Pickplugins Accordion
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pickplugins Accordion.
By the Year
In 2026 there have been 1 vulnerability in Pickplugins Accordion with an average score of 6.4 out of ten. Last year, in 2025 Accordion had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.10
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.40 |
| 2025 | 2 | 6.50 |
| 2024 | 2 | 5.95 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.40 |
It may take a day or so for new Accordion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pickplugins Accordion Security Vulnerabilities
WordPress Accordions Plugin <=2.3.23 Stored XSS via Accordion Body
CVE-2026-10862
6.4 - Medium
- June 09, 2026
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
PickPlugins Accordion Missing Authorization (<=2.3.14)
CVE-2025-53421
6.5 - Medium
- October 22, 2025
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
AuthZ
Deserialization CVE-2025-32143: Object Injection in PickPlugins Accordion <=2.3.10
CVE-2025-32143
- April 11, 2025
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
Marshaling, Unmarshaling
PickPlugins Accordion <=2.2.99 XSS (Stored) Vulnerability
CVE-2024-47342
6.5 - Medium
- October 06, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through <= 2.2.99.
XSS
Accordion WP plugin <=2.2.96: Unauthorized data access via missing capability
CVE-2024-1641
5.4 - Medium
- April 09, 2024
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.
AuthZ
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute
CVE-2021-24283
5.4 - Medium
- May 14, 2021
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pickplugins Accordion or by Pickplugins? Click the Watch button to subscribe.
