PT-2024-22504 · Kadence Blocks · The Gutenberg Blocks By Kadence Blocks

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress affected versions not specified Description: The issue concerns a Stored Cross-Site Scripting vulnerability via the Advanced Form widget. Recommendations: At...

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Advanced Form Widget options before outputting them back in a page/post where the widget is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...