Lucene search
K

56 matches found

OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-3901

The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts like those with the contributor role to conduct Stored XSS attacks...

6.8CVSS5.8AI score0.00472EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Genesis Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.8CVSS5.9AI score0.00472EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/29 12:0 a.m.3 views

PT-2024-39078 · WordPress · Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.2.2 Description: The issue is related to the Ultimate Blocks WordPress plugin, which does not validate and escape some of its block attributes before outputting them back in a page or...

5.4CVSS5.7AI score0.00346EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/09/22 12:0 a.m.5 views

PT-2024-38625 · Yith · Yith Woocommerce Ajax Search

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Ajax Search affected versions not specified Description: The issue is related to insufficient sanitization of user-supplied block attributes, which allows attackers with Contributors+ permissions to inject arbitrary scripts...

5.4CVSS6AI score0.00313EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.3 views

WordPress plugin Ultimate Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.6CVSS6AI score0.00302EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/07/09 7:41 a.m.4 views

WordPress Genesis Blocks plugin <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Sharing Block Attributes vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Genesis Blocks versions = 3.1.3...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.6 views

PT-2024-18476 · WordPress · Post Blocks +5

Name of the Vulnerable Software and Affected Versions: The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting via the tag...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References9
OSV
OSV
added 2024/06/04 6:15 a.m.7 views

CVE-2024-4057

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...

6.1CVSS5.8AI score0.00367EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/04/15 9:6 a.m.4 views

WordPress Otter Blocks plugin <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Block Attributes vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Otter - Gutenberg Block versions = 2.6.8...

6.4CVSS5.8AI score0.00343EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/11 11:15 a.m.4 views

CVE-2024-3343

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.9AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-20901 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO with AI SEO Tools plugin for WordPress versions up to, and including, 1.0.214 Description: The issue is related to Stored Cross-Site Scripting via the HowTo block attributes due to insufficient input sanitization and output...

6.4CVSS8.1AI score0.0034EPSS
Exploits0References4
OSV
OSV
added 2023/10/16 8:15 p.m.5 views

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

4.9CVSS5.8AI score0.00787EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-24023 · WordPress · Wordpress Gallery Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Gallery Plugin version prior to 3.39 Description: The issue allows Admin users to perform Local File Inclusion LFI attacks due to the plugin's failure to validate certain block attributes before using them to generate paths passed t...

4.9CVSS6.7AI score0.00787EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.100 views

WordPress 4.7.x < 4.7.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Snyk
Snyk
added 2023/05/16 12:0 a.m.1 views

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of block attributes. An attacker can embed arbitrary content in HTML comments on the page by...

6.4CVSS5.2AI score
Exploits0References2
OSV
OSV
added 2023/01/23 3:15 p.m.1 views

CVE-2022-4570

The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users suc...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Rows per page
Query Builder