CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

WordPress Spectra plugin <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Spectra versions = 2.12.8...

WordPress Spectra Plugin <= 2.12.8 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1814 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8365e8ec8dfb Credits wesley wcraft Required privile...

WordPress plugin Spectra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Spectra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-18330 · WordPress · The Spectra – Wordpress Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: Spectra – WordPress Gutenberg Blocks plugin versions up to, and including, 2.12.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Testimonial block due to insufficient input sanitization and output escaping o...

CVE-2024-3107

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the getblockdefaultattributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files...

CVE-2024-3107

CVE-2024-3107 (Spectra – WordPress Gutenberg Blocks) : The Spectra plugin for WordPress is vulnerable to a Path Traversal flaw in get_block_default_attributes, affecting versions up to 2.12.6. Authenticated users with contributor-level permissions and above can read arbitrary files named attribut...

PT-2024-23748 · WordPress · The Spectra – Wordpress Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Spectra – WordPress Gutenberg Blocks plugin versions up to, and including, 2.12.6 Description: The issue allows authenticated attackers with contributor-level permissions and above to read the contents of any files named attributes.php on...

WordPress plugin Spectra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Spectra plugin <= 2.12.6 - Authenticated (Contributor+) Path Traversal vulnerability

Authenticated Contributor+ Path Traversal vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Spectra versions = 2.12.6...

WordPress Spectra Plugin <= 2.12.6 is vulnerable to Path Traversal

Software Spectra Type Plugin Vulnerable versions = 2.12.6 Fixed in 2.12.7 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-3107 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 52350fa92b9f Credits Ngô Thiên An ancorn Required privilege Contributor...

CVE-2023-6486

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Spectra plugin <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS vulnerability

AuthenticatedContributor+ Cross-Site Scripting via Custom CSS vulnerability discovered by Akbar Kustirama in WordPress Plugin Spectra versions = 2.10.3...

WordPress Spectra Plugin <= 2.10.3 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.10.3 Fixed in 2.10.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec9e8bd69ac Credits Akbar Kustirama Required...

CVE-2023-36679

Server-Side Request Forgery SSRF vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6...

WordPress Plugin Spectra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-49833 WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9...

WordPress and WordPress plugin cross-site scripting vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...