Vulnerabilities and security researches forblockspare blockspare
Direction: ascendingJun 07, 2024
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. # e030c0eb6b3085274f92cdf3b57ac379ff70b313
- CVE, Research URL
- Date
- Feb 28, 2022
- Research Description
- BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed [blockspare] < 2.6.5 WordPress Blockspare – Beautiful Page Building Gutenberg Blocks for WordPress plugin <= 1.3.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Blockspare – Beautiful Page Building Gutenberg Blocks for WordPress plugin (versions <= 1.3.6).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 12, 2024
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. # CVE-2024-43164
- CVE, Research URL
- Date
- Aug 13, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 05, 2024
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. # CVE-2024-8325
- CVE, Research URL
- Date
- Sep 04, 2024
- Research Description
- The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 03, 2024
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. # CVE-2024-47363
- CVE, Research URL
- Date
- Oct 06, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 15, 2024
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. # CVE-2022-4974
- CVE, Research URL
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 09, 2025
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. # CVE-2025-47495
- CVE, Research URL
- Date
- May 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blockspare Blockspare allows Stored XSS. This issue affects Blockspare: from n/a through 3.2.9.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable