Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks Security Vulnerabilities and Issues — Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks CVE List

Lucene search

HasthemesContact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

4 matches found

CVE•added 2024/04/02 5:15 a.m.•75 views

CVE-2024-2369

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.5AI score0.00333EPSS

CVE•added 2023/03/27 4:15 p.m.•53 views

CVE-2023-0484

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

4.3CVSS4.5AI score0.00086EPSS

CVE•added 2024/07/23 6:15 a.m.•44 views

CVE-2024-4260

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

6.5CVSS6.5AI score0.00138EPSS

CVE•added 2024/08/29 11:15 a.m.•42 views

CVE-2024-7132

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ca...

4.8CVSS4.8AI score0.00079EPSS