Lucene search
K

17 matches found

CVE
CVE
added 2 days ago4 views

CVE-2026-57386

The CVE-2026-57386 entry affects the WordPress aBlocks plugin by Kodezen LLC, with versions prior to 2.9.1 vulnerable to an Incorrect Privilege Assignment that enables privilege escalation. The NVD PatchStack entries corroborate that the issue lies in a blocks ablocks and is exploitable with high...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57386 WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...

8.8CVSS0.00286EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/07 3:24 p.m.6 views

WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin aBlocks versions 2.9.1...

8.8CVSS5.9AI score0.00286EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.5 views

CVE-2025-12449

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS5AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-12449

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 7:17 a.m.3 views

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 7:17 a.m.19 views

CVE-2025-12449

CVE-2025-12449 (aBlocks – Gutenberg Blocks, WordPress Plugin) The vulnerability arises from missing capability checks on multiple AJAX actions in the aBlocks WordPress plugin (versions up to 2.4.0). This allows authenticated users with subscriber level access and above to modify data and disclose...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1578

Name of the Vulnerable Software and Affected Versions aBlocks – WordPress Gutenberg Blocks plugin versions prior to 2.4.1 Description The aBlocks – WordPress Gutenberg Blocks plugin for WordPress has a flaw that allows unauthorized modification of data and disclosure of sensitive information. Thi...

5.4CVSS6.1AI score0.00227EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/06 10:17 p.m.7 views

WordPress aBlocks - WordPress Gutenberg Blocks plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability

WordPress aBlocks - WordPress Gutenberg Blocks plugin = 2.4.0 - Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin aBlocks versions = 2.4.0...

5.4CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

WordPress aBlocks plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress aBlocks plugin, which stems from the application's lack of effective filtering and escaping of user-supplied data, and n...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.3 views

WordPress plugin aBlocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress aBlocks plugin, which stems from the application's lack of effective filtering and escaping of user-supplied data, and n...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/20 8:25 a.m.6 views

CVE-2024-13465

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 8:15 a.m.11 views

CVE-2024-13465

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 8:15 a.m.2 views

CVE-2024-13465

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This mak...

5.4CVSS5.9AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/18 7:28 a.m.5 views

CVE-2024-13465 aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.2 views

WordPress plugin aBlocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

6.4CVSS8.2AI score0.00271EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/17 10:18 p.m.3 views

WordPress aBlocks plugin <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv in WordPress Plugin aBlocks versions = 1.6.1...

6.4CVSS5.7AI score0.00271EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder