Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bplugins — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting bplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

bplugins operates as a software development firm specializing in WordPress plugins, primarily focusing on e-commerce solutions and digital product management. Its extensive portfolio has resulted in a significant security footprint, with seventy-two Common Vulnerabilities and Exposures (CVEs) currently documented. Historically, the most prevalent vulnerability classes affecting its products include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. These flaws frequently allow unauthenticated attackers to execute arbitrary code or escalate privileges within compromised WordPress installations. While the company generally responds to disclosed issues, the high volume of historical incidents highlights systemic challenges in maintaining rigorous code review processes across its diverse plugin ecosystem. This pattern underscores the critical need for enhanced security testing in widely deployed third-party WordPress extensions to mitigate widespread exploitation risks.

Top products by bplugins: bSlider – Create Responsive Image, Post, Product, and Video Sliders B Blocks Button Block HTML5 Video Player – Embed and Play Videos in Custom Player Document Embedder – Embed PDFs, Word, Excel, and Other Files Info Cards Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Icon List Block Tiktok Feed B Slider Html5 Audio Player HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player PDF Poster bBlocks – Essential Gutenberg Blocks & Patterns Collection LightBox Block Media Player Addons for Elementor – Audio and Video Widgets for Elementor Block for Mailchimp – Add Email Subscription Forms and Collect Leads Voice Feedback Video Gallery Block Advanced scrollbar Carousel Block – Responsive Image and Content Carousel Image Gallery block – Create and display photo gallery/photo album. Counters Block Icon List Block – Add Icon-Based Lists with Custom Styles Parallax Section block Team Section Block – Showcase Team Members with Layout Options B Accordion All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) Info Cards – Add Text and Media in Card Layouts
CVE IDTitleCVSSSeverityPublished
CVE-2024-10667 Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure — Content Slider Block – Slide Through Text or Media ContentCWE-639 4.3 Medium2024-11-09
CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure — Countdown Timer Block – Animated Countdown for Events or LaunchesCWE-639 4.3 Medium2024-11-09
CVE-2024-47631 WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability — Logo Carousel – Clients logo carousel for WPCWE-79 6.5 Medium2024-10-05
CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler — HTML5 Video Player – Embed and Play Videos in Custom PlayerCWE-862 5.3 Medium2024-09-11
CVE-2024-7721 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — HTML5 Video Player – Embed and Play Videos in Custom PlayerCWE-862 4.3 Medium2024-09-11
CVE-2024-43148 WordPress StreamCast <= 2.2.3 - Stored Cross Site Scripting (XSS) vulnerability — StreamCastCWE-79 5.9 Medium2024-08-12
CVE-2024-37445 WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability — Html5 Audio PlayerCWE-79 6.5 Medium2024-07-22
CVE-2024-4398 HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio PlayerCWE-79 6.4 Medium2024-05-10
CVE-2024-0908 Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure — Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and FiltersCWE-862 5.3 Medium2024-05-02
CVE-2024-30432 WordPress B Slider plugin <= 1.1.12 - Cross Site Scripting (XSS) vulnerability — B Slider - Slider for your block editorCWE-79 6.5 Medium2024-03-29
CVE-2024-30438 WordPress Print Page block plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability — Print Page blockCWE-79 6.5 Medium2024-03-29
CVE-2024-23508 WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS) — PDF Poster – PDF Embedder Plugin for WordPressCWE-79 7.1 High2024-01-31
CVE-2023-5860 Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload — Icons Font Loader – Load Web Fonts and Icon LibrariesCWE-434 7.2 High2023-11-02

This page lists every published CVE security advisory associated with bplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.