Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bPlugins — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting bPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

bplugins operates as a software development firm specializing in WordPress plugins, primarily focusing on e-commerce solutions and digital product management. Its extensive portfolio has resulted in a significant security footprint, with seventy-two Common Vulnerabilities and Exposures (CVEs) currently documented. Historically, the most prevalent vulnerability classes affecting its products include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. These flaws frequently allow unauthenticated attackers to execute arbitrary code or escalate privileges within compromised WordPress installations. While the company generally responds to disclosed issues, the high volume of historical incidents highlights systemic challenges in maintaining rigorous code review processes across its diverse plugin ecosystem. This pattern underscores the critical need for enhanced security testing in widely deployed third-party WordPress extensions to mitigate widespread exploitation risks.

Top products by bPlugins: bSlider – Create Responsive Image, Post, Product, and Video Sliders B Blocks Button Block HTML5 Video Player – Embed and Play Videos in Custom Player Document Embedder – Embed PDFs, Word, Excel, and Other Files Info Cards Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Icon List Block Tiktok Feed B Slider Html5 Audio Player HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player PDF Poster bBlocks – Essential Gutenberg Blocks & Patterns Collection LightBox Block Media Player Addons for Elementor – Audio and Video Widgets for Elementor Block for Mailchimp – Add Email Subscription Forms and Collect Leads Voice Feedback Video Gallery Block Advanced scrollbar Carousel Block – Responsive Image and Content Carousel Image Gallery block – Create and display photo gallery/photo album. Counters Block Icon List Block – Add Icon-Based Lists with Custom Styles Parallax Section block Team Section Block – Showcase Team Members with Layout Options B Accordion All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) Info Cards – Add Text and Media in Card Layouts
CVE IDTitleCVSSSeverityPublished
CVE-2025-54694 WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability — Button BlockCWE-352 4.3 Medium2025-08-14
CVE-2025-8418 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-862 8.8 High2025-08-12
CVE-2025-8059 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function — bBlocks – Essential Gutenberg Blocks & Patterns CollectionCWE-862 9.8 Critical2025-08-12
CVE-2025-54051 WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability — LightBox BlockCWE-79 6.5 Medium2025-07-16
CVE-2025-27326 WordPress Video Gallery Block plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability — Video Gallery BlockCWE-79 6.5 Medium2025-07-04
CVE-2025-2579 Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Lottie Player – Add Interactive Lottie Animations with Block SupportCWE-79 6.4 Medium2025-04-24
CVE-2025-39524 WordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability — Html5 Audio PlayerCWE-80 6.5 Medium2025-04-16
CVE-2025-32173 WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability — B BlocksCWE-79 6.5 Medium2025-04-04
CVE-2024-13731 Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block — Alert Box Block – Display Custom Alerts and MessagesCWE-79 6.4 Medium2025-03-25
CVE-2025-26952 WordPress Business Card Block plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability — Business Card BlockCWE-79 6.5 Medium2025-02-25
CVE-2025-26949 WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability — Team Section BlockCWE-79 6.5 Medium2025-02-25
CVE-2025-26947 WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Services Section blockCWE-79 6.5 Medium2025-02-25
CVE-2025-26939 WordPress Counters Block plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability — Counters BlockCWE-79 6.5 Medium2025-02-25
CVE-2025-26945 WordPress Info Cards plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability — Info CardsCWE-79 6.5 Medium2025-02-25
CVE-2025-26937 WordPress Icon List Block plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — Icon List BlockCWE-79 6.5 Medium2025-02-25
CVE-2025-26938 WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability — Countdown TimerCWE-79 6.5 Medium2025-02-25
CVE-2025-26881 WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Sticky ContentCWE-79 6.5 Medium2025-02-25
CVE-2025-26883 WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability — Animated Text BlockCWE-862 6.5 Medium2025-02-24
CVE-2025-26754 WordPress Timeline Block plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — Timeline BlockCWE-79 6.5 Medium2025-02-17
CVE-2025-22675 WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Alert Box Block – Display notice/alerts in the front endCWE-79 6.5 Medium2025-02-04
CVE-2024-13514 B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-284 4.3 Medium2025-02-04
CVE-2025-24595 WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — All Embed – Elementor AddonsCWE-79 6.5 Medium2025-01-24
CVE-2025-22787 WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability — Button BlockCWE-862 4.3 Medium2025-01-15
CVE-2024-13156 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter — HTML5 Video Player – Embed and Play Videos in Custom PlayerCWE-79 6.4 Medium2025-01-14
CVE-2025-22815 WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — Button BlockCWE-79 6.5 Medium2025-01-09
CVE-2024-12560 Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication — Button Block – Design Stylish, Interactive, and Multi-Functional ButtonsCWE-200 4.3 Medium2024-12-19
CVE-2024-11882 FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.CWE-79 6.4 Medium2024-12-12
CVE-2024-11880 B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — B Testimonial – Customer Testimonials in Custom LayoutsCWE-79 6.4 Medium2024-12-04
CVE-2024-10666 Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure — Feeds for Twitter – Embed Social Media Posts with Live UpdatesCWE-639 4.3 Medium2024-11-22
CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure — Button Block – Design Stylish, Interactive, and Multi-Functional ButtonsCWE-639 4.3 Medium2024-11-21

This page lists every published CVE security advisory associated with bPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.