CVE-2025-54710

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through = 1.0.21...

PT-2025-35068

Name of the Vulnerable Software and Affected Versions: bPlugins Tiktok Feed versions through 1.0.21 Description: A missing authorization flaw exists in bPlugins Tiktok Feed, allowing access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update bPlugins...

CVE-2025-54694

Cross-Site Request Forgery CSRF vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through = 1.2.0...

CVE-2025-54694

CVE-2025-54694 describes a Cross-Site Request Forgery in the WordPress plugin Button Block, affecting versions up to 1.2.0. The issue is confirmed in multiple sources and the CVE record shows a patch that updates beyond 1.2.0. Base metrics: CVSS v3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N wit...

PT-2025-33381 · Unknown · Bplugins B Blocks

Name of the Vulnerable Software and Affected Versions: bPlugins B Blocks versions through 2.0.5 Description: The software contains a DOM-Based Cross-site Scripting issue due to Improper Neutralization of Input During Web Page Generation. Recommendations: Update bPlugins B Blocks to a version late...

PT-2025-33246 · WordPress · Bplugins Button Block

Name of the Vulnerable Software and Affected Versions: bPlugins Button Block versions through 1.2.0 Description: This issue involves a Cross-Site Request Forgery CSRF that allows malicious actors to perform actions on behalf of an unsuspecting user. Recommendations: Update bPlugins Button Block t...

CVE-2025-54051

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins LightBox Block lightbox-block allows Stored XSS.This issue affects LightBox Block: from n/a through = 1.1.30...

CVE-2025-54051

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins LightBox Block lightbox-block allows Stored XSS.This issue affects LightBox Block: from n/a through = 1.1.30...

PT-2025-29767 · WordPress · Bplugins Lightbox Block

Name of the Vulnerable Software and Affected Versions: bPlugins LightBox Block versions through 1.1.30 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can lead to the execution of...

CVE-2025-27326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Video Gallery Block video-gallery-block allows Stored XSS.This issue affects Video Gallery Block: from n/a through = 1.1.0...

CVE-2025-27326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Video Gallery Block video-gallery-block allows Stored XSS.This issue affects Video Gallery Block: from n/a through = 1.1.0...

CVE-2025-27326

CVE-2025-27326 — WordPress Video Gallery Block is a stored XSS vulnerability in the Video Gallery Block plugin for WordPress, affecting versions up to 1.1.0. The issue arises from improper input neutralization during web page generation, allowing injected scripts to persist in the gallery output....

PT-2025-27874 · Bplugins · Bplugins Video Gallery Block

Name of the Vulnerable Software and Affected Versions: bPlugins Video Gallery Block versions 1.1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject...

CVE-2025-22815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...

CVE-2025-24595

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...

CVE-2024-43148

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3...

CVE-2024-43319

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...

CVE-2024-30438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8...

CVE-2024-47631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through = 1....

CVE-2024-37445

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...