VYPR

EditorsKit

by WordPress

CVEs (2)

  • CVE-2021-24546HigOct 11, 2021
    risk 0.57cvss 8.8epss 0.02

    The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code

  • CVE-2023-6635HigFeb 5, 2024
    risk 0.40cvss 7.2epss 0.02

    The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or…