CVE-2024-2509
- EPSS 0.21%
- Published 05.04.2024 05:15:07
- Last modified 13.05.2025 00:41:04
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and ab...
CVE-2024-2919
- EPSS 0.18%
- Published 04.04.2024 03:15:06
- Last modified 07.02.2025 17:54:25
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output esc...
CVE-2024-24888
- EPSS 0.32%
- Published 02.04.2024 19:15:47
- Last modified 07.02.2025 16:58:39
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25.
CVE-2024-23500
- EPSS 0.69%
- Published 28.03.2024 06:15:10
- Last modified 07.02.2025 16:55:03
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.
CVE-2024-1541
- EPSS 0.23%
- Published 13.03.2024 16:15:24
- Last modified 12.12.2024 17:51:27
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output ...