307 matches found
CVE-2026-25438
The CVE describes a Reflected XSS in the WordPress Gutenberg Blocks “Unlimited blocks for Gutenberg” plugin, affecting versions up to and including 1.2.8. The root cause is improper neutralization of input during web page generation. The affected component is the WordPress Gutenberg Blocks integr...
WordPress plugin Gutenberg Blocks 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Responsive Blocks 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
CVE-2026-1614
The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-8624
The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-21881
The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability
Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...
Exploit for CVE-2026-1560
CVE-2026-XXXX – Authenticated Remote Code Execution in Lazy Bl...
WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via contentblock Shortcode vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.0...
CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...
WordPress plugin BlockArt Blocks has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Nexter Blocks versions = 4.6.3...
CVE-2026-0807
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
CVE-2025-14985
CVE-2025-14985 - Alpha Blocks (WordPress)
CVE-2025-14985 Alpha Blocks <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
CVE-2025-68030 WordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through = 1.1.5...
CVE-2025-13725
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...
CVE-2022-0448
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...