CVE-2024-49261 WordPress Arkhe Blocks plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks.This issue affects Arkhe Blocks: from n/a through = 2.23.0...

WordPress Smart Blocks Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Smart Blocks Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49270 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fc8a42cfb8ae Credits João Pedro S Alcântara Kinorth Required...

WordPress plugin WP Travel Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2024-9218

The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including,...

WordPress Premium Blocks plugin <= 2.1.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Premium Blocks – Gutenberg Blocks for WordPress versions = 2.1.33...

WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.89...

PT-2024-30916 · WordPress · Gutenberg Blocks – Unlimited Blocks For Gutenberg

Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks – Unlimited blocks For Gutenberg versions 1.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

CVE-2024-43946 WordPress SKT Blocks plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5...

WordPress Responsive Blocks Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Blocks Type Plugin Vulnerable versions = 1.8.8 Fixed in 1.8.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43335 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID deeb36a6e784 Credits 4rCanJ0x! Required privilege...

CVE-2024-6362

The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-37567 · WordPress · Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.2.0 Description: The issue concerns a lack of validation and escaping of certain post-grid block attributes in the plugin, which could allow users with the contributor role and above to...

CVE-2024-37457

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9...

WordPress Qi Blocks plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Qi Blocks versions = 1.3...

WordPress Qi Blocks Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Qi Blocks Type Plugin Vulnerable versions = 1.3 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38712 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 2769fd09ee1f Credits João Pedro S Alcântara Kinorth Required...

CVE-2024-4268

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

CVE-2024-4042

CVE-2024-4042 affects the WordPress plugins Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks. It is a Stored Cross-Site Scripting via the menu-wrap-item block attribute, caused by insufficient input sanitization/output escaping, in all versions up ...

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

WordPress plugin Combo Blocks security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-5221

The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...