| CVE-2024-13803 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-02-26 07:01:19 | Deep Dive |
| CVE-2025-0506 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter | eaglethemes | Rise Blocks – A Complete Gutenberg Page Builder | Medium | 6.4 | 2025-02-12 09:22:48 | Deep Dive |
| CVE-2024-13733 | SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | sonalsinha21 | SKT Blocks – Gutenberg based Page Builder | Medium | 6.4 | 2025-02-04 09:21:08 | Deep Dive |
| CVE-2024-12117 | Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | bfintal | Stackable – Page Builder Gutenberg Blocks | Medium | 6.4 | 2025-01-22 07:03:53 | Deep Dive |
| CVE-2024-12304 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-01-11 03:21:03 | Deep Dive |
| CVE-2024-6155 | Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting | wpsoul | Greenshift – animation and page builder blocks | Medium | 6.4 | 2025-01-09 11:11:05 | Deep Dive |
| CVE-2024-12045 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 4.4 | 2025-01-08 07:18:38 | Deep Dive |
| CVE-2024-12581 | Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.4 | 2024-12-13 05:24:49 | Deep Dive |
| CVE-2024-11181 | Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure | wpsoul | Greenshift – animation and page builder blocks | Medium | 4.3 | 2024-12-12 06:46:33 | Deep Dive |
| CVE-2024-11914 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | shafayat-alam | Gutenberg Blocks and Page Layouts – Attire Blocks | Medium | 6.4 | 2024-12-12 03:23:07 | Deep Dive |
| CVE-2024-10178 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | gutentor | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | Medium | 6.4 | 2024-12-05 04:23:53 | Deep Dive |
| CVE-2024-11219 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 5.3 | 2024-11-27 05:31:55 | Deep Dive |
| CVE-2024-10785 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-11-21 04:24:25 | Deep Dive |
| CVE-2024-10367 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-11-01 11:01:56 | Deep Dive |
| CVE-2024-9655 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-11-01 07:33:30 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8760 | Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection | bfintal | Stackable – Page Builder Gutenberg Blocks | Medium | 5.3 | 2024-10-12 08:41:04 | Deep Dive |
| CVE-2024-9234 | GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload | ataurr | GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor | Critical | 9.8 | 2024-10-11 06:50:20 | Deep Dive |
| CVE-2024-9218 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting | wpblockart | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | Medium | 6.1 | 2024-10-02 08:31:51 | Deep Dive |
| CVE-2024-8325 | Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | blockspare | BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor | Medium | 6.4 | 2024-09-04 05:31:00 | Deep Dive |