92 matches found
CVE-2024-10678
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10678
CVE-2024-10678 affects the Ultimate Blocks – WordPress Blocks Plugin prior to 3.2.4. The Red Hat and NVD entries describe that the plugin does not validate or escape certain block options before outputting them in pages/posts where the block is embedded, enabling Stored XSS for users with the Con...
CVE-2024-10637
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-5417
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Gutentor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-36078 · WordPress · Gutentor
Name of the Vulnerable Software and Affected Versions: Gutentor WordPress plugin versions prior to 3.3.6 Description: The issue concerns the Gutentor WordPress plugin, which does not validate and escape some of its block options before outputting them back in a page or post where the block is...
WordPress plugin Kadence WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-5595
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Ultimate Blocks security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-32032 · WordPress · Ultimate Blocks
Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.1.9 Description: The issue is related to the Ultimate Blocks WordPress plugin, which does not validate and escape some of its block options before outputting them back in a page or post...
CVE-2024-4305
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
PT-2024-30272 · Unknown · Post Grid Gutenberg Blocks/Wordpress Blog Plugin
Name of the Vulnerable Software and Affected Versions: The Post Grid Gutenberg Blocks and WordPress Blog Plugin version prior to 4.1.0 Description: The issue concerns a lack of validation and escaping of certain block options, which could allow users with the contributor role and above to perform...
WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...
CVE-2024-3239
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
CVE-2024-2509
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
PT-2024-20738 · Kadence Blocks · Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks by Kadence Blocks versions prior to 3.2.26 Description: The issue is related to the Gutenberg Blocks by Kadence Blocks WordPress plugin, which does not validate and escape some of its block options before outputting them back...
CVE-2023-0376
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0233
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0233 ActiveCampaign < 8.1.12 - Contributor+ Stored XSS
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...