Wpdeveloper

Essential Blocks

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-30467

  • EPSS 0.38%
  • Published 09.06.2024 11:15:50
  • Last modified 21.11.2024 09:11:59

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.

5.4

CVE-2024-4891

  • EPSS 0.35%
  • Published 18.05.2024 05:15:46
  • Last modified 30.01.2025 15:45:34

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization a...

5.4

CVE-2024-3818

  • EPSS 0.17%
  • Published 19.04.2024 03:15:06
  • Last modified 21.01.2025 19:40:10

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input s...

5.4

CVE-2024-31306

  • EPSS 0.14%
  • Published 07.04.2024 18:15:12
  • Last modified 22.01.2025 17:43:48

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.

5.4

CVE-2024-2255

  • EPSS 0.1%
  • Published 20.03.2024 04:15:10
  • Last modified 27.01.2025 15:26:09

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization a...

5.4

CVE-2024-1854

  • EPSS 0.23%
  • Published 13.03.2024 16:15:27
  • Last modified 22.01.2025 20:04:10

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization ...

9.8

CVE-2023-6623

Exploit
  • EPSS 89.36%
  • Published 15.01.2024 16:15:12
  • Last modified 11.06.2025 17:15:39

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

5.4

CVE-2023-7071

  • EPSS 0.18%
  • Published 11.01.2024 09:15:55
  • Last modified 03.06.2025 14:15:42

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitiz...

8.1

CVE-2023-4386

  • EPSS 4.04%
  • Published 20.10.2023 08:15:12
  • Last modified 21.11.2024 08:35:02

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No...

9.8

CVE-2023-4402

Exploit
  • EPSS 2.87%
  • Published 20.10.2023 07:15:15
  • Last modified 21.11.2024 08:35:04

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object....