Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.15 views

CVE-2025-8605

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 9:15 a.m.4 views

CVE-2025-8605

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 8:27 a.m.21 views

CVE-2025-8609

CVE-2025-8609 (RTMKit Addons for Elementor, WordPress) Stored XSS via the Accordion Block attributes in RTMKit Addons for Elementor. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Affected versions: up to 1.6.1 (WordPress plugin). Exploitation require...

6.4CVSS4.7AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.6 views

CVE-2025-8605 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.3 views

CVE-2025-8605 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 8:27 a.m.16 views

CVE-2025-8605

CVE-2025-8605 affects the WordPress Gutenify – Visual Site Builder Blocks & Site Templates plugin. Connected sources confirm a Stored Cross-Site Scripting vulnerability in all versions up to 1.5.9 due to insufficient input sanitization and output escaping on user-supplied block attributes. Exploi...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-22128

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/01 4:23 a.m.12 views

CVE-2025-8608

The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/30 3:35 a.m.10 views

CVE-2025-8608 Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins

The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00224EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/23 5:18 p.m.12 views

CVE-2025-7715

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...

6.1CVSS6AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2025/07/21 5:15 p.m.9 views

CVE-2025-7715

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...

6.1CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/07/21 4:36 p.m.24 views

CVE-2025-7715

The CVE-2025-7715 entry corresponds to a Drupal Block Attributes XSS vulnerability in the Contrib module. Affected versions are block attributes before 1.1.0 and before 2.0.1 (i.e., 0.0.0–1.0.9 and 2.0.0). Root cause is improper neutralization of input during web page generation, enabling Cross-S...

6.1CVSS6.1AI score0.00223EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/21 4:36 p.m.7 views

CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...

6.1AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/21 4:36 p.m.12 views

CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...

0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 4:36 p.m.6 views

CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Attributes allows Cross-Site Scripting XSS.This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.6 views

Drupal Block Attributes 安全漏洞

Drupal Block Attributes is a configuration interface plugin for the Drupal community. A security vulnerability exists in Drupal Block Attributes versions prior to 1.1.0 and prior to 2.0.1, which stems from improper input neutralization during page generation and could lead to a cross-site scripti...

6.1CVSS6AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.9 views

PT-2025-30310 · Drupal · Drupal Block Attributes

Name of the Vulnerable Software and Affected Versions: Drupal Block Attributes versions 0.0.0 through 1.0.9 Drupal Block Attributes versions 2.0.0 through 2.0.0 Description: A flaw exists in Drupal Block Attributes that allows for Cross-Site Scripting XSS. This issue is due to improper...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References4
OSV
OSV
added 2025/07/16 4:46 p.m.7 views

DRUPAL-CONTRIB-2025-090

This module allows you to define custom attributes for a block. You can specify an attribute name to be added to the block in a predefined format. The module does not sufficiently validate the provided attributes, which makes it possible to insert JavaScript event attributes such as onmouseover,...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/16 12:0 a.m.9 views

Drupal Block Attributes module < 1.1.0,2.0.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Block Attributes versions 1.1.0,2.0.0...

6.1CVSS6.1AI score0.00223EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2025/07/16 12:0 a.m.24 views

Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090

This module allows you to define custom attributes for a block. You can specify an attribute name to be added to the block in a predefined format. The module does not sufficiently validate the provided attributes, which makes it possible to insert JavaScript event attributes such as onmouseover,...

6.1CVSS6.1AI score0.00223EPSS
Exploits0References3
Rows per page
Query Builder