6 matches found
CVE-2024-2794
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2021-24546
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
CVE-2024-32586
The CVE-2024-32586 entry corresponds to a Cross-Site Scripting (XSS) vulnerability in the WordPress Gutenberg Block Editor Toolkit plugin (EditorsKit) for WordPress. Affected versions are
WordPress Gutenberg Block Editor Toolkit Plugin <= 1.40.4 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Block Editor Toolkit Type Plugin Vulnerable versions = 1.40.4 Fixed in 1.40.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32586 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a7cac184918b Credits Steven Julian Require...
CVE-2021-24546
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
CVE-2021-24546
The CVE-2021-24546 vulnerability affects the WordPress Gutenberg Block Editor Toolkit EditorsKit plugin up to version 1.31.5 (fixed in 1.31.6). Root cause: the plugin does not sanitize/validate the Conditional Logic of the Custom Visibility settings, enabling a low-privilege contributor to execut...