Spectra – WordPress Gutenberg Blocks

Information

Software Type Plugin
Software Slug ultimate-addons-for-gutenberg (view on wordpress.org)
Software Status Active
Software Author brainstormforce
Software Website www.brainstormforce.com
Software Downloads 22,542,298
Software Active Installs 800,000
Software Record Last Updated June 13, 2024

18 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms Patched CVE-2023-36679 8.5 Rafie Muhammad July 14, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - HTML Injection in Emails Patched CVE-2023-23735 6.5 Dave Jong January 23, 2023
Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting Patched CVE-2024-4366 6.4 Ngô Thiên An (ancorn_) May 23, 2024
Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block Patched CVE-2024-1815 6.4 wesley (wcraft) May 22, 2024
Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block Patched CVE-2024-1814 6.4 wesley (wcraft) May 22, 2024
Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS Patched CVE-2023-6486 6.4 Akbar Kustirama April 3, 2024
Spectra <= 2.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-49833 6.4 Rafie Muhammad December 5, 2023
Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer Patched 6.4 July 14, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks Patched 6.3 January 25, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation Patched CVE-2023-23834 6.3 István Márton January 25, 2023
Spectra – WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2020-36656 6.1 István Márton January 24, 2023
Spectra – WordPress Gutenberg Blocks <= 1.25.5 - Reflected Cross-Site Scripting Patched 6.1 WPScanTeam May 31, 2022
Spectra – WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization Patched CVE-2020-36702 5.5 Jerome Bruandet March 30, 2020
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update Patched CVE-2023-23729 5.4 Dave Jong January 23, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm/Blocks Import Patched CVE-2023-23825 5.4 István Márton January 23, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing Patched CVE-2023-23738 5.3 Dave Jong January 23, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass Patched CVE-2023-23730 5.3 Dave Jong January 23, 2023
Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal Patched CVE-2024-3107 4.3 Ngô Thiên An (ancorn_) April 26, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation