WordPress Gutenberg Plugin <= 18.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Type Plugin Vulnerable versions = 18.6.0 Fixed in 18.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37492 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17657928ee30 Credits Rafie Muhammad Patchstack Required privile...

CVE-2023-6964

CVE-2023-6964 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress (all versions up to 3.1.26). It enables Server-Side Request Forgery via the kadence_import_get_new_connection_data AJAX action, allowing authenticated attackers with contributor+ access to issue web req...