Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pickplugins — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting pickplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PickPlugins operates as a software vendor specializing in WordPress plugins, primarily targeting e-commerce and digital product management. With seventy confirmed Common Vulnerabilities and Exposures (CVEs) on record, the company’s portfolio exhibits a significant history of security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from inadequate input validation and insufficient sanitization of user-supplied data. Additionally, several incidents involve broken access control and privilege escalation, allowing unauthorized users to manipulate administrative functions or access sensitive database information. These flaws frequently arise from legacy codebases that have not been rigorously updated to meet modern security standards. The high volume of disclosed CVEs suggests systemic issues in the development lifecycle, highlighting a critical need for comprehensive security audits and stricter adherence to secure coding practices to mitigate widespread exploitation risks across its installed base.

Top products by pickplugins: Post Grid Job Board Manager Post Grid and Gutenberg Blocks Wishlist Accordion Question Answer Testimonial Slider User Verification by PickPlugins Product Designer Mail Picker PickPlugins Product Designer for WooCommerce Team Showcase Product Slider for WooCommerce Post Grid and Gutenberg Blocks – ComboBlocks User Verification PickPlugins Pricing Table Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins Related Posts By PickPlugins ComboBlocks Tabs & Accordion Accordions User profile Related Post Post Grid Combo – 36+ Gutenberg Blocks PickPlugins Product Slider for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-7458 User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint — User Verification by PickPluginsCWE-288 9.8 Critical2026-05-02
CVE-2026-32497 WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability — User VerificationCWE-1390 5.3 Medium2026-03-25
CVE-2026-25455 WordPress Product Slider for WooCommerce plugin <= 1.13.61 - Broken Access Control vulnerability — Product Slider for WooCommerceCWE-862 6.5 Medium2026-03-25
CVE-2025-68000 WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability — Testimonial SliderCWE-862 6.5 Medium2026-02-20
CVE-2025-68605 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79 6.5 Medium2025-12-24
CVE-2025-63043 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDOR) vulnerability — Post Grid and Gutenberg BlocksCWE-639 5.3 Medium2025-12-18
CVE-2025-66058 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability — Post Grid and Gutenberg BlocksCWE-862 6.5 Medium2025-12-18
CVE-2025-12374 Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover — User Verification by PickPluginsCWE-287 9.8 Critical2025-12-05
CVE-2025-62929 WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability — Testimonial SliderCWE-862 6.5 Medium2025-10-27
CVE-2025-62924 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability — Post Grid and Gutenberg BlocksCWE-862 6.5 Medium2025-10-27
CVE-2025-53421 WordPress Accordion plugin <= 2.3.14 - Broken Access Control vulnerability — AccordionCWE-862 6.5 Medium2025-10-22
CVE-2025-60162 WordPress Job Board Manager Plugin <= 2.1.61 - Cross Site Scripting (XSS) Vulnerability — Job Board ManagerCWE-79 6.5 Medium2025-09-26
CVE-2025-58678 WordPress Accordion Plugin <= 2.3.15 - Broken Access Control Vulnerability — AccordionCWE-862 6.5 Medium2025-09-22
CVE-2025-58827 WordPress Job Board Manager Plugin <= 2.1.61 - Content Injection Vulnerability — Job Board ManagerCWE-94 3.8 Low2025-09-05
CVE-2025-54007 WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability — Post Grid and Gutenberg BlocksCWE-502 8.8 High2025-08-20
CVE-2025-49324 WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control Vulnerability — Job Board ManagerCWE-862 5.3 Medium2025-06-06
CVE-2025-49075 WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability — WishlistCWE-79 6.5 Medium2025-06-06
CVE-2025-24655 WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability — WishlistCWE-79 7.1 High2025-04-17
CVE-2025-32646 WordPress Question Answer plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability — Question AnswerCWE-79 7.1 High2025-04-17
CVE-2025-32647 WordPress Question Answer plugin <= 1.2.73 - PHP Object Injection vulnerability — Question AnswerCWE-502 8.8 High2025-04-17
CVE-2025-32618 WordPress Wishlist plugin <= 1.0.46 - SQL Injection vulnerability — WishlistCWE-89 8.5 High2025-04-11
CVE-2025-32144 WordPress Job Board Manager Plugin <= 2.1.61 - PHP Object Injection vulnerability — Job Board ManagerCWE-502 8.8 High2025-04-11
CVE-2025-32143 WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability — AccordionCWE-502 8.8 High2025-04-11
CVE-2025-32272 WordPress Wishlist plugin <= 1.0.46 - Cross Site Request Forgery (CSRF) vulnerability — WishlistCWE-352 4.3 Medium2025-04-04
CVE-2025-30889 WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability — Testimonial SliderCWE-502 8.8 High2025-04-03
CVE-2025-31862 WordPress Job Board Manager Plugin <= 2.1.61 - Broken Access Control vulnerability — Job Board ManagerCWE-862 5.3 Medium2025-04-01
CVE-2025-31810 WordPress Question Answer plugin <= 1.2.73 - Broken Access Control vulnerability — Question AnswerCWE-862 5.3 Medium2025-04-01
CVE-2024-12634 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPluginsCWE-352 6.1 Medium2025-03-07
CVE-2024-12809 Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting — WishlistCWE-79 6.4 Medium2025-03-07
CVE-2024-13469 Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — PickPlugins Pricing TableCWE-79 6.4 Medium2025-02-28

This page lists every published CVE security advisory associated with pickplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.