Lucene search

K
KadencewpGutenberg Blocks With Ai

17 matches found

CVE
CVE
added 2024/04/05 5:15 a.m.69 views

CVE-2024-2509

The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

6.5CVSS6.1AI score0.00157EPSS
CVE
CVE
added 2024/04/04 3:15 a.m.69 views

CVE-2024-2919

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...

6.4CVSS6.1AI score0.00135EPSS
CVE
CVE
added 2024/04/02 7:15 p.m.57 views

CVE-2024-24888

Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25.

6.5CVSS6.8AI score0.00237EPSS
CVE
CVE
added 2024/04/09 7:15 p.m.49 views

CVE-2024-1999

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.1AI score0.00183EPSS
CVE
CVE
added 2024/05/02 5:15 p.m.43 views

CVE-2024-2273

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...

6.4CVSS6.1AI score0.00142EPSS
CVE
CVE
added 2024/03/13 4:15 p.m.41 views

CVE-2024-1541

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00167EPSS
CVE
CVE
added 2025/01/11 4:15 a.m.40 views

CVE-2024-12304

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00026EPSS
CVE
CVE
added 2024/11/21 11:15 a.m.39 views

CVE-2024-10785

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenti...

6.4CVSS5.7AI score0.00031EPSS
CVE
CVE
added 2024/06/14 9:15 a.m.38 views

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for auth...

6.4CVSS5.9AI score0.00204EPSS
CVE
CVE
added 2024/06/29 10:15 a.m.38 views

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.9AI score0.00064EPSS
CVE
CVE
added 2024/11/01 8:15 a.m.36 views

CVE-2024-9655

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This ...

6.4CVSS5.7AI score0.00061EPSS
CVE
CVE
added 2024/05/15 3:15 a.m.27 views

CVE-2024-4208

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user su...

6.4CVSS5.7AI score0.00225EPSS
CVE
CVE
added 2024/06/04 6:15 a.m.25 views

CVE-2024-4057

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

6.1CVSS6AI score0.00128EPSS
CVE
CVE
added 2024/05/14 3:43 p.m.24 views

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5.7AI score0.00141EPSS
CVE
CVE
added 2024/05/14 3:43 p.m.19 views

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS6.1AI score0.00279EPSS
CVE
CVE
added 2024/06/27 3:15 a.m.18 views

CVE-2024-5289

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible ...

6.4CVSS5.5AI score0.00079EPSS
CVE
CVE
added 2025/07/09 2:15 a.m.14 views

CVE-2025-5678

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for au...

6.4CVSS5.5AI score0.0003EPSS