Gutenberg Blocks For Wordpress Download Manager Security Vulnerabilities and Issues — Gutenberg Blocks For Wordpress Download Manager CVE List

Lucene search

WpdownloadmanagerGutenberg Blocks For Wordpress Download Manager

5 matches found

CVE•added 2024/04/05 5:15 a.m.•69 views

CVE-2024-2509

The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

6.5CVSS6.1AI score0.00157EPSS

CVE•added 2024/06/17 6:15 a.m.•49 views

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

6.8CVSS6.2AI score0.00153EPSS

CVE•added 2021/12/27 11:15 a.m.•45 views

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such...

5.4CVSS5.2AI score0.00208EPSS

CVE•added 2021/11/01 9:15 a.m.•38 views

CVE-2021-24773

The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00206EPSS

CVE•added 2023/05/03 12:16 p.m.•35 views

CVE-2023-22713

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin

6.5CVSS5.6AI score0.00103EPSS