PickPlugins — Vulnerabilities & Security Advisories 69

Browse all 69 CVE security advisories affecting PickPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-26915	WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability — WishlistCWE-89	8.5	High	2025-02-25
CVE-2024-13798	Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation — Post GridCWE-20	5.3	Medium	2025-02-22
CVE-2025-22679	WordPress Job Board Manager Plugin <= 2.1.61 - Reflected Cross Site Scripting (XSS) vulnerability — Job Board ManagerCWE-79	7.1	High	2025-02-03
CVE-2025-24622	WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability — Job Board ManagerCWE-352	5.4	Medium	2025-01-24
CVE-2024-9636	Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation — Post Grid and Gutenberg Blocks – ComboBlocksCWE-269	9.8	Critical	2025-01-15
CVE-2024-55993	WordPress Job Board Manager plugin <= 2.1.61 - Broken Access Control vulnerability — Job Board ManagerCWE-862	5.3	Medium	2024-12-16
CVE-2024-54273	WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability — Mail PickerCWE-502	9.8	Critical	2024-12-13
CVE-2024-10937	Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure — Related Posts By PickPluginsCWE-284	5.3	Medium	2024-12-05
CVE-2024-53772	WordPress Mail Picker plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability — Mail PickerCWE-79	6.5	Medium	2024-11-30
CVE-2024-9111	Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — PickPlugins Product Designer for WooCommerceCWE-79	6.4	Medium	2024-11-21
CVE-2024-38726	WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability — Product DesignerCWE-862	7.5	High	2024-11-01
CVE-2024-50432	WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79	6.5	Medium	2024-10-28
CVE-2021-4450	Post Grid <= 2.1.12 - Contributor+ SQL Injection — Post GridCWE-89	8.8	High	2024-10-16
CVE-2024-47340	WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability — Post Grid and Gutenberg BlocksCWE-79	6.5	Medium	2024-10-06
CVE-2024-47342	WordPress Accordion plugin <= 2.2.99 - Cross Site Scripting (XSS) vulnerability — AccordionCWE-79	6.5	Medium	2024-10-06
CVE-2024-44002	WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79	7.1	High	2024-09-17
CVE-2024-45459	WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability — Product Slider for WooCommerceCWE-79	7.1	High	2024-09-15
CVE-2024-8253	Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation — Post Grid and Gutenberg BlocksCWE-266	8.8	High	2024-09-11
CVE-2024-43321	WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79	6.5	Medium	2024-08-18
CVE-2024-7588	Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block — Post GridCWE-79	6.4	Medium	2024-08-14
CVE-2024-43155	WordPress ComboBlocks plugin <= 2.2.86 - Cross Site Scripting (XSS) vulnerability — ComboBlocksCWE-79	6.5	Medium	2024-08-12
CVE-2024-6346	Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget — Post GridCWE-79	6.4	Medium	2024-08-01
CVE-2024-38722	WordPress Job Board Manager plugin <= 2.1.57 - Cross Site Scripting (XSS) vulnerability — Job Board ManagerCWE-79	6.5	Medium	2024-07-20
CVE-2024-3608	Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — PickPlugins Product Designer for WooCommerceCWE-862	5.3	Medium	2024-07-09
CVE-2024-4042	Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute — Post GridCWE-79	6.4	Medium	2024-06-07
CVE-2024-1988	Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79	6.4	Medium	2024-06-07
CVE-2023-40557	WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability — Tabs & AccordionCWE-80	5.4	Medium	2024-06-04
CVE-2024-3155	Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post GridCWE-79	6.4	Medium	2024-05-21
CVE-2024-32816	WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability — Post GridCWE-200	7.5	High	2024-04-24
CVE-2024-1641	Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication — AccordionsCWE-862	5.4	Medium	2024-04-09

This page lists every published CVE security advisory associated with PickPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

PickPlugins — Vulnerabilities & Security Advisories 69