Gutenberg Blocks by Kadence Blocks
StellarWP
Developer
3.5.27
Latest version
500,000
Installations
Nov 6, 2025
Last updated
Vulnerability history
0 present
24 fixed
2 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter vulnerability<= 3.5.10Jul 8, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' vulnerability<= 3.4.9Feb 28, 2025
- Broken Access Control vulnerability<= 3.3.1Jan 24, 2025
- Authenticated (contributor+) Stored Cross-Site Scripting via Button Link vulnerability<= 3.4.2Jan 10, 2025
- Admin+ Stored XSS vulnerability< 3.2.54Dec 12, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.3.3Nov 21, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.3.1Oct 31, 2024
- Contributor+ Stored XSS via "Days Label" vulnerability< 3.2.39Aug 8, 2024
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability<= 3.2.45Jul 1, 2024
- Contributor+ Stored Cross-Site Scripting in Google Maps Widget vulnerability<= 3.2.42Jun 26, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter vulnerability<= 3.2.38Jun 14, 2024
- Contributor+ Stored XSS vulnerability< 3.2.37May 15, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.2.37May 15, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link vulnerability<= 3.2.36May 10, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.2.34May 1, 2024
- Authenticated Server-Side Request Forgery (SSRF) vulnerability<= 3.1.26Apr 11, 2024
- Contributor+ Stored XSS vulnerability< 3.2.26Apr 5, 2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown and CountUp Widget vulnerability<= 3.2.31Apr 4, 2024
- Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings vulnerability<= 3.2.17Apr 3, 2024
- Server Side Request Forgery (SSRF) vulnerability<= 3.2.25Mar 29, 2024
- Server Side Request Forgery (SSRF) vulnerability<= 3.2.19Mar 26, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget vulnerability<= 3.2.25Mar 22, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.2.23Mar 14, 2024
- Unauthenticated Arbitrary File Upload vulnerability<= 3.1.10Aug 9, 2023