cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12304,https://securityvulnerability.io/vulnerability/CVE-2024-12304,Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks with AI by Kadence WP,"The Gutenberg Blocks with AI by Kadence WP Page Builder Features plugin for WordPress is susceptible to a stored cross-site scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping processes in the button block link functionality. Authenticated attackers, holding Contributor-level access or greater, can exploit this vulnerability to inject arbitrary web scripts into web pages. These scripts will execute whenever a user visits the compromised page, potentially leading to unauthorized actions and compromise user information.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-11T03:21:03.438Z,0
CVE-2024-12581,https://securityvulnerability.io/vulnerability/CVE-2024-12581,Plugin Vulnerable to Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) vulnerabilities due to inadequate input sanitization and output escaping measures. This flaw permits authenticated attackers, specifically those with administrator-level permissions or higher, to inject arbitrary scripts within pages. Such scripts execute whenever a user accesses the compromised page, posing significant risks, especially in multi-site WordPress installations where the unfiltered_html setting is disabled. Users are urged to take immediate action to validate their installations and apply necessary updates.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,4.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-13T05:24:48.943Z,0
CVE-2024-10785,https://securityvulnerability.io/vulnerability/CVE-2024-10785,Stored Cross-Site Scripting Vulnerability in Kadence WP Page Builder,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-21T04:24:25.355Z,0
CVE-2024-9655,https://securityvulnerability.io/vulnerability/CVE-2024-9655,Stored Cross-Site Scripting Vulnerability Affects Kadence WP Plugin,"The Gutenberg Blocks with AI plugin, developed by Kadence WP for WordPress, is susceptible to Stored Cross-Site Scripting (XSS) attacks through its Icon widget. This vulnerability arises from inadequate input sanitization and output escaping for user-provided attributes, allowing authenticated attackers with contributor-level access and above to inject malicious web scripts. These scripts can execute when users access the affected pages, posing significant risks to website integrity and user safety.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-11-01T07:33:30.334Z,0
CVE-2024-5819,https://securityvulnerability.io/vulnerability/CVE-2024-5819,Gutenberg Blocks with AI Vulnerable to DOM-Based Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-29T09:46:42.628Z,0
CVE-2024-4863,https://securityvulnerability.io/vulnerability/CVE-2024-4863,Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks with AI,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-14T08:35:34.643Z,0
CVE-2024-4208,https://securityvulnerability.io/vulnerability/CVE-2024-4208,Gutenberg Blocks with AI Vulnerable to Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-15T02:32:44.089Z,0
CVE-2024-3189,https://securityvulnerability.io/vulnerability/CVE-2024-3189,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-15T02:32:43.451Z,0
CVE-2024-4481,https://securityvulnerability.io/vulnerability/CVE-2024-4481,Gutenberg Blocks with AI Vulnerable to Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2024-2273,https://securityvulnerability.io/vulnerability/CVE-2024-2273,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder Features Plugin,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:49.167Z,0
CVE-2024-1999,https://securityvulnerability.io/vulnerability/CVE-2024-1999,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder Features Plugin,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks By Kadence Blocks – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:15.564Z,0
CVE-2023-6964,https://securityvulnerability.io/vulnerability/CVE-2023-6964,Kadence Blocks Page Builder Features Plugin Vulnerable to Server-Side Request Forgery,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress has a vulnerability related to Server-Side Request Forgery (SSRF) that affects all versions prior to and including 3.1.26. This vulnerability can be exploited by authenticated users with contributor-level access and above through the 'kadence_import_get_new_connection_data' AJAX action. Successful exploitation allows attackers to send web requests to arbitrary locations, potentially enabling them to query and alter information within internal services, thereby posing a serious security risk to affected WordPress installations.",Wordpress,Gutenberg Blocks By Kadence Blocks – Page Builder Features,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:59:15.108Z,0
CVE-2024-0598,https://securityvulnerability.io/vulnerability/CVE-2024-0598,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Plugin for WordPress,"The Kadence Blocks plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw arises from inadequate input sanitization and output escaping in the contact form message settings, enabling authenticated attackers, holding editor-level access or higher, to inject malicious web scripts into pages. Consequently, these scripts execute when any user accesses the compromised page, significantly affecting multi-site installations and those prohibiting unfiltered HTML.",Wordpress,Gutenberg Blocks By Kadence Blocks – Page Builder Features,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:07.479Z,0
CVE-2024-2919,https://securityvulnerability.io/vulnerability/CVE-2024-2919,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-04T03:15:00.000Z,0
CVE-2024-1541,https://securityvulnerability.io/vulnerability/CVE-2024-1541,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder Features Plugin,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks By Kadence Blocks – Page Builder Features,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-13T15:27:15.628Z,0