Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in aBlocks – WordPress Gutenberg Blocks 1.6.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: February 17, 2025

The aBlocks plugin for WordPress, which adds blocks to the Gutenberg editor, has a security issue that allows hackers to inject harmful code through the “Table Of Content” block. This can happen because the plugin does not properly clean and protect the data it receives from users. As a result, anyone with Contributor-level access or higher can add code that will run whenever someone opens a page with the infected block.

Detected in:

aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder fixed vulnerable versions:
aBlocks – WordPress Gutenberg Blocks fixed vulnerable versions: >= * <= 1.6.1
aBlocks – WordPress Gutenberg Blocks, User Dashboard Builder & Popup Builder fixed vulnerable versions:
aBlocks – WordPress Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & GSAP Animation Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.