Lucene search
K

4965 matches found

Cvelist
Cvelist
added 2026/01/24 7:26 a.m.29 views

CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...

7.2CVSS0.00324EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/24 4:29 a.m.7 views

WordPress Alpha Blocks plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'alphablockcss' Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Alpha Blocks versions = 1.5.0...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.4 views

WordPress plugin Frontis Blocks: Code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.9AI score0.00324EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

WordPress Plugin Alpha Blocks has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.6 views

PT-2026-4575

The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha block css’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.7 views

PT-2026-4577

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template proxy' function. This makes it possible for unauthenticated attackers to make web...

7.2CVSS5.7AI score0.00324EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.8 views

CVE-2025-47500

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through = 3.19.5...

5.9CVSS5.4AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.6 views

CVE-2025-68030

Server-Side Request Forgery SSRF vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through = 1.1.5...

7.2CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2026-24377

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...

4.3CVSS5.4AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.9 views

CVE-2026-24528

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

6.5CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.3 views

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

6.5CVSS5.9AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.10 views

CVE-2026-24528

CVE-2026-24528 refers to a Cross-Site Scripting (DOM-Based XSS) vulnerability in Pixelgrade Nova Blocks (nova-blocks) affecting versions up to and including 2.1.9. Technical details across sources confirm an improper input handling/neutralization during web page generation that enables DOM-based ...

6.5CVSS5.4AI score0.00156EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:28 p.m.4 views

CVE-2026-24528

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

6.5CVSS5.9AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.40 views

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

6.5CVSS0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.5 views

PT-2026-4377

Name of the Vulnerable Software and Affected Versions pixelgrade Nova Blocks versions through 2.1.9 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for potential maliciou...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.5 views

WordPress plugin Nova Blocks has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00156EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004881 advisory. In the Linux kernel, the following vulnerability has been resolved: memstick/msblock: Fix a memory leak 'erasedblocksbitmap' is never freed. As it is allocated at th...

5.5CVSS5.4AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/01/22 5:16 p.m.4 views

CVE-2026-24377

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...

4.3CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2025-68030

Server-Side Request Forgery SSRF vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through = 1.1.5...

7.2CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.3 views

CVE-2025-47500

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through = 3.19.5...

5.9CVSS0.00252EPSS
Exploits0References1
Rows per page
Query Builder