Vulnerabilities > Motopress > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2024-13642 | Cross-site Scripting vulnerability in Motopress Stratum The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-20 | CVE-2024-10872 | Cross-site Scripting vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3588 | Cross-site Scripting vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-1948 | Cross-site Scripting vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-05 | CVE-2023-6959 | Missing Authorization vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. | 4.3 |
| 2024-02-05 | CVE-2023-6963 | Incorrect Authorization vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. | 5.3 |
| 2023-12-14 | CVE-2023-48756 | Unspecified vulnerability in Motopress Jetblocks for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8. | 6.1 |
| 2023-06-09 | CVE-2023-1910 | Unspecified vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. | 4.3 |
| 2022-08-16 | CVE-2022-2843 | Unspecified vulnerability in Motopress Timetable and Event Schedule A vulnerability was found in MotoPress Timetable and Event Schedule. | 6.1 |
| 2022-08-16 | CVE-2022-2844 | Unspecified vulnerability in Motopress Timetable and Event Schedule A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. | 6.1 |