Lucene search
K

52 matches found

Cvelist
Cvelist
added 2023/10/13 9:55 a.m.43 views

CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block

Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...

6.5CVSS6.1AI score0.00788EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.8 views

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...

6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.14 views

PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below the post value is the ID of a post/page...

6.1CVSS6.1AI score0.00427EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2020-36702

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...

4.3CVSS5.8AI score0.0042EPSS
Exploits1References2
OSV
OSV
added 2022/07/30 8:15 p.m.5 views

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

3CVSS5.7AI score0.00575EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/07/30 8:15 p.m.4 views

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

3CVSS5.9AI score0.00575EPSS
Exploits1References3
Prion
Prion
added 2022/07/30 8:15 p.m.18 views

Cross site scripting

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

2.1CVSS4AI score0.00575EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/30 7:27 p.m.28 views

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

4AI score0.00575EPSS
Exploits1References2
CVE
CVE
added 2022/07/30 7:27 p.m.61 views

CVE-2022-33994

CVE-2022-33994 affects the WordPress Gutenberg plugin up to version 13.7.3. The vulnerability is a stored XSS via the SVG document when using the Insert from URL feature, exploitable by a Contributor, with the XSS payload not executing in the WordPress domain context. The description notes that s...

3CVSS3.9AI score0.00575EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

3.7AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.530 views

Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00629EPSS
Exploits2
Rows per page
Query Builder