166 matches found
WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin code injection vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin version 1.31.6 before the code injection vulnerability, the...
CVE-2021-24546
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
Code injection
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
CVE-2021-24546
The CVE-2021-24546 vulnerability affects the WordPress Gutenberg Block Editor Toolkit EditorsKit plugin up to version 1.31.5 (fixed in 1.31.6). Root cause: the plugin does not sanitize/validate the Conditional Logic of the Custom Visibility settings, enabling a low-privilege contributor to execut...
WordPress Gutenberg Block Editor Toolkit plugin <= 1.31.5 - Arbitrary PHP Code Execution vulnerability
Arbitrary PHP Code Execution vulnerability discovered by bl4derunner in WordPress Gutenberg Block Editor Toolkit plugin versions = 1.31.5. Solution Update the WordPress Gutenberg Block Editor Toolkit plugin to the latest available version at least 1.31.6...
CVE-2021-39203
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
CVE-2021-39203
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
UBUNTU-CVE-2021-39203
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
CVE-2021-39203
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
CVE-2021-39203
WordPress 5.8 beta was affected: authenticated users could bypass restrictions in the block editor to view private post types/data under certain conditions. The issue is fixed in the final WordPress 5.8 release; no exploitation details are provided beyond the described bypass during testing.
CVE-2021-39203
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor
Description On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: "Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor." Further details: The issue allows an authenticated but low-privileged...
PT-2021-4476 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 5.8 beta Description: The issue is related to authentication errors in the WordPress content management system. It allows a remote attacker to bypass existing restrictions. Authenticated users without permission to view...
Privilege Escalation
Wordpress is vulnerable to privilege escalation. An attacker with contributor privileges gets access to password-protected posts and page via one of the blocks in the WordPress editor...
WordPress 4.3.x < 4.3.24 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...
WordPress 4.7.x < 4.7.18 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...
WordPress 4.9.x < 4.9.15 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...
WordPress < 5.4.2 - Authenticated XSS in Block Editor
Description Props to Sam Thomas jazzy2fives for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor...
Fedora 31 : wordpress (2020-7701f49327)
WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...