Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pixelgrade — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting pixelgrade. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PixelGrade develops WordPress themes and website building tools for creating professional websites. Historically, the product has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. With 18 CVEs on record, common weaknesses have involved insufficient input validation, improper access controls, and insecure deserialization. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations. Users are advised to maintain current versions and implement security best practices to mitigate potential exploitation risks.

Top products by pixelgrade: Category Icon Comments Ratings PixFields PixTypes Nova Blocks Customify – Intuitive Website Styling Nova Blocks by Pixelgrade PixProof Open Hours – Easy Opening Hours Style Manager
CVE IDTitleCVSSSeverityPublished
CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability — Nova BlocksCWE-79 6.5 Medium2026-01-23
CVE-2025-68525 WordPress Category Icon plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability — Category IconCWE-79 5.9 Medium2025-12-24
CVE-2025-31039 WordPress Category Icon plugin <= 1.0.3 - XML External Entity (XXE) vulnerability — Category IconCWE-611 9.1 Critical2025-06-09
CVE-2025-39425 WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Style ManagerCWE-352 4.3 Medium2025-04-17
CVE-2025-31825 WordPress Category Icon plugin <= 1.0.1 - Arbitrary File Download vulnerability — Category IconCWE-22 4.9 Medium2025-04-03
CVE-2025-31819 WordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability — Nova BlocksCWE-79 6.5 Medium2025-04-01
CVE-2024-12813 Open Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Open Hours – Easy Opening HoursCWE-79 6.4 Medium2025-02-18
CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability — PixProofCWE-862 5.3 Medium2024-12-16
CVE-2024-8915 Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Category IconCWE-79 6.4 Medium2024-10-12
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute — Nova Blocks by PixelgradeCWE-79 6.4 Medium2024-09-10
CVE-2023-27633 WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF) — Customify – Intuitive Website StylingCWE-352 4.3 Medium2023-11-22
CVE-2023-23702 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) — Comments RatingsCWE-79 5.9 Medium2023-11-06
CVE-2023-45655 WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF) — PixFieldsCWE-352 4.3 Medium2023-10-16
CVE-2023-45654 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF) — Comments RatingsCWE-352 4.3 Medium2023-10-16
CVE-2023-40205 WordPress PixTypes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS) — PixTypesCWE-79 7.1 High2023-09-04
CVE-2023-23704 WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) — Comments RatingsCWE-352 4.3 Medium2023-07-11
CVE-2023-25487 WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF) — PixTypesCWE-352 4.3 Medium2023-07-11
CVE-2022-46844 WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Scripting (XSS) — PixFieldsCWE-79 6.5 Medium2023-05-09

This page lists every published CVE security advisory associated with pixelgrade. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.