WordPress Vayu Blocks plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary plugin Installation/Activation vulnerability

Missing Authorization to Unauthenticated Arbitrary plugin Installation/Activation vulnerability discovered by stealthcopter in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions = 1.1.1...

EUVD-2025-10317

Malicious code in bioql PyPI...

EUVD-2025-8474

Malicious code in bioql PyPI...

CVE-2025-9378

The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-9378 Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes

The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-9378

CVE-2025-9378 concerns the WordPress plugin Vayu Blocks – Website Builder for the Block Editor (versions up to 1.3.9). The vulnerability is a Stored Cross-Site Scripting issue in the Lottie block, arising from insufficient input sanitization and output escaping. An authenticated attacker with Con...

WordPress plugin Vayu Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Vayu Blocks plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Block Attributes vulnerability discovered by WordFence in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions = 1.3.9...

CVE-2025-4420

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayublocksoptionpanelcallback function and...

CVE-2025-4420

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayublocksoptionpanelcallback function and...

CVE-2025-4420

CVE-2025-4420 affects the WordPress plugin “Vayu Blocks – Website Builder for the Block Editor” (Vayu Blocks) up to version 1.3.1. It enables a stored XSS via the containerWidth parameter due to a missing capability check in vayu_blocks_option_panel_callback() and insufficient input sanitization/...

CVE-2025-4420 Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayublocksoptionpanelcallback function and...

CVE-2025-4420 Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayublocksoptionpanelcallback function and...

WordPress plugin Vayu Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-23592 · WordPress · Vayu Blocks

Name of the Vulnerable Software and Affected Versions: Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress version 1.3.1 and earlier Description: The issue is related to Stored Cross-Site Scripting via the containerWidth parameter. This is due to a missing capability...

WordPress Vayu Blocks plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via containerWidth Parameter vulnerability discovered by Chuck in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions = 1.3.1...

CVE-2025-2568

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayublocksgettoggleswitchvaluescallback' and 'vayublockssavetoggleswitchcallback' function in versions 1.0.4 t...

WordPress Vayu Blocks plugin 1.0.4-1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update vulnerability

Missing Authorization to Unauthenticated Limited Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions 1.0.4-1.2.1...

CVE-2025-2568

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayublocksgettoggleswitchvaluescallback' and 'vayublockssavetoggleswitchcallback' function in versions 1.0.4 t...

CVE-2025-2568 Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayublocksgettoggleswitchvaluescallback' and 'vayublockssavetoggleswitchcallback' function in versions 1.0.4 t...