ReportizFlow
Filtered by vendor Kadencewp
Subscriptions
Filtered by product Gutenberg Blocks With Ai
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12581 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2026-04-08 | 4.4 Medium |
| The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-6884 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-28 | 5.4 Medium |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-4057 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-21 | 6.1 Medium |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2509 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-13 | 6.5 Medium |
| The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-10637 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-07 | 5.4 Medium |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||