WordPress Rise Blocks plugin <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleTag Parameter vulnerability discovered by Nishiv in WordPress Plugin Rise Blocks versions = 3.6...

CVE-2025-0506 Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2025-0506 Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2025-0506

CVE-2025-0506 (Rise Blocks, WordPress) is a Stored Cross-Site Scripting vulnerability in Rise Blocks – A Complete Gutenberg Page Builder (versions up to and including 3.6). The issue arises from insufficient input sanitization and output escaping on the titleTag parameter, allowing authenticated ...

CVE-2024-13733

The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-13733 SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-13733

The CVE-2024-13733 entry concerns the SKT Blocks – Gutenberg based Page Builder plugin for WordPress. It describes a Stored Cross-Site Scripting vulnerability in the skt-blocks/post-carousel block present in all versions up to 1.7, due to insufficient input sanitization and output escaping on use...

WordPress Responsive Blocks plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Responsive Blocks versions = 1.9.9...

CVE-2024-13549

The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-12304

CVE-2024-12304 affects Gutenberg Blocks with AI by Kadence WP – Page Builder Features (WordPress). The vulnerability is a Stored Cross-Site Scripting flaw via a button block link in all versions up to 3.4.2, caused by insufficient input sanitization and output escaping. Exploitation requires an a...

CVE-2024-12045 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping...

CVE-2024-10637

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-10637

The CVE concerns the Gutenberg Blocks with AI by Kadence WP WordPress plugin (before 3.2.54). It states that some block options are not properly validated/escaped before being output in the page/post where the block is embedded, enabling Stored Cross-Site Scripting. Affected surface: authenticate...

WordPress Radius Blocks plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Radius Blocks versions = 2.1.2...

PT-2024-17467 · WordPress · Shortcodes Blocks Creator Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Blocks Creator Ultimate plugin for WordPress versions up to, and including, 2.2.0 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...

WordPress Creative Blocks Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Creative Blocks Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51822 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92ca1e6db3e1 Credits Gab Required privilege Contributor...

WordPress Cozy Blocks Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)

Software Cozy Blocks Type Plugin Vulnerable versions = 2.0.18 Fixed in 2.0.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50502 Patch priority Low CVSS severity Low 6.5 Developer CozyThemes PSID 2887e7a845fe Credits Michael Required privilege Contributor...

WordPress Cozy Blocks plugin <= 2.0.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Cozy Blocks versions = 2.0.15...

WordPress Magazine Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Magazine Blocks versions = 1.3.15...

WordPress Cozy Blocks Plugin <= 2.0.15 is vulnerable to Cross Site Scripting (XSS)

Software Cozy Blocks Type Plugin Vulnerable versions = 2.0.15 Fixed in 2.0.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50441 Patch priority Low CVSS severity Low 6.5 Developer CozyThemes PSID 4158b3fa0c2b Credits João Pedro S Alcântara Kinorth Required...