CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

307 matches found

Cvelist•added 2025/11/01 5:40 a.m.•4 views

CVE-2025-12180 Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS0.00034EPSS

Exploits0References3

Patchstack•added 2025/10/25 1:28 a.m.•4 views

WordPress Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks plugin <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Gutenberg Blocks versions = 3.3.4...

6.4CVSS5.5AI score0.00032EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/24 9:23 a.m.•2 views

CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

5.3CVSS4.9AI score0.00122EPSS

Exploits0References2

CVE•added 2025/10/18 4:25 a.m.•22 views

CVE-2025-11361

CVE-2025-11361 : Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns (WordPress) is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 5.7.1 via eb_save_ai_generated_image. Authenticated attackers with Author+ privileges can issue web reques...

6.4CVSS5.3AI score0.00034EPSS

Exploits0References3

Patchstack•added 2025/10/13 11:2 a.m.•3 views

WordPress Page Blocks plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin Page Blocks versions = 1.1.0...

4.3CVSS6.6AI score0.00014EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/11 12:30 p.m.•2 views

EUVD-2025-33848

The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the adminprocesswidgetpagechange function. This makes it possible for unauthenticated attackers to modify widget pa...

4.3CVSS4.7AI score0.00014EPSS

Exploits0References5

CNNVD•added 2025/10/11 12:0 a.m.•1 views

WordPress plugin Page Blocks 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.3AI score0.00014EPSS

Exploits0References4

Positive Technologies•added 2025/10/11 12:0 a.m.•2 views

PT-2025-41681

Name of the Vulnerable Software and Affected Versions Page Blocks plugin for WordPress versions prior to 1.1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or missing nonce validation within the admin process widget page change functio...

4.3CVSS6.3AI score0.00014EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-11097

Malware in sbrugna...

8.8CVSS8.6AI score0.0013EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-58913

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00152EPSS

Exploits0References2