Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

61 matches found

RedhatCVE
RedhatCVEadded 2025/03/03 10:20 a.m.3 views

CVE-2024-13546

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'getimagedescription' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

4.3CVSS6.4AI score0.00128EPSS
Exploits0References1
CVE
CVEadded 2025/03/01 9:22 a.m.91 views

CVE-2024-13546

CVE-2024-13546 corresponds to the GenerateBlocks WordPress plugin vulnerability: authenticated (Contributor+) users can exploit a Sensitive Information Exposure via get_image_description, affecting all versions up to and including 1.9.1. The issue allows extraction of sensitive data, including co...

4.3CVSS6.5AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/03/01 9:22 a.m.4 views

CVE-2024-13546 GenerateBlocks <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description'

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'getimagedescription' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

4.3CVSS4.4AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/03/01 9:22 a.m.8 views

CVE-2024-13546 GenerateBlocks <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description'

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'getimagedescription' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

4.3CVSS0.00128EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/03/01 12:0 a.m.2 views

WordPress plugin GenerateBlocks 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

4.3CVSS7.9AI score0.00128EPSS
Exploits0References6
Patchstack
Patchstackadded 2025/02/28 11:58 p.m.2 views

WordPress GenerateBlocks plugin <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' vulnerability

Authenticated Contributor+ Sensitive Information Exposure via 'getimagedescription' vulnerability discovered by Nishiv in WordPress Plugin GenerateBlocks versions = 1.9.1...

4.3CVSS7AI score0.00128EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2024/03/13 4:15 p.m.1 views

CVE-2024-1452

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

4.3CVSS5.8AI score
Exploits0References4
NVD
NVDadded 2024/03/13 4:15 p.m.12 views

CVE-2024-1452

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

4.3CVSS4.3AI score0.00241EPSS
Exploits0References4
Prion
Prionadded 2024/03/13 4:15 p.m.16 views

Design/Logic Flaw

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

4CVSS6.8AI score0.00241EPSS
Exploits0References4
CVE
CVEadded 2024/03/13 3:26 p.m.45 views

CVE-2024-1452

CVE-2024-1452 affects the WordPress GenerateBlocks plugin. The vulnerability exists in the Query Loop and allows authenticated users with at least Contributor access to view content of posts/pages (including drafts, private, or scheduled) due to a sensitive information exposure in versions up to ...

4.3CVSS5.2AI score0.00241EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2024/03/13 3:26 p.m.11 views

CVE-2024-1452 GenerateBlocks <= 1.8.2 - Sensitive Information Exposure

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

4.3CVSS6.6AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVDadded 2024/03/13 12:0 a.m.1 views

WordPress Plugin GenerateBlocks Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.3AI score0.00241EPSS
Exploits0References5
Patchstack
Patchstackadded 2024/03/04 12:0 a.m.12 views

WordPress GenerateBlocks Plugin <= 1.8.2 is vulnerable to Sensitive Data Exposure

Software GenerateBlocks Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1452 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17b91c2bc914 Credits Webbernaut Required privile...

4.3CVSS6.5AI score0.00241EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2021/11/29 9:15 a.m.14 views

CVE-2021-24751

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.0018EPSS
Exploits2References1
Prion
Prionadded 2021/11/29 9:15 a.m.13 views

Cross site scripting

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

3.5CVSS5.3AI score0.0018EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2021/11/29 8:25 a.m.12 views

CVE-2021-24751 GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.6AI score0.0018EPSS
Exploits2References1
CVE
CVEadded 2021/11/29 8:25 a.m.44 views

CVE-2021-24751

The CVE-2021-24751 affects the WordPress GenerateBlocks plugin prior to 1.4.0. The vulnerability arises because the generateblocks/container block’s tagName attribute is not validated, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS). The issue is a ...

5.4CVSS5.3AI score0.0018EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2021/11/29 12:0 a.m.1 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress GenerateBlocks plugin that stems from a...

5.4CVSS5.6AI score0.0018EPSS
Exploits2References2
wpexploit
wpexploitadded 2021/11/01 12:0 a.m.532 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Add the following code in a post/page while in code editor mode with an Contributor account: Then view/preview th...

5.4CVSS5.3AI score0.0018EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2021/11/01 12:0 a.m.19 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. PoC Add the following code in a post/page while in code editor mode with an Contributor account: Then view/previe...

5.4CVSS5.2AI score0.0018EPSS
Exploits2Affected Software1
Rows per page
Query Builder