CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

240 matches found

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.3 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Shambles in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.3...

7.2CVSS5.8AI score

Exploits0References1Affected Software1

Cvelist•added yesterday•7 views

CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS

Exploits0References2

CVE•added yesterday•6 views

CVE-2026-10586

The CVE describes a Server-Side Request Forgery in the Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns WordPress plugin. Affected software: WordPress plugin, versions up to and including 6.1.3. Vulnerable component: save_ai_generated_image() function. Root cause: CSRF-li...

7.2CVSS5.9AI score

Exploits0References2

Nuclei•added 2026/05/27 3:54 a.m.•70 views

Essential Blocks < 4.4.3 - Local File Inclusion

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...

9.8CVSS7.3AI score0.88125EPSS

Exploits2References3

RedhatCVE•added 2026/05/04 8:21 p.m.•1 views

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS6AI score0.00027EPSS

Exploits0References1

NVD•added 2026/05/02 5:16 a.m.•0 views

CVE-2026-4658

6.4CVSS0.00027EPSS

Exploits0References10

EUVD•added 2026/05/02 4:27 a.m.•0 views

EUVD-2026-26733

6.4CVSS6AI score0.00027EPSS

Exploits0References10

Cvelist•added 2026/05/02 4:27 a.m.•29 views

CVE-2026-4658 Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

6.4CVSS0.00027EPSS

Exploits0References10

ATTACKERKB•added 2026/05/02 4:27 a.m.•0 views

CVE-2026-4658

6.4CVSS6AI score0.00027EPSS

Exploits0References11

CVE•added 2026/05/02 4:27 a.m.•6 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00027EPSS

Exploits0References10

CNNVD•added 2026/05/02 12:0 a.m.•5 views

WordPress plugin Essential Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00027EPSS

Exploits0References1

Positive Technologies•added 2026/05/02 12:0 a.m.•1 views

PT-2026-36565

6.4CVSS6AI score0.00027EPSS

Exploits0References11

Patchstack•added 2026/05/01 4:12 p.m.•1 views

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Essential Blocks for Gutenberg versions = 6.0.4...

6.4CVSS5.8AI score0.00027EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/06 6:17 a.m.•8 views

WordPress Essential Blocks plugin < 4.4.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Marc Montpas in WordPress Plugin Essential Blocks for Gutenberg versions 4.4.3...

9.8CVSS8.3AI score0.88125EPSS

Exploits2References1Affected Software1

Patchstack•added 2026/02/02 2:51 p.m.•2 views

WordPress Essential Blocks plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.3...

6.4CVSS5.3AI score0.00096EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 8:56 a.m.•5 views

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

8.1CVSS7.1AI score0.04035EPSS

Exploits2References1

RedhatCVE•added 2025/12/18 1:52 a.m.•2 views

CVE-2025-11369

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the getinstagramaccesstokencallback, googlemapapikeysavecallback and getsiteinfo functions in all...

4.3CVSS4.9AI score0.00044EPSS

Exploits0References1

Cvelist•added 2025/12/17 1:48 a.m.•20 views

CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

4.3CVSS0.00044EPSS

Exploits0References5