Browse all 11 CVE security advisories affecting pluginbuilders. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pluginbuilders develops WordPress plugins primarily for enhancing website functionality and user engagement. Historically, their plugins have been vulnerable to multiple security issues, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The 11 CVEs attributed to their products highlight recurring security flaws, particularly in how they handle user data and permissions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in their development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-4954 | Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting — Waiting: One-click countdownsCWE-79 | 5.5 | Medium | 2023-10-20 |
| CVE-2023-4000 | Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery — Waiting: One-click countdownsCWE-352 | 6.3 | Medium | 2023-08-31 |
| CVE-2023-3999 | Waiting: One-click countdowns <= 0.6.2 - Missing Authorization — Waiting: One-click countdownsCWE-862 | 6.3 | Medium | 2023-08-31 |
| CVE-2023-2757 | Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting — Waiting: One-click countdownsCWE-862 | 7.4 | High | 2023-05-18 |
This page lists every published CVE security advisory associated with pluginbuilders. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.