| CVE-2024-5819 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-06-29 09:46:43 | Deep Dive |
| CVE-2024-5424 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters | gallerycreator | Mixed Media Gallery Blocks | Medium | 6.4 | 2024-06-28 08:33:28 | Deep Dive |
| CVE-2024-6296 | Stackable – Page Builder Gutenberg Blocks <= 3.13.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bfintal | Stackable – Page Builder Gutenberg Blocks | Medium | 6.4 | 2024-06-28 03:36:43 | Deep Dive |
| CVE-2024-1330 | Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access | Unknown | kadence-blocks-pro | - | - | 2024-06-27 06:00:02 | Deep Dive |
| CVE-2024-5289 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-06-27 02:03:03 | Deep Dive |
| CVE-2024-35765 | WordPress Greenshift – animation and page builder blocks plugin <= 8.8.9.1 - Cross Site Scripting (XSS) vulnerability | Wpsoul | Greenshift – animation and page builder blocks | Medium | 6.5 | 2024-06-19 10:17:56 | Deep Dive |
| CVE-2023-6692 | Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox | ultimateblocks | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | Medium | 6.4 | 2024-06-19 05:37:44 | Deep Dive |
| CVE-2024-4305 | PostX < 4.1.0 - Contributor+ Stored XSS | Unknown | Post Grid Gutenberg Blocks and WordPress Blog Plugin | - | - | 2024-06-17 06:00:01 | Deep Dive |
| CVE-2024-4863 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-06-14 08:35:35 | Deep Dive |
| CVE-2024-33572 | WordPress Nexter Blocks plugin <= 3.2.5 - Broken Access Control vulnerability | POSIMYTH | Nexter Blocks | Medium | 4.3 | 2024-06-09 12:00:11 | Deep Dive |
| CVE-2024-30467 | WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability | WPDeveloper | Essential Blocks for Gutenberg | Medium | 6.5 | 2024-06-09 10:49:07 | Deep Dive |
| CVE-2024-35682 | WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability | Themeisle | Otter Blocks PRO | Medium | 4.3 | 2024-06-08 14:56:05 | Deep Dive |
| CVE-2024-35704 | WordPress BlockArt Blocks plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability | WPBlockArt | BlockArt Blocks | Medium | 6.5 | 2024-06-08 14:12:22 | Deep Dive |
| CVE-2024-35731 | WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability | WP Moose | Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor | Medium | 6.5 | 2024-06-08 12:53:36 | Deep Dive |
| CVE-2024-4042 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute | pickplugins | Post Grid | Medium | 6.4 | 2024-06-07 05:33:45 | Deep Dive |
| CVE-2024-1988 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-06-07 03:21:58 | Deep Dive |
| CVE-2024-5221 | Qi Blocks <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting | qodeinteractive | Qi Blocks | Medium | 6.4 | 2024-06-06 08:33:05 | Deep Dive |
| CVE-2024-4088 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization | shafayat-alam | Gutenberg Blocks and Page Layouts – Attire Blocks | Medium | 4.3 | 2024-06-05 06:50:30 | Deep Dive |
| CVE-2024-4057 | Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS | Unknown | Gutenberg Blocks with AI by Kadence WP | - | - | 2024-06-04 06:00:02 | Deep Dive |
| CVE-2024-34769 | WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | cyclonetheme | Elegant Blocks | Medium | 6.5 | 2024-06-03 11:15:25 | Deep Dive |