Vulnerabilities > Wpdeveloper

DATE CVE VULNERABILITY TITLE RISK
2025-03-08 CVE-2025-1664 Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2025-02-26 CVE-2024-13803 Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2025-02-25 CVE-2025-26871 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
wpdeveloper CWE-862
8.8
8.8
2025-01-08 CVE-2024-12045 Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
4.8
4.8
2024-12-31 CVE-2024-56063 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2024-12-13 CVE-2022-47594 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5.
network
low complexity
wpdeveloper CWE-862
6.5
6.5
2024-12-09 CVE-2023-47760 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.
network
low complexity
wpdeveloper CWE-862
8.8
8.8
2024-12-09 CVE-2023-51359 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.
network
low complexity
wpdeveloper CWE-862
8.8
8.8
2024-12-09 CVE-2023-51360 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.
network
low complexity
wpdeveloper CWE-862
8.8
8.8
2024-11-28 CVE-2024-11203 Cross-site Scripting vulnerability in Wpdeveloper Embedpress
The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4