315 matches found
CVE-2025-8567
CVE-2025-8567: Nexter Blocks (WordPress)
CVE-2025-8567 Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-5844
The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-33520 · WordPress · Woocommerce Blocks – Woolook
Name of the Vulnerable Software and Affected Versions: Woocommerce Blocks – Woolook plugin for WordPress versions prior to 1.7.1 Description: The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion via the tab parameter. This allows authenticated attackers with...
CVE-2025-5844
CVE-2025-5844 affects Radius Blocks – WordPress Gutenberg Blocks (<= 2.2.1). The issue is a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping in the subHeadingTagName parameter. Exploitation requires authentication at Contributor level or h...
WordPress B Blocks plugin missing authorization vulnerability
WordPress B Blocks plugin is a Gutenberg plugin for WordPress to enhance page editing features. It provides a variety of beautiful blocks such as buttons, sliders, etc., supports highly customizable designs such as fonts, colors, spacing, etc., and includes pre-designed themes and icon libraries...
WordPress Radius Blocks plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Radius Blocks versions = 2.2.1...
CVE-2025-54708 WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through = 2.0.5...
CVE-2025-54708 WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through = 2.0.5...
WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin B Blocks versions = 2.0.5...
WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Nexter Blocks versions = 4.5.4...
CVE-2025-8059
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...
CVE-2025-8059 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...
CVE-2025-8059 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...
PT-2025-32623 · WordPress · B Blocks
Name of the Vulnerable Software and Affected Versions: B Blocks plugin for WordPress versions prior to 2.0.7 Description: The B Blocks plugin for WordPress is susceptible to privilege escalation due to missing authorization and improper input validation within the rgfr registration function. This...
WordPress plugin B Blocks 安全漏洞
WordPress B Blocks plugin is a Gutenberg plugin for WordPress to enhance page editing features. It provides a variety of beautiful blocks such as buttons, sliders, etc., supports highly customizable designs such as fonts, colors, spacing, etc., and includes pre-designed themes and icon libraries...
WordPress B Blocks plugin <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function vulnerability
Missing Authorization to Unauthenticated Privilege Escalation via rgfrregistration Function vulnerability discovered by Peter Thaleikis in WordPress Plugin B Blocks versions = 2.0.6...
WordPress Qi Blocks plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Denver Jackson in WordPress Plugin Qi Blocks versions = 1.4.3...
CVE-2025-53202 WordPress Responsive Blocks plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows DOM-Based XSS.This issue affects Responsive Blocks: from n/a through = 2.0.6...
CVE-2025-5940
The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘classname’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...