9 matches found
CVE-2024-3513
CVE-2024-3513 affects Ultimate Blocks – WordPress Blocks Plugin, where Stored Cross-Site Scripting is possible via the title tag parameter in all versions up to and including 3.1.9. The vulnerability requires authenticated access (contributors or higher) and can let an attacker inject scripts tha...
CVE-2024-3241
CVE-2024-3241 details (confirmed in connected docs): The Ultimate Blocks WordPress plugin is affected if used before version 3.1.7. The vulnerability arises because the plugin does not validate and escape certain block options before outputting them in a page or post where the block is embedded, ...
CVE-2024-4268
CVE-2024-4268 – Ultimate Blocks (WordPress Blocks Plugin) vulnerable to a Stored XSS in all versions up to 3.1.9 due to insufficient input sanitization and output escaping on user-supplied attributes. Requires authenticated access (Contributor+) to inject scripts that run when users load injected...
CVE-2025-2918
CVE-2025-2918 — Ultimate Blocks (WordPress Blocks Plugin) is a stored cross-site scripting vulnerability in the plugin for WordPress, exploitable via multiple widgets. Affected versions: up to and including 3.3.3, with the issue caused by insufficient input sanitization and output escaping. Explo...
CVE-2024-10678
CVE-2024-10678 affects the Ultimate Blocks – WordPress Blocks Plugin prior to 3.2.4. The Red Hat and NVD entries describe that the plugin does not validate or escape certain block options before outputting them in pages/posts where the block is embedded, enabling Stored XSS for users with the Con...
CVE-2024-4655
The CVE-2024-4655 entry concerns the Ultimate Blocks WordPress plugin (versions prior to 3.1.9). The issue stems from not validating and escaping certain block options before output, enabling Stored Cross-Site Scripting when a block is embedded in a page or post. Exploitation is possible by an au...
CVE-2024-6362
Summary of CVE-2024-6362 (WordPress Ultimate Blocks plugin) : The plugin (versions prior to 3.2.0) fails to validate and escape certain post-grid block attributes when outputting them in pages/posts where the block is embedded. This underlying issue can enable stored cross-site scripting (Stored ...
CVE-2024-37457
The CVE-2024-37457 pertains to the WordPress plugin “Ultimate Blocks – Gutenberg Blocks”. Affected versions are 3.1.9 and earlier, where the vulnerability arises from Improper Neutralization of Input During Web Page Generation, i.e., a Stored XSS flaw in the plugin. The issue enables stored cross...
CVE-2024-8536
The CVE-2024-8536 entry concerns the Ultimate Blocks WordPress plugin (versions prior to 3.2.2) where unvalidated/unescaped block attributes could lead to Stored XSS when a block is embedded in a post/page. Red Hat and Patchstack corroborate the issue and indicate the fix is in version 3.2.2. The...