Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

bplugins — Vulnerabilities & Security Advisories 80

Browse all 80 CVE security advisories affecting bplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

bplugins operates as a software development firm specializing in WordPress plugins, primarily focusing on e-commerce solutions and digital product management. Its extensive portfolio has resulted in a significant security footprint, with seventy-two Common Vulnerabilities and Exposures (CVEs) currently documented. Historically, the most prevalent vulnerability classes affecting its products include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. These flaws frequently allow unauthenticated attackers to execute arbitrary code or escalate privileges within compromised WordPress installations. While the company generally responds to disclosed issues, the high volume of historical incidents highlights systemic challenges in maintaining rigorous code review processes across its diverse plugin ecosystem. This pattern underscores the critical need for enhanced security testing in widely deployed third-party WordPress extensions to mitigate widespread exploitation risks.

CVE IDTitleCVSSSeverityPublished
CVE-2026-57647 WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability — Panorama Viewer – 360 Degree Image + Video ViewerCWE-98 7.5 High2026-06-26
CVE-2026-57323 WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability — Flash & HTML5 VideoCWE-862 5.8 Medium2026-06-26
CVE-2026-56063 WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability — MailChimp BlockCWE-862 8.3 High2026-06-26
CVE-2026-11402 Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute — Services Section Block – Showcase Service Details in Grid or ColumnsCWE-79 6.4 Medium2026-06-18
CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability — B BlocksCWE-266 8.8 High2026-06-15
CVE-2026-53736 Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action — Easy Twitter FeedsCWE-352 4.3 Medium2026-06-10
CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability — Tiktok FeedCWE-862 4.3 Medium2026-05-26
CVE-2026-27416 WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability — PDF PosterCWE-862 5.3 Medium2026-05-07
CVE-2026-6446 My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action — My Social Feeds – Social Feeds Embedder Plugin for WordPressCWE-522 5.4 Medium2026-05-02
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability — 3D viewer – Embed 3D ModelsCWE-862 4.3 Medium2026-04-15
CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability — B BlocksCWE-862 6.5 Medium2026-03-25
CVE-2026-4120 Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Info Cards – Add Text and Media in Card LayoutsCWE-79 6.4 Medium2026-03-19
CVE-2026-32416 WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability — PDF PosterCWE-862 5.4 Medium2026-03-13
CVE-2026-32359 WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — Icon List BlockCWE-79 6.5 Medium2026-03-13
CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute — Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)CWE-639 4.3 Medium2026-02-06
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint — All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlinkCWE-918 7.2 High2026-02-05
CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion — Document Embedder – Embed PDFs, Word, Excel, and Other FilesCWE-639 4.3 Medium2026-01-28
CVE-2026-24565 WordPress B Accordion plugin <= 2.0.2 - Sensitive Data Exposure vulnerability — B AccordionCWE-201 6.5 Medium2026-01-23
CVE-2026-24383 WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability — B SliderCWE-79 6.5 Medium2026-01-22
CVE-2026-0833 Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link — Team Section Block – Showcase Team Members with Layout OptionsCWE-79 6.4 Medium2026-01-17
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery — HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio PlayerCWE-918 7.2 High2025-12-19
CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability — Parallax Section blockCWE-862 7.1 High2025-12-18
CVE-2025-66110 WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability — Tiktok FeedCWE-862 5.3 Medium2025-11-21
CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery — Icon List Block – Add Icon-Based Lists with Custom StylesCWE-918 6.4 Medium2025-11-18
CVE-2025-54711 WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability — Info CardsCWE-862 7.1 High2025-11-06
CVE-2025-49900 WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability — Advanced scrollbarCWE-266 8.8 High2025-11-06
CVE-2025-49394 WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerability — Image Gallery block – Create and display photo gallery/photo album.CWE-862 7.1 High2025-11-06
CVE-2025-12384 Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation — Document Embedder – Embed PDFs, Word, Excel, and Other FilesCWE-862 8.6 High2025-11-05
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery — Carousel Block – Responsive Image and Content CarouselCWE-918 6.4 Medium2025-11-05
CVE-2025-62007 WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability — Voice FeedbackCWE-266 8.8 High2025-10-22

This page lists every published CVE security advisory associated with bplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.