58 matches found
CVE-2025-8605
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8605
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8609
CVE-2025-8609 (RTMKit Addons for Elementor, WordPress) Stored XSS via the Accordion Block attributes in RTMKit Addons for Elementor. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Affected versions: up to 1.6.1 (WordPress plugin). Exploitation require...
CVE-2025-8605 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8605 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8605
CVE-2025-8605 affects the WordPress Gutenify – Visual Site Builder Blocks & Site Templates plugin. Connected sources confirm a Stored Cross-Site Scripting vulnerability in all versions up to 1.5.9 due to insufficient input sanitization and output escaping on user-supplied block attributes. Exploi...
EUVD-2025-22128
Malicious code in bioql PyPI...
CVE-2025-8608
The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8608 Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins
The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-7715
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...
CVE-2025-7715
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...
CVE-2025-7715
The CVE-2025-7715 entry corresponds to a Drupal Block Attributes XSS vulnerability in the Contrib module. Affected versions are block attributes before 1.1.0 and before 2.0.1 (i.e., 0.0.0–1.0.9 and 2.0.0). Root cause is improper neutralization of input during web page generation, enabling Cross-S...
CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...
CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...
CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...
Drupal Block Attributes 安全漏洞
Drupal Block Attributes is a configuration interface plugin for the Drupal community. A security vulnerability exists in Drupal Block Attributes versions prior to 1.1.0 and prior to 2.0.1, which stems from improper input neutralization during page generation and could lead to a cross-site scripti...
PT-2025-30310 · Drupal · Drupal Block Attributes
Name of the Vulnerable Software and Affected Versions: Drupal Block Attributes versions 0.0.0 through 1.0.9 Drupal Block Attributes versions 2.0.0 through 2.0.0 Description: A flaw exists in Drupal Block Attributes that allows for Cross-Site Scripting XSS. This issue is due to improper...
DRUPAL-CONTRIB-2025-090
This module allows you to define custom attributes for a block. You can specify an attribute name to be added to the block in a predefined format. The module does not sufficiently validate the provided attributes, which makes it possible to insert JavaScript event attributes such as onmouseover,...
Drupal Block Attributes module < 1.1.0,2.0.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Block Attributes versions 1.1.0,2.0.0...
Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090
This module allows you to define custom attributes for a block. You can specify an attribute name to be added to the block in a predefined format. The module does not sufficiently validate the provided attributes, which makes it possible to insert JavaScript event attributes such as onmouseover,...