WordPress Page Blocks plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin Page Blocks versions = 1.1.0...

EUVD-2025-33848

The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the adminprocesswidgetpagechange function. This makes it possible for unauthenticated attackers to modify widget pa...

WordPress plugin Page Blocks 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-41681

Name of the Vulnerable Software and Affected Versions Page Blocks plugin for WordPress versions prior to 1.1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or missing nonce validation within the admin process widget page change functio...

WordPress One Page Blocks Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software One Page Blocks Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 260976c0490e Credits Rafie Muhammad Patchstack Required...