CVE-2024-13798
- EPSS 0.4%
- Veröffentlicht 22.02.2025 05:15:12
- Zuletzt bearbeitet 06.03.2025 12:42:22
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauth...
CVE-2024-9636
- EPSS 0.99%
- Veröffentlicht 15.01.2025 10:15:08
- Zuletzt bearbeitet 15.01.2025 10:15:08
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it pos...
CVE-2024-43155
- EPSS 0.23%
- Veröffentlicht 12.08.2024 22:15:09
- Zuletzt bearbeitet 13.08.2024 12:58:25
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
CVE-2024-6346
- EPSS 0.25%
- Veröffentlicht 01.08.2024 10:15:02
- Zuletzt bearbeitet 01.03.2025 02:14:17
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input san...
CVE-2024-4042
- EPSS 0.31%
- Veröffentlicht 07.06.2024 06:15:11
- Zuletzt bearbeitet 21.11.2024 09:42:05
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and i...