Lucene search
K

166 matches found

CNVD
CNVD
added 2021/10/13 12:0 a.m.21 views

WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin code injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin version 1.31.6 before the code injection vulnerability, the...

8.8CVSS3.9AI score0.01753EPSS
Exploits2References1
NVD
NVD
added 2021/10/11 11:15 a.m.31 views

CVE-2021-24546

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...

8.8CVSS0.01753EPSS
Exploits2References1
Prion
Prion
added 2021/10/11 11:15 a.m.18 views

Code injection

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...

6.5CVSS8.8AI score0.01753EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/10/11 10:45 a.m.60 views

CVE-2021-24546

The CVE-2021-24546 vulnerability affects the WordPress Gutenberg Block Editor Toolkit EditorsKit plugin up to version 1.31.5 (fixed in 1.31.6). Root cause: the plugin does not sanitize/validate the Conditional Logic of the Custom Visibility settings, enabling a low-privilege contributor to execut...

8.8CVSS8.9AI score0.01753EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/09/13 12:0 a.m.16 views

WordPress Gutenberg Block Editor Toolkit plugin <= 1.31.5 - Arbitrary PHP Code Execution vulnerability

Arbitrary PHP Code Execution vulnerability discovered by bl4derunner in WordPress Gutenberg Block Editor Toolkit plugin versions = 1.31.5. Solution Update the WordPress Gutenberg Block Editor Toolkit plugin to the latest available version at least 1.31.6...

8.8CVSS4AI score0.01753EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2021/09/09 10:15 p.m.26 views

CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS0.00941EPSS
Exploits0References2
OSV
OSV
added 2021/09/09 10:15 p.m.5 views

CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.5CVSS5.8AI score0.00941EPSS
Exploits0References2
OSV
OSV
added 2021/09/09 10:15 p.m.4 views

UBUNTU-CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS5.8AI score0.00941EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/09/09 10:15 p.m.3 views

CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS6.6AI score0.00941EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/09 10:0 p.m.28 views

CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS6.8AI score0.00941EPSS
Exploits0References2
CVE
CVE
added 2021/09/09 10:0 p.m.94 views

CVE-2021-39203

WordPress 5.8 beta was affected: authenticated users could bypass restrictions in the block editor to view private post types/data under certain conditions. The issue is fixed in the final WordPress 5.8 release; no exploitation details are provided beyond the described bypass during testing.

6.8CVSS6.3AI score0.00941EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/09/09 10:0 p.m.26 views

CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS6.2AI score0.00941EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.179 views

WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor

Description On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: "Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor." Further details: The issue allows an authenticated but low-privileged...

7.6CVSS6AI score0.01615EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.5 views

PT-2021-4476 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 5.8 beta Description: The issue is related to authentication errors in the WordPress content management system. It allows a remote attacker to bypass existing restrictions. Authenticated users without permission to view...

6.8CVSS6.3AI score0.00941EPSS
Exploits0References11
Veracode
Veracode
added 2021/04/18 7:58 a.m.29 views

Privilege Escalation

Wordpress is vulnerable to privilege escalation. An attacker with contributor privileges gets access to password-protected posts and page via one of the blocks in the WordPress editor...

6.5CVSS4.1AI score0.02331EPSS
Exploits1References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.20 views

WordPress 4.3.x < 4.3.24 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

6.8CVSS6.1AI score0.03498EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.46 views

WordPress 4.7.x < 4.7.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

6.8CVSS6.1AI score0.03498EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.31 views

WordPress 4.9.x < 4.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

6.8CVSS6.1AI score0.03498EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.33 views

WordPress < 5.4.2 - Authenticated XSS in Block Editor

Description Props to Sam Thomas jazzy2fives for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor...

5.4CVSS5.4AI score0.02359EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/05/11 12:0 a.m.12 views

Fedora 31 : wordpress (2020-7701f49327)

WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...

5.4AI score
Exploits0References1
Rows per page
Query Builder