52 matches found
WordPress Enhanced Blocks - Page Builder Blocks for Gutenberg plugin Improper Access Control Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in WordPress Enhanced Blocks - Page Builder Blocks for Gutenberg plugin, which stems from a lack of authorization, and no detaile...
PT-2025-7830 · Unknown · Essential Blocks For Gutenberg
Name of the Vulnerable Software and Affected Versions: Essential Blocks for Gutenberg versions through 4.8.3 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Essential...
WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Essential Blocks for Gutenberg versions = 4.8.3...
CVE-2023-47760
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0...
WordPress plugin Essential Blocks for Gutenberg 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-8282 Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. Thi...
CVE-2024-37948 WordPress Caxton – Create Pro page layouts in Gutenberg plugin <= 1.30.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1...
PT-2024-28126 · Unknown · Post Layouts For Gutenberg
Name of the Vulnerable Software and Affected Versions: Post Layouts for Gutenberg versions 1.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...
WordPress Post Layouts for Gutenberg plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SouzaZinn Patchstack Alliance in WordPress Plugin Post Layouts for Gutenberg versions = 1.2.10...
WordPress Gutenberg plugin <= 18.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Gutenberg versions = 18.6.0...
WordPress Gutenberg Plugin <= 18.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Type Plugin Vulnerable versions = 18.6.0 Fixed in 18.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37492 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17657928ee30 Credits Rafie Muhammad Patchstack Required privile...
WordPress Essential Blocks for Gutenberg Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d396af2a43d0 Credits João...
CVE-2023-6964
CVE-2023-6964 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress (all versions up to 3.1.26). It enables Server-Side Request Forgery via the kadence_import_get_new_connection_data AJAX action, allowing authenticated attackers with contributor+ access to issue web req...
BIT-WORDPRESS-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...
BIT-WORDPRESS-MULTISITE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...
WordPress Essential Blocks for Gutenberg Plugin <= 4.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.5.1 Fixed in 4.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1854 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f950450ff21 Credits WordFence...
DEBIAN-CVE-2023-38000
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...
CVE-2023-38000
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...
Cross site scripting
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...
UBUNTU-CVE-2023-38000
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...