| CVE-2024-1057 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-20 01:56:38 | Deep Dive |
| CVE-2024-3818 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 5.4 | 2024-04-19 02:34:43 | Deep Dive |
| CVE-2024-32586 | WordPress Gutenberg Block Editor Toolkit plugin <= 1.40.4 - Cross Site Scripting (XSS) vulnerability | Munir Kamal | Gutenberg Block Editor Toolkit | Medium | 6.5 | 2024-04-18 09:11:04 | Deep Dive |
| CVE-2024-3344 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-04-11 11:03:52 | Deep Dive |
| CVE-2024-3343 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-04-11 11:03:51 | Deep Dive |
| CVE-2024-2039 | Stackable – Page Builder Gutenberg Blocks <= 3.12.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Posts Block | bfintal | Stackable – Page Builder Gutenberg Blocks | Medium | 6.4 | 2024-04-09 18:59:27 | Deep Dive |
| CVE-2024-2946 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:59:26 | Deep Dive |
| CVE-2023-6486 | Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-04-09 18:59:25 | Deep Dive |
| CVE-2024-1999 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-04-09 18:59:16 | Deep Dive |
| CVE-2023-6964 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | High | 8.5 | 2024-04-09 18:59:15 | Deep Dive |
| CVE-2024-0598 | Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.4 | 2024-04-09 18:59:07 | Deep Dive |
| CVE-2024-3244 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-04-09 18:59:00 | Deep Dive |
| CVE-2024-1948 | Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content | jetmonsters | Getwid – Gutenberg Blocks | Medium | 6.4 | 2024-04-09 18:58:55 | Deep Dive |
| CVE-2024-1960 | ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:58:43 | Deep Dive |
| CVE-2024-2845 | BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.4 | 2024-04-09 18:58:41 | Deep Dive |
| CVE-2024-2226 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-04-09 18:58:38 | Deep Dive |
| CVE-2024-31306 | WordPress Essential Blocks plugin <= 4.5.3 - Cross Site Scripting (XSS) vulnerability | WPDeveloper | Essential Blocks for Gutenberg | Medium | 6.5 | 2024-04-07 17:42:54 | Deep Dive |
| CVE-2024-3245 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-04-06 02:32:04 | Deep Dive |
| CVE-2024-2509 | Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS | Unknown | Gutenberg Blocks by Kadence Blocks | 低危 | - | 2024-04-05 05:00:02 | Deep Dive |
| CVE-2024-2919 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-04-04 02:32:40 | Deep Dive |