Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bplugins — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting bplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

bplugins operates as a software development firm specializing in WordPress plugins, primarily focusing on e-commerce solutions and digital product management. Its extensive portfolio has resulted in a significant security footprint, with seventy-two Common Vulnerabilities and Exposures (CVEs) currently documented. Historically, the most prevalent vulnerability classes affecting its products include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. These flaws frequently allow unauthenticated attackers to execute arbitrary code or escalate privileges within compromised WordPress installations. While the company generally responds to disclosed issues, the high volume of historical incidents highlights systemic challenges in maintaining rigorous code review processes across its diverse plugin ecosystem. This pattern underscores the critical need for enhanced security testing in widely deployed third-party WordPress extensions to mitigate widespread exploitation risks.

Top products by bplugins: bSlider – Create Responsive Image, Post, Product, and Video Sliders B Blocks Button Block HTML5 Video Player – Embed and Play Videos in Custom Player Document Embedder – Embed PDFs, Word, Excel, and Other Files Info Cards Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Icon List Block Tiktok Feed B Slider Html5 Audio Player HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player PDF Poster bBlocks – Essential Gutenberg Blocks & Patterns Collection LightBox Block Media Player Addons for Elementor – Audio and Video Widgets for Elementor Block for Mailchimp – Add Email Subscription Forms and Collect Leads Voice Feedback Video Gallery Block Advanced scrollbar Carousel Block – Responsive Image and Content Carousel Image Gallery block – Create and display photo gallery/photo album. Counters Block Icon List Block – Add Icon-Based Lists with Custom Styles Parallax Section block Team Section Block – Showcase Team Members with Layout Options B Accordion All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) Info Cards – Add Text and Media in Card Layouts
CVE IDTitleCVSSSeverityPublished
CVE-2026-27416 WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability — PDF PosterCWE-862 5.3 Medium2026-05-07
CVE-2026-6446 My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action — My Social Feeds – Social Feeds Embedder Plugin for WordPressCWE-522 5.4 Medium2026-05-02
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability — 3D viewer – Embed 3D ModelsCWE-862 4.3 Medium2026-04-15
CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability — B BlocksCWE-862 6.5 Medium2026-03-25
CVE-2026-4120 Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Info Cards – Add Text and Media in Card LayoutsCWE-79 6.4 Medium2026-03-19
CVE-2026-32416 WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability — PDF PosterCWE-862 5.4 Medium2026-03-13
CVE-2026-32359 WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — Icon List BlockCWE-79 6.5 Medium2026-03-13
CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute — Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)CWE-639 4.3 Medium2026-02-06
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint — All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlinkCWE-918 7.2 High2026-02-05
CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion — Document Embedder – Embed PDFs, Word, Excel, and Other FilesCWE-639 4.3 Medium2026-01-28
CVE-2026-24565 WordPress B Accordion plugin <= 2.0.2 - Sensitive Data Exposure vulnerability — B AccordionCWE-201 6.5 Medium2026-01-23
CVE-2026-24383 WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability — B SliderCWE-79 6.5 Medium2026-01-22
CVE-2026-0833 Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link — Team Section Block – Showcase Team Members with Layout OptionsCWE-79 6.4 Medium2026-01-17
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery — HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio PlayerCWE-918 7.2 High2025-12-19
CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability — Parallax Section blockCWE-862 7.1 High2025-12-18
CVE-2025-66110 WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability — Tiktok FeedCWE-862 5.3 Medium2025-11-21
CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery — Icon List Block – Add Icon-Based Lists with Custom StylesCWE-918 6.4 Medium2025-11-18
CVE-2025-54711 WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability — Info CardsCWE-862 7.1 High2025-11-06
CVE-2025-49900 WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability — Advanced scrollbarCWE-266 8.8 High2025-11-06
CVE-2025-49394 WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerability — Image Gallery block – Create and display photo gallery/photo album.CWE-862 7.1 High2025-11-06
CVE-2025-12384 Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation — Document Embedder – Embed PDFs, Word, Excel, and Other FilesCWE-862 8.6 High2025-11-05
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery — Carousel Block – Responsive Image and Content CarouselCWE-918 6.4 Medium2025-11-05
CVE-2025-62007 WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability — Voice FeedbackCWE-266 8.8 High2025-10-22
CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery — Block for Mailchimp – Add Email Subscription Forms and Collect LeadsCWE-918 4.0 Medium2025-10-01
CVE-2025-9203 Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields — Media Player Addons for Elementor – Audio and Video Widgets for ElementorCWE-79 6.4 Medium2025-09-17
CVE-2025-54734 WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability — B SliderCWE-862 5.8 Medium2025-08-28
CVE-2025-54710 WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability — Tiktok FeedCWE-862 7.1 High2025-08-28
CVE-2025-8676 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-200 4.3 Medium2025-08-15
CVE-2025-8680 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-918 4.3 Medium2025-08-15
CVE-2025-54708 WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability — B BlocksCWE-79 6.5 Medium2025-08-14

This page lists every published CVE security advisory associated with bplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.