Vulnerabilities and security researches forskt-blocks skt-blocks

Aug 29, 2024

CVE, Research URL: CVE-2024-43946
Home page URL: Security reports for SKT Blocks – Gutenberg based Page Builder
Application: SKT Blocks – Gutenberg based Page Builder
Date: -
Research Description: SKT Blocks – Gutenberg based Page Builder [skt-blocks] <= 1.5 (unfixed) CVE-2024-43946
Affected versions: Min -, max -.
Status: vulnerable

Oct 13, 2024

CVE, Research URL: CVE-2024-48036
Home page URL: Security reports for SKT Blocks – Gutenberg based Page Builder
Application: SKT Blocks – Gutenberg based Page Builder
Date: Oct 17, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.6.
Affected versions: Min -, max -.
Status: vulnerable

Feb 06, 2025

CVE, Research URL: CVE-2024-13733
Home page URL: Security reports for SKT Blocks – Gutenberg based Page Builder
Application: SKT Blocks – Gutenberg based Page Builder
Date: Feb 04, 2025
Research Description: The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Feb 18, 2025

CVE, Research URL: CVE-2025-26771
Home page URL: Security reports for SKT Blocks – Gutenberg based Page Builder
Application: SKT Blocks – Gutenberg based Page Builder
Date: Feb 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.7.
Affected versions: Min -, max -.
Status: vulnerable

Apr 13, 2025

CVE, Research URL: CVE-2025-3276
Home page URL: Security reports for SKT Blocks – Gutenberg based Page Builder
Application: SKT Blocks – Gutenberg based Page Builder
Date: Apr 12, 2025
Research Description: The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 17, 2025

CVE, Research URL: CVE-2025-26998
Home page URL: Security reports for SKT Blocks – Gutenberg based Page Builder
Application: SKT Blocks – Gutenberg based Page Builder
Date: Apr 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8.
Affected versions: Min -, max -.
Status: vulnerable