Vulnerabilities > Wpdeveloper > Essential Blocks > 3.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2023-6623 | Path Traversal vulnerability in Wpdeveloper Essential Blocks The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. | 9.8 |
| 2024-01-11 | CVE-2023-7071 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-10-20 | CVE-2023-4386 | Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. | 8.1 |
| 2023-10-20 | CVE-2023-4402 | Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks and Essential Blocks PRO The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. | 9.8 |
| 2023-06-09 | CVE-2023-2083 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2084 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2085 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2086 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2087 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. | 4.3 |