Pickplugins Comboblocks
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pickplugins Comboblocks.
By the Year
In 2026 there have been 0 vulnerabilities in Pickplugins Comboblocks. Last year, in 2025 Comboblocks had 1 security vulnerability published. Right now, Comboblocks is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.30 |
| 2024 | 3 | 6.40 |
It may take a day or so for new Comboblocks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pickplugins Comboblocks Security Vulnerabilities
ComboBlocks WP Plugin 2.3.5 Unauth Order Creation
CVE-2024-13798
5.3 - Medium
- February 22, 2025
The Post Grid and Gutenberg Blocks ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.
Improper Input Validation
PickPlugins ComboBlocks <=2.2.86 Stored XSS via improper input neutralization
CVE-2024-43155
- August 12, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
XSS
Stored XSS in ComboBlocks v2.2.85a via redirectURL in Date Countdown
CVE-2024-6346
6.4 - Medium
- August 01, 2024
The Gutenberg Blocks, Page Builder ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Combo Blocks WP Plugin XSS via class attribute ( 2.2.80)
CVE-2024-4042
6.4 - Medium
- June 07, 2024
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pickplugins Comboblocks or by Pickplugins? Click the Watch button to subscribe.
