CVE-2026-0717 LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2023-49833

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9...

CVE-2025-64354 WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through = 21.8.2...

WordPress Plugin Gutenberg 安全漏洞

The WordPress Gutenberg plugin is a block editor enhancement designed for WordPress to extend the default editor functionality with support for custom content layouts, data store optimization and RESTAPI integration. WordPress Gutenberg plugin suffers from a cross-site scripting vulnerability tha...

EUVD-2023-53741

Malicious code in bioql PyPI...

CVE-2025-8680 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fsapirequest function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to...

CVE-2025-48332 WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through = 3.3.1...

WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Gutenberg Blocks versions = 3.3.1...

CVE-2024-1814

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-54272

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from n/a through = 2.1.2...

CVE-2025-1784 Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13465

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This mak...

CVE-2025-24696 WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6...

CVE-2024-54272

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from n/a through = 2.1.2...

CVE-2024-54272

CVE-2024-54272 (Radius Blocks – WordPress Gutenberg Blocks) stores input without proper neutralization, enabling Stored XSS in Radius Blocks—WordPress Gutenberg Blocks (affected: up to 2.1.2). Red Hat and Wordfence sources confirm the issue; patch status is Patch, with mitigation by updating to a...

CVE-2024-10484

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10484

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10484

CVE-2024-10484: Spectra – WordPress Gutenberg Blocks plugin (≤2.16.2) is vulnerable to Stored XSS via the Team widget due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication (contributor level or higher) and can cause arbitrary ...