Vulnerabilities > Vanderwijk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2024-6432 | Cross-site Scripting vulnerability in Vanderwijk Content Blocks The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-17 | CVE-2024-44051 | Cross-site Scripting vulnerability in Vanderwijk Content Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. | 5.4 |
| 2024-06-01 | CVE-2024-3565 | Cross-site Scripting vulnerability in Vanderwijk Content Blocks The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-08 | CVE-2024-34566 | Unspecified vulnerability in Vanderwijk Content Blocks Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0. | 5.4 |