6 matches found
CVE-2026-2718
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2026-2718
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2026-2718 Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2026-2718 Dealia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2026-2718
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2021-24759
The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...