6 matches found
CVE-2023-2086
CVE-2023-2086 : The WordPress plugin “Essential Blocks” (Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates) is vulnerable due to a missing capability check on the template_count function in versions up to and including 4.0.6, enabling subscriber-level attackers to view plugin...
CVE-2023-2083
CVE-2023-2083 affects the WordPress plugin “Essential Blocks” (versions up to 4.0.6). The root cause is a missing capability check on the save function, with a nonce check that only runs when a nonce is provided; without a nonce, nonce verification is skipped and no capability check occurs. This ...
CVE-2023-2084
CVE-2023-2084 affects the WordPress Essential Blocks plugin for WordPress, vulnerable up to version 4.0.6. The root cause is a missing capability check in the get function, allowing subscriber-level attackers to read or obtain plugin settings. Although a nonce check exists, it only runs when a no...
CVE-2023-2087
CVE-2023-2087 affects the WordPress Essential Blocks plugin (versions
CVE-2024-12045
CVE-2024-12045 is a stored XSS vulnerability in the Essential Blocks plugin for WordPress, affecting versions up to 5.0.9. The issue arises from insufficient sanitization/escaping of the Google Maps block maker title value, enabling an authenticated attacker with administrator privileges to injec...
CVE-2023-2085
The CVE-2023-2085 entry concerns the WordPress plugin Essential Blocks (versions up to and including 4.0.6). The vulnerability arises from a missing capability check in the templates function, enabling unauthorized information exposure to subscriber-level users. Although a nonce check exists, it ...