| CVE-2024-1349 | EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-02-20 18:56:32 | Deep Dive |
| CVE-2024-1425 | EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-02-20 18:56:31 | Deep Dive |
| CVE-2024-23512 | WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection | wpxpo | ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks | High | 8.7 | 2024-02-12 08:22:30 | Deep Dive |
| CVE-2023-6963 | Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass | jetmonsters | Getwid – Gutenberg Blocks | Medium | 5.3 | 2024-02-05 21:22:02 | Deep Dive |
| CVE-2024-0612 | Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 4.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2023-6959 | Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification | jetmonsters | Getwid – Gutenberg Blocks | Medium | 4.3 | 2024-02-05 21:21:50 | Deep Dive |
| CVE-2023-6635 | EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload | munirkamal | Gutenberg Block Editor Toolkit – EditorsKit | High | 7.2 | 2024-02-05 21:21:43 | Deep Dive |
| CVE-2023-6843 | easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update | Unknown | easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg | 中危 | - | 2024-01-15 15:10:40 | Deep Dive |
| CVE-2023-7071 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2024-01-11 08:33:10 | Deep Dive |
| CVE-2023-6986 | EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-01-03 06:41:25 | Deep Dive |
| CVE-2023-51417 | WordPress JVM rich text icons Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload | Joris van Montfort | JVM Gutenberg Rich Text Icons | Critical | 9.9 | 2023-12-29 13:44:41 | Deep Dive |
| CVE-2023-51378 | WordPress Rise Blocks Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) | Rise Themes | Rise Blocks – A Complete Gutenberg Page Builder | Medium | 5.4 | 2023-12-29 12:08:17 | Deep Dive |
| CVE-2023-49833 | WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS) | Brainstorm Force | Spectra – WordPress Gutenberg Blocks | Medium | 6.5 | 2023-12-14 14:26:59 | Deep Dive |
| CVE-2023-40211 | WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure | PickPlugins | Post Grid Combo – 36+ Gutenberg Blocks | High | 7.5 | 2023-11-30 15:03:24 | Deep Dive |
| CVE-2023-4386 | Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries | wpdevteam | Essential Blocks Pro | High | 8.1 | 2023-10-20 07:29:28 | Deep Dive |
| CVE-2023-4402 | Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products | wpdevteam | Essential Blocks Pro | High | 8.1 | 2023-10-20 06:35:11 | Deep Dive |
| CVE-2023-38000 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block | WordPress.org | WordPress | Medium | 6.5 | 2023-10-13 09:55:55 | Deep Dive |
| CVE-2023-4282 | EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 5.4 | 2023-08-10 11:05:43 | Deep Dive |
| CVE-2023-4283 | EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2023-08-10 11:05:43 | Deep Dive |
| CVE-2023-3371 | EmbedPress <= 3.7.3 - Sensitive Information Exposure | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 5.3 | 2023-06-27 01:55:28 | Deep Dive |