The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha_block_css’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitizatio
The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and
The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to,
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to in
The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitizatio
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output e
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4.
The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including,
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and outpu
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient inpu
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization a
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to i
The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization an
The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization
The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due t
The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it po
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in
The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitiza
Page 1+ Next →