| CVE-2025-1784 | Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2025-03-26 05:22:53 | Deep Dive |
| CVE-2024-13228 | Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content | themeum | Qubely – Advanced Gutenberg Blocks | Medium | 4.3 | 2025-03-11 07:05:17 | Deep Dive |
| CVE-2024-13675 | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | amans2k | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | Medium | 6.4 | 2025-03-08 11:16:41 | Deep Dive |
| CVE-2025-1664 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-03-08 11:16:40 | Deep Dive |
| CVE-2024-13635 | VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure | vektor-inc | VK Blocks | Medium | 4.3 | 2025-03-07 09:21:15 | Deep Dive |
| CVE-2024-11153 | Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | danieliser | Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More | Medium | 5.3 | 2025-03-05 11:22:11 | Deep Dive |
| CVE-2025-23521 | WordPress Goodlayers Blocks plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | GoodLayers | Goodlayers Blocks | High | 7.1 | 2025-03-03 13:30:10 | Deep Dive |
| CVE-2025-1291 | Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-03-01 08:23:21 | Deep Dive |
| CVE-2024-13796 | Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure | pickplugins | Post Grid | Medium | 5.3 | 2025-02-28 04:21:56 | Deep Dive |
| CVE-2024-13803 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-02-26 07:01:19 | Deep Dive |
| CVE-2025-26983 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability | WPZOOM | Recipe Card Blocks for Gutenberg & Elementor | Medium | 4.3 | 2025-02-25 14:17:59 | Deep Dive |
| CVE-2025-26871 | WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability | WPDeveloper | Essential Blocks for Gutenberg | Medium | 4.3 | 2025-02-25 14:17:51 | Deep Dive |
| CVE-2024-13798 | Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation | pickplugins | Post Grid | Medium | 5.3 | 2025-02-22 04:21:16 | Deep Dive |
| CVE-2024-13537 | C9 Blocks <= 1.7.7 - Unauthenticated Full Path Disclosure | ttoomey | C9 Blocks | Medium | 5.3 | 2025-02-21 03:21:23 | Deep Dive |
| CVE-2024-6432 | Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2025-02-20 09:21:37 | Deep Dive |
| CVE-2024-13674 | Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | berginformatik | Cosmic Blocks (40+) Content Editor Blocks Collection | Medium | 6.4 | 2025-02-19 07:32:09 | Deep Dive |
| CVE-2024-13465 | aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | kodezen | aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder | Medium | 6.4 | 2025-02-18 07:28:14 | Deep Dive |
| CVE-2025-26771 | WordPress SKT Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | sonalsinha21 | SKT Blocks | Medium | 6.5 | 2025-02-17 11:38:14 | Deep Dive |
| CVE-2024-9601 | Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' | themeum | Qubely – Advanced Gutenberg Blocks | Medium | 6.5 | 2025-02-14 06:40:12 | Deep Dive |
| CVE-2025-0506 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter | eaglethemes | Rise Blocks – A Complete Gutenberg Page Builder | Medium | 6.4 | 2025-02-12 09:22:48 | Deep Dive |