Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pickplugins — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting pickplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PickPlugins operates as a software vendor specializing in WordPress plugins, primarily targeting e-commerce and digital product management. With seventy confirmed Common Vulnerabilities and Exposures (CVEs) on record, the company’s portfolio exhibits a significant history of security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from inadequate input validation and insufficient sanitization of user-supplied data. Additionally, several incidents involve broken access control and privilege escalation, allowing unauthorized users to manipulate administrative functions or access sensitive database information. These flaws frequently arise from legacy codebases that have not been rigorously updated to meet modern security standards. The high volume of disclosed CVEs suggests systemic issues in the development lifecycle, highlighting a critical need for comprehensive security audits and stricter adherence to secure coding practices to mitigate widespread exploitation risks across its installed base.

Top products by pickplugins: Post Grid Job Board Manager Post Grid and Gutenberg Blocks Wishlist Accordion Question Answer Testimonial Slider User Verification by PickPlugins Product Designer Mail Picker PickPlugins Product Designer for WooCommerce Team Showcase Product Slider for WooCommerce Post Grid and Gutenberg Blocks – ComboBlocks User Verification PickPlugins Pricing Table Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins Related Posts By PickPlugins ComboBlocks Tabs & Accordion Accordions User profile Related Post Post Grid Combo – 36+ Gutenberg Blocks PickPlugins Product Slider for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure — Post GridCWE-200 5.3 Medium2025-02-28
CVE-2025-26915 WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability — WishlistCWE-89 8.5 High2025-02-25
CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation — Post GridCWE-20 5.3 Medium2025-02-22
CVE-2025-22679 WordPress Job Board Manager Plugin <= 2.1.61 - Reflected Cross Site Scripting (XSS) vulnerability — Job Board ManagerCWE-79 7.1 High2025-02-03
CVE-2025-24622 WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability — Job Board ManagerCWE-352 5.4 Medium2025-01-24
CVE-2024-9636 Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation — Post Grid and Gutenberg Blocks – ComboBlocksCWE-269 9.8 Critical2025-01-15
CVE-2024-55993 WordPress Job Board Manager plugin <= 2.1.61 - Broken Access Control vulnerability — Job Board ManagerCWE-862 5.3 Medium2024-12-16
CVE-2024-54273 WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability — Mail PickerCWE-502 9.8 Critical2024-12-13
CVE-2024-10937 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure — Related Posts By PickPluginsCWE-284 5.3 Medium2024-12-05
CVE-2024-53772 WordPress Mail Picker plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability — Mail PickerCWE-79 6.5 Medium2024-11-30
CVE-2024-9111 Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — PickPlugins Product Designer for WooCommerceCWE-79 6.4 Medium2024-11-21
CVE-2024-38726 WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability — Product DesignerCWE-862 7.5 High2024-11-01
CVE-2024-50432 WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79 6.5 Medium2024-10-28
CVE-2021-4450 Post Grid <= 2.1.12 - Contributor+ SQL Injection — Post GridCWE-89 8.8 High2024-10-16
CVE-2024-47340 WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79 6.5 Medium2024-10-06
CVE-2024-47342 WordPress Accordion plugin <= 2.2.99 - Cross Site Scripting (XSS) vulnerability — AccordionCWE-79 6.5 Medium2024-10-06
CVE-2024-44002 WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79 7.1 High2024-09-17
CVE-2024-45459 WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability — Product Slider for WooCommerceCWE-79 7.1 High2024-09-15
CVE-2024-8253 Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation — Post Grid and Gutenberg BlocksCWE-266 8.8 High2024-09-11
CVE-2024-43321 WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79 6.5 Medium2024-08-18
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block — Post GridCWE-79 6.4 Medium2024-08-14
CVE-2024-43155 WordPress ComboBlocks plugin <= 2.2.86 - Cross Site Scripting (XSS) vulnerability — ComboBlocksCWE-79 6.5 Medium2024-08-12
CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget — Post GridCWE-79 6.4 Medium2024-08-01
CVE-2024-38722 WordPress Job Board Manager plugin <= 2.1.57 - Cross Site Scripting (XSS) vulnerability — Job Board ManagerCWE-79 6.5 Medium2024-07-20
CVE-2024-3608 Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — PickPlugins Product Designer for WooCommerceCWE-862 5.3 Medium2024-07-09
CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute — Post GridCWE-79 6.4 Medium2024-06-07
CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-06-07
CVE-2023-40557 WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability — Tabs & AccordionCWE-80 5.4 Medium2024-06-04
CVE-2024-3155 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-05-21
CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability — Post GridCWE-200 7.5 High2024-04-24

This page lists every published CVE security advisory associated with pickplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.