VYPR

Wp Blockade

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-3480MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an admin_post action hook 'wp-blockade-shortcode-render' that maps to the render_shortcode_preview() function. This function lacks any…

  • CVE-2026-3481MedMay 22, 2026
    risk 0.40cvss 6.1epss 0.00

    The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the render_shortcode_preview() function. The…