WordPress Qi Blocks Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Qi Blocks Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5221 Patch priority Low CVSS severity Low 5.9 Developer Qode Interactive PSID 7421a294030a Credits wesley wcraft Required...

CVE-2024-3565

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'contentblock' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3564

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'contentblock' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execu...

CVE-2024-3565 Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'contentblock' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-4366

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-3588 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78...

CVE-2024-3818

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-3818 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplie...

WordPress Otter Blocks plugin < 2.6.6 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Otter - Gutenberg Block versions 2.6.6...

WordPress Plugin Otter Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-21797 · WordPress · Otter Blocks

Name of the Vulnerable Software and Affected Versions: Otter Blocks WordPress plugin versions prior to 2.6.6 Description: The issue arises from the Otter Blocks WordPress plugin not properly escaping its mainHeadings blocks' attribute before appending it to the final rendered block. This allows...

WordPress Combo Blocks plugin < 2.2.76 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Post Grid and Gutenberg Blocks versions 2.2.76...

CVE-2024-3343

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.31 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.31 Fixed in 3.2.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2919 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 67f4bc4f06d9 Credits Webbernau...

WordPress Genesis Blocks plugin <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Block Content vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Genesis Blocks versions = 3.1.2...