WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability

Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

PT-2026-4065

Name of the Vulnerable Software and Affected Versions Frontis Blocks versions through 1.1.5 Description A Server-Side Request Forgery SSRF issue exists in WP Messiah Frontis Blocks. This allows for Server Side Request Forgery. The issue impacts the frontis-blocks component. Recommendations Update...

CVE-2024-34769

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through 1.7...

CVE-2024-2919

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

WordPress Qi Blocks plugin missing authorization vulnerability

WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...

CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 via the ebsaveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-leve...

EUVD-2024-44095

Malicious code in bioql PyPI...

EUVD-2024-37563

Malicious code in bioql PyPI...

EUVD-2025-9220

Malicious code in bioql PyPI...

EUVD-2025-30495

Malicious code in bioql PyPI...

EUVD-2022-5797

Malicious code in bioql PyPI...

EUVD-2025-5895

Malicious code in bioql PyPI...

EUVD-2024-33489

Malicious code in bioql PyPI...

CVE-2025-50034 WordPress Enhanced Blocks – Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks Page Builder Blocks for Gutenberg: from n/a through = 1.4.1...

PT-2025-24182 · Unknown · Nexa Blocks

Name of the Vulnerable Software and Affected Versions: Nexa Blocks versions 1.1.0 and earlier Description: A Server-Side Request Forgery SSRF issue affects Nexa Blocks, allowing for Server Side Request Forgery. Recommendations: For versions 1.1.0 and earlier, update to a version that contains a f...

CVE-2024-1946

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,...

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

CVE-2024-50502

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CozyThemes Cozy Blocks cozy-addons allows DOM-Based XSS.This issue affects Cozy Blocks: from n/a through = 2.0.18...

CVE-2024-1691

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping...

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...