PT-2025-17153

Name of the Vulnerable Software and Affected Versions PickPlugins Question Answer versions 1.2.70 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attacke...

CVE-2025-32618

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32143

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through = 2.3.11...

CVE-2025-32618

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32143

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through = 2.3.11...

CVE-2025-32144

Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through = 2.1.61...

CVE-2025-32618 WordPress Wishlist plugin <= 1.0.46 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32618

CVE-2025-32618 affects the Wishlist WordPress plugin. An authenticated (Subscriber+) SQL Injection exists due to improper input handling in Wishlist, affecting versions up to 1.0.44 (per Wordfence; initial doc cites 1.0.43). CVSS v3.1 base score 8.5 (HIGH). Remediation: update Wishlist to a patch...

CVE-2025-32143

CVE-2025-32143 affects the Accordion plugin for WordPress (PickPlugins Accordion). It is a Deserialization of Untrusted Data vulnerability leading to PHP Object Injection. The advisory covers Accordion versions from 2.0 up to 2.3.10 (n/a through 2.3.10). The CVSS v3.1 base score is 8.8 (High) wit...

CVE-2025-32144

CVE-2025-32144 – Job Board Manager (WordPress) PHP Object Injection : Authenticated PHP Object Injection via deserialization of untrusted data in PickPlugins Job Board Manager. Affected: Job Board Manager

PT-2025-16086 · Pickplugins · Pickplugins Wishlist

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.43 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection in PickPlugins Wishlist...

CVE-2025-32272

Cross-Site Request Forgery CSRF vulnerability in PickPlugins Wishlist wishlist allows Cross Site Request Forgery.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32272

Cross-Site Request Forgery CSRF vulnerability in PickPlugins Wishlist wishlist allows Cross Site Request Forgery.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32272 WordPress Wishlist plugin <= 1.0.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PickPlugins Wishlist wishlist allows Cross Site Request Forgery.This issue affects Wishlist: from n/a through = 1.0.46...

PT-2025-15026 · Pickplugins · Pickplugins Wishlist

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.44 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.0.44 and...

CVE-2025-31810

Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through = 1.2.73...

CVE-2025-30889

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through = 2.0.13...

CVE-2025-30889

CVE-2025-30889 affects the WordPress plugin Testimonial – Testimonial Slider (

WordPress plugin PickPlugins Testimonial Slider 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-14707 · Pickplugins · Pickplugins Testimonial Slider

Name of the Vulnerable Software and Affected Versions: PickPlugins Testimonial Slider versions 2.0.13 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in PickPlugins Testimonial Slider. Recommendations: For PickPlugins Testimonial...