Lucene search
WPScanCVE-2024-2729HistoryApr 18, 2024 - 5:15 a.m.
CVE-2024-2729
2024-04-1805:15:48
WPScan
web.nvd.nist.gov
39
otter blocks
wordpress
vulnerability
stored xss
cve-2024-2729
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
8.8
Confidence
High
EPSS
0
Percentile
9.0%
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks’ attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
Affected configurations
Node
themeisleotterRange<2.6.6wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "Otter Blocks ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.6.6"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
2024-03-28 00:00:00
nvd
nvd
CVE-2024-2729
2024-04-18 05:15:48
wpexploit
wpexploit
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
2024-03-28 00:00:00
cvelist
cvelist
CVE-2024-2729 Otter Blocks < 2.6.6 - Contributor+ Stored XSS
2024-04-18 05:00:02
vulnrichment
vulnrichment
CVE-2024-2729 Otter Blocks < 2.6.6 - Contributor+ Stored XSS
2024-04-18 05:00:02
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
8.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-2729