315 matches found
CVE-2023-0584 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...
CVE-2023-0584 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...
WordPress plugin VK Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-47183
Cross-Site Request Forgery CSRF vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin = 0.2.6 versions...
CVE-2023-22707
Auth. author+ Cross-Site Scripting XSS vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin = 4.9.9 versions...
CVE-2017-20090
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
CVE-2017-20090 Global Content Blocks Plugin cross-site request forgery
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
CVE-2017-20090 Global Content Blocks Plugin cross-site request forgery
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
CVE-2017-20090
The CVE-2017-20090 entry concerns the WordPress plugin Global Content Blocks Plugin version 2.1.5. The vulnerability is described as enabling cross-site request forgery, with the manipulation affecting unknown code and the attack executable remotely. The connected documents corroborate a CSRF iss...
CVE-2022-0448
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
WordPress Mobile blocks plugin <= 1.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Mobile blocks plugin versions = 1.2. Solution Update the WordPress Mobile blocks plugin to the latest available version at least 1.2.1...
WordPress CP Blocks plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. A cross-site scripting vulnerability exists in versions of the WordPress CP Blocks plugin prior to 1.0.15, which stems from the plugin's failu...
WordPress plugin CP Blocks 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. A cross-site scripting vulnerability exists in versions of the WordPress CP Blocks plugin prior to 1.0.15, which stems from the plugin's failu...
WordPress Find My Blocks plugin <= 3.3.2 - Private Post Titles Disclosure vulnerability
Private Post Titles Disclosure vulnerability discovered by apple502j in WordPress Find My Blocks plugin versions = 3.3.2. Solution Update the WordPress Find My Blocks plugin to the latest available version at least 3.4.0...
VulnCheck KEV: CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...