8 matches found
CVE-2024-37457
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9...
CVE-2025-1312
CVE-2025-1312 (Ultimate Blocks) : A stored cross-site scripting vulnerability exists in the Ultimate Blocks – WordPress Blocks Plugin, reachable by an attacker with Contributor+ privileges via the buttonTextColor parameter. Connected sources confirm this is an authenticated Stored XSS and affect ...
CVE-2025-1703 Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter
The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-1703 Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter
The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2024-6362
The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-37567 · WordPress · Ultimate Blocks
Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.2.0 Description: The issue concerns a lack of validation and escaping of certain post-grid block attributes in the plugin, which could allow users with the contributor role and above to...
CVE-2024-37457
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9...
CVE-2024-4268
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...