CVE-2026-2892

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

CVE-2026-2892

Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...

CVE-2024-2729

The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks...

CVE-2024-3343

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

WordPress Otter Blocks plugin < 2.6.6 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Otter - Gutenberg Block versions 2.6.6...

WordPress Plugin Otter Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-21797 · WordPress · Otter Blocks

Name of the Vulnerable Software and Affected Versions: Otter Blocks WordPress plugin versions prior to 2.6.6 Description: The issue arises from the Otter Blocks WordPress plugin not properly escaping its mainHeadings blocks' attribute before appending it to the final rendered block. This allows...

CVE-2024-3343

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-1691

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping...

CVE-2024-1684

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This...