Lucene search
K

43 matches found

OSV
OSV
added 2024/07/20 7:15 a.m.5 views

CVE-2024-6489

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS5.8AI score0.00298EPSS
Exploits0References2
CVE
CVE
added 2024/07/20 6:43 a.m.88 views

CVE-2024-6491

CVE-2024-6491 (Getwid – Gutenberg Blocks, WordPress) : The Getwid plugin versions up to 2.0.10 are vulnerable to unauthorized modification of data due to a missing capability check in the mailchimp_api_key_manage function. This allows authenticated users with Contributor-level access or higher to...

4.3CVSS4.3AI score0.00378EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/02 5:15 p.m.11 views

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.00535EPSS
Exploits0References4
NVD
NVD
added 2024/05/02 5:15 p.m.20 views

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00535EPSS
Exploits0References4
CVE
CVE
added 2024/05/02 4:52 p.m.46 views

CVE-2024-3588

CVE-2024-3588: Getwid – Gutenberg Blocks vulnerable to Stored Cross-Site Scripting via the Countdown block in all versions up to 2.0.7 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts...

6.4CVSS5.7AI score0.00535EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress Plugin Getwid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.8AI score0.00535EPSS
Exploits0References5
OSV
OSV
added 2024/04/09 7:15 p.m.2 views

CVE-2024-1948

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...

5.4CVSS7.4AI score0.00399EPSS
Exploits0References2
NVD
NVD
added 2024/04/09 7:15 p.m.19 views

CVE-2024-1948

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...

6.4CVSS5.7AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.29 views

CVE-2024-1948 Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...

6.4CVSS5.8AI score0.00399EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin Getwid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

6.4CVSS7.9AI score0.00399EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.13 views

Getwid – Gutenberg Blocks < 2.0.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content

Description The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00399EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/05 10:15 p.m.3 views

CVE-2023-6959

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS5.8AI score0.00428EPSS
Exploits0References2
OSV
OSV
added 2024/02/05 10:15 p.m.5 views

CVE-2023-6963

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...

5.3CVSS7.3AI score0.00534EPSS
Exploits0References2
Prion
Prion
added 2024/02/05 10:15 p.m.12 views

Design/Logic Flaw

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

4CVSS6.9AI score0.00428EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.18 views

CVE-2023-6959 Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.6AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.6 views

WordPress plugin Getwid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.7AI score0.00534EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 6:15 a.m.3 views

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

4.3CVSS7.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.2 views

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

4.3CVSS6.7AI score0.00515EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.2 views

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

9.6CVSS7.3AI score0.00606EPSS
Exploits2References3
OSV
OSV
added 2023/06/09 6:15 a.m.4 views

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

9.6CVSS7.4AI score0.00606EPSS
Exploits2References2
Rows per page
Query Builder