| CVE-2022-45803 | WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability | Nikolay Strikhar | WordPress Form Builder Plugin – Gutenberg Forms | Medium | 6.5 | 2024-06-21 13:35:51 | Deep Dive |
| CVE-2024-4305 | PostX < 4.1.0 - Contributor+ Stored XSS | Unknown | Post Grid Gutenberg Blocks and WordPress Blog Plugin | - | - | 2024-06-17 06:00:01 | Deep Dive |
| CVE-2024-4863 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-06-14 08:35:35 | Deep Dive |
| CVE-2024-1565 | EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-06-13 08:31:32 | Deep Dive |
| CVE-2024-5530 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-06-11 04:32:13 | Deep Dive |
| CVE-2024-30467 | WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability | WPDeveloper | Essential Blocks for Gutenberg | Medium | 6.5 | 2024-06-09 10:49:07 | Deep Dive |
| CVE-2024-35731 | WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability | WP Moose | Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor | Medium | 6.5 | 2024-06-08 12:53:36 | Deep Dive |
| CVE-2024-4042 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute | pickplugins | Post Grid | Medium | 6.4 | 2024-06-07 05:33:45 | Deep Dive |
| CVE-2024-1988 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-06-07 03:21:58 | Deep Dive |
| CVE-2024-5571 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-06-05 08:33:16 | Deep Dive |
| CVE-2024-4088 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization | shafayat-alam | Gutenberg Blocks and Page Layouts – Attire Blocks | Medium | 4.3 | 2024-06-05 06:50:30 | Deep Dive |
| CVE-2024-4057 | Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS | Unknown | Gutenberg Blocks with AI by Kadence WP | - | - | 2024-06-04 06:00:02 | Deep Dive |
| CVE-2024-2933 | Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles | godaddy | Page Builder Gutenberg Blocks – CoBlocks | Medium | 6.4 | 2024-06-01 01:54:54 | Deep Dive |
| CVE-2024-5326 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 8.8 | 2024-05-30 10:59:29 | Deep Dive |
| CVE-2024-5223 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | Medium | 6.4 | 2024-05-30 03:34:28 | Deep Dive |
| CVE-2024-4366 | Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-05-24 07:30:23 | Deep Dive |
| CVE-2024-1803 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 4.3 | 2024-05-23 12:43:29 | Deep Dive |
| CVE-2024-1814 | Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-05-23 11:02:39 | Deep Dive |
| CVE-2024-1815 | Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-05-23 11:02:37 | Deep Dive |
| CVE-2024-3345 | ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-05-21 08:31:05 | Deep Dive |