cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forthe-plus-addons-for-block-editor the-plus-addons-for-block-editor

Direction: ascending
Jun 07, 2024

The Plus Blocks for Block Editor | Gutenberg # CVE-2024-30435

CVE, Research URL

CVE-2024-30435

Date
Mar 29, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor.This issue affects Nexter Blocks: from n/a through <= 3.2.5.
Affected versions
max 3.2.6.
Status
vulnerable

The Plus Blocks for Block Editor | Gutenberg # CVE-2024-33572

CVE, Research URL

CVE-2024-33572

Date
Jun 09, 2024
Research Description
Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor.This issue affects Nexter Blocks: from n/a through <= 3.2.5.
Affected versions
max 3.2.6.
Status
vulnerable
Oct 28, 2024

The Plus Blocks for Block Editor | Gutenberg # CVE-2024-50452

CVE, Research URL

CVE-2024-50452

Date
Feb 20, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3.
Affected versions
max 4.0.0.
Status
vulnerable
Jan 03, 2025

The Plus Blocks for Block Editor | Gutenberg # CVE-2024-56246

CVE, Research URL

CVE-2024-56246

Date
Jan 02, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through <= 4.0.4.
Affected versions
max 4.0.5.
Status
vulnerable
Jan 09, 2025

The Plus Blocks for Block Editor | Gutenberg # CVE-2024-56294

CVE, Research URL

CVE-2024-56294

Date
Jan 07, 2025
Research Description
Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.0.7.
Affected versions
max 4.0.8.
Status
vulnerable
Aug 16, 2025

The Plus Blocks for Block Editor | Gutenberg # CVE-2025-54739

CVE, Research URL

CVE-2025-54739

Date
Aug 15, 2025
Research Description
Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.5.4.
Affected versions
max 4.5.5.
Status
vulnerable
Aug 22, 2025

The Plus Blocks for Block Editor | Gutenberg # CVE-2025-8567

CVE, Research URL

CVE-2025-8567

Date
Aug 19, 2025
Research Description
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 4.5.5.
Status
vulnerable
Jan 27, 2026

The Plus Blocks for Block Editor | Gutenberg # CVE-2026-24377

CVE, Research URL

CVE-2026-24377

Date
Jan 22, 2026
Research Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.
Affected versions
max 4.6.4.
Status
vulnerable
Apr 14, 2026

The Plus Blocks for Block Editor | Gutenberg # CVE-2026-39516

CVE, Research URL

CVE-2026-39516

Date
Apr 08, 2026
Research Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
Affected versions
max 4.7.1.
Status
vulnerable
Jul 09, 2026

The Plus Blocks for Block Editor | Gutenberg # CVE-2026-6740

CVE, Research URL

CVE-2026-6740

Date
Jul 08, 2026
Research Description
The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 4.7.5.
Status
vulnerable