EUVD-2025-4447

Malicious code in bioql PyPI...

CVE-2024-6346

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-13796

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

PT-2025-9053 · WordPress · Comboblocks

Name of the Vulnerable Software and Affected Versions: The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress versions prior to 2.3.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including emails and other user data, via the...

CVE-2024-13798

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

CVE-2024-7588

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-7588

CVE-2024-7588 affects the Gutenberg Blocks, Page Builder – ComboBlocks WordPress plugin. It’s a Stored XSS in the Accordion block due to insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated users with contributor-level access and above. The...

WordPress ComboBlocks plugin <= 2.2.86 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.86...

CVE-2024-6346

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

PT-2024-37555 · WordPress · Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress versions up to, and including, 2.2.85a Description: The issue is related to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, due to...