Lucene search
K
DotcampUltimate Blocks

9 matches found

CVE
CVE
added 2024/07/02 7:37 a.m.64 views

CVE-2024-3513

CVE-2024-3513 affects Ultimate Blocks – WordPress Blocks Plugin, where Stored Cross-Site Scripting is possible via the title tag parameter in all versions up to and including 3.1.9. The vulnerability requires authenticated access (contributors or higher) and can let an attacker inject scripts tha...

6.4CVSS6AI score0.00282EPSS
CVE
CVE
added 2024/05/14 6:0 a.m.63 views

CVE-2024-3241

CVE-2024-3241 details (confirmed in connected docs): The Ultimate Blocks WordPress plugin is affected if used before version 3.1.7. The vulnerability arises because the plugin does not validate and escape certain block options before outputting them in a page or post where the block is embedded, ...

5.4CVSS5.8AI score0.00353EPSS
CVE
CVE
added 2024/07/02 11:1 a.m.57 views

CVE-2024-4268

CVE-2024-4268 – Ultimate Blocks (WordPress Blocks Plugin) vulnerable to a Stored XSS in all versions up to 3.1.9 due to insufficient input sanitization and output escaping on user-supplied attributes. Requires authenticated access (Contributor+) to inject scripts that run when users load injected...

6.4CVSS6AI score0.00493EPSS
CVE
CVE
added 2025/06/10 11:22 a.m.57 views

CVE-2025-2918

CVE-2025-2918 — Ultimate Blocks (WordPress Blocks Plugin) is a stored cross-site scripting vulnerability in the plugin for WordPress, exploitable via multiple widgets. Affected versions: up to and including 3.3.3, with the issue caused by insufficient input sanitization and output escaping. Explo...

6.4CVSS5.9AI score0.00222EPSS
CVE
CVE
added 2024/12/13 6:0 a.m.56 views

CVE-2024-10678

CVE-2024-10678 affects the Ultimate Blocks – WordPress Blocks Plugin prior to 3.2.4. The Red Hat and NVD entries describe that the plugin does not validate or escape certain block options before outputting them in pages/posts where the block is embedded, enabling Stored XSS for users with the Con...

5.4CVSS5.6AI score0.00281EPSS
CVE
CVE
added 2024/07/11 6:0 a.m.55 views

CVE-2024-4655

The CVE-2024-4655 entry concerns the Ultimate Blocks WordPress plugin (versions prior to 3.1.9). The issue stems from not validating and escaping certain block options before output, enabling Stored Cross-Site Scripting when a block is embedded in a page or post. Exploitation is possible by an au...

6.3CVSS5.5AI score0.00447EPSS
CVE
CVE
added 2024/07/29 6:0 a.m.52 views

CVE-2024-6362

Summary of CVE-2024-6362 (WordPress Ultimate Blocks plugin) : The plugin (versions prior to 3.2.0) fails to validate and escape certain post-grid block attributes when outputting them in pages/posts where the block is embedded. This underlying issue can enable stored cross-site scripting (Stored ...

4.6CVSS5.6AI score0.00302EPSS
CVE
CVE
added 2024/07/21 10:11 p.m.50 views

CVE-2024-37457

The CVE-2024-37457 pertains to the WordPress plugin “Ultimate Blocks – Gutenberg Blocks”. Affected versions are 3.1.9 and earlier, where the vulnerability arises from Improper Neutralization of Input During Web Page Generation, i.e., a Stored XSS flaw in the plugin. The issue enables stored cross...

6.5CVSS6.8AI score0.00239EPSS
CVE
CVE
added 2024/09/30 6:0 a.m.48 views

CVE-2024-8536

The CVE-2024-8536 entry concerns the Ultimate Blocks WordPress plugin (versions prior to 3.2.2) where unvalidated/unescaped block attributes could lead to Stored XSS when a block is embedded in a post/page. Red Hat and Patchstack corroborate the issue and indicate the fix is in version 3.2.2. The...

5.4CVSS5.5AI score0.00346EPSS