Vulnerabilities > Pickplugins

DATE CVE VULNERABILITY TITLE RISK
2025-02-28 CVE-2024-13469 Cross-site Scripting vulnerability in Pickplugins Pricing Table
The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping.
network
low complexity
pickplugins CWE-79
5.4
2025-02-28 CVE-2024-13796 Information Exposure vulnerability in Pickplugins Post Grid
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.
network
low complexity
pickplugins CWE-200
7.5
2025-02-22 CVE-2024-13798 Improper Input Validation vulnerability in Pickplugins Comboblocks
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5.
network
low complexity
pickplugins CWE-20
5.3
2025-01-24 CVE-2024-13408 Unspecified vulnerability in Pickplugins Post Grid
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode.
network
low complexity
pickplugins
8.8
2024-10-16 CVE-2021-4450 SQL Injection vulnerability in Pickplugins Post Grid
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pickplugins CWE-89
8.8
2024-09-18 CVE-2024-44002 Cross-site Scripting vulnerability in Pickplugins Team Showcase
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.
network
low complexity
pickplugins CWE-79
6.1
2024-09-15 CVE-2024-45459 Cross-site Scripting vulnerability in Pickplugins Product Slider for Woocommerce
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.
network
low complexity
pickplugins CWE-79
6.1
2024-09-11 CVE-2024-8253 Unspecified vulnerability in Pickplugins Post Grid
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90.
network
low complexity
pickplugins
8.8
2024-08-01 CVE-2024-6346 Unspecified vulnerability in Pickplugins Comboblocks
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
pickplugins
5.4
2024-06-07 CVE-2024-4042 Cross-site Scripting vulnerability in Pickplugins Comboblocks
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping.
network
low complexity
pickplugins CWE-79
5.4