CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7588 – Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
https://notcve.org/view.php?id=CVE-2024-7588
13 Aug 2024 — The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/3133880/post-grid • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3608 – Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
https://notcve.org/view.php?id=CVE-2024-3608
08 Jul 2024 — The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments. El complemento Product Designer para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en la función product_designer_ajax_delete_attach_id() en t... • https://plugins.trac.wordpress.org/browser/product-designer/trunk/includes/designer-function.php#L412 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1988 – Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-1988
06 Jun 2024 — The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complem... • https://plugins.trac.wordpress.org/changeset/3084503/post-grid/tags/2.2.81/includes/blocks/accordion-nested-item/index.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4042 – Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute
https://notcve.org/view.php?id=CVE-2024-4042
06 Jun 2024 — The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injec... • https://plugins.trac.wordpress.org/changeset/3084503/post-grid/tags/2.2.81/includes/blocks/menu-wrap-item/index.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3155 – Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-3155
20 May 2024 — The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Post Grid, F... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3084503%40post-grid%2Ftrunk&old=3078364%40post-grid%2Ftrunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1641 – Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication
https://notcve.org/view.php?id=CVE-2024-1641
13 Mar 2024 — The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts. El complemento Accordion para WordPress es vulnerable al acceso no autorizado a los datos y a su... • https://plugins.trac.wordpress.org/browser/accordions/tags/2.2.96/includes/duplicate-post.php • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2023-7072 – Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint
https://notcve.org/view.php?id=CVE-2023-7072
12 Mar 2024 — The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts. El complemento Post Grid Combo – 36+ Gutenberg Blocks para WordPress es vulnerable a la exposición de información confidencial... • https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6645 – Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6645
15 Dec 2023 — The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Post Grid Combo – 36+ Gutenberg Blocks para WordPress es vulnerable... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010342%40post-grid%2Ftrunk&old=2999466%40post-grid%2Ftrunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51666 – WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51666
30 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en PickPlugins Related Post permite XSS almacenado. Este problema afecta a Related Post: desde n/a hasta 2.0.53. The Related Post plugin for WordPress is vulnerable to Stored Cross-Site ... • https://patchstack.com/database/vulnerability/related-post/wordpress-related-post-plugin-2-0-53-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40211 – WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-40211
11 Aug 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en PPickPlugins Post Grid Combo – 36+ Gutenberg Blocks. Este problema afecta a Post Grid Combo – 36+ Gutenberg Blocks: desde n/a hasta 2.2.50. The Post Grid plugin for WordPress is vulnerable to unauthorized access of ... • https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •