17 matches found
CVE-2024-2794
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
EUVD-2021-11458
Malware in sbrugna...
EUVD-2024-27738
Malicious code in bioql PyPI...
EUVD-2024-30388
Malicious code in bioql PyPI...
CVE-2024-32586
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Munir Kamal Gutenberg Block Editor Toolkit allows Stored XSS.This issue affects Gutenberg Block Editor Toolkit: from n/a through 1.40.4...
CVE-2021-24546
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
CVE-2024-32586
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Munir Kamal Gutenberg Block Editor Toolkit allows Stored XSS.This issue affects Gutenberg Block Editor Toolkit: from n/a through 1.40.4...
CVE-2024-32586
The CVE-2024-32586 entry corresponds to a Cross-Site Scripting (XSS) vulnerability in the WordPress Gutenberg Block Editor Toolkit plugin (EditorsKit) for WordPress. Affected versions are
WordPress Gutenberg Block Editor Toolkit plugin <= 1.40.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Gutenberg Block Editor Toolkit versions = 1.40.4...
WordPress Gutenberg Block Editor Toolkit Plugin <= 1.40.4 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Block Editor Toolkit Type Plugin Vulnerable versions = 1.40.4 Fixed in 1.40.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32586 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a7cac184918b Credits Steven Julian Require...
CVE-2024-2794
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-2794
CVE-2024-2794 – The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘editorskit’ shortcode in all versions up to and including 1.40.4. The Red Hat CVE entry confirms the issue stems from insufficient input sanitization...
WordPress Gutenberg Block Editor Toolkit Plugin <= 1.40.3 is vulnerable to Arbitrary File Upload
Software Gutenberg Block Editor Toolkit Type Plugin Vulnerable versions = 1.40.3 Fixed in 1.40.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6635 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d39ac6b70847 Credits István Márton Required...
WordPress Gutenberg Block Editor Toolkit Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Block Editor Toolkit Type Plugin Vulnerable versions = 1.16 Fixed in 1.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d49173f4b0fb Credits Rafie Muhammad Patchsta...
CVE-2021-24546
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
Code injection
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
CVE-2021-24546
The CVE-2021-24546 vulnerability affects the WordPress Gutenberg Block Editor Toolkit EditorsKit plugin up to version 1.31.5 (fixed in 1.31.6). Root cause: the plugin does not sanitize/validate the Conditional Logic of the Custom Visibility settings, enabling a low-privilege contributor to execut...