| CVE-2024-2868 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2024-24888 | WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability | StellarWP | Gutenberg Blocks by Kadence Blocks | - | - | 2024-04-02 18:16:34 | Deep Dive |
| CVE-2024-2369 | Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS | Unknown | Page Builder Gutenberg Blocks | - | - | 2024-04-02 05:00:01 | Deep Dive |
| CVE-2024-2794 | Gutenberg Block Editor Toolkit – EditorsKit <= 1.40.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | munirkamal | Gutenberg Block Editor Toolkit – EditorsKit | Medium | 6.4 | 2024-03-30 04:31:09 | Deep Dive |
| CVE-2024-30450 | WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | Step-Byte-Service GmbH | OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) | Medium | 6.5 | 2024-03-29 16:45:21 | Deep Dive |
| CVE-2024-2841 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-03-29 04:31:34 | Deep Dive |
| CVE-2024-23500 | WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability | StellarWP | Gutenberg Blocks by Kadence Blocks | High | 7.7 | 2024-03-28 05:54:45 | Deep Dive |
| CVE-2024-1049 | Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | godaddy | Page Builder Gutenberg Blocks – CoBlocks | Medium | 6.4 | 2024-03-23 03:33:42 | Deep Dive |
| CVE-2024-2468 | EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-23 02:32:56 | Deep Dive |
| CVE-2024-2688 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 5.4 | 2024-03-23 02:32:56 | Deep Dive |
| CVE-2024-2255 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2024-03-20 03:20:33 | Deep Dive |
| CVE-2024-1541 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-03-13 15:27:16 | Deep Dive |
| CVE-2024-1684 | Otter Blocks PRO <= 2.6.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via File Field CSS | Themisle | Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-03-13 15:27:05 | Deep Dive |
| CVE-2024-2006 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 8.8 | 2024-03-13 15:27:04 | Deep Dive |
| CVE-2024-1854 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2024-03-13 15:27:03 | Deep Dive |
| CVE-2024-1691 | Otter Blocks PRO <= 2.6.3 - Unauthenticated Stored Cross-Site Scripting via SVG Upload | Themisle | Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.1 | 2024-03-13 15:26:58 | Deep Dive |
| CVE-2024-1802 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-07 20:33:26 | Deep Dive |
| CVE-2024-2128 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-07 19:32:59 | Deep Dive |
| CVE-2024-1095 | Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization | razib_ | Build & Control Block Patterns – Boost up Gutenberg Editor | Medium | 5.3 | 2024-03-05 01:55:59 | Deep Dive |
| CVE-2024-1349 | EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-02-20 18:56:32 | Deep Dive |