| CVE-2024-10178 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | gutentor | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | Medium | 6.4 | 2024-12-05 04:23:53 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-10484 | Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-12-03 05:33:26 | Deep Dive |
| CVE-2024-11402 | WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability | kubiq | Block Editor Bootstrap Blocks | High | 7.1 | 2024-11-28 11:00:31 | Deep Dive |
| CVE-2024-11219 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 5.3 | 2024-11-27 05:31:55 | Deep Dive |
| CVE-2024-10034 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting | gallerycreator | Mixed Media Gallery Blocks | Medium | 5.5 | 2024-11-22 05:33:42 | Deep Dive |
| CVE-2024-10785 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-11-21 04:24:25 | Deep Dive |
| CVE-2024-10872 | Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | jetmonsters | Getwid – Gutenberg Blocks | Medium | 6.4 | 2024-11-20 11:03:43 | Deep Dive |
| CVE-2024-51822 | WordPress Creative Blocks plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | keonthemes | Creative Blocks | Medium | 6.5 | 2024-11-19 16:31:49 | Deep Dive |
| CVE-2024-51868 | WordPress DuoGeek Blocks plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability | Tapan Kumer Das | DuoGeek Blocks | Medium | 6.5 | 2024-11-19 16:31:25 | Deep Dive |
| CVE-2024-51869 | WordPress Gutenium Blocks plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | Best WP Developer | Gutenium Blocks | Medium | 6.5 | 2024-11-19 16:31:25 | Deep Dive |
| CVE-2024-51928 | WordPress Blocks Post Grid plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | Jakir Hasan | Blocks Post Grid | Medium | 6.5 | 2024-11-19 16:30:54 | Deep Dive |
| CVE-2024-10728 | PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 8.8 | 2024-11-16 04:29:15 | Deep Dive |
| CVE-2024-52357 | WordPress LIQUID BLOCKS plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | lqd | LIQUID BLOCKS | Medium | 6.5 | 2024-11-11 06:09:27 | Deep Dive |
| CVE-2024-10340 | Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cmorillas1 | Shortcodes Blocks Creator Ultimate | Medium | 6.4 | 2024-11-05 02:04:04 | Deep Dive |
| CVE-2024-37423 | WordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerability | Automattic | Newspack Blocks | High | 8.5 | 2024-11-01 14:18:25 | Deep Dive |
| CVE-2024-37425 | WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability | Automattic | Newspack Blocks | Medium | 5.4 | 2024-11-01 14:18:24 | Deep Dive |
| CVE-2024-38794 | WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability | MediaRon LLC | Custom Query Blocks | Medium | 5.3 | 2024-11-01 14:17:56 | Deep Dive |
| CVE-2024-43293 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability | WPZOOM | Recipe Card Blocks for Gutenberg & Elementor | Medium | 4.3 | 2024-11-01 14:17:30 | Deep Dive |
| CVE-2024-10367 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-11-01 11:01:56 | Deep Dive |