4961 matches found
CVE-2025-14973 Recipe Card Blocks < 3.4.13 - Contributor+ SQLi
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks...
EUVD-2025-206372
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks...
CVE-2025-14973
The CVE-2025-14973 entry concerns the WordPress plugin Recipe Card Blocks Lite, vulnerable to SQL injection due to improper sanitization/escaping of a parameter before using it in a SQL statement. Affected versions are before 3.4.13, and exploitation is possible by users with Contributor+ privile...
CVE-2025-14973
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks...
WordPress plugin Recipe Card Blocks Lite has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-14985
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-0807
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
CVE-2026-24528
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
CVE-2025-14985
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-14985
CVE-2025-14985 - Alpha Blocks (WordPress)
CVE-2025-14985 Alpha Blocks <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-14985 Alpha Blocks <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-14985
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-0807
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
CVE-2026-0807
The CVE-2026-0807 entry concerns Frontis Blocks for WordPress (Frontis Blocks — Block Library for the Block Editor). It describes an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 1.1.6 caused by insufficient restriction on the url parameter i...
CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
WordPress Alpha Blocks plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'alphablockcss' Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Alpha Blocks versions = 1.5.0...
WordPress plugin Frontis Blocks: Code-related vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4575
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha block css’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...