The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whene [truncated]
CVE-2024-33685 is a MEDIUM-severity vulnerability in the Startupzy theme for WordPress. The issue, which has a CVSS score of 4.3, allows attackers to exploit incorrectly configured access control security levels due to missing authorization. This vulnerability affects Startupzy versions from n/a through 1.1.1. Successful exploitation could lead to unauthorized actions, potentially compromising site integr [truncated]
A reflected cross-site scripting (XSS) vulnerability in the Gutenverse WordPress plugin allows unauthenticated attackers to inject arbitrary web scripts via a crafted URL. The vulnerability exists in the `render_content()` method within `class-search-result-title.php`, which outputs the search query parameter directly into HTML without proper escaping. Successful exploitation requires the `gutenverse/sear [truncated]