| CVE-2024-4566 | ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | High | 7.1 | 2024-05-21 08:31:04 | Deep Dive |
| CVE-2024-4891 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2024-05-18 04:30:53 | Deep Dive |
| CVE-2024-4208 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-15 02:32:44 | Deep Dive |
| CVE-2024-3189 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 5.4 | 2024-05-15 02:32:43 | Deep Dive |
| CVE-2024-4666 | Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | visualmodo | Borderless – Addons and Templates for Elementor | Medium | 6.4 | 2024-05-14 22:31:38 | Deep Dive |
| CVE-2024-3239 | PostX < 4.0.2 - Contributor+ Stored XSS | Unknown | Post Grid Gutenberg Blocks and WordPress Blog Plugin | 中危 | - | 2024-05-13 06:00:01 | Deep Dive |
| CVE-2024-4209 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-11 01:56:00 | Deep Dive |
| CVE-2024-4481 | Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-10 06:44:58 | Deep Dive |
| CVE-2024-4446 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-05-09 20:03:30 | Deep Dive |
| CVE-2024-4316 | EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-05-09 20:03:23 | Deep Dive |
| CVE-2023-6327 | ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 5.3 | 2024-05-09 20:03:22 | Deep Dive |
| CVE-2024-3936 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 4.3 | 2024-05-02 16:52:52 | Deep Dive |
| CVE-2024-2273 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-02 16:52:49 | Deep Dive |
| CVE-2024-3725 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-05-02 16:52:41 | Deep Dive |
| CVE-2024-3588 | Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown' | jetmonsters | Getwid – Gutenberg Blocks | Medium | 6.4 | 2024-05-02 16:52:36 | Deep Dive |
| CVE-2023-7067 | ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 4.3 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-3991 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-05-02 16:52:08 | Deep Dive |
| CVE-2024-3107 | Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 4.3 | 2024-05-02 16:51:46 | Deep Dive |
| CVE-2024-4035 | Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) Cross-Site Scripting | gt3themes | Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery | Medium | 6.4 | 2024-04-25 09:29:58 | Deep Dive |
| CVE-2024-3929 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-04-25 07:33:58 | Deep Dive |