Vulnerabilities in PixelGrade
18 resultsCVE-2024-54417MEDIUMWordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-31825MEDIUMWordPress Category Icon plugin <= 1.0.1 - Arbitrary File Download vulnerabilityEPSS 0.5%CVE-2025-31039CRITICALWordPress Category Icon plugin <= 1.0.3 - XML External Entity (XXE) vulnerabilityEPSS 0.5%CVE-2022-46844MEDIUMWordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-8241MEDIUMNova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align AttributeEPSS 0.4%CVE-2024-8915MEDIUMCategory Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2023-40205HIGHWordPress PixTypes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-23702MEDIUMWordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-27633MEDIUMWordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-12813MEDIUMOpen Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2023-25487MEDIUMWordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-23704MEDIUMWordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-31819MEDIUMWordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2023-45655MEDIUMWordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-45654MEDIUMWordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2026-24528MEDIUMWordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-68525MEDIUMWordPress Category Icon plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-39425MEDIUMWordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%