231 matches found
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
WordPress Otter Blocks plugin <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability
Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Otter - Gutenberg Block versions = 3.1.4...
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
EUVD-2026-26373
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
CVE-2026-2892
Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
WordPress plugin Otter Blocks 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2024-2729
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks...
CVE-2024-2226
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...
Malicious Package
Overview session-parse is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. On...
EUVD-2025-117261
Malicious code in living-amethyst-otter npm...
EUVD-2025-117368
Malicious code in frail-black-otter npm...
Malicious code in frail-black-otter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ce53a4b613b21c0037e81865435b8241ffb705790ea08fe927ee4711e1dcc17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-133907 Malicious code in grateful_otter_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2f274f78098092527fce395fb66ad8478193aed0671358f27325a1d7a42329c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in grateful_otter_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2f274f78098092527fce395fb66ad8478193aed0671358f27325a1d7a42329c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-98143
Malicious code in icyotterz3n npm...
EUVD-2025-101211
Malicious code in basicotterz3n npm...
EUVD-2025-104140
Malicious code in liquidotterz3n npm...