CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Pickplugins Subscriptions

Total 54 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62745	2 Pickplugins, Wordpress	2 Team Showcase, Wordpress	2026-05-26	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28.
CVE-2026-7458	2 Pickplugins, Wordpress	2 User Verification By Pickplugins, Wordpress	2026-05-04	9.8 Critical
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value.
CVE-2026-32497	2 Pickplugins, Wordpress	2 User Verification, Wordpress	2026-04-29	5.3 Medium
Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45.
CVE-2024-32816	1 Pickplugins	1 Post Grid	2026-04-28	7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.
CVE-2024-30441	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-28	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74.
CVE-2023-51666	1 Pickplugins	1 Related Post	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53.
CVE-2023-40211	1 Pickplugins	1 Post Grid Combo	2026-04-28	7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.
CVE-2025-53421	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
CVE-2025-68605	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
CVE-2025-68000	2 Pickplugins, Wordpress	2 Testimonial Slider, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
CVE-2026-25455	2 Pickplugins, Wordpress	2 Product Slider For Woocommerce, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
CVE-2025-66058	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
CVE-2025-63043	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-23	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
CVE-2025-62924	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
CVE-2025-60162	2 Pickplugins, Wordpress	2 Job Board Manager, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager job-board-manager allows DOM-Based XSS.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-58678	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.15.
CVE-2025-32143	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2026-04-23	8.8 High
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
CVE-2024-47342	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through <= 2.2.99.
CVE-2024-45459	1 Pickplugins	1 Product Slider For Woocommerce	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.50.
CVE-2024-44002	1 Pickplugins	1 Team Showcase	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25.

Page 1 of 3. next last »