12 matches found
CVE-2024-50452
CVE-2024-50452 affects the WordPress Nexter Blocks: the-plus-addons-for-block-editor, with a stored XSS flaw caused by improper input neutralization during web page generation. Exploitation could occur via vulnerable blocks in Nexter Blocks versions up to and including 3.3.3, enabling stored scri...
CVE-2026-24377 WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...
CVE-2026-24377
CVE-2026-24377 : WordPress Nexter Blocks plugin ≤ 4.6.3 exposes embedded sensitive data to an unauthorized control sphere, enabling sensitive information exposure. CVSS 3.1 base score 4.3 (Medium) per the initial document; multiple sources corroborate a sensitive data exposure issue affecting Nex...
WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability
WordPress Nexter Extension - Site Enhancements Toolkit plugin = 4.4.6 - Unauthenticated PHP Object Injection via 'nxtunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Nexter Extension versions = 4.4.6...
WordPress Nexter Extension plugin <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Nexter Extension versions = 4.4.1...
CVE-2025-54739 WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through = 4.5.4...
WordPress plugin Nexter Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Nexter Blocks versions = 3.3.3...
WordPress Nexter Blocks Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Nexter Blocks Type Plugin Vulnerable versions = 3.3.3 Fixed in 4.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50452 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID 5124e10b8774 Credits João Pedro S Alcântara Kinorth...
WordPress plugin Nexter security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-45750 WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in POSIMYTH Nexter Extension plugin = 2.0.3 versions...
WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection
Software Nexter Type Theme Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45657 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f7e305847a86 Credits Rafie Muhammad Patchstack Required privilege Subscriber...