Lucene search
+L

29 matches found

NVD
NVD
added 4 days ago3 views

CVE-2026-57386

Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...

8.8CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-57386

The CVE-2026-57386 entry affects the WordPress aBlocks plugin by Kodezen LLC, with versions prior to 2.9.1 vulnerable to an Incorrect Privilege Assignment that enables privilege escalation. The NVD PatchStack entries corroborate that the issue lies in a blocks ablocks and is exploitable with high...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57386 WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...

8.8CVSS0.00286EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/07 3:24 p.m.6 views

WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin aBlocks versions 2.9.1...

8.8CVSS5.9AI score0.00286EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.5 views

CVE-2025-12449

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS5AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-12449

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 7:17 a.m.3 views

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 7:17 a.m.28 views

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 7:17 a.m.22 views

CVE-2025-12449

CVE-2025-12449 (aBlocks – Gutenberg Blocks, WordPress Plugin) The vulnerability arises from missing capability checks on multiple AJAX actions in the aBlocks WordPress plugin (versions up to 2.4.0). This allows authenticated users with subscriber level access and above to modify data and disclose...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1578

Name of the Vulnerable Software and Affected Versions aBlocks – WordPress Gutenberg Blocks plugin versions prior to 2.4.1 Description The aBlocks – WordPress Gutenberg Blocks plugin for WordPress has a flaw that allows unauthorized modification of data and disclosure of sensitive information. Thi...

5.4CVSS6.1AI score0.00227EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

WordPress plugin aBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.4CVSS6.1AI score0.00227EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/06 10:17 p.m.8 views

WordPress aBlocks - WordPress Gutenberg Blocks plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability

WordPress aBlocks - WordPress Gutenberg Blocks plugin = 2.4.0 - Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin aBlocks versions = 2.4.0...

5.4CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-13765

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

WordPress aBlocks plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress aBlocks plugin, which stems from the application's lack of effective filtering and escaping of user-supplied data, and n...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:25 p.m.7 views

CVE-2025-47616

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kodezen LLC aBlocks ablocks allows Stored XSS.This issue affects aBlocks: from n/a through = 1.9.2...

6.5CVSS7.2AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.19 views

CVE-2025-47616

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kodezen LLC aBlocks ablocks allows Stored XSS.This issue affects aBlocks: from n/a through = 1.9.2...

6.5CVSS0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/07 2:20 p.m.4 views

CVE-2025-47616 WordPress aBlocks <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 2:20 p.m.58 views

CVE-2025-47616

CVE-2025-47616 : Stored XSS in the WordPress plugin aBlocks (versions

6.5CVSS7.2AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.3 views

WordPress plugin aBlocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress aBlocks plugin, which stems from the application's lack of effective filtering and escaping of user-supplied data, and n...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.7 views

PT-2025-20184 · Ablocks · Ablocks

Name of the Vulnerable Software and Affected Versions: aBlocks versions 1.9.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References3
Rows per page
Query Builder