bplugins — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting bplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products bplugins:bSlider – Create Responsive Image, Post, Product, and Video Sliders B Blocks Button Block HTML5 Video Player – Embed and Play Videos in Custom Player Document Embedder – Embed PDFs, Word, Excel, and Other Files Tiktok Feed Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Info Cards Icon List Block B Slider Html5 Audio Player HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player bBlocks – Essential Gutenberg Blocks & Patterns Collection LightBox Block Video Gallery Block Media Player Addons for Elementor – Audio and Video Widgets for Elementor Block for Mailchimp – Add Email Subscription Forms and Collect Leads Voice Feedback Lottie Player – Add Interactive Lottie Animations with Block Support Image Gallery block – Create and display photo gallery/photo album.Carousel Block – Responsive Image and Content Carousel Counters Block Advanced scrollbar Icon List Block – Add Icon-Based Lists with Custom Styles Parallax Section block Team Section Block – Showcase Team Members with Layout Options B Accordion All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)PDF Poster

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-8059	B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function — bBlocks – Essential Gutenberg Blocks & Patterns CollectionCWE-862	9.8	Critical	2025-08-12
CVE-2025-54051	WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability — LightBox BlockCWE-79	6.5	Medium	2025-07-16
CVE-2025-27326	WordPress Video Gallery Block plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability — Video Gallery BlockCWE-79	6.5	Medium	2025-07-04
CVE-2025-2579	Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Lottie Player – Add Interactive Lottie Animations with Block SupportCWE-79	6.4	Medium	2025-04-24
CVE-2025-39524	WordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability — Html5 Audio PlayerCWE-80	6.5	Medium	2025-04-16
CVE-2025-32173	WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability — B BlocksCWE-79	6.5	Medium	2025-04-04
CVE-2024-13731	Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block — Alert Box Block – Display Custom Alerts and MessagesCWE-79	6.4	Medium	2025-03-25
CVE-2025-26952	WordPress Business Card Block plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability — Business Card BlockCWE-79	6.5	Medium	2025-02-25
CVE-2025-26949	WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability — Team Section BlockCWE-79	6.5	Medium	2025-02-25
CVE-2025-26947	WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Services Section blockCWE-79	6.5	Medium	2025-02-25
CVE-2025-26939	WordPress Counters Block plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability — Counters BlockCWE-79	6.5	Medium	2025-02-25
CVE-2025-26945	WordPress Info Cards plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability — Info CardsCWE-79	6.5	Medium	2025-02-25
CVE-2025-26938	WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability — Countdown TimerCWE-79	6.5	Medium	2025-02-25
CVE-2025-26937	WordPress Icon List Block plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — Icon List BlockCWE-79	6.5	Medium	2025-02-25
CVE-2025-26881	WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Sticky ContentCWE-79	6.5	Medium	2025-02-25
CVE-2025-26883	WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability — Animated Text BlockCWE-862	6.5	Medium	2025-02-24
CVE-2025-26754	WordPress Timeline Block plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — Timeline BlockCWE-79	6.5	Medium	2025-02-17
CVE-2025-22675	WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Alert Box Block – Display notice/alerts in the front endCWE-79	6.5	Medium	2025-02-04
CVE-2024-13514	B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode — bSlider – Create Responsive Image, Post, Product, and Video SlidersCWE-284	4.3	Medium	2025-02-04
CVE-2025-24595	WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — All Embed – Elementor AddonsCWE-79	6.5	Medium	2025-01-24
CVE-2025-22787	WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability — Button BlockCWE-862	4.3	Medium	2025-01-15
CVE-2024-13156	HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter — HTML5 Video Player – Embed and Play Videos in Custom PlayerCWE-79	6.4	Medium	2025-01-14
CVE-2025-22815	WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — Button BlockCWE-79	6.5	Medium	2025-01-09
CVE-2024-12560	Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication — Button Block – Design Stylish, Interactive, and Multi-Functional ButtonsCWE-200	4.3	Medium	2024-12-19
CVE-2024-11882	FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.CWE-79	6.4	Medium	2024-12-12
CVE-2024-11880	B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — B Testimonial – Customer Testimonials in Custom LayoutsCWE-79	6.4	Medium	2024-12-04
CVE-2024-10666	Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure — Feeds for Twitter – Embed Social Media Posts with Live UpdatesCWE-639	4.3	Medium	2024-11-22
CVE-2024-10671	Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure — Button Block – Design Stylish, Interactive, and Multi-Functional ButtonsCWE-639	4.3	Medium	2024-11-21
CVE-2024-10667	Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure — Content Slider Block – Slide Through Text or Media ContentCWE-639	4.3	Medium	2024-11-09
CVE-2024-10669	Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure — Countdown Timer Block – Animated Countdown for Events or LaunchesCWE-639	4.3	Medium	2024-11-09

This page lists every published CVE security advisory associated with bplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

bplugins — Vulnerabilities & Security Advisories 71