Lucene search
K

4966 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.7 views

CVE-2024-34769

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through 1.7...

6.5CVSS6.7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.8 views

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

8.1CVSS7.1AI score0.00768EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.6 views

CVE-2025-23948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webarea Background animation blocks background-animation-blocks allows PHP Local File Inclusion.This issue affects Background animation blocks: from n/a through = 2.1.5...

8.1CVSS7.2AI score0.00879EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.3 views

CVE-2025-23521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoodLayers Goodlayers Blocks goodlayers-blocks allows Reflected XSS.This issue affects Goodlayers Blocks: from n/a through = 1.0.1...

7.1CVSS5.9AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 6:15 p.m.4 views

CVE-2026-22230

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

7.2CVSS5.8AI score0.00285EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/07 2:43 p.m.7 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.14 views

CVE-2025-1627

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00204EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.8 views

CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

7.5CVSS6.8AI score0.01362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.10 views

CVE-2024-2369

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00446EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.11 views

CVE-2024-2729

The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks...

6.1CVSS5.7AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.8 views

CVE-2025-1291

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.9 views

CVE-2024-2919

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.8AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.6 views

CVE-2024-2226

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...

6.4CVSS5.8AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 8:21 a.m.10 views

CVE-2025-12958

CVE-2025-12958 affects Rankology SEO and Analytics Tool for WordPress. Wordfence reports an insecure capability check on the rankology_code_block page that allows authenticated attackers with Editor-level access and above to modify data by adding header/footer code blocks. The issue is tied to Ra...

2.7CVSS5.4AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 7:17 a.m.17 views

CVE-2025-12449

CVE-2025-12449 (aBlocks – Gutenberg Blocks, WordPress Plugin) The vulnerability arises from missing capability checks on multiple AJAX actions in the aBlocks WordPress plugin (versions up to 2.4.0). This allows authenticated users with subscriber level access and above to modify data and disclose...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 7:17 a.m.22 views

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 7:17 a.m.3 views

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.4 views

PT-2026-1587

Name of the Vulnerable Software and Affected Versions Rankology SEO and Analytics Tool versions prior to 2.1 Description The Rankology SEO and Analytics Tool plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a flawed capability check on the...

2.7CVSS6.7AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1578

Name of the Vulnerable Software and Affected Versions aBlocks – WordPress Gutenberg Blocks plugin versions prior to 2.4.1 Description The aBlocks – WordPress Gutenberg Blocks plugin for WordPress has a flaw that allows unauthorized modification of data and disclosure of sensitive information. Thi...

5.4CVSS6.1AI score0.00227EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

WordPress plugin Rankology SEO and Analytics Tool 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... An authorization...

2.7CVSS6.6AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder