56 matches found
CVE-2024-3901
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts like those with the contributor role to conduct Stored XSS attacks...
WordPress plugin Genesis Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-39078 · WordPress · Ultimate Blocks
Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.2.2 Description: The issue is related to the Ultimate Blocks WordPress plugin, which does not validate and escape some of its block attributes before outputting them back in a page or...
PT-2024-38625 · Yith · Yith Woocommerce Ajax Search
Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Ajax Search affected versions not specified Description: The issue is related to insufficient sanitization of user-supplied block attributes, which allows attackers with Contributors+ permissions to inject arbitrary scripts...
WordPress plugin Ultimate Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Genesis Blocks plugin <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Sharing Block Attributes vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Genesis Blocks versions = 3.1.3...
PT-2024-18476 · WordPress · Post Blocks +5
Name of the Vulnerable Software and Affected Versions: The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting via the tag...
CVE-2024-4057
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
WordPress Otter Blocks plugin <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Block Attributes vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Otter - Gutenberg Block versions = 2.6.8...
CVE-2024-3343
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied...
PT-2024-20901 · WordPress · Rank Math Seo
Name of the Vulnerable Software and Affected Versions: Rank Math SEO with AI SEO Tools plugin for WordPress versions up to, and including, 1.0.214 Description: The issue is related to Stored Cross-Site Scripting via the HowTo block attributes due to insufficient input sanitization and output...
CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...
PT-2023-24023 · WordPress · Wordpress Gallery Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Gallery Plugin version prior to 3.39 Description: The issue allows Admin users to perform Local File Inclusion LFI attacks due to the plugin's failure to validate certain block attributes before using them to generate paths passed t...
WordPress 4.7.x < 4.7.26 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...
Cross-site Scripting (XSS)
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of block attributes. An attacker can embed arbitrary content in HTML comments on the page by...
CVE-2022-4570
The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users suc...