Vulnerabilities > Pickplugins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2024-13469 | Cross-site Scripting vulnerability in Pickplugins Pricing Table The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-28 | CVE-2024-13796 | Information Exposure vulnerability in Pickplugins Post Grid The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. | 7.5 |
| 2025-02-22 | CVE-2024-13798 | Improper Input Validation vulnerability in Pickplugins Comboblocks The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. | 5.3 |
| 2025-01-24 | CVE-2024-13408 | Unspecified vulnerability in Pickplugins Post Grid The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. | 8.8 |
| 2024-10-16 | CVE-2021-4450 | SQL Injection vulnerability in Pickplugins Post Grid The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-09-18 | CVE-2024-44002 | Cross-site Scripting vulnerability in Pickplugins Team Showcase Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25. | 6.1 |
| 2024-09-15 | CVE-2024-45459 | Cross-site Scripting vulnerability in Pickplugins Product Slider for Woocommerce Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50. | 6.1 |
| 2024-09-11 | CVE-2024-8253 | Unspecified vulnerability in Pickplugins Post Grid The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. | 8.8 |
| 2024-08-01 | CVE-2024-6346 | Unspecified vulnerability in Pickplugins Comboblocks The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-07 | CVE-2024-4042 | Cross-site Scripting vulnerability in Pickplugins Comboblocks The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. | 5.4 |