).
Plugin: Easy Pricing Tables
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.1.3
Recommended Action: Update the WordPress Easy Pricing Tables plugin to the latest available version (at least 3.1.3).
Plugin: Conversios.io
Vulnerability: SQL Injection
Patched Version: 4.6.2
Recommended Action: Update the WordPress Conversios.io plugin to the latest available version (at least 4.6.2).
Plugin: Cost Calculator
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.6
Recommended Action: Update the WordPress Cost Calculator plugin to the latest available version (at least 1.6).
Plugin: Cost Calculator
Vulnerability: Local File Inclusion
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. Reason: Security Issue.
Plugin: MasterStudy LMS
Vulnerability: Privilege Escalation
Patched Version: 2.7.6
Recommended Action: Update the WordPress MasterStudy LMS plugin to the latest available version (at least 2.7.6).
Plugin: Page View Count
Vulnerability: SQL Injection
Patched Version: 2.4.15
Recommended Action: Update the WordPress Page View Count plugin to the latest available version (at least 2.4.15).
Plugin: Crazy Bone
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 26, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Asgaros Forum
Vulnerability: SQL Injection
Patched Version: 2.0.0
Recommended Action: Update the WordPress Asgaros Forum plugin to the latest available version (at least 2.0.0).
Plugin: TI WooCommerce Wishlist
Vulnerability: SQL Injection
Patched Version: 1.40.1
Recommended Action: Update the WordPress TI WooCommerce Wishlist plugin to the latest available version (at least 1.40.1).
Plugin: TI WooCommerce Wishlist Premium
Vulnerability: SQL Injection
Patched Version: 1.40.1
Recommended Action: Update the WordPress TI WooCommerce Wishlist premium plugin to the latest available version (at least 1.40.1).
Plugin: Super Forms
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.4
Recommended Action: Update the WordPress Superforms premium plugin to the latest available version (at least 6.0.4).
Plugin: Essential Addons for Elementor
Vulnerability: Local File Inclusion
Patched Version: 5.0.5
Recommended Action: Update the WordPress Essential Addons for Elementor plugin to the latest available version (at least 5.0.5).
Plugin: WPvivid Backup and Migration
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.9.69
Recommended Action: Update the WordPress WPvivid Backup and Migration Plugin to the latest available version (at least 0.9.69).
Plugin: WP Visitor Statistics (Real Time Traffic)
Vulnerability: Other Vulnerability Type
Patched Version: 5.5
Recommended Action: Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 5.5).
Plugin: Logo Showcase with Slick Slider
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.0.1
Recommended Action: Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version (at least 2.0.1).
Plugin: Product Feed PRO for WooCommerce
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 11.2.2
Recommended Action: Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version (at least 11.2.2).
Plugin: WP Review Slider
Vulnerability: SQL Injection
Patched Version: 11.0
Recommended Action: Update the WordPress WP Review Slider plugin to the latest available version (at least 11.0).
Plugin: Use Any Font
Vulnerability: Other Vulnerability Type
Patched Version: 6.2.1
Recommended Action: Update the WordPress Use Any Font plugin to the latest available version (at least 6.2.1).
Plugin: WS Form LITE
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.176
Recommended Action: Update the WordPress WS Form LITE plugin to the latest available version (at least 1.8.176).
Plugin: WS Form LITE
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.176
Recommended Action: Update the WordPress WS Form LITE plugin to the latest available version (at least 1.8.176).
Plugin: WS Form Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.175
Recommended Action: Update the WordPress WS Form Pro premium plugin to the latest available version (at least 1.8.176).
Plugin: WS Form Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.176
Recommended Action: Update the WordPress WS Form Pro premium plugin to the latest available version (at least 1.8.176).
Plugin: Blackhole for Bad Bots
Vulnerability: Other Vulnerability Type
Patched Version: 3.3.2
Recommended Action: Update the WordPress Blackhole for Bad Bots plugin to the latest available version (at least 3.3.2).
Plugin: Better Notifications for WP
Vulnerability: Information Disclosure
Patched Version: 1.8.7
Recommended Action: Update the WordPress Better Notifications for WP plugin to the latest available version (at least 1.8.7).
Plugin: WP User
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7
Recommended Action: Update the WordPress WP User plugin to the latest available version (at least 7).
Plugin: My Site Audit
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.5
Recommended Action: Update the WordPress My Site Audit plugin to the latest available version (at least 1.2.5).
Plugin: EasyJobs
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.8
Recommended Action: Update the WordPress EasyJobs plugin to the latest available version (at least 1.4.8).
Plugin: Fotobook
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: AccessPress Parallax
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Accesspress Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: AccessPress Store
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Zigcy Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Enlighten
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Accesspress Mag
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: StoreVilla
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Punte
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Accesspress Basic
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: AccessPress Root
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Construction Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: VMagazine Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: ParallaxSome
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: FotoGraphy
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: VMag
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Uncode Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Bingle
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: The Launcher
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: ScrollMe
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Agency Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Swing Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Vmagazine News
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Bloger
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Revolve
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Ripple
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Zigcy Cosmetics
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: The Monday
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Zigcy Baby
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Doko
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Sakala
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Edict Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: The100
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: WP Store
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Eight Sec
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: EightLaw Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Eightmedi Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: EightStore Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Brovy
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: WPparallax
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Arrival
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Ultra Seven
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Opstore
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: WP Google Map
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.8.4
Recommended Action: Update the WordPress WP Google Map plugin to the latest available version (at least 1.8.4).
Plugin: WHMCS Bridge
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.4b
Recommended Action: Update the WordPress WHMCS Bridge plugin to the latest available version (at least 6.4b).
Plugin: [GWA] AutoResponder
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation.