Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ultimateblocks — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting ultimateblocks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ultimateblocks is a WordPress plugin providing block-based page building functionality for websites. Historically, the plugin has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The plugin has accumulated six CVE records to date, with several critical flaws allowing attackers to execute arbitrary code or compromise administrative accounts. Security researchers have consistently identified similar vulnerability patterns in multiple versions, indicating persistent security gaps in the plugin's architecture. No major public security incidents have been widely reported, though the high number of CVEs suggests significant security concerns for users.

Top products by ultimateblocks: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
CVE IDTitleCVSSSeverityPublished
CVE-2025-2918 Ultimate Blocks – WordPress Blocks Plugin <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Ultimate Blocks – 25+ Gutenberg Blocks for Block EditorCWE-79 6.4 Medium2025-06-10
CVE-2025-1312 Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Blocks – 25+ Gutenberg Blocks for Block EditorCWE-79 6.4 Medium2025-03-26
CVE-2025-1703 Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter — Ultimate Blocks – 25+ Gutenberg Blocks for Block EditorCWE-79 6.4 Medium2025-03-26
CVE-2024-4268 Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks — Ultimate Blocks – 25+ Gutenberg Blocks for Block EditorCWE-79 6.4 Medium2024-07-02
CVE-2024-3513 Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via title tag attribute — Ultimate Blocks – 25+ Gutenberg Blocks for Block EditorCWE-79 6.4 Medium2024-07-02
CVE-2023-6692 Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox — Ultimate Blocks – 25+ Gutenberg Blocks for Block EditorCWE-79 6.4 Medium2024-06-19

This page lists every published CVE security advisory associated with ultimateblocks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.