Lucene search
K

99 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:34 a.m.14 views

CVE-2024-13400

The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Kona: Instagram for Gutenberg" Block, specifically in the "align" attribute, in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:54 a.m.8 views

CVE-2024-11645

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00341EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:36 a.m.12 views

CVE-2023-44261

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki Block Plugin Update plugin = 3.3 versions...

8.8CVSS7AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.8 views

CVE-2023-45646

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Henryholtgeerts PDF Block plugin = 1.1.0 versions...

6.5CVSS5.6AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.7 views

CVE-2021-43557

The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains...

7.5CVSS6.7AI score0.14589EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.10 views

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

4.3CVSS6.5AI score0.0065EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:49 a.m.10 views

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

9.8CVSS8.3AI score0.01371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/08 10:12 a.m.13 views

CVE-2025-3782

The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.9AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2025/05/06 10:15 a.m.13 views

CVE-2025-3782

The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/06 9:21 a.m.6 views

CVE-2025-3782 Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.8AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2025/05/06 9:21 a.m.64 views

CVE-2025-3782

The CVE-2025-3782 vulnerability affects the Cision Block WordPress plugin (all versions up to 4.3.0) and is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping on the id parameter. Exploitation requires authentication at Contributor level or higher and...

6.4CVSS5.8AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/06 9:21 a.m.20 views

CVE-2025-3782 Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.2 views

PT-2025-17373 · WordPress · Sb Chart Block Plugin

Name of the Vulnerable Software and Affected Versions: SB Chart block plugin for WordPress versions up to, and including, 1.2.6 Description: The issue is related to Stored Cross-Site Scripting via the className parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00262EPSS
Exploits0References10
OSV
OSV
added 2025/02/25 3:15 p.m.3 views

CVE-2025-26871

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3...

8.8CVSS7.3AI score0.00375EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/14 3:7 p.m.3 views

WordPress Timeline Block plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Logan Cote Patchstack Alliance in WordPress Plugin Timeline Block versions = 1.1.1...

6.5CVSS6.1AI score0.00216EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/13 9:58 p.m.7 views

WordPress HTML5 Video Player – mp4 Video Player Plugin and Block plugin <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability discovered by Webbernaut in WordPress Plugin Flash & HTML5 Video versions = 2.5.35...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/07 9:54 p.m.4 views

WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Button Block versions = 1.1.9...

6.5CVSS6.1AI score0.00204EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/12/27 6:15 a.m.4 views

CVE-2024-11645

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00341EPSS
Exploits1References1
CVE
CVE
added 2024/12/27 6:0 a.m.56 views

CVE-2024-11645

CVE-2024-11645 affects the WordPress plugin float block, version 1.7 and earlier, due to insufficient sanitisation/escaping of certain settings. This could allow high-privilege users (e.g., admins) to perform Stored XSS, including in multisite setups, with unfiltered_html disabled. Connected docu...

4.8CVSS5.4AI score0.00341EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/12/27 6:0 a.m.18 views

CVE-2024-11645 Float Block <= 1.7 - Admin+ Stored XSS via Widget

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00341EPSS
Exploits1References1
Rows per page
Query Builder