52 matches found
CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...
PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below the post value is the ID of a post/page...
CVE-2020-36702
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...
CVE-2022-33994
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...
CVE-2022-33994
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...
Cross site scripting
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...
CVE-2022-33994
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...
CVE-2022-33994
CVE-2022-33994 affects the WordPress Gutenberg plugin up to version 13.7.3. The vulnerability is a stored XSS via the SVG document when using the Insert from URL feature, exploitable by a Contributor, with the XSS payload not executing in the WordPress domain context. The description notes that s...
WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...
WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...
Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...