Ultimate Blocks Security Vulnerabilities and Issues — Ultimate Blocks CVE List

Lucene search

DotcampUltimate Blocks

8 matches found

CVE•added 2024/05/14 4:17 p.m.•50 views

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.8AI score0.0018EPSS

CVE•added 2024/07/02 8:15 a.m.•48 views

CVE-2024-3513

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.5AI score0.00064EPSS

CVE•added 2024/07/02 11:15 a.m.•42 views

CVE-2024-4268

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

6.4CVSS5.5AI score0.00075EPSS

CVE•added 2024/07/11 6:15 a.m.•41 views

CVE-2024-4655

The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

6.3CVSS5.5AI score0.00029EPSS

CVE•added 2024/07/21 11:15 p.m.•39 views

CVE-2024-37457

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9.

6.5CVSS6.8AI score0.00077EPSS

CVE•added 2024/09/30 6:15 a.m.•38 views

CVE-2024-8536

The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.5AI score0.00032EPSS

CVE•added 2024/07/29 6:15 a.m.•37 views

CVE-2024-6362

The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

4.6CVSS5.6AI score0.00083EPSS

CVE•added 2024/12/13 6:15 a.m.•36 views

CVE-2024-10678

The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS5.6AI score0.00036EPSS