Essential Blocks
Approved changes feed: RSS · Atom
cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:free:wordpress:*:*
part: a version: * update: *
| Vendor | Wpdeveloper (5e68162c-cdc3-57bc-b7a0-1ebc1941e1cb) |
|---|---|
| Product | Essential Blocks (60492464-af2d-5955-92c6-46ceebb1b098) |
| Edition | * |
| Language | * |
| Software edition | free |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-26871 |
vulnerable | 2026-06-03 15:00:08.596571 |
WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.8.3.
Published: 2025-02-25T14:17:50.925Z
Updated: 2026-04-28T16:11:41.189Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1664 |
vulnerable | 2026-06-03 14:59:05.998876 |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-03-08T11:16:40.491Z
Updated: 2026-04-08T16:58:54.107Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5595 |
vulnerable | 2026-06-03 14:57:53.361442 |
Essential Blocks < 4.7.0 - Contributor+ Stored XSS
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Published: 2024-08-02T06:00:06.949Z
Updated: 2024-08-02T16:12:09.234Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4891 |
vulnerable | 2026-06-03 14:57:16.433361 |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-05-18T04:30:53.061Z
Updated: 2026-04-08T17:29:02.467Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47385 |
vulnerable | 2026-06-03 14:57:01.170127 |
WordPress Essential Blocks plugin <= 4.8.4 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.8.4.
Published: 2024-10-05T14:51:56.136Z
Updated: 2026-04-28T16:10:20.039Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3818 |
vulnerable | 2026-06-03 14:56:32.109399 |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block
MEDIUM (5.4)
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-04-19T02:34:43.283Z
Updated: 2026-04-08T16:58:58.200Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31306 |
vulnerable | 2026-06-03 14:55:39.423112 |
WordPress Essential Blocks plugin <= 4.5.3 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.
Published: 2024-04-07T17:42:54.112Z
Updated: 2026-04-28T16:09:30.702Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30467 |
vulnerable | 2026-06-03 14:55:38.387264 |
WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability
MEDIUM (6.5)
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.
Published: 2024-06-09T10:49:06.693Z
Updated: 2026-04-28T16:09:24.471Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1854 |
vulnerable | 2026-06-03 14:54:34.798555 |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-03-13T15:27:02.758Z
Updated: 2026-04-08T17:04:44.973Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13803 |
vulnerable | 2026-06-03 14:54:25.477388 |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-02-26T07:01:18.758Z
Updated: 2026-04-08T17:32:07.075Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12045 |
vulnerable | 2026-06-03 14:54:15.482368 |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
MEDIUM (4.4)
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Published: 2025-01-08T07:18:38.149Z
Updated: 2026-05-20T14:27:23.263Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51360 |
vulnerable | 2026-06-03 14:53:32.019992 |
WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability
MEDIUM (6.5)
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
Published: 2024-12-09T11:29:48.540Z
Updated: 2026-04-29T09:51:52.548Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51359 |
vulnerable | 2026-06-03 14:53:32.019581 |
WordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerability
MEDIUM (5.4)
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
Published: 2024-12-09T11:29:47.741Z
Updated: 2026-04-29T09:51:52.514Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47760 |
vulnerable | 2026-06-03 14:53:18.078580 |
WordPress Essential Blocks plugin <= 4.2.0 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
Published: 2024-12-09T11:30:51.617Z
Updated: 2026-04-29T09:51:51.111Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-47594 |
vulnerable | 2026-06-03 14:48:27.706986 |
WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control
MEDIUM (6.5)
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5.
Published: 2024-12-13T14:22:12.225Z
Updated: 2026-04-28T16:07:58.067Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.