Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-24
CVE-2024-12117 - Page Builder Gutenberg Blocks Plugin
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-12117
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-8760 - Page Builder Gutenberg Blocks Plugin
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX…
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-8760
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7132 - Page Builder Gutenberg Blocks Plugin
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-7132
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2024-4260 - Page Builder Gutenberg Blocks Plugin
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-4260
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6296 - Page Builder Gutenberg Blocks Plugin
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-6296
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2039 - Page Builder Gutenberg Blocks Plugin
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-2039
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-2369 - Page Builder Gutenberg Blocks Plugin
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Page Builder Gutenberg Blocks
CVE-2024-2369
Risk Score