- Published on
-
Jan 11, 2025
- Research Description
-
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max 3.4.3.
Previous vulnerability researches |
Gutenberg Blocks by Kadence Blocks – Page Builder Features
(CVE-2024-5819)
, Jul 01, 2024
|
Gutenberg Blocks by Kadence Blocks – Page Builder Features
(CVE-2024-12581)
, Dec 15, 2024
|
Gutenberg Blocks by Kadence Blocks – Page Builder Features
(CVE-2024-10785)
, Nov 21, 2024
|
Gutenberg Blocks by Kadence Blocks – Page Builder Features
(CVE-2024-5289)
, Jun 28, 2024
|
Gutenberg Blocks by Kadence Blocks – Page Builder Features
(CVE-2024-10637)
, Dec 12, 2024
|
New vulnerability |
Ad Blocking Detector
(CVE-2025-22732)
, Jan 19, 2025
|
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
(CVE-2024-12071)
, Jan 19, 2025
|
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced)
(CVE-2025-22710)
, Jan 19, 2025
|
JSM Screenshot Machine Shortcode
(CVE-2024-13385)
, Jan 19, 2025
|
Verge3D Publishing and E-Commerce
(CVE-2025-22709)
, Jan 19, 2025
|