Lucene search
K

1398 matches found

CVE
CVE
added 2026/04/04 8:25 a.m.16 views

CVE-2026-2826

CVE-2026-2826 affects Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress). Root cause: the process_pattern REST endpoint does not properly verify the user’s upload_files capability, causing an authorization bypass. Impact: authenticated attackers with contributor level or highe...

4.3CVSS5.9AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.11 views

WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.7 views

CVE-2026-25438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.32 views

CVE-2026-1093 WPFAQBlock– FAQ & Accordion Plugin For Gutenberg <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 9:30 a.m.5 views

EUVD-2026-13077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 9:16 a.m.11 views

CVE-2026-25438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

7.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 8:34 a.m.12 views

CVE-2026-25438

The CVE describes a Reflected XSS in the WordPress Gutenberg Blocks “Unlimited blocks for Gutenberg” plugin, affecting versions up to and including 1.2.8. The root cause is improper neutralization of input during web page generation. The affected component is the WordPress Gutenberg Blocks integr...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 8:34 a.m.4 views

CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 8:34 a.m.27 views

CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

7.1CVSS0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 8:34 a.m.4 views

CVE-2026-25438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26273

Name of the Vulnerable Software and Affected Versions ThemeHunk Gutenberg Blocks versions through 1.2.8 Description A flaw exists in ThemeHunk Gutenberg Blocks that allows for Reflected Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

WordPress plugin Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/18 12:6 p.m.5 views

WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Gutenberg Blocks versions = 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/04 3:31 a.m.5 views

EUVD-2026-9349

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

7.2CVSS6AI score0.00313EPSS
Exploits0References7
NVD
NVD
added 2026/02/25 7:16 a.m.10 views

CVE-2026-1614

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 6:54 a.m.4 views

CVE-2026-1614

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00156EPSS
Exploits0References3
CVE
CVE
added 2026/02/25 6:54 a.m.16 views

CVE-2026-1614

The CVE-2026-1614 entry concerns Rise Blocks – A Complete Gutenberg Page Builder (WordPress). It describes a Stored Cross-Site Scripting (Stored XSS) vulnerability in the Site Identity block attribute logoTag, exploitable by authenticated attackers with Contributor-level access and above. Affecte...

6.4CVSS5.6AI score0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/25 6:54 a.m.3 views

CVE-2026-1614 Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00156EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-69385

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through = 1.3...

6.5CVSS5.5AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.13 views

CVE-2025-69385

CVE-2025-69385 : Missing Authorization vulnerability in Cartify (WordPress Theme) allows exploitation of misconfigured access control. Affected: Cartify – WooCommerce Gutenberg WordPress Theme, versions n/a through 1.3. Public details in connected sources describe an Arbitrary Content Deletion im...

6.5CVSS5.5AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder