Otter Blocks
by Themeisle
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55715 | Hig | 0.49 | 7.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0. | ||
| CVE-2026-2892 | Hig | 0.42 | 7.5 | 0.00 | Apr 30, 2026 | The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned 'o_stripe_data' cookie to determine Stripe product ownership for unauthenticated… | ||
| CVE-2024-2841 | Med | 0.42 | 6.4 | 0.00 | Mar 29, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on… | ||
| CVE-2024-1684 | Med | 0.42 | 6.4 | 0.00 | Mar 13, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and… | ||
| CVE-2024-1691 | Med | 0.40 | 6.1 | 0.00 | Mar 13, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization… | ||
| CVE-2024-10367 | Med | 0.35 | 6.4 | 0.00 | Nov 1, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping.… | ||
| CVE-2024-3725 | Med | 0.35 | 6.4 | 0.00 | May 2, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output… | ||
| CVE-2024-3344 | Med | 0.35 | 6.4 | 0.00 | Apr 11, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes… | ||
| CVE-2024-3343 | Med | 0.35 | 6.4 | 0.00 | Apr 11, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output… | ||
| CVE-2024-2226 | Med | 0.35 | 6.4 | 0.00 | Apr 9, 2024 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and… | ||
| CVE-2024-35682 | Med | 0.28 | 4.3 | 0.00 | Jun 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. |
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0.
- risk 0.42cvss 7.5epss 0.00
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned 'o_stripe_data' cookie to determine Stripe product ownership for unauthenticated…
- risk 0.42cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on…
- risk 0.42cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and…
- risk 0.40cvss 6.1epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization…
- risk 0.35cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping.…
- risk 0.35cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output…
- risk 0.35cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes…
- risk 0.35cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output…
- risk 0.35cvss 6.4epss 0.00
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11.