CVE-2023-6623

The CVE-2023-6623 entry corresponds to a Local File Inclusion vulnerability in the WordPress Essential Blocks plugin prior to version 4.4.3. Several connected sources confirm that unauthenticated attackers can overwrite local variables when rendering templates via the REST API, potentially enabli...

CVE-2023-4386

The CVE-2023-4386 entry concerns the WordPress Essential Blocks plugin (WPDeveloper) with PHP Object Injection due to insecure deserialization in get_posts. Affected versions are up to and including 4.2.0. The vulnerability allows unauthenticated attackers to inject a PHP object via untrusted inp...

CVE-2023-47760

CVE-2023-47760 affects WordPress WPDeveloper Essential Blocks for Gutenberg. The vulnerability is a Missing Authorization/Broken Access Control in Essential Blocks for Gutenberg versions

CVE-2023-51360

CVE-2023-51360 affects the WordPress plugin Essential Blocks for Gutenberg (vulnerable:

CVE-2025-1664

CVE-2025-1664 affects the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates . The vulnerability is a Stored Cross-Site Scripting via the Parallax slider in all versions up to 5.3.1 due to insufficient input sanitization and output escaping. Exploitation requi...

CVE-2024-3818

CVE-2024-3818 affects the Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates WordPress plugin. The issue is a DOM-based stored XSS in the Social Icons block, arising from insufficient input sanitization/output escaping on user-supplied attributes. Affected versions include all...

CVE-2023-51359

CVE-2023-51359 affects WPDeveloper Essential Blocks for Gutenberg (

CVE-2024-2255

The CVE concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates. It describes a Stored XSS flaw in the plugin’s widgets due to insufficient input sanitization and output escaping on user-supplied attributes (e.g., listStyle) in versions up to 4.5.2. Ex...

CVE-2024-13803

CVE-2024-13803 concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates, affecting all versions up to 5.2.3. The vulnerability is a Stored Cross-Site Scripting via the data-marker parameter, caused by insufficient input sanitization and output escaping....

CVE-2023-2086

CVE-2023-2086 : The WordPress plugin “Essential Blocks” (Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates) is vulnerable due to a missing capability check on the template_count function in versions up to and including 4.0.6, enabling subscriber-level attackers to view plugin...

CVE-2025-26871

CVE-2025-26871 refers to a Missing Authorization vulnerability in Essential Blocks for Gutenberg (WP developers’ Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates). Affected versions are listed as from n/a through 4.8.3. The root cause is incorrectly configured access control...

CVE-2024-4891

CVE-2024-4891 affects the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates. Root cause is insufficient input sanitization and output escaping in the tagName parameter, enabling Stored XSS. Impact requires authenticated access (contributor+) to inject scripts...

CVE-2023-4402

The WordPress Essential Blocks plugin (versions up to and including 4.2.0) is affected by a PHP Object Injection via deserialization of untrusted input in the get_products/get_posts path. The vulnerability allows unauthenticated attackers to inject a PHP Object; exploitation may enable deletion o...

CVE-2024-30467

CVE-2024-30467: Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg affects Essential Blocks for Gutenberg versions up to 4.4.9. Root cause is missing authorization checks on access to block functionality. Impact is high for confidentiality, integrity, and availabili...

CVE-2023-2083

CVE-2023-2083 affects the WordPress plugin “Essential Blocks” (versions up to 4.0.6). The root cause is a missing capability check on the save function, with a nonce check that only runs when a nonce is provided; without a nonce, nonce verification is skipped and no capability check occurs. This ...

CVE-2024-47385

CVE-2024-47385 is a stored XSS in the WordPress plugin “Essential Blocks for Gutenberg” (WPDeveloper). Public details indicate the vulnerability affects versions up to and including 4.8.4; exploitation is via improper neutralization of input during web page generation. The patch is available in v...

CVE-2024-12045

CVE-2024-12045 is a stored XSS vulnerability in the Essential Blocks plugin for WordPress, affecting versions up to 5.0.9. The issue arises from insufficient sanitization/escaping of the Google Maps block maker title value, enabling an authenticated attacker with administrator privileges to injec...

CVE-2024-1854

CVE-2024-1854 (WordPress plugin: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates) The vulnerability is a Stored XSS in the blockId parameter across all versions up to and including 4.5.1 of the Essential Blocks plugin for WordPress. The root cause is insufficient input sani...

CVE-2024-31306

CVE-2024-31306 : In the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks (WPDeveloper) there is a Stored XSS vulnerability due to improper input handling during web page generation, affecting versions up to 4.5.3 . The root cause is insufficient input neutralization when renderin...

CVE-2023-2084

CVE-2023-2084 affects the WordPress Essential Blocks plugin for WordPress, vulnerable up to version 4.0.6. The root cause is a missing capability check in the get function, allowing subscriber-level attackers to read or obtain plugin settings. Although a nonce check exists, it only runs when a no...

CVE-2023-2085

The CVE-2023-2085 entry concerns the WordPress plugin Essential Blocks (versions up to and including 4.0.6). The vulnerability arises from a missing capability check in the templates function, enabling unauthorized information exposure to subscriber-level users. Although a nonce check exists, it ...

CVE-2023-2087

CVE-2023-2087 affects the WordPress Essential Blocks plugin (versions

CVE-2022-47594

CVE-2022-47594 affects the WordPress plugin Essential Blocks for Gutenberg (

CVE-2023-7071

CVE-2023-7071 affects the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates. Versions up to and including 4.4.6 are vulnerable to Stored Cross-Site Scripting via the Table of Contents block due to insufficient input sanitization and output escaping. Exploitat...

CVE-2024-5595

CVE-2024-5595 affects the WordPress plugin “Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates” (pre 4.7.0). Root cause: the plugin does not validate/escape certain block options before output, enablingStored XSS when the block is embedded in a page/post by users with Contribu...