5 matches found
CVE-2024-34566
CVE-2024-34566 is a Stored XSS in Content Blocks (Custom Post Widget) for WordPress. The issue arises from improper input neutralization during web page generation. Affected: Content Blocks (Custom Post Widget)
CVE-2024-44051
Content Blocks (Custom Post Widget) for WordPress is affected by CVE-2024-44051: a Stored XSS due to improper neutralization in web page generation. Impact is limited to versions
CVE-2024-6432
CVE-2024-6432 affects the Content Blocks (Custom Post Widget) WordPress plugin. The issue is a Stored XSS via the content parameter of the plugin’s Content Block shortcode, due to insufficient input sanitization and output escaping. Affected versions are
CVE-2024-3564
CVE-2024-3564 concerns the WordPress plugin Content Blocks (Custom Post Widget). Public sources confirm a Local File Inclusion vulnerability via the content_block shortcode in all versions up to 3.3.0, exploitable by authenticated attackers with contributor+ privileges to include and execute arbi...
CVE-2024-3565
CVE-2024-3565 affects Content Blocks (Custom Post Widget) for WordPress. It is a Stored XSS via the content_block shortcode in all versions up to 3.3.0 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at contributor level or...