49 matches found
WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks – Unlimited blocks For Gutenberg Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3478300c8758 Credits...
CVE-2024-43335
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8...
VulnCheck KEV: CVE-2022-24665
PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts...
WordPress Gutenberg Plugin <= 18.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Type Plugin Vulnerable versions = 18.6.0 Fixed in 18.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37492 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17657928ee30 Credits Rafie Muhammad Patchstack Required privile...
CVE-2024-4366
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Spectra – WordPress Gutenberg Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Spectra - ...
CVE-2024-1815
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2024-1814
CVE-2024-1814 affects Spectra – WordPress Gutenberg Blocks plugin for WordPress. It is a Stored XSS in the Testimonial block across all versions up to 2.12.8, caused by insufficient input sanitization and output escaping of user-provided attributes. Authenticated attackers with contributor-level ...
CVE-2024-1815
The CVE concerns Spectra – WordPress Gutenberg Blocks (Spectra plugin) with Stored Cross-Site Scripting via the Image Gallery block. The issue affects all versions up to and including 2.12.8 and arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling ...
CVE-2024-1815 Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Image Gallery Block
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Block Link vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...
CVE-2024-3107 Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the getblockdefaultattributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files...
CVE-2023-6486 Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-6964
CVE-2023-6964 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress (all versions up to 3.1.26). It enables Server-Side Request Forgery via the kadence_import_get_new_connection_data AJAX action, allowing authenticated attackers with contributor+ access to issue web req...
WordPress Gutenberg plugin 12.9.0-18.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Avatar Block vulnerability discovered by John Blackbourn in WordPress Plugin Gutenberg versions 12.9.0-18.0.0...
WordPress Gutenberg Plugin 12.9.0-18.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Type Plugin Vulnerable versions 12.9.0-18.0.0 Fixed in 18.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID eb06fcdb1075 Credits John Blackbourn Required privilege...
WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.31 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.31 Fixed in 3.2.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2919 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 67f4bc4f06d9 Credits Webbernau...
WordPress Gutenberg 18.0.0 Cross Site Scripting
Exploit Title: Wordpress Gutenberg Plugin Version 18.0.0 Stored XSS Date: 2024-3-29 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://wordpress.org/plugins/gutenberg/ Version 18.0.0 1 Go to Gutenberg Plugin edit page :...
WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.25 is vulnerable to Server Side Request Forgery (SSRF)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.25 Fixed in 3.2.26 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-24888 Patch priority Low CVSS severity Low 6.4 Developer KadenceWP PSID ca4cec35c250...