CVE-2026-6551

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6551

The CVE covers the WordPress plugin Timeline Blocks for Gutenberg (versions up to and including 1.1.10). The vulnerability is a Stored Cross-Site Scripting via the titleTag attribute in the timeline-blocks/tb-timeline-blocks block, caused by insufficient input sanitization and output escaping of ...

CVE-2026-6551

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6551 Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

EUVD-2026-25984

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

PT-2026-35658

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-11270

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

EUVD-2025-34974

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11270

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11270

CVE-2025-11270 affects the WordPress plugin “Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns.” It is a stored XSS via the titleTag attribute in all versions up to 5.7.1 due to insufficient input sanitization and output escaping. Exploitation requires authentication at Co...

MAL-2025-36978 Malicious code in titletag (npm)

The package titletag was found to contain malicious code...

Malicious code in titletag (npm)

The package titletag was found to contain malicious code...

WordPress Rise Blocks plugin <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleTag Parameter vulnerability discovered by Nishiv in WordPress Plugin Rise Blocks versions = 3.6...

CVE-2025-0506 Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

PT-2025-6468 · WordPress · Rise Blocks

Name of the Vulnerable Software and Affected Versions: Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress versions up to, and including, 3.6 Description: The issue is related to Stored Cross-Site Scripting via the titleTag parameter due to insufficient input sanitization and...

HTTP HTML Title Tag Content Grabber

Generates a GET request to the provided webservers and returns the server header, HTML title attribute and location header if set. This is useful for rapidly identifying interesting web applications en mass. This module requires Metasploit: https://metasploit.com/download Current source:...