10 matches found
CVE-2025-8588
The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...
WordPress plugin PublishPress Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
CVE-2025-8588
The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2025-8588
CVE-2025-8588 affects the Gutenberg-based PublishPress Blocks (Maps block) in WordPress, allowing Stored XSS via Marker Title/Marker Description in versions up to 3.3.4. Exploitation requires authenticated access at contributor level or higher; CVSS v3.1 base score 6.4 (Medium). Wordfence reports...
EUVD-2025-35910
The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...
PT-2025-43714
Name of the Vulnerable Software and Affected Versions PublishPress Blocks plugin for WordPress versions up to and including 3.3.4 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. Specifically, the 'Marker Title' and...
EUVD-2025-24751
Malicious code in bioql PyPI...
CVE-2025-48332
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through = 3.3.1...
CVE-2025-48332 WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through = 3.3.1...
PT-2025-33174 · Unknown · Publishpress Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: PublishPress Gutenberg Blocks versions through 3.3.1 Description: An improper control of filename for include/require statement in PHP, also known as a PHP Remote File Inclusion, exists in PublishPress Gutenberg Blocks. This issue allows for...