WordPress Blog Designer - Post and Widget plugin <= 2.7.7 - Backdoor vulnerability

WordPress Blog Designer - Post and Widget plugin = 2.7.7 - Backdoor vulnerability discovered by ? in WordPress Plugin Blog Designer - Post and Widget versions = 2.7.7...

EUVD-2026-20179

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.6...

CVE-2025-69033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.3...

EUVD-2025-199341

Malicious code in @alexadark/gatsby-theme-wordpress-blog npm...

CVE-2025-58711 WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through = 3.4.8...

CVE-2025-47694 WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-46517 WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdiscover Blog Manager WP allows Stored XSS. This issue affects Blog Manager WP: from n/a through 1.0.5...

CVE-2025-23887

CVE-2025-23887 describes a stored cross-site scripting (XSS) vulnerability in the WordPress Blog Summary plugin. According to connected Red Hat/Wordfence data, the issue is caused by improper input neutralization during web page generation, enabling stored XSS. The affected software is the Blog S...

CVE-2025-23887 WordPress Blog Summary plugin <= 0.1.2 β - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Blog Summary blog-summary allows Stored XSS.This issue affects Blog Summary: from n/a through = 0.1.2 β...

CVE-2024-10728 PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'installrequiredplugincallback' function in all versions up to, and including, 4.1.16. This makes it possible...

CVE-2024-37918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...

CVE-2024-37918

CVE-2024-37918 affects ConeBlog – WordPress Blog Widgets (ConeBlog Widgets) for WordPress. Described as an stored XSS due to Improper Neutralization of Input During Web Page Generation, impacting ConeBlog Widgets versions from n/a through 1.4.8. The connected records confirm the same vulnerabilit...

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

CVE-2024-4305

CVE-2024-4305 affects the WordPress plugin combination “Post Grid Gutenberg Blocks and WordPress Blog Plugin.” The description in the sources specifies that versions before 4.1.0 do not validate and escape certain block options before they are output in a page/post where the block is embedded, wh...

Exploit for CVE-2024-5326

CVE-2024-5326 CVE-2024-5326 Post Grid Gutenberg Blocks and Wor...

CVE-2024-5758

Rejected reason: REJECT Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead...

CVE-2024-5223

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...