Approved changes feed: RSS · Atom

cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorMotopress (6d317652-94c4-5c1f-ac88-5ca1ba2616b8)
ProductGetwid (b830b3cd-f131-5fd0-8ee4-c77277033333)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/motopress/getwid purl2cpe 2026-06-01 10:16:10.761978

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-6491 vulnerable 2026-06-08 06:58:19.588784 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
MEDIUM (4.3)
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.
Published: 2024-07-20T06:43:45.510Z
Updated: 2026-04-08T17:34:30.786Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-6489 vulnerable 2026-06-08 06:58:19.585257 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update
MEDIUM (5.3)
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.
Published: 2024-07-20T06:43:48.168Z
Updated: 2026-04-08T17:35:07.016Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3588 vulnerable 2026-06-08 06:43:50.381957 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'
MEDIUM (6.4)
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-05-02T16:52:36.257Z
Updated: 2026-04-08T17:20:41.715Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1948 vulnerable 2026-06-08 06:27:15.102857 Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content
MEDIUM (6.4)
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-04-09T18:58:54.533Z
Updated: 2026-04-08T16:59:15.094Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10872 vulnerable 2026-06-08 06:23:47.878315 Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-11-20T11:03:43.205Z
Updated: 2026-04-08T17:05:45.562Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6963 vulnerable 2026-06-08 06:21:56.485303 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6959 vulnerable 2026-06-08 06:21:56.472618 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6042 vulnerable 2026-06-08 06:19:45.452599 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-1910 vulnerable 2026-06-08 05:52:37.206697 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-1895 vulnerable 2026-06-08 05:52:37.184477 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.