CVE-2024-11914 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Caxton – Create Pro page layouts in Gutenberg plugin <= 1.30.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Caxton – Create Pro page layouts in Gutenberg versions = 1.30.1...

WordPress Caxton – Create Pro page layouts in Gutenberg Plugin <= 1.30.1 is vulnerable to Cross Site Scripting (XSS)

Software Caxton – Create Pro page layouts in Gutenberg Type Plugin Vulnerable versions = 1.30.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37948 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26592554426e Credits Ngô Thiên...

CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...

Gutenberg Blocks and Page Layouts – Attire Blocks < 1.9.3 - Missing Authorization

Description The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated...

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

WordPress和WordPress plugin 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress CMP plugin version 4.0.19 prior to the authorization problem vulnerability, the vulnerability stems from the...

CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability

No description provided by source. CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating...

CorelDRAW X7 CDR File - &#039;CdrTxt.dll&#039; Off-by-One Stack Corruption

CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating programs in a suite of graphic arts...