cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12304,https://securityvulnerability.io/vulnerability/CVE-2024-12304,Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks with AI by Kadence WP,"The Gutenberg Blocks with AI by Kadence WP Page Builder Features plugin for WordPress is susceptible to a stored cross-site scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping processes in the button block link functionality. Authenticated attackers, holding Contributor-level access or greater, can exploit this vulnerability to inject arbitrary web scripts into web pages. These scripts will execute whenever a user visits the compromised page, potentially leading to unauthorized actions and compromise user information.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-11T03:21:03.438Z,0
CVE-2024-12581,https://securityvulnerability.io/vulnerability/CVE-2024-12581,Plugin Vulnerable to Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) vulnerabilities due to inadequate input sanitization and output escaping measures. This flaw permits authenticated attackers, specifically those with administrator-level permissions or higher, to inject arbitrary scripts within pages. Such scripts execute whenever a user accesses the compromised page, posing significant risks, especially in multi-site WordPress installations where the unfiltered_html setting is disabled. Users are urged to take immediate action to validate their installations and apply necessary updates.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,4.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-13T05:24:48.943Z,0
CVE-2024-10785,https://securityvulnerability.io/vulnerability/CVE-2024-10785,Stored Cross-Site Scripting Vulnerability in Kadence WP Page Builder,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-21T04:24:25.355Z,0
CVE-2024-9655,https://securityvulnerability.io/vulnerability/CVE-2024-9655,Stored Cross-Site Scripting Vulnerability Affects Kadence WP Plugin,"The Gutenberg Blocks with AI plugin, developed by Kadence WP for WordPress, is susceptible to Stored Cross-Site Scripting (XSS) attacks through its Icon widget. This vulnerability arises from inadequate input sanitization and output escaping for user-provided attributes, allowing authenticated attackers with contributor-level access and above to inject malicious web scripts. These scripts can execute when users access the affected pages, posing significant risks to website integrity and user safety.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-11-01T07:33:30.334Z,0
CVE-2024-5819,https://securityvulnerability.io/vulnerability/CVE-2024-5819,Gutenberg Blocks with AI Vulnerable to DOM-Based Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-29T09:46:42.628Z,0
CVE-2024-4863,https://securityvulnerability.io/vulnerability/CVE-2024-4863,Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks with AI,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-14T08:35:34.643Z,0
CVE-2024-4208,https://securityvulnerability.io/vulnerability/CVE-2024-4208,Gutenberg Blocks with AI Vulnerable to Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-15T02:32:44.089Z,0
CVE-2024-3189,https://securityvulnerability.io/vulnerability/CVE-2024-3189,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-15T02:32:43.451Z,0
CVE-2024-4481,https://securityvulnerability.io/vulnerability/CVE-2024-4481,Gutenberg Blocks with AI Vulnerable to Stored Cross-Site Scripting,"The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2024-2273,https://securityvulnerability.io/vulnerability/CVE-2024-2273,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder Features Plugin,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:49.167Z,0
CVE-2024-2919,https://securityvulnerability.io/vulnerability/CVE-2024-2919,Stored Cross-Site Scripting Vulnerability in Kadence Blocks Page Builder,"The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Gutenberg Blocks With Ai By Kadence WP – Page Builder Features,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-04T03:15:00.000Z,0