Browse all 4 CVE security advisories affecting bPlugins LLC. AI-powered Chinese analysis, POCs, and references for each vulnerability.
bPlugins LLC develops WordPress plugins for website functionality, with four CVEs recorded. Historically, their vulnerabilities commonly include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. Notable security characteristics include inconsistent sanitization practices and occasional hardcoded credentials. While no major public incidents have been documented, their CVE history reveals patterns of security oversights in plugin development, particularly in user interaction handling and permission management. The company's plugins remain in use despite these vulnerabilities, posing potential risks to unpatched WordPress installations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-43296 | WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability — Flash & HTML5 VideoCWE-862 | 4.3 | Medium | 2024-11-01 |
| CVE-2024-43319 | WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability — Flash & HTML5 VideoCWE-200 | 4.3 | Medium | 2024-08-26 |
| CVE-2024-24714 | WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload — Icons Font LoaderCWE-434 | 7.2 | High | 2024-02-26 |
| CVE-2023-46084 | WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection — Icons Font LoaderCWE-89 | 8.5 | High | 2023-11-06 |
This page lists every published CVE security advisory associated with bPlugins LLC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.