Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pickplugins — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting pickplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PickPlugins operates as a software vendor specializing in WordPress plugins, primarily targeting e-commerce and digital product management. With seventy confirmed Common Vulnerabilities and Exposures (CVEs) on record, the company’s portfolio exhibits a significant history of security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from inadequate input validation and insufficient sanitization of user-supplied data. Additionally, several incidents involve broken access control and privilege escalation, allowing unauthorized users to manipulate administrative functions or access sensitive database information. These flaws frequently arise from legacy codebases that have not been rigorously updated to meet modern security standards. The high volume of disclosed CVEs suggests systemic issues in the development lifecycle, highlighting a critical need for comprehensive security audits and stricter adherence to secure coding practices to mitigate widespread exploitation risks across its installed base.

Found 12 results / 70Clear Filters
Top products by pickplugins: Post Grid Job Board Manager Post Grid and Gutenberg Blocks Wishlist Accordion Question Answer Testimonial Slider User Verification by PickPlugins Product Designer Mail Picker PickPlugins Product Designer for WooCommerce Team Showcase Product Slider for WooCommerce Post Grid and Gutenberg Blocks – ComboBlocks User Verification PickPlugins Pricing Table Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins Related Posts By PickPlugins ComboBlocks Tabs & Accordion Accordions User profile Related Post Post Grid Combo – 36+ Gutenberg Blocks PickPlugins Product Slider for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure — Post GridCWE-200 5.3 Medium2025-02-28
CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation — Post GridCWE-20 5.3 Medium2025-02-22
CVE-2021-4450 Post Grid <= 2.1.12 - Contributor+ SQL Injection — Post GridCWE-89 8.8 High2024-10-16
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block — Post GridCWE-79 6.4 Medium2024-08-14
CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget — Post GridCWE-79 6.4 Medium2024-08-01
CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute — Post GridCWE-79 6.4 Medium2024-06-07
CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-06-07
CVE-2024-3155 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-05-21
CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability — Post GridCWE-200 7.5 High2024-04-24
CVE-2024-30441 WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability — Post GridCWE-79 7.1 High2024-03-29
CVE-2023-7072 Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint — Post GridCWE-202 7.5 High2024-03-12
CVE-2023-6645 Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting — Post GridCWE-79 6.4 Medium2024-01-11

This page lists every published CVE security advisory associated with pickplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.