CVE-2024-47342

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through = 2.2.99...

CVE-2024-43321

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23...

CVE-2024-47340

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.2.89...

CVE-2024-29097

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20...

CVE-2024-50432

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Cross-Site Scripting XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.2.93...

CVE-2024-43155

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86...

CVE-2024-53772

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Mail Picker mail-picker allows DOM-Based XSS.This issue affects Mail Picker: from n/a through = 1.0.15...

CVE-2023-51666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53...

CVE-2023-0166

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2025-32647

Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through = 1.2.73...

CVE-2025-32646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Question Answer question-answer allows Reflected XSS.This issue affects Question Answer: from n/a through = 1.2.70...

CVE-2025-24655

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through = 1.0.39...

CVE-2025-32646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Question Answer question-answer allows Reflected XSS.This issue affects Question Answer: from n/a through = 1.2.70...

CVE-2025-24655

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through = 1.0.39...

CVE-2025-32647 WordPress Question Answer Plugin <= 1.2.70 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70...

CVE-2025-32647

CVE-2025-32647 is a PHP object-injection deserialization vulnerability in the WordPress PickPlugins Question Answer plugin. Affected software: Question Answer (WordPress) versions up to 1.2.70 (Wordfence/Red Hat entries). Several sources indicate a patched fix exists in version 1.2.73 (Patchstack...

CVE-2025-32646

CVE-2025-32646 corresponds to a WordPress WordPress Plugin Issue: Question Answer

PT-2025-17044 · WordPress · Pickplugins Wishlist

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.0 through 1.0.39 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers ...

PT-2025-17154 · Pickplugins · Pickplugins Question Answer

Name of the Vulnerable Software and Affected Versions: PickPlugins Question Answer versions 1.2.70 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions 1.2.70 and earlier, update to a version that fixes th...

PT-2025-17153

Name of the Vulnerable Software and Affected Versions PickPlugins Question Answer versions 1.2.70 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attacke...