Vendor CVEs
Pickplugins
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54007 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.11. | ||
| CVE-2025-30889 | Hig | 0.57 | 8.8 | 0.00 | Apr 3, 2025 | Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through <= 2.0.13. | ||
| CVE-2023-40211 | Hig | 0.51 | 7.5 | 0.02 | Nov 30, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | ||
| CVE-2026-1988 | Hig | 0.49 | 7.5 | 0.01 | Feb 14, 2026 | The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenated into a file path… | ||
| CVE-2025-39364 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce woo-category-slider-by-pluginever allows PHP Local File Inclusion.This issue affects Product Category… | ||
| CVE-2023-7072 | Hig | 0.49 | 7.5 | 0.01 | Mar 12, 2024 | The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data… | ||
| CVE-2024-44002 | Hig | 0.46 | 7.1 | 0.00 | Sep 18, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25. | ||
| CVE-2024-45459 | Hig | 0.46 | 7.1 | 0.00 | Sep 15, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.50. | ||
| CVE-2026-25455 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61. | ||
| CVE-2025-68000 | Med | 0.42 | 6.5 | 0.00 | Feb 20, 2026 | Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||
| CVE-2025-68605 | Med | 0.42 | 6.5 | 0.00 | Dec 24, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23. | ||
| CVE-2025-66058 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | ||
| CVE-2025-62929 | Med | 0.42 | 6.5 | 0.00 | Oct 27, 2025 | Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||
| CVE-2025-62924 | Med | 0.42 | 6.5 | 0.00 | Oct 27, 2025 | Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | ||
| CVE-2024-50432 | Med | 0.42 | 6.5 | 0.00 | Oct 28, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Cross-Site Scripting (XSS).This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.93. | ||
| CVE-2024-47340 | Med | 0.42 | 6.5 | 0.00 | Oct 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.89. | ||
| CVE-2024-43321 | Med | 0.42 | 6.5 | 0.00 | Aug 18, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23. | ||
| CVE-2024-43155 | Med | 0.42 | 6.5 | 0.00 | Aug 12, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86. | ||
| CVE-2024-6346 | Med | 0.42 | 6.4 | 0.00 | Aug 1, 2024 | The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output… | ||
| CVE-2023-51666 | Med | 0.42 | 6.5 | 0.00 | Feb 1, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53. | ||
| CVE-2023-6645 | Med | 0.42 | 6.4 | 0.00 | Jan 11, 2024 | The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-7588 | Med | 0.35 | 6.4 | 0.00 | Aug 14, 2024 | The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-4042 | Med | 0.35 | 6.4 | 0.00 | Jun 7, 2024 | The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to… | ||
| CVE-2024-1988 | Med | 0.35 | 6.4 | 0.00 | Jun 7, 2024 | The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input… | ||
| CVE-2025-63043 | Med | 0.34 | 5.3 | 0.00 | Dec 18, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23. | ||
| CVE-2024-10937 | Med | 0.34 | 5.3 | 0.00 | Dec 5, 2024 | The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action.… | ||
| CVE-2024-12634 | Med | 0.33 | 6.1 | 0.00 | Mar 7, 2025 | The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it… | ||
| CVE-2021-24300 | 0.03 | — | 0.11 | May 24, 2021 | The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue | |||
| CVE-2024-13469 | 0.00 | — | 0.00 | Feb 28, 2025 | The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | |||
| CVE-2024-13796 | 0.00 | — | 0.00 | Feb 28, 2025 | The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract… | |||
| CVE-2024-13798 | 0.00 | — | 0.00 | Feb 22, 2025 | The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to… | |||
| CVE-2021-4450 | 0.00 | — | 0.00 | Oct 16, 2024 | The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible… | |||
| CVE-2024-8253 | 0.00 | — | 0.10 | Sep 11, 2024 | The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for… | |||
| CVE-2024-4305 | 0.00 | — | 0.00 | Jun 17, 2024 | The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to… | |||
| CVE-2023-0492 | 0.00 | — | 0.00 | Feb 21, 2023 | The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform… |
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.11.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through <= 2.0.13.
- risk 0.51cvss 7.5epss 0.02
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.
- risk 0.49cvss 7.5epss 0.01
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenated into a file path…
- risk 0.49cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce woo-category-slider-by-pluginever allows PHP Local File Inclusion.This issue affects Product Category…
- risk 0.49cvss 7.5epss 0.01
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.50.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Cross-Site Scripting (XSS).This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.93.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.89.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
- risk 0.42cvss 6.4epss 0.00
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53.
- risk 0.42cvss 6.4epss 0.00
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.35cvss 6.4epss 0.00
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to…
- risk 0.35cvss 6.4epss 0.00
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input…
- risk 0.34cvss 5.3epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
- risk 0.34cvss 5.3epss 0.00
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action.…
- risk 0.33cvss 6.1epss 0.00
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it…
- CVE-2021-24300May 24, 2021risk 0.03cvss —epss 0.11
The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue
- CVE-2024-13469Feb 28, 2025risk 0.00cvss —epss 0.00
The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- CVE-2024-13796Feb 28, 2025risk 0.00cvss —epss 0.00
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract…
- CVE-2024-13798Feb 22, 2025risk 0.00cvss —epss 0.00
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to…
- CVE-2021-4450Oct 16, 2024risk 0.00cvss —epss 0.00
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible…
- CVE-2024-8253Sep 11, 2024risk 0.00cvss —epss 0.10
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for…
- CVE-2024-4305Jun 17, 2024risk 0.00cvss —epss 0.00
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to…
- CVE-2023-0492Feb 21, 2023risk 0.00cvss —epss 0.00
The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform…