34 matches found
EUVD-2024-40082
Malicious code in bioql PyPI...
EUVD-2025-4447
Malicious code in bioql PyPI...
CVE-2024-6346
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-43155
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86...
CVE-2024-13796
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...
CVE-2024-13796
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...
CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...
PT-2025-9053 · WordPress · Comboblocks
Name of the Vulnerable Software and Affected Versions: The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress versions prior to 2.3.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including emails and other user data, via the...
CVE-2024-13798
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...
CVE-2024-13798
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...
CVE-2024-13798
CVE-2024-13798: Post Grid and Gutenberg Blocks – ComboBlocks for WordPress allows unauthenticated users to create orders and mark them paid due to insufficient form verification. Affected versions: all up to 2.3.5. Patch available: update to 2.3.5 (or newer) to remediate.
CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...
WordPress plugin Post Grid and Gutenberg Blocks – ComboBlocks 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... WordPress plugin Post Grid and...
WordPress Post Grid and Gutenberg Blocks – ComboBlocks plugin <= 2.3.5 - Unauthenticated Paid Order Creation vulnerability
Unauthenticated Paid Order Creation vulnerability discovered by wesley wcraft in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.5...
CVE-2024-47340 WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.2.89...
CVE-2024-47340 WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.2.89...
CVE-2024-7588
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-7588
CVE-2024-7588 affects the Gutenberg Blocks, Page Builder – ComboBlocks WordPress plugin. It’s a Stored XSS in the Accordion block due to insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated users with contributor-level access and above. The...