311 matches found
CVE-2025-1703 Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter
The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. WordPress plugin Essential Blocks - Page...
CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure
The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the conten...
CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure
The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the conten...
CVE-2024-13635
The CVE-2024-13635 entry concerns VK Blocks for WordPress. Affected: VK Blocks plugin versions up to and including 1.94.2.2. Vulnerability type: Sensitive Information Exposure via the page content block. Impact: authenticated attackers with Contributor-level access and above can read sensitive da...
WordPress plugin VK Blocks 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An Access Contro...
CVE-2025-23521 WordPress Goodlayers Blocks plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoodLayers Goodlayers Blocks goodlayers-blocks allows Reflected XSS.This issue affects Goodlayers Blocks: from n/a through = 1.0.1...
WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'icon' vulnerability discovered by stealthcopter in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.4.9...
CVE-2024-13803
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2024-13803 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2024-13803
CVE-2024-13803 concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates, affecting all versions up to 5.2.3. The vulnerability is a Stored Cross-Site Scripting via the data-marker parameter, caused by insufficient input sanitization and output escaping....
CVE-2024-13537
The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers to retrieve the fu...
CVE-2024-6432
The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-13537
The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers to retrieve the fu...
WordPress C9 Blocks plugin <= 1.7.7 - Unauthenticated Full Path Disclosure vulnerability
Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin C9 Blocks versions = 1.7.7...
CVE-2024-6432
The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-6432 Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter
The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin Content Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-13674
CVE-2024-13674 pertains to the Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s cwp_social_share shortcode, affecting all versions up to and including 1.3.0, caused by insufficient input sanitizatio...
CVE-2025-26771 WordPress SKT Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through = 1.7...