cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12045,https://securityvulnerability.io/vulnerability/CVE-2024-12045,Stored Cross-Site Scripting in Essential Blocks by WordPress,"The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin allows authenticated users with administrator access to exploit a stored cross-site scripting vulnerability. This occurs through insufficient input sanitization and output escaping in the Google Maps block's maker title value. As a result, attackers can inject arbitrary scripts that run automatically when users access the compromised pages. The vulnerability is particularly concerning for multi-site installations and setups where unfiltered_html is disabled.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-08T07:18:38.149Z,0
CVE-2024-4891,https://securityvulnerability.io/vulnerability/CVE-2024-4891,Stored Cross-Site Scripting Vulnerability in Page Builder Gutenberg Blocks,"The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-18T04:30:53.061Z,0
CVE-2024-3818,https://securityvulnerability.io/vulnerability/CVE-2024-3818,Stored Cross-Site Scripting Vulnerability in Page Builder Gutenberg Blocks,"The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ""Social Icons"" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-19T02:34:43.283Z,0
CVE-2024-2255,https://securityvulnerability.io/vulnerability/CVE-2024-2255,Stored Cross-Site Scripting Vulnerability in Page Builder Gutenberg Blocks,"The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-20T03:20:32.539Z,0
CVE-2024-1854,https://securityvulnerability.io/vulnerability/CVE-2024-1854,Stored Cross-Site Scripting Vulnerability in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress is exposed to a Stored Cross-Site Scripting (XSS) flaw due to inadequate input sanitization and output escaping in the blockId parameter. This vulnerability affects all versions up to and including 4.5.1 and allows authenticated attackers with contributor access or higher to inject malicious web scripts. These scripts can execute in the context of users accessing the affected pages, potentially leading to unauthorized actions or data exposure.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:02.758Z,0
CVE-2023-7071,https://securityvulnerability.io/vulnerability/CVE-2023-7071,Stored Cross-Site Scripting in Essential Blocks for WordPress,"The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting. This vulnerability arises through the Table of Contents block due to inadequate input sanitization and output escaping in versions up to and including 4.4.6. As a result, authenticated attackers with contributor-level permissions can exploit this flaw to inject arbitrary web scripts into pages, leading to execution whenever a user visits those compromised pages.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-01-11T08:33:09.516Z,0
CVE-2023-4386,https://securityvulnerability.io/vulnerability/CVE-2023-4386,PHP Object Injection Vulnerability in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress is susceptible to PHP Object Injection due to insecure deserialization of untrusted input in the get_posts function. Attackers who are not authenticated can potentially inject a PHP Object, exploiting the vulnerability in versions up to and including 4.2.0. While the plugin does not inherently possess a Proof of Concept (POP) chain, the presence of such a chain through additional plugins or themes could enable attackers to carry out harmful activities, including modifying or deleting files and accessing sensitive information.",Wordpress,"Essential Blocks Pro,Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",8.1,HIGH,0.004209999926388264,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-4402,https://securityvulnerability.io/vulnerability/CVE-2023-4402,PHP Object Injection Vulnerability in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the get_products function. This vulnerability affects versions up to and including 4.2.0. Unauthenticated attackers can exploit this flaw to inject PHP objects, leading to potential risks when a dangerous Object-Property (POP) chain is present via other plugins or themes. Such exploitation could permit attackers to delete files, access sensitive information, or execute malicious code.",Wordpress,"Essential Blocks Pro,Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",9.8,CRITICAL,0.002300000051036477,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2023-2086,https://securityvulnerability.io/vulnerability/CVE-2023-2086,Unauthorized Access in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress has a vulnerability that allows unauthorized users to exploit a missing capability check in the template_count function. This issue is present in versions up to and including 4.0.6. Although there is a nonce check in place, it is ineffective if a nonce is not supplied, allowing attacker access to sensitive plugin template information without proper verification.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2085,https://securityvulnerability.io/vulnerability/CVE-2023-2085,Unauthorized Functionality Access in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress has a security flaw that enables unauthorized users to access certain functionalities due to a lack of capability validation on the templates function. This vulnerability affects versions equal to or earlier than 4.0.6. Although a nonce check exists, it is only enforced if a nonce is provided, allowing unauthorized users with subscriber-level access to retrieve critical template information without proper authentication. This defect emphasizes the importance of implementing comprehensive capability checks to safeguard against potential exploitation.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2084,https://securityvulnerability.io/vulnerability/CVE-2023-2084,Unauthorized Functionality Access in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress has a vulnerability that permits unauthorized access to critical plugin settings. This issue arises due to a missing capability check on the get function in all versions up to and including 4.0.6. Although a nonce check exists, it is only enforced when a nonce token is supplied. If no nonce is provided, the verification process is bypassed entirely, exposing sensitive functionalities to subscriber-level attackers. Website administrators should ensure they are using updated versions to mitigate any potential risks.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2087,https://securityvulnerability.io/vulnerability/CVE-2023-2087,Cross-Site Request Forgery in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on its save function. This vulnerability allows unauthenticated attackers to alter plugin settings by tricking site administrators into performing unintended actions, such as clicking a malicious link. Users should update to the latest version and implement security best practices to mitigate potential risks.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",4.3,MEDIUM,0.0011399999493733048,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2083,https://securityvulnerability.io/vulnerability/CVE-2023-2083,Unauthorized Functionality Access in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress has a security vulnerability that allows unauthorized users to alter plugin settings due to a lack of proper functionality checks. Specifically, a capability verification check is missing in the save function for configurations, enabling subscriber-level attackers to carry out changes without the necessary permissions. Although a nonce check is present, it only triggers when a nonce is provided. This oversight allows the nonce verification to be bypassed entirely if a nonce is not included, leading to potential exploitation of the plugin's settings.",Wordpress,"Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0