91 matches found
CVE-2026-4125 WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the...
PT-2026-34289
The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the wpmk block...
CVE-2026-4895
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...
EUVD-2026-21647
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...
CVE-2026-0724
The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1228
The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...
CVE-2026-1228
The CVE-2026-1228 entry concerns the Timeline Block – Beautiful Timeline Builder for WordPress plugin for WordPress, affected up to version 1.3.3. The vulnerability is an Insecure Direct Object Reference in the tlgb_shortcode() function caused by missing validation of a user-controlled key, allow...
WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin The Events Calendar Shortcode & Block versions = 3.1.1...
CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...
CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability
Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through = 1.0.9...
CVE-2025-60079 WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability
Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through = 1.0.9...
WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Photo Block versions = 1.5.1...
CVE-2025-64254
Technical details for CVE-2025-64254 (Photo Block) are not provided in the supplied documents; product name, versions, impact, root cause, and fixes are not specified here. Monitor official advisories for updates.
CVE-2025-13697 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and...
CVE-2025-66096 WordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Tableberg tableberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by Tableberg: from n/a through = 0.6.9...
CVE-2025-12376
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
WordPress Qi Blocks plugin cross-site scripting vulnerability
WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...
EUVD-2019-6520
Malware in sbrugna...
EUVD-2023-49938
Malicious code in bioql PyPI...
EUVD-2024-33446
Malicious code in bioql PyPI...