Lucene search
+L

67 matches found

NVD
NVD
added 2026/07/03 9:16 a.m.10 views

CVE-2026-9756

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00215EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/03 7:53 a.m.9 views

EUVD-2026-41522

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.38 views

CVE-2026-9756 GenerateBlocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00215EPSS
Exploits0References8
CVE
CVE
added 2026/07/03 7:53 a.m.15 views

CVE-2026-9756

CVE-2026-9756 (GenerateBlocks for WordPress) : The WordPress GenerateBlocks plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Headline Block’s dynamic link attribute (linkMetaFieldType) in all versions up to 2.2.1. Root cause: insufficient input sanitization and output escaping ...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55518

Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.2 Description The GenerateBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-lev...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References13
Patchstack
Patchstack
added 2026/07/02 12:0 a.m.5 views

WordPress GenerateBlocks plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Kirasec in WordPress Plugin GenerateBlocks versions = 2.2.1...

6.4CVSS5.9AI score0.00215EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.13 views

CVE-2026-3454

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS5.5AI score0.00539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-48877

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.4AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.18 views

CVE-2026-48877

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:47 a.m.10 views

CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:47 a.m.16 views

EUVD-2026-32154

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:47 a.m.28 views

CVE-2026-48877

CVE-2026-48877 affects WordPress GenerateBlocks plugin

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:47 a.m.9 views

CVE-2026-48877

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:47 a.m.32 views

CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS0.00298EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 8:46 a.m.11 views

WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin GenerateBlocks versions = 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43622

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 9:31 a.m.9 views

EUVD-2026-27225

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS5.9AI score0.00539EPSS
Exploits0References9
NVD
NVD
added 2026/05/05 7:16 a.m.15 views

CVE-2026-3454

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS0.00539EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/05 6:43 a.m.47 views

CVE-2026-3454 GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS0.00539EPSS
Exploits0References8
Rows per page
Query Builder