pluginbuilders — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting pluginbuilders. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pluginbuilders develops WordPress plugins primarily for enhancing website functionality and user engagement. Historically, their plugins have been vulnerable to multiple security issues, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The 11 CVEs attributed to their products highlight recurring security flaws, particularly in how they handle user data and permissions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in their development lifecycle.

Top products by pluginbuilders: YourChannel: Everything you want in a YouTube plugin. Waiting: One-click countdowns

CVEs 11

CVE ID	Title	CVSS	Severity	Published
CVE-2022-4954	Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting — Waiting: One-click countdownsCWE-79	5.5	Medium	2023-10-20
CVE-2023-4000	Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery — Waiting: One-click countdownsCWE-352	6.3	Medium	2023-08-31
CVE-2023-3999	Waiting: One-click countdowns <= 0.6.2 - Missing Authorization — Waiting: One-click countdownsCWE-862	6.3	Medium	2023-08-31
CVE-2023-2757	Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting — Waiting: One-click countdownsCWE-862	7.4	High	2023-05-18
CVE-2023-1871	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset — YourChannel: Everything you want in a YouTube plugin.CWE-352	5.4	Medium	2023-04-05
CVE-2023-1870	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update — YourChannel: Everything you want in a YouTube plugin.CWE-352	4.3	Medium	2023-04-05
CVE-2023-1869	YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting — YourChannel: Everything you want in a YouTube plugin.CWE-79	5.5	Medium	2023-04-05
CVE-2023-1868	YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset — YourChannel: Everything you want in a YouTube plugin.CWE-862	6.5	Medium	2023-04-05
CVE-2023-1867	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change — YourChannel: Everything you want in a YouTube plugin.CWE-352	5.4	Medium	2023-04-05
CVE-2023-1866	YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset — YourChannel: Everything you want in a YouTube plugin.CWE-352	5.4	Medium	2023-04-05
CVE-2023-1865	YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset — YourChannel: Everything you want in a YouTube plugin.CWE-862	6.5	Medium	2023-04-05

This page lists every published CVE security advisory associated with pluginbuilders. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

pluginbuilders — Vulnerabilities & Security Advisories 11