Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pickplugins vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-4693
The User Verification WordPress plugin prior to 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public da...
Pickplugins User Verification
5.4
CVSSv3
CVE-2023-6645
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authe...
Pickplugins Post Grid Combo
7.5
CVSSv3
CVE-2023-40211
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a up to and including 2.2.50.
Pickplugins Post Grid Combo
5.4
CVSSv3
CVE-2023-0166
The Product Slider for WooCommerce by PickPlugins WordPress plugin prior to 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above t...
Pickplugins Product Slider For Woocommerce
6.1
CVSSv3
CVE-2021-24300
The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin prior to 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue
Pickplugins Product Slider For Woocommerce
NA
CVE-2024-31277
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a up to and including 1.0.32.
NA
CVE-2024-32816
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a up to and including 2.2.78.
NA
CVE-2024-29097
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a up to and including 2.0.20.
NA
CVE-2024-30441
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a up to and including 2.2.74.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2