Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-9756

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References9
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-12512

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS0.00342EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51042

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with current user...

4.3CVSS5.7AI score0.00342EPSS
Exploits0References5
OSV
OSV
added 2021/11/29 9:15 a.m.4 views

CVE-2021-24751

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00604EPSS
Exploits2References1
Rows per page
Query Builder