Lucene search
+L

49 matches found

Patchstack
Patchstack
added 2024/09/16 12:0 a.m.18 views

WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks – Unlimited blocks For Gutenberg Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3478300c8758 Credits...

6.5CVSS6.6AI score0.00248EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/18 2:15 p.m.5 views

CVE-2024-43335

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8...

5.4CVSS5.8AI score0.0024EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-24665

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts...

9.9CVSS7.5AI score0.026EPSS
Exploits3References1
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.9 views

WordPress Gutenberg Plugin <= 18.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Type Plugin Vulnerable versions = 18.6.0 Fixed in 18.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37492 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17657928ee30 Credits Rafie Muhammad Patchstack Required privile...

6.5CVSS6.6AI score0.00285EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/24 8:15 a.m.26 views

CVE-2024-4366

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.7 views

WordPress plugin Spectra – WordPress Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Spectra - ...

6.4CVSS6AI score0.00263EPSS
Exploits0References3
NVD
NVD
added 2024/05/23 11:15 a.m.20 views

CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2024/05/23 11:2 a.m.114 views

CVE-2024-1814

CVE-2024-1814 affects Spectra – WordPress Gutenberg Blocks plugin for WordPress. It is a Stored XSS in the Testimonial block across all versions up to 2.12.8, caused by insufficient input sanitization and output escaping of user-provided attributes. Authenticated attackers with contributor-level ...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/23 11:2 a.m.124 views

CVE-2024-1815

The CVE concerns Spectra – WordPress Gutenberg Blocks (Spectra plugin) with Stored Cross-Site Scripting via the Image Gallery block. The issue affects all versions up to and including 2.12.8 and arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling ...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/23 11:2 a.m.30 views

CVE-2024-1815 Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.16 views

Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Image Gallery Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/10 2:7 a.m.3 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Block Link vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.11 views

CVE-2024-3107 Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the getblockdefaultattributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files...

4.3CVSS5.9AI score0.00618EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.14 views

CVE-2023-6486 Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00572EPSS
Exploits1References4
CVE
CVE
added 2024/04/09 6:59 p.m.57 views

CVE-2023-6964

CVE-2023-6964 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress (all versions up to 3.1.26). It enables Server-Side Request Forgery via the kadence_import_get_new_connection_data AJAX action, allowing authenticated attackers with contributor+ access to issue web req...

8.5CVSS6.4AI score0.00363EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/09 7:39 a.m.3 views

WordPress Gutenberg plugin 12.9.0-18.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Avatar Block vulnerability discovered by John Blackbourn in WordPress Plugin Gutenberg versions 12.9.0-18.0.0...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/09 12:0 a.m.5 views

WordPress Gutenberg Plugin 12.9.0-18.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Type Plugin Vulnerable versions 12.9.0-18.0.0 Fixed in 18.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID eb06fcdb1075 Credits John Blackbourn Required privilege...

6.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/04 12:0 a.m.10 views

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.31 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.31 Fixed in 3.2.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2919 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 67f4bc4f06d9 Credits Webbernau...

6.4CVSS6AI score0.00343EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2024/04/01 12:0 a.m.300 views

WordPress Gutenberg 18.0.0 Cross Site Scripting

Exploit Title: Wordpress Gutenberg Plugin Version 18.0.0 Stored XSS Date: 2024-3-29 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://wordpress.org/plugins/gutenberg/ Version 18.0.0 1 Go to Gutenberg Plugin edit page :...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.10 views

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.25 is vulnerable to Server Side Request Forgery (SSRF)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.25 Fixed in 3.2.26 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-24888 Patch priority Low CVSS severity Low 6.4 Developer KadenceWP PSID ca4cec35c250...

6.5CVSS6.6AI score0.00337EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder