35 matches found
CVE-2026-2826
CVE-2026-2826 affects Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress). Root cause: the process_pattern REST endpoint does not properly verify the user’s upload_files capability, causing an authorization bypass. Impact: authenticated attackers with contributor level or highe...
WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2026-2608
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-8403
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2026-1268
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...
CVE-2026-1268 Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...
CVE-2026-1268
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...
EUVD-2026-5540
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...
CVE-2025-64354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through = 21.8.2...
CVE-2025-64354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through = 21.8.2...
EUVD-2024-33758
Malicious code in bioql PyPI...
CVE-2025-4685
CVE-2025-4685 : Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (WordPress) is vulnerable to Stored Cross‑Site Scripting via HTML data attributes in multiple widgets, affecting all versions up to and including 3.4.8. Exploitation requires authenticated access at Contributor level ...
CVE-2025-26871
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3...
WordPress Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Otter - Gutenberg Block versions = 3.0.4...
CVE-2024-43308
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a throug...
CVE-2024-43308
CVE-2024-43308 is a stored XSS in the Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor. Exploitation could occur via improper input neutralization during web page generation, enabling stored script execution on affected pages. Affected range: Gutentor from n/a to 3.3.5. Public refe...
CVE-2024-43308 WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a throug...
CVE-2024-35731
CVE-2024-35731 concerns the Kenta Blocks plugin for Gutenberg (Kenta Blocks – Responsive Blocks and block templates library). The connected data indicate a Stored Cross-Site Scripting (XSS) vulnerability in this plugin, arising from improper input handling during web page generation. Affected ver...