CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

CVE-2026-22522 WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

CVE-2026-22522

CVE-2026-22522 describes a missing authorization vulnerability in the WordPress plugin Block Slider (versions up to 2.2.3). The CVE entry notes a Missing Authorization / improper access control issue and lists the CVE as part of the WordPress vulnerability set. The connected Wordfence report conf...

CVE-2026-22522 WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

CVE-2025-13697 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and...

CVE-2025-48077 WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...

CVE-2025-26871

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3...

WordPress Block Editor Bootstrap Blocks Plugin <= 6.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Block Editor Bootstrap Blocks Type Plugin Vulnerable versions = 6.6.1 Fixed in 6.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-11402 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0635cf898925 Credits Le Ngoc Anh Requir...

BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library < 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on...

WordPress Block for Font Awesome Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Block for Font Awesome Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35705 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f200d33498a5 Credits Ngô Thiên An ancorn from VNPT-V...

CVE-2024-3239

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Block for Font Awesome Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49751 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2ae115747c8e Credits Nguyen Xuan...