CVE-2026-10780

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

EUVD-2026-37034

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

PT-2026-49611

Name of the Vulnerable Software and Affected Versions Static Block versions prior to 2.3 Description The Static Block plugin for WordPress contains an Insecure Direct Object Reference. This occurs because the static block content shortcode handler uses the get post function to retrieve a post bas...

WordPress Static Block plugin <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by dyingman in WordPress Plugin Static Block versions = 2.2...

EUVD-2024-45110

Malicious code in bioql PyPI...

CVE-2024-50549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steven Nolles Bonway Static Block Editor bonway-static-block-editor allows DOM-Based XSS.This issue affects Bonway Static Block Editor: from n/a through = 1.1.0...

CVE-2024-50549

CVE-2024-50549 is a DOM-based Cross-Site Scripting (XSS) vulnerability in WordPress plugin Bonway Static Block Editor, affecting versions up to 1.1.0 (designated as n/a through 1.1.0). The issue, described as Improper Neutralization of Input During Web Page Generation, has a CVSS v3.1 base score ...

CVE-2024-50549 WordPress Bonway Static Block Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steven Nolles Bonway Static Block Editor bonway-static-block-editor allows DOM-Based XSS.This issue affects Bonway Static Block Editor: from n/a through = 1.1.0...

WordPress plugin Bonway Static Block Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Bonway Static Block Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Bonway Static Block Editor versions = 1.1.0...

WordPress Bonway Static Block Editor Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Bonway Static Block Editor Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50549 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca2cd09f42a7 Credits SOPROBRO Required privilege...

Malicious code in plugin-transform-class-static-block (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9761 Malicious code in plugin-transform-class-static-block (npm)

--- -= Per source details. Do not edit below this line.=-...