CVE-2025-31810

Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through = 1.2.73...

CVE-2025-31810 WordPress Question Answer plugin <= 1.2.73 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through = 1.2.73...

CVE-2025-31810 WordPress Question Answer Plugin <= 1.2.70 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70...

PT-2025-14192 · Pickplugins · Pickplugins Question Answer

Name of the Vulnerable Software and Affected Versions: PickPlugins Question Answer versions 1.2.70 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.2.70 an...

CVE-2024-12634 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it possible for...

CVE-2024-12634 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it possible for...

CVE-2024-13469 Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

WordPress plugin Pricing Table by PickPlugins 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Pricing Table by...

WordPress Pricing Table by PickPlugins plugin <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ankit Patel in WordPress Plugin Pricing Table by PickPlugins versions = 1.12.10...

CVE-2025-26915

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.41...

CVE-2025-26915

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.41...

CVE-2025-26915 WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.41...

CVE-2025-26915 WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.41...

CVE-2025-26915

CVE-2025-26915 is an authenticated SQL Injection vulnerability in the WordPress plugin Wishlist. The issue affects Wishlist versions up to 1.0.41 and is caused by improper input handling in SQL commands. Exploitation requires authentication, and the CVSS base score is 8.5 (HIGH) with network acce...

PT-2025-7849 · Pickplugins · Pickplugins Wishlist

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.0 through 1.0.41 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2024-30441

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74...

CVE-2024-32816

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78...

CVE-2024-54273

Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through = 1.0.14...

CVE-2024-45459

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through = 1.13.50...

CVE-2024-31277

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32...