bplugins
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting bplugins.
- CVE-2026-11402Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute6.4
- CVE-2026-39579WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability8.8
- CVE-2026-53736Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action4.3
- CVE-2026-24520WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability4.3
- CVE-2026-27416WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability5.3
- CVE-2026-6446My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action5.4
- CVE-2024-13362Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter6.1
- CVE-2026-40729WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability4.3
- CVE-2026-32489WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability6.5
- CVE-2026-4120Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes6.4
- CVE-2026-32416WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability5.4
- CVE-2026-32359WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2026-1228Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute4.3
- CVE-2026-1294All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint7.2
- CVE-2026-1389Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion5.3