243 matches found
CVE-2024-5595 Essential Blocks < 4.7.0 - Contributor+ Stored XSS
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-5595 Essential Blocks < 4.7.0 - Contributor+ Stored XSS
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Essential Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Essential Blocks for Gutenberg Plugin < 4.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5595 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 76492ed10683 Credits Dmitrii...
CVE-2024-30467
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9...
CVE-2024-30467
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9...
CVE-2024-30467 WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9...
CVE-2024-30467
CVE-2024-30467: Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg affects Essential Blocks for Gutenberg versions up to 4.4.9. Root cause is missing authorization checks on access to block functionality. Impact is high for confidentiality, integrity, and availabili...
WordPress plugin Essential Blocks for Gutenberg security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2024-23396 · Wpdeveloper · Essential Blocks For Gutenberg
Name of the Vulnerable Software and Affected Versions: Essential Blocks for Gutenberg versions 4.4.9 and earlier Description: The issue is a Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg. This allows for unauthorized access. Recommendations: For Essential Block...
Essential Blocks < 4.5.13 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages th...
WordPress Essential Blocks plugin <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.12...
WordPress Essential Blocks for Gutenberg Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d396af2a43d0 Credits João...
CVE-2024-4891
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-4891
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-4891 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Essential Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-33262 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.12 Description: The issue is related to Stored Cross-Site Scripting via the tagName parameter due to insufficie...
VulnCheck KEV: CVE-2023-6623
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks...
CVE-2024-3818
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplie...