WordPress plugin Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks plugin <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Gutenberg Blocks versions = 3.3.4...

CVE-2024-7588

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5289

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possibl...

CVE-2024-11914

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-12304

CVE-2024-12304 affects Gutenberg Blocks with AI by Kadence WP – Page Builder Features (WordPress). The vulnerability is a Stored Cross-Site Scripting flaw via a button block link in all versions up to 3.4.2, caused by insufficient input sanitization and output escaping. Exploitation requires an a...

CVE-2024-10637

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-10637

The CVE concerns the Gutenberg Blocks with AI by Kadence WP WordPress plugin (before 3.2.54). It states that some block options are not properly validated/escaped before being output in the page/post where the block is embedded, enabling Stored Cross-Site Scripting. Affected surface: authenticate...

CVE-2024-37457

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9...

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-3588 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-47183

Cross-Site Request Forgery CSRF vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin = 0.2.6 versions...