107 matches found
CVE-2024-6489
The CVE-2024-6489 entry concerns Getwid – Gutenberg Blocks for WordPress. A missing capability check in get_google_api_key in all versions
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-6491
CVE-2024-6491 (Getwid – Gutenberg Blocks, WordPress) : The Getwid plugin versions up to 2.0.10 are vulnerable to unauthorized modification of data due to a missing capability check in the mailchimp_api_key_manage function. This allows authenticated users with Contributor-level access or higher to...
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-37663 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...
PT-2024-37665 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the mailchimp api key manage function. This makes it...
CVE-2024-3588
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3588
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3588
CVE-2024-3588: Getwid – Gutenberg Blocks vulnerable to Stored Cross-Site Scripting via the Countdown block in all versions up to 2.0.7 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts...
CVE-2024-3588 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3588 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-26771 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Countdown block due to insufficient input sanitization and output escaping o...
WordPress Plugin Getwid 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
WordPress Getwid – Gutenberg Blocks plugin <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown' vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'Countdown' vulnerability discovered by Webbernaut in WordPress Plugin Getwid versions = 2.0.7...
WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3588 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9599eeb54223 Credits Webbernaut...
CVE-2024-1948
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...
CVE-2024-1948
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...
CVE-2024-1948 Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...
CVE-2024-1948 Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access...
WordPress Plugin Getwid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...