10 matches found
CVE-2024-3725
CVE-2024-3725 affects the WordPress plugin Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE. In versions up to 2.6.9, stored XSS via the Post Grid widget occurs due to insufficient input sanitization and output escaping on user-supplied attributes (e.g., titleTag). Exploit...
CVE-2024-2841
CVE-2024-2841 affects Otter Blocks – Gutenberg Blocks, Page Builder for WordPress up to v2.6.5; stored XSS via widgets due to insufficient input sanitization and output escaping on attributes like 'id'. Exploitation requires contributor+ privileges; attacker can inject scripts that execute when u...
CVE-2024-11219
CVE-2024-11219 affects Otter Blocks – Gutenberg Blocks, Page Builder for WordPress (WordPress plugin) up to and including v3.0.6. The issue is an unauthenticated path traversal vulnerability in the get_image function that allows viewing arbitrary images on the server, potentially exposing sensiti...
CVE-2024-2729
The Otter Blocks WordPress plugin is vulnerable to a stored XSS in all versions prior to 2.6.6, caused by improper escaping of the mainHeadings block attribute when rendering the final block. This is CVE-2024-2729. A fix is available in version 2.6.6 and later; updating to 2.6.6+ is the advised r...
CVE-2024-3344
CVE-2024-3344 (Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE) is a Stored Cross-Site Scripting vulnerability affecting Otter Blocks up to version 2.6.8. An authenticated attacker with author-level access or higher can upload an SVG file without proper sanitization and, ...
CVE-2024-2226
CVE-2024-2226 affects the Otter Blocks – Gutenberg Blocks plugin for WordPress. The vulnerability is stored XSS in the google-map block via the id parameter, present in all versions up to 2.6.4, due to insufficient input sanitization and output escaping. Exploitation requires an authenticated att...
CVE-2024-35682
Technical details about CVE-2024-35682 are not provided in the supplied documents. Monitor official advisories and CVE updates from vendors and security bulletins for new information.
CVE-2024-3343
CVE-2024-3343 concerns Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE for WordPress. The issue is a Stored Cross-Site Scripting vulnerability in the plugin’s block attributes caused by insufficient input sanitization and output escaping, affecting all versions up to and ...
CVE-2024-1691
CVE-2024-1691 – Otter Blocks PRO (WordPress) suffers Stored Cross-Site Scripting via an SVG file upload vector due to insufficient input sanitization and output escaping. Affected: Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO (WordPress). Impact: unauthenticate...
CVE-2024-1684
The CVE-2024-1684 entry concerns Otter Blocks PRO (WordPress) versions