Vulnerabilities > Wpdeveloper > Essential Blocks > 4.0.8

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-7071 Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2023-10-20 CVE-2023-4386 Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function.
network
high complexity
wpdeveloper CWE-502
8.1
8.1
2023-10-20 CVE-2023-4402 Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks and Essential Blocks PRO
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function.
network
low complexity
wpdeveloper CWE-502
critical
 9.8
9.8