EUVD-2026-24058

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplie...

EUVD-2025-24218

Malicious code in bioql PyPI...

EUVD-2024-32099

Malicious code in bioql PyPI...

CVE-2025-54708 WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through = 2.0.5...

WordPress B Blocks plugin <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via rgfrregistration Function vulnerability discovered by Peter Thaleikis in WordPress Plugin B Blocks versions = 2.0.6...

CVE-2025-2918

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4268

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-1312

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-1312 Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-1312 Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

WordPress Blocks Plugin <= 1.6.42 is vulnerable to Cross Site Scripting (XSS)

Software Blocks Type Plugin Vulnerable versions = 1.6.42 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-44262 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 02f792d40bcd Credits Rio Darmawan Required privilege...