Lucene search
K

100 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-15286

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS5.9AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56063

The CVE-2026-56063 entry documents an Unauthenticated Broken Access Control vulnerability in the WordPress plugin MailChimp Block up to version 1.1.15 . The affected component is the plugin’s access control logic, with impact described as compromising confidentiality, integrity, and availability ...

8.3CVSS5.8AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 6:16 a.m.13 views

CVE-2026-10780

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 4:30 a.m.12 views

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.32 views

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 4:30 a.m.12 views

EUVD-2026-37034

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS5.4AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49611

Name of the Vulnerable Software and Affected Versions Static Block versions prior to 2.3 Description The Static Block plugin for WordPress contains an Insecure Direct Object Reference. This occurs because the static block content shortcode handler uses the get post function to retrieve a post bas...

4.3CVSS6AI score0.00211EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/15 4:26 p.m.9 views

WordPress Static Block plugin <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by dyingman in WordPress Plugin Static Block versions = 2.2...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4125

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the...

6.4CVSS5.7AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.31 views

CVE-2026-4125 WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the...

6.4CVSS0.00288EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34289

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the wpmk block...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.8 views

CVE-2026-4895

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...

6.4CVSS6AI score0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/11 1:24 a.m.5 views

EUVD-2026-21647

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...

6.4CVSS6AI score0.0042EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.4 views

CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.4CVSS5.7AI score0.00264EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/06 2:23 a.m.8 views

CVE-2026-1228

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 2:23 a.m.24 views

CVE-2026-1228

The CVE-2026-1228 entry concerns the Timeline Block – Beautiful Timeline Builder for WordPress plugin for WordPress, affected up to version 1.3.3. The vulnerability is an Insecure Direct Object Reference in the tlgb_shortcode() function caused by missing validation of a user-controlled key, allow...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/04 10:46 a.m.8 views

WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin The Events Calendar Shortcode & Block versions = 3.1.1...

6.5CVSS5.3AI score0.00127EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.30 views

CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

6.4CVSS0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.4 views

CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability

Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through = 1.0.9...

7.1CVSS6.6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.29 views

CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability

Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through = 1.0.9...

7.1CVSS0.00226EPSS
Exploits0References1
Rows per page
Query Builder