目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

PickPlugins 厂商漏洞列表 / CVE 中文分析 70

PickPlugins 厂商相关 70 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

PickPlugins 是一款面向 WordPress 生态的插件管理平台,旨在简化插件的安装、更新及配置流程。截至最新统计,该平台已关联 70 条 CVE 漏洞记录。历史安全数据显示,其常见漏洞类型包括远程代码执行(RCE)、跨站脚本攻击(XSS)及权限绕过,多源于输入验证缺失或逻辑缺陷。部分版本曾存在未授权访问风险,建议用户及时升级至修复版本,并严格遵循最小权限原则以保障站点安全。

上位製品 PickPlugins: Post Grid Job Board Manager Post Grid and Gutenberg Blocks Wishlist Accordion Question Answer Testimonial Slider User Verification by PickPlugins Product Designer Mail Picker PickPlugins Product Designer for WooCommerce Team Showcase Product Slider for WooCommerce Post Grid and Gutenberg Blocks – ComboBlocks User Verification PickPlugins Pricing Table Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins Related Posts By PickPlugins ComboBlocks Tabs & Accordion Accordions User profile Related Post Post Grid Combo – 36+ Gutenberg Blocks PickPlugins Product Slider for WooCommerce
CVE IDタイトルCVSS深刻度公開日
CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure — Post GridCWE-200 5.3 Medium2025-02-28
CVE-2025-26915 WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability — WishlistCWE-89 8.5 High2025-02-25
CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation — Post GridCWE-20 5.3 Medium2025-02-22
CVE-2025-22679 WordPress Job Board Manager Plugin <= 2.1.61 - Reflected Cross Site Scripting (XSS) vulnerability — Job Board ManagerCWE-79 7.1 High2025-02-03
CVE-2025-24622 WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability — Job Board ManagerCWE-352 5.4 Medium2025-01-24
CVE-2024-9636 Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation — Post Grid and Gutenberg Blocks – ComboBlocksCWE-269 9.8 Critical2025-01-15
CVE-2024-55993 WordPress Job Board Manager plugin <= 2.1.61 - Broken Access Control vulnerability — Job Board ManagerCWE-862 5.3 Medium2024-12-16
CVE-2024-54273 WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability — Mail PickerCWE-502 9.8 Critical2024-12-13
CVE-2024-10937 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure — Related Posts By PickPluginsCWE-284 5.3 Medium2024-12-05
CVE-2024-53772 WordPress Mail Picker plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability — Mail PickerCWE-79 6.5 Medium2024-11-30
CVE-2024-9111 Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — PickPlugins Product Designer for WooCommerceCWE-79 6.4 Medium2024-11-21
CVE-2024-38726 WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability — Product DesignerCWE-862 7.5 High2024-11-01
CVE-2024-50432 WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79 6.5 Medium2024-10-28
CVE-2021-4450 Post Grid <= 2.1.12 - Contributor+ SQL Injection — Post GridCWE-89 8.8 High2024-10-16
CVE-2024-47340 WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79 6.5 Medium2024-10-06
CVE-2024-47342 WordPress Accordion plugin <= 2.2.99 - Cross Site Scripting (XSS) vulnerability — AccordionCWE-79 6.5 Medium2024-10-06
CVE-2024-44002 WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79 7.1 High2024-09-17
CVE-2024-45459 WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability — Product Slider for WooCommerceCWE-79 7.1 High2024-09-15
CVE-2024-8253 Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation — Post Grid and Gutenberg BlocksCWE-266 8.8 High2024-09-11
CVE-2024-43321 WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79 6.5 Medium2024-08-18
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block — Post GridCWE-79 6.4 Medium2024-08-14
CVE-2024-43155 WordPress ComboBlocks plugin <= 2.2.86 - Cross Site Scripting (XSS) vulnerability — ComboBlocksCWE-79 6.5 Medium2024-08-12
CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget — Post GridCWE-79 6.4 Medium2024-08-01
CVE-2024-38722 WordPress Job Board Manager plugin <= 2.1.57 - Cross Site Scripting (XSS) vulnerability — Job Board ManagerCWE-79 6.5 Medium2024-07-20
CVE-2024-3608 Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — PickPlugins Product Designer for WooCommerceCWE-862 5.3 Medium2024-07-09
CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute — Post GridCWE-79 6.4 Medium2024-06-07
CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-06-07
CVE-2023-40557 WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability — Tabs & AccordionCWE-80 5.4 Medium2024-06-04
CVE-2024-3155 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-05-21
CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability — Post GridCWE-200 7.5 High2024-04-24

本页汇总了 PickPlugins 厂商截至目前公开的全部 70 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。