WordPress Plugin Vulnerabilities

Gutenberg < 14.3.1 - Multiple Stored XSS

Description

The plugin does not escape data from some blocks before outputting ti back in pages, which could lead to Stored XSS issues.

Affected blocks: Search, Feature Image, RSS and Widget

Affects Plugins

Plugin icon
gutenberg
Fixed in 14.3.1

References

URL
https://github.com/WordPress/gutenberg/pull/45045

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Verified
Yes
WPVDB ID
17d969e8-058e-4679-8594-bae605341fb8

Timeline

Publicly Published
2022-10-17 (about 3 years ago)
Added
2022-10-18 (about 3 years ago)
Last Updated
2022-10-18 (about 3 years ago)

Other

Published
Title
Published
2025-07-21
Title
Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery < 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-03
Title
Highlight < 2.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-04-19
Title
BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting
Published
2019-07-09
Title
Gallery Photoblocks < 1.1.43 - Authenticated Reflected XSS
Published
2023-10-18
Title
WhatsApp Share Button <= 1.0.1 - Contributor+ Stored XSS