Vulnerabilities > Wpdeveloper > Essential Blocks > 4.5.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-08 | CVE-2025-1664 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-26 | CVE-2024-13803 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-25 | CVE-2025-26871 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2024-10-05 | CVE-2024-47385 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4. | 5.4 |
| 2024-05-18 | CVE-2024-4891 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. | 5.4 |