cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11219,https://securityvulnerability.io/vulnerability/CVE-2024-11219,Unauthenticated Image Server Side Injection Vulnerability,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-11-27T05:31:54.882Z,0
CVE-2024-10367,https://securityvulnerability.io/vulnerability/CVE-2024-10367,Cross-Site Scripting Vulnerability Affects Otter Blocks Product,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-11-01T11:01:55.530Z,0
CVE-2024-3725,https://securityvulnerability.io/vulnerability/CVE-2024-3725,Gutenberg Blocks Vulnerable to Stored Cross-Site Scripting,"The Otter Blocks plugin for WordPress, which includes features like the Gutenberg Blocks and Page Builder for FSE, has a vulnerability that allows for Stored Cross-Site Scripting (XSS). This issue arises from inadequate input sanitization and output escaping on user-supplied attributes, specifically 'titleTag'. As a result, authenticated attackers with contributor-level access or higher can inject malicious web scripts into pages. These injected scripts will then execute whenever a user visits the compromised page, potentially leading to greater exploitation of the site.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:40.615Z,0
CVE-2024-3344,https://securityvulnerability.io/vulnerability/CVE-2024-3344,Gutenberg Blocks Vulnerable to Stored Cross-Site Scripting,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-11T11:03:51.639Z,0
CVE-2024-3343,https://securityvulnerability.io/vulnerability/CVE-2024-3343,Gutenberg Blocks Vulnerable to Stored Cross-Site Scripting,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-11T11:03:51.061Z,0
CVE-2024-2226,https://securityvulnerability.io/vulnerability/CVE-2024-2226,Gutenberg Blocks Vulnerable to Stored Cross-Site Scripting,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:37.731Z,0
CVE-2024-2841,https://securityvulnerability.io/vulnerability/CVE-2024-2841,Gutenberg Blocks Vulnerable to Stored Cross-Site Scripting,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Otter Blocks – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-29T04:31:34.185Z,0
CVE-2024-1684,https://securityvulnerability.io/vulnerability/CVE-2024-1684,Stored Cross-Site Scripting Vulnerability in Otter Blocks Plugin for WordPress,"The Otter Blocks plugin for WordPress allows authenticated attackers with contributor access and higher to exploit a stored cross-site scripting vulnerability. This is due to inadequate input sanitization and output escaping in the contact form file field's CSS metabox across all versions up to and including 2.6.3. Attackers can inject arbitrary web scripts into the pages, which execute when users access the affected pages, leading to potential data theft or site compromise.",Wordpress,"Otter Blocks Pro – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:05.116Z,0
CVE-2024-1691,https://securityvulnerability.io/vulnerability/CVE-2024-1691,Stored Cross-Site Scripting in Otter Blocks Plug-in for WordPress,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit a stored cross-site scripting flaw via an insecure file upload form. This issue arises from insufficient input sanitization and output escaping, specifically when handling SVG file uploads. Attackers can inject malicious scripts into pages, which will execute whenever a user visits the compromised page. While version 2.6.4 addresses this issue by sanitizing uploaded SVG files, earlier versions remain vulnerable.",Wordpress,"Otter Blocks Pro – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:57.917Z,0