Vulnerabilities > Wpdeveloper
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-03-08 | CVE-2025-1664 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. | 5.4 |
2025-02-26 | CVE-2024-13803 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
2025-02-25 | CVE-2025-26871 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
2025-01-08 | CVE-2024-12045 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. | 4.8 |
2024-12-31 | CVE-2024-56063 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7. | 5.4 |
2024-12-13 | CVE-2022-47594 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5. | 6.5 |
2024-12-09 | CVE-2023-47760 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 8.8 |
2024-12-09 | CVE-2023-51359 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 8.8 |
2024-12-09 | CVE-2023-51360 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 8.8 |
2024-11-28 | CVE-2024-11203 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. | 5.4 |