18 matches found
CVE-2024-1815
The CVE concerns Spectra – WordPress Gutenberg Blocks (Spectra plugin) with Stored Cross-Site Scripting via the Image Gallery block. The issue affects all versions up to and including 2.12.8 and arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling ...
CVE-2024-1814
CVE-2024-1814 affects Spectra – WordPress Gutenberg Blocks plugin for WordPress. It is a Stored XSS in the Testimonial block across all versions up to 2.12.8, caused by insufficient input sanitization and output escaping of user-provided attributes. Authenticated attackers with contributor-level ...
CVE-2023-36679
CVE-2023-36679 affects Spectra (WordPress plugin) up to version 2.6.6. Reported as Server-Side Request Forgery (SSRF) with authenticated access (Contributor+). Root cause cited in Patchstack entry as SSRF via template_importer/import_wpforms functionality; fixed in version 2.6.7. Severity listed ...
CVE-2023-6486
CVE-2023-6486 (Spectra – WordPress Gutenberg Blocks) Stored Cross‑Site Scripting via the Custom CSS metabox in Spectra. Affected: all versions up to 2.10.3. Root cause: insufficient input sanitization and output escaping in the metabox. Impact: authenticated attackers with contributor level or hi...
CVE-2023-23825
CVE-2023-23825 affects the Brainstorm Force Spectra WordPress plugin, specifically Spectra versions through 2.3.0. The issue is described as a Missing Authorization vulnerability stemming from incorrectly configured access control, leading to Broken Access Control. Public sources in the connected...
CVE-2024-10484
CVE-2024-10484: Spectra – WordPress Gutenberg Blocks plugin (≤2.16.2) is vulnerable to Stored XSS via the Team widget due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication (contributor level or higher) and can cause arbitrary ...
CVE-2024-4366
The CVE CVE-2024-4366 affects Spectra – WordPress Gutenberg Blocks (Spectra plugin) for WordPress. It enables Stored Cross-Site Scripting via the block_id parameter in versions up to and including 2.13.0 due to insufficient input sanitization and output escaping. The vulnerability can be exploite...
CVE-2023-23834
CVE-2023-23834 affects Brainstorm Force Spectra (WordPress Gutenberg Blocks plugin) up to version 2.3.0. The issue is due to Missing Authorization / Broken Access Control arising from incorrectly configured access control security levels, allowing unauthenticated access to privileged actions. The...
CVE-2024-3107
CVE-2024-3107 (Spectra – WordPress Gutenberg Blocks) : The Spectra plugin for WordPress is vulnerable to a Path Traversal flaw in get_block_default_attributes, affecting versions up to 2.12.6. Authenticated users with contributor-level permissions and above can read arbitrary files named attribut...
CVE-2024-7590
CVE-2024-7590 is a stored Cross-Site Scripting (XSS) vulnerability in the Spectra WordPress Gutenberg Blocks plugin (Brainstorm Force Spectra). The issue arises from improper input neutralization during web page generation, enabling stored XSS. Affected range: Spectra versions from unspecified in...
CVE-2024-37517
CVE-2024-37517 is a Missing Authorization vulnerability in Spectra (WordPress Gutenberg Blocks by Ultimate Addons for Gutenberg) affecting Spectra up to version 2.13.7. The issue enables unauthorized actions due to misconfigured access controls (Missing Authorization to generate_ai_content). Publ...
CVE-2023-23730
The CVE-2023-23730 issue affects the WordPress Spectra block (Ultimate Addons for Gutenberg) with Spectra versions
CVE-2020-36656
The CVE-2020-36656 entry concerns the Spectra WordPress Gutenberg Blocks Plugin for WordPress, with versions prior to 1.15.0 vulnerable to stored XSS due to insufficient sanitization of user input in a style HTML attribute. The underlying issue allows contributors (required privileges) to inject ...
CVE-2023-49833
CVE-2023-49833 (Spectra – WordPress Gutenberg Blocks) is a stored XSS in Spectra up to v2.7.9 caused by improper neutralization of input during web page generation. Affected product: Spectra (Ultimate Addons for Gutenberg) for WordPress; vulnerability requires authenticated access (Contributor+)....
CVE-2023-23735
CVE-2023-23735 affects the WordPress Spectra (WordPress Gutenberg Blocks) plugin. Vulnerable if using Spectra ≤ 2.3.0, where improper neutralization of script-related HTML tags enables unauthenticated email HTML injection (content injection). Root cause: inadequate input/output sanitization in th...
CVE-2023-23738
CVE-2023-23738 affects the WordPress Spectra integration in the Ultimate Addons for Gutenberg plugin (Spectra blocks) up to version 2.3.0. The issue is an Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) that enables unauthenticated email spoofing/C...
CVE-2023-36676
CVE-2023-36676 affects the WordPress Spectra plugin (Brainstorm Force Spectra) up to version 2.6.6. The issue is a Missing/Broken Authorization vulnerability (Broken Access Control) in Spectra prior to the fix. Patchstack lists the vulnerable range as
CVE-2020-36702
The CVE-2020-36702 entry concerns the WordPress plugin “Ultimate Addons for Gutenberg.” Vulnerability: authenticated users with subscriber+ roles can change plugin settings due to missing capability checks on several AJAX actions. Affected versions: up to and including 1.14.7. Impact: unauthorize...