4 matches found
CVE-2024-2369
CVE-2024-2369 affects WordPress Page Builder Gutenberg Blocks (CoBlocks) prior to 3.1.7. The root cause is that the plugin does not validate and escape certain block options before output, enabling stored XSS for users with the contributor role or higher when the block is embedded in a post/page....
CVE-2024-1049
CVE-2024-1049 affects the WordPress plugin Page Builder Gutenberg Blocks – CoBlocks . It is vulnerable to Stored Cross-Site Scripting via the plugin’s Icon Widget, in all versions up to 3.1.6, due to insufficient input sanitization and output escaping on the link value. The vulnerability requires...
CVE-2024-4260
CVE-2024-4260 concerns the WordPress plugin Page Builder Gutenberg Blocks (CoBlocks) , prior to version 3.1.12. The issue arises from the plugin not restricting pinging to arbitrary hosts via some of its shortcodes, potentially enabling a high-privilege user (e.g., a Contributor) to perform an SS...
CVE-2024-7132
CVE-2024-7132 affects the Page Builder Gutenberg Blocks WordPress plugin prior to version 3.1.13. The issue stems from insufficient escaping of the content of post embeds in one block, enabling stored Cross-Site Scripting by users with publish-post capability (editors/admin by default), even when...