Vulnerabilities > Sktthemes > SKT Blocks > 1.7

DATE CVE VULNERABILITY TITLE RISK
2025-04-22 CVE-2025-46235 Cross-site Scripting vulnerability in Sktthemes SKT Blocks
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS.
network
low complexity
sktthemes CWE-79
5.4
5.4
2025-04-15 CVE-2025-26998 Cross-site Scripting vulnerability in Sktthemes SKT Blocks
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS.
network
low complexity
sktthemes CWE-79
5.4
5.4
2025-02-17 CVE-2025-26771 Cross-site Scripting vulnerability in Sktthemes SKT Blocks
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS.
network
low complexity
sktthemes CWE-79
5.4
5.4
2025-02-04 CVE-2024-13733 Cross-site Scripting vulnerability in Sktthemes SKT Blocks
The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sktthemes CWE-79
5.4
5.4