Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

bplugins

Source -

NVDADPCNA

BOS Name -

N/A

CNA CVEs -

36

ADP CVEs -

3

CISA CVEs -

0

NVD CVEs -

20
Related CVEsRelated ProductsRelated AssignersReports
53Vulnerabilities found

CVE-2026-11402
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.21% / 11.47%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 05:34
Updated-18 Jun, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The payload persists inside HTML comments in post_content, bypassing wp_kses_post sanitization at save time, and executes via both the primary service link anchor and a secondary title-wrapped anchor when the linkIn option is set to 'title'.

Action-Not Available
Vendor-bplugins
Product-Services Section Block – Showcase Service Details in Grid or Columns
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-53736
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 1.22%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 20:39
Updated-11 Jun, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.

Action-Not Available
Vendor-bplugins
Product-Easy Twitter Feeds
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-6446
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 13.66%
||
7 Day CHG~0.00%
Published-02 May, 2026 | 04:27
Updated-05 May, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action

The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This is due to the complete absence of authorization checks (no capability verification) and nonce verification in the get_accounts() function, which returns the full contents of the 'ttp_tiktok_accounts' WordPress option. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive TikTok OAuth credentials, including access_token and refresh_token values, that belong to administrator-connected TikTok accounts, enabling them to impersonate the site owner when interacting with the TikTok API.

Action-Not Available
Vendor-bplugins
Product-My Social Feeds – Social Feeds Embedder Plugin for WordPress
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-13362
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.28% / 19.62%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 05:29
Updated-01 May, 2026 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-damian-gorawpsaadessekianicheaddonsbpluginscodesavorysenolsxplodedthemestonyzeoli100pluginswebba-agencymapstersamdanitakanakuihkdigitalagencytobias_conradpagupparetodigitaltripettooceanwppluginswareelliotvsblackandwhitedigitalwpbitsenwebyuriahs-victorsaadiqbalunitecmsgn_themessjavedmohsinofflinehasanazizulgallerycreatorpremmercenitin247themelocationspiderdevsbensibleysebettickerawordpluswpspeedocyclonecodeinaviiseezeeelespareimtiazrayhankofimokomedavidandersonprinceahmedinfornwebgowebsmartymr2pkaizencodersspeedifymeowcrewsmartwpresspluginscafeblocksparemattpramschufer5starpluginsfullworksvinod-dalviinteractivegeomapsmikewire_rocksolidpeterschulznltheafricanbossmihail-barinovjosevegarebelcodewebheadllcpassionatebrainswpdeverlitonice13tobiasbgfoopluginswpjolipluginandplaybouncingsproutwebfactoryprasadkirpekardashlabsltdmhmrajibcyberhobokoen12344cleverpluginsspicethemesinvisnettoddhalfpennyyuvaloplugins360kairainfosatechstreamweaselsmte90wpmagicsBiplob Adhikari (Oxilab Development)AF themes
Product-Post to Google My Business (Google Business Profile)Mapster WP MapsShare This ImageFeatured Images in RSS for Mailchimp & MoreBetter Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private MessagesGo Fetch Jobs (for WP Job Manager)Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderMixed Media Gallery BlocksFive-Star Ratings ShortcodeAI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4oAI Puffer – Chat. Create. Automate. (formerly AI Power)Auto-Install Free SSL – Generate & Install Free SSL CertificatesCarousel, Recent Post Slider and Banner SliderDisable Payment Methods based on cart conditions for WooCommerceXT Floating Cart for WooCommercePrimary Addon for ElementorUnlimited Elements For ElementorNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarEasy Appointment Booking & Scheduling System – Webba Booking CalendarXT Quick View for WooCommerceWOW Styler for CF7 – Visual Styler for Contact Form 7 FormsEazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ BuilderMessage Filter for Contact Form 7Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile AppTreePress – Easy Family Trees & Ancestor ProfilesEasy Age VerifyRadio Station by netmix® – Manage and play your Show Schedule in WordPress!GA4WP – Analytics Dashboard for the WebsiteEmbedder for Google ReviewsPremmerce Permalink Manager for WooCommerceSolid Testimonials – Testimonial Slider, Video Testimonials & Customer ReviewsWP Notification BellCustom WooCommerce Checkout Fields EditorWP fail2ban – Advanced SecurityInternal Link Juicer: SEO Auto Linker for WordPressAdvanced Classifieds & Directory ProWPBITS Addons For Elementor Page BuilderMenu Image, Icons made easyFile Manager for Google Drive – Integrate Google DriveWP Meta and Date RemoverGeo MashupBlog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsGlossaryEleSpare – News, Magazine and Blog Addons for ElementorJustified GalleryStreamWeasels Twitch IntegrationWP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesPremmerce Product Filter for WooCommerceBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Ivory Search – WordPress Search PluginAnnouncement & Notification Banner – BulletinWPIDE – File Manager & Code EditorWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL ScanbBlocks – Essential Gutenberg Blocks & Patterns CollectionDynamic Copyright YearDisplay Eventbrite EventsRestaurant & Cafe Addon for ElementorSpotlight Social Feeds – Block, Shortcode, and WidgetLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridWordPress form builder plugin for contact forms, surveys and quizzes – TripettoWP Coupons and Deals – Coupon Plugin For Affiliate MarketersThank You Page for WooCommerceGoal Tracker – Custom Event Tracking for GA4Post List Designer – Category Post, Recent Post, Post ListWP Data Access – App Builder for Tables, Forms, Charts, Maps & DashboardsRestrict – membership, site, content and user access restrictions for WordPressKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceJoli Table Of ContentsCheckout with Cash App on WooCommerceIndependent AnalyticsEvents Addon for ElementorAutomatic Internal Links for SEO by PagupUltimeterPay For Post with WooCommerceTeam Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MoreYASR – Yet Another Star Rating Plugin for WordPressMaster Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsRole Based Pricing for Woo by Meow CrewOcean ExtraRadio Player – Live Shoutcast, Icecast and Any Audio Stream PlayerMeta Field Block – Display custom fields in the Block Editor without codingOpen User MapTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, FluentCode ManagerText To Speech TTS AccessibilityAnti-Spam Protection – No API Key, GDPR FriendlyGallery by FooGalleryAutomatic YouTube GalleryStoreCustomizer – A plugin to Customize all WooCommerce PagesWP Page TemplatesAidWP – Donation & Payment Forms (Stripe Powered)WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom AvatarsSecure Gateway for Authorize.net and WooCommerce by Pledged PluginsPayment Gateway for ACBA BANKProduct Layouts for WooCommerceAdvanced Scrollbar – Custom Scrollbar Styling and BehaviorSecurity Ninja – WordPress Security & FirewallXT Variation Swatches for WooCommerceDelete Posts automaticallyWidgets on PagesTablePress – Tables in WordPress made easyContact Form 7 Multi-Step FormsRevivePress – Keep your Old Content EvergreenHTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio PlayerAEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image OptimizationAWCA – The Great Analytics Insights for Your eStoreImage Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AISmart phone field for Gravity FormsBulk Edit Posts and Products in SpreadsheetMarijuana Age VerifyForumax – AI Powered Advanced Community Forum PluginMusic Player for Elementor – Audio Player & Podcast PlayerFull Screen BackgroundMapGeo – Interactive Geo MapsKnowledge Base documentation & wiki plugin – BasePress DocsBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block EditorCoupon Affiliates – Affiliate Plugin for WooCommercePlace Order Without Payment for WooCommerceLightbox & Modal Popup WordPress Plugin – FooBoxWP Mobile Menu – The Mobile-Friendly Responsive MenuCustom PHP SettingsInavii Social FeedSend Users Email – Email Subscribers, Email Marketing NewsletterWP Shortcodes Plugin — Shortcodes UltimateDracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPressPDF Poster – Display PDF Files with Custom ViewerEasy Social Feed – Social Photos Gallery and Post Feed for WordPressTeam Members ShowcaseURL Shortify – Simple and Easy URL ShortenerTopNewsWp – Display Tikcer News, RSS Feed Widget and Many MoreRemove Add to Cart WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-4120
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 06:46
Updated-22 Apr, 2026 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the lack of javascript: protocol filtering. The block's render.php passes all attributes as JSON to the frontend via a data-attributes HTML attribute using esc_attr(wp_json_encode()), which prevents HTML attribute injection but does not validate URL protocols within the JSON data. The client-side view.js then renders the btnUrl value directly as an href attribute on anchor elements without any protocol sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject javascript: URLs that execute arbitrary web scripts when a user clicks the rendered button link.

Action-Not Available
Vendor-bplugins
Product-Info Cards – Add Text and Media in Card Layouts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-1228
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.45%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 02:23
Updated-08 Apr, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute

The Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to disclose private timeline content via the id attribute supplied to the 'timeline_block' shortcode.

Action-Not Available
Vendor-bplugins
Product-Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-1294
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.29% / 21.24%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 09:13
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-bplugins
Product-All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-1389
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 9.30%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 07:27
Updated-08 Apr, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde_save_document_library', 'bplde_get_single', and 'bplde_delete_document_library' AJAX actions. This makes it possible for authenticated attackers, with Author-level access and above, to read, modify, and delete Document Library entries created by other users, including administrators, via the 'id' parameter.

Action-Not Available
Vendor-bplugins
Product-Document Embedder – Embed PDFs, Word, Excel, and Other Files
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-0833
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.24% / 15.16%
||
7 Day CHG~0.00%
Published-17 Jan, 2026 | 06:42
Updated-08 Apr, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-Team Section Block – Showcase Team Members with Layout Options
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13999
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.19% / 9.17%
||
7 Day CHG+0.01%
Published-19 Dec, 2025 | 06:48
Updated-19 Dec, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery

The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-bplugins
Product-HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-12376
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.18% / 7.81%
||
7 Day CHG+0.02%
Published-18 Nov, 2025 | 13:54
Updated-08 Apr, 2026 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response.

Action-Not Available
Vendor-bplugins
Product-Icon List Block – Add Icon-Based Lists with Custom Styles
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-12384
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.6||HIGH
EPSS-0.30% / 21.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 06:35
Updated-08 Apr, 2026 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.

Action-Not Available
Vendor-bplugins
Product-Document Embedder – Embed PDFs, Word, Excel, and Other Files
CWE ID-CWE-862
Missing Authorization
CVE-2025-12388
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.21% / 11.27%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 06:35
Updated-08 Apr, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery

The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wp_remote_request() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-bplugins
Product-Carousel Block – Responsive Image and Content Carousel
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-10735
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4||MEDIUM
EPSS-0.29% / 20.46%
||
7 Day CHG~0.00%
Published-01 Oct, 2025 | 03:25
Updated-08 Apr, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-bplugins
Product-Block for Mailchimp – Add Email Subscription Forms and Collect Leads
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-9203
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.23% / 13.96%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 06:17
Updated-08 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields

The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitle_ssize', 'track_title', and 'track_artist_name' parameters in version 1.0.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-Media Player Addons for Elementor – Audio and Video Widgets for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8676
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 27.25%
||
7 Day CHG+0.02%
Published-15 Aug, 2025 | 02:24
Updated-08 Apr, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.

Action-Not Available
Vendor-bplugins
Product-bSlider – Create Responsive Image, Post, Product, and Video Sliders
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-8680
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 27.17%
||
7 Day CHG+0.02%
Published-15 Aug, 2025 | 02:24
Updated-08 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Action-Not Available
Vendor-bplugins
Product-bSlider – Create Responsive Image, Post, Product, and Video Sliders
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-8418
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.59% / 44.17%
||
7 Day CHG+0.04%
Published-12 Aug, 2025 | 06:42
Updated-08 Apr, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.

Action-Not Available
Vendor-bplugins
Product-bSlider – Create Responsive Image, Post, Product, and Video Sliders
CWE ID-CWE-862
Missing Authorization
CVE-2025-8059
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.20%
||
7 Day CHG+0.03%
Published-12 Aug, 2025 | 04:25
Updated-08 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.

Action-Not Available
Vendor-bplugins
Product-bBlocks – Essential Gutenberg Blocks & Patterns Collection
CWE ID-CWE-862
Missing Authorization
CVE-2025-2579
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.27% / 18.83%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 08:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload

The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.

Action-Not Available
Vendor-bplugins
Product-Lottie Player – Add Interactive Lottie Animations with Block Support
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13731
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.27% / 18.46%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 08:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block

The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-Alert Box Block – Display Custom Alerts and Messages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13514
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 25.59%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.

Action-Not Available
Vendor-bplugins
Product-bSlider – Create Responsive Image, Post, Product, and Video Sliders
CWE ID-CWE-284
Improper Access Control
CVE-2025-22787
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 22.61%
||
7 Day CHG+0.01%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Button Block button-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through <= 1.1.5.

Action-Not Available
Vendor-bpluginsbPlugins
Product-button_blockButton Block
CWE ID-CWE-862
Missing Authorization
CVE-2024-13156
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.35% / 26.86%
||
7 Day CHG+0.01%
Published-14 Jan, 2025 | 08:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-HTML5 Video Player – Embed and Play Videos in Custom Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22815
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 10.87%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-11 May, 2026 | 22:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through <= 1.1.9.

Action-Not Available
Vendor-bpluginsbPlugins
Product-button_blockButton Block
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12560
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 28.53%
||
7 Day CHG+0.01%
Published-19 Dec, 2024 | 07:05
Updated-08 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.

Action-Not Available
Vendor-bplugins
Product-Button Block – Design Stylish, Interactive, and Multi-Functional Buttons
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11882
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 20.74%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 05:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11880
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.32% / 23.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 08:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-B Testimonial – Customer Testimonials in Custom Layouts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10666
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 35.29%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 05:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure

The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Action-Not Available
Vendor-bplugins
Product-Feeds for Twitter – Embed Social Media Posts with Live Updates
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-10671
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 39.89%
||
7 Day CHG~0.00%
Published-21 Nov, 2024 | 05:33
Updated-08 Apr, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Action-Not Available
Vendor-bplugins
Product-Button Block – Design Stylish, Interactive, and Multi-Functional Buttons
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-10667
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.95%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 04:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure

The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Action-Not Available
Vendor-bplugins
Product-Content Slider Block – Slide Through Text or Media Content
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-10669
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.95%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 04:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure

The Countdown Timer block – Display the event&#039;s date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Action-Not Available
Vendor-bplugins
Product-Countdown Timer Block – Animated Countdown for Events or Launches
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-43296
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 31.59%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.

Action-Not Available
Vendor-bpluginsbPlugins LLC
Product-html5_video_playerFlash & HTML5 Video
CWE ID-CWE-862
Missing Authorization
CVE-2022-4974
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.42% / 34.45%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-wpgeniuzmajickthemestysetkawpsaadessekiastaxwpkartechifyzeethemebpluginscodesavoryupfivmunirkamalstylingwebbengreenjaymediathijziemuhammad-rehmanh3technologiesscrollsequencematstarsflexithemeskitthemesmelapresswpdevpowerswplegalpagessamdanisslatlaswptboceanwpusmanaliqureshimajick/uriahs-victorbestpluginswordpresslivemeshtprintyedisonavethemekraftmohsinofflinepremmerceeedeenitin247themelocationvanyukovdgwyertickerasebetwordplusdvizheniasakurapixeljcodexavidthemes/chillichallicliffpaulickgkher/bfintalfrenifybenmoreassynthqthemedavidandersonglowlogixultradevsxyulexethereumicoioprinceahmedivacystarfishwpkaizencodersjurskivinod-dalvimikewire_rocksolidmilukovecoderpressronena100samuelsilvaptjanthielemannchetmacswitcorpcadudecastroalvesdjenhwebheadllcslidedecklitonice13dam6plandyabelowclosetechnologyprasadkirpekariksstudiowiserstepsfastaf/dashlabsltdmhmrajiblinekaljwebsolcleverpluginsmbrown24actuaryzaskclickervolttoddhalfpennyshabtiwgaugekairaanasbinmukimmnelson4w3scloudkkikuchi1220nicheaddonsmvvapps/masterblocksskshaikatmaltathemescommercepundittauhidpromatthias-reuterwp-makingwpcohortwebba-agencycromer12jburleigh1gloriousthemesejslondon/multicollabanfrageformulartranzlypaguptripettowpvibespluginswarepagebuildersandwichcypressnorthdovyptropicalistahalmatwordpresschefahmed17elementinvaderstevehentyolezhyk5nasirahmedwebmuehleivanchernyakovoceasdanielisergallerycreatorpasyukprotectyouruploadslimbcodeblockmeisterfsruslanthinleekkhothemeslynn999woodyhaydaypippozanardomaxsdesignhumblethemesalphabposervicemohammedrezqxjohnykstevejburgethemeythemesaharonyanwphrmanagerwpsoulsmartwpressbrandonfiremilmorblockspareblockypagepmbaldha/darellclosemarketing/penguininitiativesrebelcodepassionatebrainswpjolipluginandplaydeothemesggeddewpmoosewpdivewpengineggwiczkoen12344aguilerasoftinterfacelabsalttechnoinvisnetelbisnerodaniyalahmedkwpeka-clubultimateblocksmikebelstribalnerdprelclistplusinfosatechjkohlbachstreamweaselsmte90skymindswpeventpartners/wpmagicscloudspongebouncingsproutibenicshawoninfobandidointoxstudiowhiteshadowvernalalexmossalekvfoxmoonmeepluginskenanfallonrafalosinskidanielealessandratonyzeolisj_ocodeieswpconedevgalooverweconnectcodetobias_conradjetixwpcmbibby/bycrikdipcodewpscriptstheafricanboss/beeneebwpbitsblackandwhitedigitalco2okboltonstudiossvovafalleythemeskylegilmanankitmaruwpt00lscloudlivingwpmunichmodulemastersdudosebet/ldninjas/sorsawoimtiazrayhanfrostbourndivisumojamesparkninjatobias_conrad/dotsannastaawpdeliciouspootlepressekanathdejanmarkovicmaurolopes/therealwebdisruptrisethemewpkubeninjalibsmattpramschuferdiviframeworkfullworksdotrexsmgteamshelob9peterschulznldangub86zerozendesignmumarym1985sangaranfoopluginsdanish-alicodexonicspaulio21alex-ye9brada6creativethemeshqcyberhobowoopopskaggdesignpowerfulwpseancarricoversacompdaigo75pootlepress/janwyldamian-gorawalkerwpwuporankbearthecodechimebrightvesseldevmberdingsurbmanpluginsspartacxplodedthemeskrspproteusthemesmcurlyggriesserroyalnavneetedgegalleryplugindreamfoxlostboy7sonalsinha21takanakuiwptravelengineelliotvssaadiqbalpatrickgarmanunitecmsmdedevsnazzythemesrafacarvalhidosjavedoloyede-jamiuboriscolombier/maartenbelmansjaydeep-nimavatbadhonrockssindyakinsergeiequalizedigitalseezeegfiremwpchillgetsparrowmilukove/johnc1979moomooagencykartikparmar/cebbirenaudbodkartikparmarproperfractioninputwpbuttonizervohotv/richard-bivan_paulinpatrickposnerinfornweblkoudalgowebsmartymojofywpdrosendovincoitmeowcrewwpcohort/marviorocha5starpluginsanssilaitilasslzenlukeseagerinteractivegeomapssyntacticsatakanozhiddenpearlspopeatingsovstacktheafricanbossjosevegajavmahmihail-barinovjwindgiladtakonithemeseiwpdeverattestakdevsbilaltasshamim51bavokoservicesirkanupmbaldhamantrabrainmaciejbak85plugins360marcqueraltBdThemesRoyal Elementor AddonsThe Events Calendar (StellarWP)WPWeb EliteThemeisle
Product-annasta Filters for WooCommerceBattle Suit for DiviBetter Robots.txt – AI-Ready Crawl Control & Bot GovernanceStyler Mate for Contact Form 7eaSYNC Booking – Hotels, Restaurants & Car RentalsWidget Detector for ElementorTickera – Sell Tickets & Manage EventsBlock Slider – Responsive Image Slider, Video Slider & Post SliderGloriousThemes Starter SitesGateway for PayLate on WooCommerceUltimate Post Kit Addons for ElementorDivi Content RestrictorLivemesh Addons for Beaver BuilderWidgets on Pages and PostsEvent Tickets and RegistrationWP Page TemplatesAutoSave NetAWCA – The Great Analytics Insights for Your eStoreWebinarIgnition – Live, Automated & Evergreen Webinars for WooCommerceInsert or Embed Articulate Content into WordPressForm Vibes – Database Manager for FormsQuick Contact FormLocal Delivery Drivers for WooCommerceAddon Elements for Elementor (formerly Elementor Addon Elements)Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreMenu Item SchedulerExpire tagsAdd Pinterest conversion tags for Pinterest Ads + Site verificationGA4WP – Analytics Dashboard for the WebsiteHM Multiple RolesWP Search FilterPlace Order Without Payment for WooCommerceBookPress – For Book AuthorsMusic Player for Elementor – Audio Player & Podcast PlayerPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)Bulk Attachment DownloadWordPress Dev Powers – ACF Color Coded Field Types PluginPost Carousel DiviWP Google Street View (with 360° virtual tour) & Google maps + Local SEOAutomatic Internal Links for SEO by PagupEasy Post Views CountAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressWordPress Gallery Plugin – Edge Photo GalleryBulk WooCommerce Category CreatorBooking Addon for WooCommerceEasy PrayerUkrposhtaPremmerce Variation Swatches for WooCommerceThe Events CalendarTK Google Fonts GDPR CompliantGuest posting / Frontend Posting / Front Editor – WP Front User SubmitDuplicate Variations for WoocommerceCF7 Constant Contact Fields MappingGeo MashupReplyable – Subscribe to Comments and Reply by EmailWP Photo EffectsMenu Image, Icons made easyAwesome SSLFiboSearch – Ajax Search for WooCommerceProduct Image Watermark for WooBetter SharingPremmerceRT Easy Builder – Advanced addons for ElementorAll-in-One Video GalleryTinyMCE AnnotateKVoucherWP fail2ban – Advanced SecurityDa ReactionsPayment Gateway for PayFabricNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarNotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerceWP Easy Pay – Payment and Donation form Builder for SquareConversion de moneda WoocommerceCustomers Table for WooCommerce: View, Search, Bulk EditorSchema Plugin For Divi, Gutenberg & ShortcodesMaster Accordion ( Former WP Awesome FAQ Plugin )Masonry Gallery & Posts For Divi (WP Tools)Blocksy CompanionRoyal Addons for Elementor – Addons and Templates Kit for ElementorBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block EditorWP Get PersonalPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderGet Better Reviews for WooCommerceInbound BrewSimple Feature Requests Free – User Feedback BoardAnfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungEqualize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 complianceWordPress Coupon Plugin for Bloggers and Marketers – WP OffersEasy Code SnippetsDeMomentSomTres AddressDeMomentSomTres Media Tools AutoMarket ExporterWP GratifyHQTheme ExtraSlideDeck: Responsive WordPress Slider PluginMulti Page Auto Advance for Gravity FormsWP BugBotDeals of the Day WooCommercebbResolutionsSmart Variations Images & Swatches for WooCommercePremmerce Wishlist for WooCommerceRevolution for ElementorEasy Social Feed – Social Photos Gallery and Post Feed for WordPressPayment Gateway Per Product for WooCommerceWP Notification BellHelpie FAQ — Accordion, Docs & Knowledge BaseFrontend group restriction for LearnDashWidgets for WooCommerce Products on ElementorNugget by Ingot: Easy, automated and native A/B testing for everyoneGreenshift – animation and page builder blocksSTEWoo – Super Transactional Emails for WooCommerceThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedFlat Rate Shipping Method for WooCommerceSimple Sitemap – Create a Responsive HTML SitemapClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWooCommerce Next Order CouponNEXUSCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressWP Relevant AdsIks Menu – WordPress Category Accordion Menu & FAQsWP Data Access – App Builder for Tables, Forms, Charts, Maps & DashboardsMarijuana Age VerifyWooCommerce upcoming ProductsEvents Calendar RegistrationChoice Payment Gateway for WooCommerceFilr – Secure document libraryWOW Styler for CF7 – Visual Styler for Contact Form 7 FormsPage Builder Sandwich – Front End WordPress Page Builder PluginBetter Addons for ElementorCuisine PalaceSVG Flags – Beautiful Scalable Flags For All Countries!VidSEO – Video transcript embedding for WordPress & LLMRating-Widget: Star Review SystemCryptocurrency Product for WooCommerceNew User ApproveUnakitGo Fetch Jobs (for WP Job Manager)Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic RemarketingAutomizy Gravity FormsRaCar Clear Cart for WooCommerceWP-HR Manager: The Human Resources Plugin for WordPressReally Simple Featured Video – Featured Video Support for Posts, Pages & WooCommerce ProductsWordPress Auto SEO Plugin – Upfiv SEO WizardCookie Banner for GDPR / CCPA – WPLP Cookie ConsentFunnelmentalsShipping Gateway Per Product for WooCommerceDeMomentSomTres Grid ArchiveLicense Manager for WooCommerceVit Website ReviewsLawPress – Law Firm Website ManagementSpeculorAquarella LiteJoli Table Of ContentsWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareReset Course Progress For LearnDashResponsive Social Slider WidgetNitek Carousel Slider Cool TransitionsNumber ChatStreamWeasels Twitch IntegrationTreePress – Easy Family Trees & Ancestor ProfilesEvents Addon for ElementorContact List – Online Staff Directory & Address BookProtect Uploads with Login – Protect Your UploadsFrontend Admin by DynamiAppsWholesale for WooCommerceFull Page Blog DesignerAgy – Age verification for WooCommerceEthereumICOFuse Social Floating SidebarMOBILOOK — Mobile View & Mobile‑Friendly TestServer InfoCategorify – WordPress Media Library Category & File ManagerWUPO Group Attributes for WooCommerceLMS Plugin – eLearning, Online Courses by AttestMixed Media Gallery BlocksWordPress Slider Block GutensliderBlog Sidebar WidgetOcean ExtraNicheTable – Responsive Comparison Table BlockGlossaryConeBlog – Elementor Blog WidgetsXT Floating Cart for WooCommerceAEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image OptimizationUnder ConstructionElationAll in One Invite CodesLittleBot InvoicesUltra Elementor AddonsCustom Registration and Custom Login Forms with New RecaptchaMedia Library File DownloadSecure IP LoginsDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MoreClean Social IconsCoupon Affiliates – Affiliate Plugin for WooCommerceCountry Based Payments for WooCommerceFooter Plugin for DiviImage Carousel For DiviAge Verification Screen for WooCommerceDelivery for WooCommercePrice Bands for WooCommercePootle Pagebuilder – WordPress Page builderSEO Audit – WP Site AuditorSocial Gallery LiteContact Form 7 – Capsule CRM – IntegrationEverseCustom Login Page CustomizerRun time Image resizingBookit — Booking & Appointment CalendarFive-Star Ratings ShortcodeWordPress Everse Starter Sites – Elementor TemplatesSurveyFunnel – Survey Plugin for WordPressGutenberg Blocks – ACF Blocks SuiteWP Disable SitemapPro Broken Links MaintainerCustom WooCommerce Checkout Fields EditorAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Security SafeFeedpress Generator – External RSS Frontend CustomizerModern Designs for Gravity FormsACF for WooCommerce ProductFile Manager for Google Drive – Integrate Google DriveAirpressDynamic Pricing and Discount Rules for WooCommerceBetter Messages – Integration for WC Vendors MarketplaceLightbox & Modal Popup WordPress Plugin – FooBoxDancePress (TRWA)SKT Templates – 100% Free Templates for Elementor & GutenbergAdvanced Classifieds & Directory ProListPlus – Unlimited Listing DirectoryUltimate Widgets LightPanorama – 360 Virtual Tour, Panoramic image viewer and MoreUltimeterQyrr – simply and modern QR-Code creationChange Price Title for WooCommerceCheckout with Cash App on EDDSV Tracking ManagerPodcast Box – Best Podcasting Plugin for WordPressElements for LifterLMSPassster – Password Protect Pages and ContentVillarAds.txt & App-ads.txt Manager for WordPressEasy Smooth Scroll Links – Smooth Scrolling AnchorLocalSEOMapWordPress form builder plugin for contact forms, surveys and quizzes – TripettoBlock, Suspend, Report for BuddyPressAdd Twitter Pixel for Twitter adsPremmerce Multi-currency for WoocommerceXT Quick View for WooCommercePrimary Addon for ElementorClimateClick: Climate Action for allFocus on Reviews for WooCommerceFeatured Images in RSS for Mailchimp & MoreSEO BoosterPremmerce Product Filter for WooCommerceBook BuyBack PricesWPGSI: Spreadsheet IntegrationSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP Group PromoterFast WordPressPost Snippets – Custom WordPress Code Snippets CustomizerImage Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AIActivity Log For MainWPHasiumBlocked in China | Check if your site is available in the Chinese mainlandElastaFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)Display Eventbrite EventsWP Affiliate DisclosureRestaurant & Cafe Addon for ElementorTeam Collaboration & Content Workflow Plugin for WordPress Editorial Teams – MulticollabWordPress Animation Plugin – Animated EverythingWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL ScanContact Form 7 Multi-Step FormsWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerPower Ups for ElementorWP Lead StreamVideopackWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.Auto SEO META keywords (META tags keywords) optimization + WooCommerceBulk Edit Coupons for WooCommerce – WP Sheet EditorWooCommerce PayPlugRW Divi Unite GalleryWP Tools Divi Product CarouselQuick Affiliate StorePremmerce Permalink Manager for WooCommercePremmerce WooCommerce Customers ManagerWP Sessions Time Monitoring Full AutomaticWP Dev Powers – Display Screen Dimensions to Admin PluginAbeta Link PunchOutScrollsequence – Cinematic Scroll Image Animation PluginPremmerce Redirect ManagerYT Player – Embed and Customize Video PlayersPremmerce Wholesale Pricing for WooCommerceDelete Duplicate Postskk Star Ratings – Rate Post & Collect User FeedbacksDelete Posts automaticallyDrip Feed Content Extended for LearndashMaster Blocks – Gutenberg Site BuilderStation Pro – Advanced Audio Streaming & Player for WordPressWordPress SEO ChecklistOverlay Image Divi ModuleAnt Admin Notices for TeamAmelaSuper Video player – Fully Customizable Video Player with PlaylistWP Conference ScheduleEasy Math Captcha for CF7OpenseaXT Ajax Add To Cart for WooCommerceTiered Pricing Table for WooCommerceBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Code ManagerWidget for Contact form 7StoreCustomizer – A plugin to Customize all WooCommerce PagesPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextProduct Author for WooCommerceMaster Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsPurusCaxton – Create Pro page layouts in GutenbergSalon Booking System – Free VersionWP School CalendarQuick Event ManagerWP Meta and Date RemoverTopNewsWp – Display Tikcer News, RSS Feed Widget and Many MoreWordPress Google TranslateAFI – The Easiest Integration PluginVO Store Locator – WP Store Locator PluginWS BootstrapPast Events ExtensionEasy Appointment Booking & Scheduling System – Webba Booking CalendarMultisite Robots.txt ManagerWPOptin – AI-Powered Top Bars, PopUps & Lead GenerationBlog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsShare This ImageRedirection for Contact Form 7Education Addon for ElementorShubanChat Button- Leads and Order over ChatAutomatic YouTube GalleryGenealogical Tree – Family Tree & Ancestry for WordPressWP Frontend ProfileGet feedback from visitors – WP Feedback Suite PluginInternal Link Juicer: SEO Auto Linker for WordPresswGauge – Free VersionViralikeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewImpexium Single Sign OnURL Shortify – Simple and Easy URL ShortenerTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, FluentBlockMeister – Block Pattern BuilderFAQ Manager For Divi, Gutenberg Block & ShortcodeHooked Editable ContentPowerFolio – Portfolio & Image Gallery for ElementorRadio Player – Live Shoutcast, Icecast and Any Audio Stream PlayerPreloader for DiviError Log MonitorLive Drag and Drop Builder for Contact Form 7Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private MessagesPremmerce User RolesWordPress Dev Powers – Element Selector jQuery Powers PluginDivi Gravity Forms (WP Tools)WordPress WooCommerce Sync for Google SheetPurosaWP MooseWP Activity LogComments Not Replied ToPledged Plugins Secure Gateway for Authorize.net and WooCommerceWP Table Builder – Drag & Drop Table BuilderAdvanced Database ReplacerEthPress – Web3 LoginTarot Card OracleGFireM Action AfterNokkeChange Prices with Time for WooCommerceSnazzyAdmin WP Admin ThemeModern Addons for Elementor Page BuilderHuCommerce | Magyar kiegészítések WooCommerce webáruházakhozSend Prebuilt EmailsAlley Business ToolkitProduct Attachment for WooCommercejav's – WooCommerce and Trello integration WooTrelloOrder and Inventory Manager for WooCommerceWalker CorePremmerce Product Search for WooCommerceSync eCommerce NEOUltimate Divi Modules Suite – Divi Sumo LiteWP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesZip Code RedirectSurbma | GDPR Proof Cookie Consent & Notice BarProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOProduct Customer List for WooCommerceStop Contact Form 7 Spam & WPForms Spam – Free ProtectionEasy Newsletter SignupsRest Routes – Custom Endpoints for WordPress REST APIBulk Edit Categories and Tags – Create Thousands Quickly on the EditorCP Simple NewsletterMeridiaSimple Social Page Widget & ShortcodeAidWP – Donation & Payment Forms (Stripe Powered)Multipurpose Gutenberg BlockBulk Edit Posts and Products in SpreadsheetWP Free SSLStreak CRM For Gmail For Contact Form 7 – WordPress PluginLivemesh SiteOrigin WidgetsRun Contests, Raffles, and Giveaways with ContestsWPFrontend Admin – Add and edit posts, pages, users and more all from the frontendCourt Reservation – Manage Your Court Bookings OnlineWordPress Directory Plugin For Business Listings – WP Local PlusEnhanced Ecommerce Google Analytics for WooCommerceKnowledge Base documentation & wiki plugin – BasePress DocsAtlas – Knowledge BaseWP Author BioUltimate Carousel For DiviWoocommerce Customers Order HistoryStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsBrandAny Popup – Popup Forms, Optins & AdsAdvanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus EasilySticky add to cart for WooWP EmailyEU VAT Assistant for WooCommerceLittleBot ACH for Stripe + PlaidWPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…TwentyFourth WP ScraperSocial KitButtonizer – Floating Menus, Sticky Buttons, & Popup BuilderFast Checkout for WooCommerceBanner Management, Product Slider, Product Carousel for WooCommerceBlockyPage – Gutenberg Based Page BuilderEthereum WalletPage Builder for Gutenberg – StarterBlocksGFireM Advance SearchRadio Station by netmix® – Manage and play your Show Schedule in WordPress!JDs PortfolioContent Aware Sidebars – Fastest Widget Area PluginCartPops – High Converting Add To Cart Popup For WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortQuick Paypal PaymentsOne Click LoginRestrict – membership, site, content and user access restrictions for WordPressDrop Shadow BoxesNicheBaseYatri ToolsBAVOKO SEO Tools – All-in-One WordPress SEOPremmerce SEO for WooCommerceRevivePress – Keep your Old Content EvergreenCartoon UrlBlock Styler For Gravity FormsStrumenti Partita IVA per WoocommerceSheetPress – Manage WordPress Meta data with Google SheetsProduct Size Charts Plugin for WooCommerceExtend Filter Products By Price WidgetEasy TikTok Feed – TikTok Video, Feed & Gallery PluginPost List Designer – Category Post, Recent Post, Post ListWP Coupons and Deals – Coupon Plugin For Affiliate MarketersGiveaways for woocommerceMass Pages/Posts CreatorUser Menus – Nav Menu VisibilityPage Builder Gutenberg Blocks – Kioken BlocksPrime Mover – Migrate WordPress Website & BackupsSSL Zen — SSL Certificate Installer & HTTPS RedirectsWPBITS Addons For Elementor Page BuilderLive TV Player – Worldwide Live TV Channels Player for WordPressDigital Goods (Checkout Field Editor) for WooCommerce CheckoutBaniSky Login RedirectWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT ComplianceWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationStackable – Page Builder Gutenberg BlocksAvailability Datepicker – Booking Calendar for Contact Form 7 – Input WPGenerate Images (AI) – Magic Post ThumbnailGrid & Styler For Contact Form 7 And DiviYASR – Yet Another Star Rating Plugin for WordPressPay For Post with WooCommerceWP SPID ItaliaEther and ERC20 tokens WooCommerce Payment GatewayRestrict User Access – Ultimate Membership & Content ProtectionNinja Libs Amazon SESMailChimp ManagerGallery by FooGallerySQL Reporting Services – SSRS Plugin for WordPressSimple SponsorshipsWoo Admin Product NotesWC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerceProduct Carousel For WooCommerce – WoorouSellPostcode RedirectFullscreen MenuBulk Edit and Create User Profiles – WP Sheet EditorXT Variation Swatches for WooCommerceDocument Viewer – Embed Word, Excel, PowerPoint & PDFs InstantlyPrime Slider – Addons for ElementorPremmerce Brands for WooCommerceWP Adminify – White Label WordPress, Admin Menu Editor, Login CustomizerJoli FAQ SEO – WordPress FAQ PluginWP Tools Divi Blog CarouselUltimate Gutenberg – Custom Block TemplatesDivi Torque Lite – Divi Theme, Divi Builder & Extra ThemeCodeKit – Custom Codes EditorAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsFIT: Featured Image ToolkitConnected SermonsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceGet Directions MapShared Files – Frontend File Upload Form & Secure File SharingWP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove CommentsPinblocks — Gutenberg blocks with Pinterest widgetsGlorious Services & SupportBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesWP Mobile Menu – The Mobile-Friendly Responsive MenuWordPress Reviews by ReviewPressAdd Linkedin insight tags for Linkedin adsConsultPress LiteWP Required Taxonomies – Categories and Tags MandatoryA no-code page builder for beautiful performance-based contentUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterHide Shipping Method For WooCommerceShipping Method Display Style for WooCommerceLightbox – EverlightBox GalleryLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridSV Proven ExpertDynific Addons for Elementor (formerly AnyWhere Elementor)Wadi SurveyRemove Add to Cart WooCommerceazw woocommerce file uploadsWp My Admin BarGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormGFireM Fields3D Viewer – Display Interactive 3D ModelsFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Fraud Prevention For WooCommerce and EDDCryptocurrency Portfolio TrackerКнопка ЮMoneyTag Groups is the Advanced Way to Display Your Taxonomy TermsWP Munich Blocks – Gutenberg Blocks for WordPressStreamCast – Live Radio Streaming PlayerWP AutoMedicW3SCloud Contact Form 7 to Zoho CRMWP Event Partners – WordPress Plugin for Event and Conference ManagementFood Store – Online Food Delivery & PickupXT Points & Rewards for WooCommerceRocket Maintenance Mode & Coming Soon PageSpotlight Social Feeds – Block, Shortcode, and WidgetForceFieldForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookPrint My Blog – Print, PDF, & eBook Converter WordPress PluginRecurWP – WordPress Recurly Payment GatewayLimb Gallery | Create Beautiful Image & Video GalleriesOut of stock display for woocommercePersistent LoginAnnouncement & Notification Banner – BulletinLearnMoreIvory Search – WordPress Search PluginImage Photo Gallery Final Tiles GridEasy Settings for LearnDashWP Radio – Worldwide Online Radio Stations Directory for WordPressBefore and After Product Images for WooCommerceScheduled Notification BarWoowGallerySTAX Header BuilderWP-Cron Status CheckerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Justified GalleryWPBakery Page Builder Addons by LivemeshEasy Zillow ReviewsTabs with Recommended Posts (Widget)WP SierraFront End PMWP Frontend Admin – Display WP Admin Pages in the FrontendEmail TrackerPerformance KitEmail Header FooterWP Post BlockSimple Giveaways – Grow your business, email lists and traffic with contestsCheckout with Zelle on WoocommerceThank You Page for WooCommerceMapGeo – Interactive Geo MapsPost to Google My Business (Google Business Profile)WP Link BioAdFoxly – Ad Manager, AdSense Ads & Ads.txtPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCredKRSP Frontend File UploaderUltimate Blocks – 25+ Gutenberg Blocks for Block EditorStarfish Review Generation & Marketing for WordPressB2B Request a QuoteLivemesh Addons by ElementorWP Contact Slider – Contact Form Slider WidgetTK SmugMug Slideshow ShortcodeEmails Blacklist for Everest FormsCoinbase Commerce – Crypto Gateway for WooCommerceUnlimited Elements For ElementorWooCommerce Variation Swatches for ProductsWCC SEO Keyword ResearchRankBearGift Message for WooCommerceSouth Pole: Climate action nowWidgets on PagesContact Widgets For Elementor all the contact links you need in one placeSecurity Ninja – WordPress Security & FirewallProduct Country Restrictions for WooCommerce – Country CatalogsGallery PhotoBlocksWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLSparrow: Product Reviews and Ratings for WooCommerceLive Scores for SportsPressBroadcast LiteAffiliate Link Builder Plugin for Amazon Associates – Review EngineBulk Edit Products for WooCommerce – WP Sheet EditorDivi CollageEasy Age VerifyDisable Payment Methods based on cart conditions for WooCommerceDashy – Google Analytics advanced dashboardCheckout with Venmo on EDDWP Smart Export (Free)Better Messages – WCFM IntegrationAdvanced Custom Fields options import/exportTurbo WidgetsArendelleExtra Fees for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-7727
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.44%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 04:31
Updated-08 Apr, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. This makes it possible for unauthenticated attackers to call these functions to manipulate data.

Action-Not Available
Vendor-bpluginsbplugins
Product-html5_video_playerHTML5 Video Player – Embed and Play Videos in Custom Player
CWE ID-CWE-862
Missing Authorization
CVE-2024-7721
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 22.90%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 04:31
Updated-08 Apr, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set any options that are not explicitly checked as false to an array, including enabling user registration if it has been disabled.

Action-Not Available
Vendor-bpluginsbplugins
Product-html5_video_playerHTML5 Video Player – Embed and Play Videos in Custom Player
CWE ID-CWE-862
Missing Authorization
CVE-2024-37445
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.59%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 08:14
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23.

Action-Not Available
Vendor-bpluginsbPlugins
Product-html5_audio_playerHtml5 Audio Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5522
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-2.62% / 83.73%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 06:00
Updated-19 May, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Action-Not Available
Vendor-bpluginsUnknownbplugins
Product-html5_video_playerHTML5 Video Player html5_video_player
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4398
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.46% / 36.78%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 07:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-bplugins
Product-HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0908
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.51%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure

The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected.

Action-Not Available
Vendor-bpluginsabuhayat
Product-Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filtersadvanced_post_block
CWE ID-CWE-862
Missing Authorization
CVE-2024-24714
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.2||HIGH
EPSS-0.60% / 44.88%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 15:39
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4.

Action-Not Available
Vendor-bpluginsbPlugins LLCbplugins
Product-icons_font_loaderIcons Font Loadericons_font_loader
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-23508
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.33% / 25.20%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17.

Action-Not Available
Vendor-bpluginsbPlugins
Product-pdf_posterPDF Poster – PDF Embedder Plugin for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1061
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.6||HIGH
EPSS-11.21% / 95.48%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 08:26
Updated-12 Nov, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the  'get_view' function.

Action-Not Available
Vendor-bplugins
Product-html5_video_player
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6485
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.53% / 41.12%
||
7 Day CHG~0.00%
Published-01 Jan, 2024 | 14:18
Updated-18 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins

Action-Not Available
Vendor-bpluginsUnknown
Product-html5_video_playerHtml5 Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-46084
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.54% / 42.03%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 09:06
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.

Action-Not Available
Vendor-bpluginsbPlugins LLCbplugins
Product-icons_font_loaderIcons Font Loadericons_font_loader
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5860
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-1.02% / 59.64%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 11:00
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-bpluginsbplugins
Product-icons_font_loaderIcons Font Loader – Load Web Fonts and Icon Libraries
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-0170
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.57% / 43.53%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 19:59
Updated-25 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Action-Not Available
Vendor-bpluginsUnknown
Product-html5_audio_playerHtml5 Audio Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-24868
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.89% / 55.36%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 12:21
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.

Action-Not Available
Vendor-bpluginsn/a
Product-document_embeddern/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-24775
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-1.33% / 67.82%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 12:21
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.

Action-Not Available
Vendor-bpluginsn/a
Product-document_embeddern/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-24416
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.56% / 43.00%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 13:45
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting

The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode

Action-Not Available
Vendor-bpluginsUnknown
Product-streamcast_radio_playerStreamCast – Radio Player for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • Next