Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bPlugins — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting bPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by bPlugins:bSlider – Create Responsive Image, Post, Product, and Video SlidersB BlocksButton BlockHTML5 Video Player – Embed and Play Videos in Custom PlayerDocument Embedder – Embed PDFs, Word, Excel, and Other FilesTiktok FeedButton Block – Design Stylish, Interactive, and Multi-Functional ButtonsInfo CardsIcon List BlockB SliderHtml5 Audio PlayerHTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio PlayerbBlocks – Essential Gutenberg Blocks & Patterns CollectionLightBox BlockVideo Gallery BlockMedia Player Addons for Elementor – Audio and Video Widgets for ElementorBlock for Mailchimp – Add Email Subscription Forms and Collect LeadsVoice FeedbackLottie Player – Add Interactive Lottie Animations with Block SupportImage Gallery block – Create and display photo gallery/photo album.Carousel Block – Responsive Image and Content CarouselCounters BlockAdvanced scrollbarIcon List Block – Add Icon-Based Lists with Custom StylesParallax Section blockTeam Section Block – Showcase Team Members with Layout OptionsB AccordionAll In One Image Viewer Block – Gutenberg block to create image viewer with hyperlinkTimeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)PDF Poster
CVE IDTitleCVSSSeverityPublished
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability — 3D viewer – Embed 3D ModelsCWE-862 9.1 -2026-04-15
CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability — B BlocksCWE-862 8.1 -2026-03-25
CVE-2026-4120 Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Info Cards – Add Text and Media in Card LayoutsCWE-79 6.4 Medium2026-03-19
CVE-2026-32416 WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability — PDF PosterCWE-862 8.1 -2026-03-13
CVE-2026-32359 WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — Icon List BlockCWE-79 5.4 -2026-03-13
CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute — Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)CWE-639 4.3 Medium2026-02-06
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint — All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlinkCWE-918 7.2 High2026-02-05
CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion — Document Embedder – Embed PDFs, Word, Excel, and Other FilesCWE-639 4.3 Medium2026-01-28
CVE-2026-24565 WordPress B Accordion plugin <= 2.0.2 - Sensitive Data Exposure vulnerability — B AccordionCWE-201 6.2 -2026-01-23
CVE-2026-24383 WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability — B SliderCWE-79 6.1AIMediumAI2026-01-22
CVE-2026-0833 Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link — Team Section Block – Showcase Team Members with Layout OptionsCWE-79 6.4 Medium2026-01-17
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery — HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio PlayerCWE-918 7.2 High2025-12-19
CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability — Parallax Section blockCWE-862 7.1 High2025-12-18
CVE-2025-66110 WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability — Tiktok FeedCWE-862 5.3 Medium2025-11-21
CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery — Icon List Block – Add Icon-Based Lists with Custom StylesCWE-918 6.4 Medium2025-11-18
CVE-2025-54711 WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability — Info CardsCWE-862 7.1 High2025-11-06
CVE-2025-49900 WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability — Advanced scrollbarCWE-266 8.8 -2025-11-06
CVE-2025-49394 WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerability — Image Gallery block – Create and display photo gallery/photo album.CWE-862 7.1 High2025-11-06
CVE-2025-12384 Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation — Document Embedder – Embed PDFs, Word, Excel, and Other FilesCWE-862 8.6 High2025-11-05
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery — Carousel Block – Responsive Image and Content CarouselCWE-918 6.4 Medium2025-11-05
CVE-2025-62007 WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability — Voice FeedbackCWE-266 8.8AIHighAI2025-10-22
CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery — Block for Mailchimp – Add Email Subscription Forms and Collect LeadsCWE-918 4.0 Medium2025-10-01
CVE-2025-9203 Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields — Media Player Addons for Elementor – Audio and Video Widgets for ElementorCWE-79 6.4 Medium2025-09-17
CVE-2025-54734 WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability — B SliderCWE-862 5.8 Medium2025-08-28
CVE-2025-54710 WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability — Tiktok FeedCWE-862 7.1 High2025-08-28
CVE-2025-8676 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-200 4.3 Medium2025-08-15
CVE-2025-8680 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-918 4.3 Medium2025-08-15
CVE-2025-54708 WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability — B BlocksCWE-79 6.5 Medium2025-08-14
CVE-2025-54694 WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability — Button BlockCWE-352 4.3 Medium2025-08-14
CVE-2025-8418 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-862 8.8 High2025-08-12

This page lists every published CVE security advisory associated with bPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.