Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PickPlugins — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting PickPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PickPlugins operates as a software vendor specializing in WordPress plugins, primarily targeting e-commerce and digital product management. With seventy confirmed Common Vulnerabilities and Exposures (CVEs) on record, the company’s portfolio exhibits a significant history of security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from inadequate input validation and insufficient sanitization of user-supplied data. Additionally, several incidents involve broken access control and privilege escalation, allowing unauthorized users to manipulate administrative functions or access sensitive database information. These flaws frequently arise from legacy codebases that have not been rigorously updated to meet modern security standards. The high volume of disclosed CVEs suggests systemic issues in the development lifecycle, highlighting a critical need for comprehensive security audits and stricter adherence to secure coding practices to mitigate widespread exploitation risks across its installed base.

Top products by PickPlugins: Post Grid Job Board Manager Post Grid and Gutenberg Blocks Wishlist Accordion Question Answer Testimonial Slider User Verification by PickPlugins Product Designer Mail Picker PickPlugins Product Designer for WooCommerce Team Showcase Product Slider for WooCommerce Post Grid and Gutenberg Blocks – ComboBlocks User Verification PickPlugins Pricing Table Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins Related Posts By PickPlugins ComboBlocks Tabs & Accordion Accordions User profile Related Post Post Grid Combo – 36+ Gutenberg Blocks PickPlugins Product Slider for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2024-1641 Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication — AccordionsCWE-862 5.4 Medium2024-04-09
CVE-2024-31277 WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability — Product DesignerCWE-502 8.7 High2024-04-07
CVE-2024-30441 WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability — Post GridCWE-79 7.1 High2024-03-29
CVE-2024-29097 WordPress User profile plugin <= 2.0.20 - Subscriber+ Stored Cross Site Scripting (XSS) vulnerability — User profileCWE-79 6.3 Medium2024-03-19
CVE-2023-7072 Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint — Post GridCWE-202 7.5 High2024-03-12
CVE-2023-51666 WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS) — Related PostCWE-79 6.5 Medium2024-02-01
CVE-2023-6645 Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-01-11
CVE-2023-40211 WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure — Post Grid Combo – 36+ Gutenberg BlocksCWE-200 7.5 High2023-11-30
CVE-2021-24300 PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS) — PickPlugins Product Slider for WooCommerceCWE-79 6.1 -2021-05-24
CVE-2021-24283 Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS) — AccordionCWE-79 6.1 -2021-05-14

This page lists every published CVE security advisory associated with PickPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.