Lucene search
+L

717 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 8:34 a.m.4 views

CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 8:34 a.m.28 views

CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

7.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 8:34 a.m.13 views

CVE-2026-25438

The CVE describes a Reflected XSS in the WordPress Gutenberg Blocks “Unlimited blocks for Gutenberg” plugin, affecting versions up to and including 1.2.8. The root cause is improper neutralization of input during web page generation. The affected component is the WordPress Gutenberg Blocks integr...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 8:34 a.m.4 views

CVE-2026-25438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.10 views

PT-2026-26273

Name of the Vulnerable Software and Affected Versions ThemeHunk Gutenberg Blocks versions through 1.2.8 Description A flaw exists in ThemeHunk Gutenberg Blocks that allows for Reflected Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

WordPress plugin Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/18 12:6 p.m.6 views

WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Gutenberg Blocks versions = 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/04 3:31 a.m.7 views

EUVD-2026-9349

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

7.2CVSS6AI score0.00313EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.7 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.6 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 6:42 a.m.34 views

CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS0.00327EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.12 views

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.11 views

PT-2026-20352

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/17 11:58 p.m.7 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'endpoint' Parameter vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

4.3CVSS5.5AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:58 p.m.8 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability

Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

4.3CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/17 11:20 a.m.14 views

CVE-2026-2608

CVE-2026-2608 : Kadence Blocks — Page Builder Toolkit for Gutenberg Editor vulnerability in WordPress. Up to version 3.5.32, missing capability check allows authenticated users with Contributor-level access and above to perform an unauthorized action. Patch status in Wordfence context shows mitig...

4.3CVSS5.5AI score0.002EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/11 11:16 p.m.7 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability

Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...

5.5AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.6 views

CVE-2026-0950

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS5.4AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 6:15 a.m.8 views

CVE-2026-0950

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS0.00346EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/02/03 5:30 a.m.31 views

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS0.00346EPSS
Exploits0References10
Rows per page
Query Builder