Lucene search
+L

243 matches found

Vulnrichment
Vulnrichment
added 2024/08/02 6:0 a.m.12 views

CVE-2024-5595 Essential Blocks < 4.7.0 - Contributor+ Stored XSS

The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4AI score0.00442EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/02 6:0 a.m.33 views

CVE-2024-5595 Essential Blocks < 4.7.0 - Contributor+ Stored XSS

The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00442EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/02 12:0 a.m.3 views

WordPress plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/08/02 12:0 a.m.12 views

WordPress Essential Blocks for Gutenberg Plugin < 4.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5595 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 76492ed10683 Credits Dmitrii...

5.4CVSS5.8AI score0.00442EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/09 11:15 a.m.4 views

CVE-2024-30467

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9...

8.8CVSS7.3AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 11:15 a.m.30 views

CVE-2024-30467

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9...

8.8CVSS0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/09 10:49 a.m.16 views

CVE-2024-30467 WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9...

6.5CVSS7AI score0.00409EPSS
Exploits0References1
CVE
CVE
added 2024/06/09 10:49 a.m.60 views

CVE-2024-30467

CVE-2024-30467: Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg affects Essential Blocks for Gutenberg versions up to 4.4.9. Root cause is missing authorization checks on access to block functionality. Impact is high for confidentiality, integrity, and availabili...

8.8CVSS6.8AI score0.00409EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.4 views

WordPress plugin Essential Blocks for Gutenberg security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.7AI score0.00409EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.3 views

PT-2024-23396 · Wpdeveloper · Essential Blocks For Gutenberg

Name of the Vulnerable Software and Affected Versions: Essential Blocks for Gutenberg versions 4.4.9 and earlier Description: The issue is a Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg. This allows for unauthorized access. Recommendations: For Essential Block...

8.8CVSS9.3AI score0.00409EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.18 views

Essential Blocks < 4.5.13 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages th...

6.4CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/20 1:6 a.m.5 views

WordPress Essential Blocks plugin <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.12...

6.4CVSS5.7AI score0.00468EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/20 12:0 a.m.16 views

WordPress Essential Blocks for Gutenberg Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d396af2a43d0 Credits João...

6.4CVSS5.8AI score0.00468EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/18 5:15 a.m.19 views

CVE-2024-4891

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00468EPSS
Exploits0References3
OSV
OSV
added 2024/05/18 5:15 a.m.14 views

CVE-2024-4891

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00468EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/18 4:30 a.m.34 views

CVE-2024-4891 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/18 12:0 a.m.5 views

WordPress plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.00468EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.8 views

PT-2024-33262 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.12 Description: The issue is related to Stored Cross-Site Scripting via the tagName parameter due to insufficie...

6.4CVSS5.9AI score0.00468EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEV
added 2024/05/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-6623

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks...

9.8CVSS7.3AI score0.50673EPSS
Exploits2References1
NVD
NVD
added 2024/04/19 3:15 a.m.30 views

CVE-2024-3818

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplie...

5.4CVSS5.1AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder