Lucene search
K

315 matches found

EUVD
EUVD
added last week7 views

EUVD-2026-42232

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.41 views

CVE-2026-10096 Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8896

The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute and other attributes such as 'readyanimationtext' of the 'mscstats' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and outpu...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-39579

CVE-2026-39579 affects the WordPress plugin B Blocks up to version 2.0.31 . The vulnerability is a privilege escalation in contributor level, with a high impact (CVE metrics: CVSS 3.1 base score 8.8, scope UNCHANGED, confidentiality/integrity/availability all HIGH). Affected component is the plug...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.9 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.11 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.7AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 3:16 p.m.13 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS0.00275EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:15 p.m.9 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.8AI score0.00275EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/06 2:15 p.m.11 views

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.7AI score0.00275EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/06 2:15 p.m.14 views

EUVD-2026-34969

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.9AI score0.00275EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/06 2:15 p.m.45 views

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS0.00275EPSS
Exploits0References7
CVE
CVE
added 2026/06/06 2:15 p.m.35 views

CVE-2026-11434

CVE-2026-11434 affects FluentCMS 0.0.5, specifically the Blocks Plugin via an unknown function in the /admin/blocks file. The issue allows a cross site scripting (XSS) flaw due to manipulation of that function, with remote initiation possible. Public exploits exist according to the record, and th...

4.8CVSS3.8AI score0.00275EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

FluentCMS 代码注入漏洞

FluentCMS is an open-source content management system developed by FluentCMS. Version 0.0.5 of FluentCMS has a code injection vulnerability, which stems from unknown functions in the Blocks Plugin component file located at admin/blocks. This vulnerability may lead to cross-site scripting attacks...

4.8CVSS4.3AI score0.00275EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.19 views

PT-2026-47156

Name of the Vulnerable Software and Affected Versions FluentCMS version 0.0.5 Description A cross-site scripting issue exists in the Blocks Plugin component within the '/admin/blocks' file. This flaw allows a remote attacker to initiate an attack through an unknown function in that file...

4.8CVSS5AI score0.00275EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6551

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/30 9:29 a.m.18 views

EUVD-2026-33454

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References6
NVD
NVD
added 2026/05/20 2:16 a.m.22 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.00316EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42060

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the import demo function accepting a user-supplied URL in the demo json file POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References9
Rows per page
Query Builder