CVE-2024-35731

2024-06-0813:15:54

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-35731

xss

cross-site scripting

wp moose

kenta gutenberg blocks

web page generation

vulnerability

stored xss

gutenberg editor

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9.

Affected configurations

Vulners

Node

wp_moosekenta_gutenberg_blocks_responsive_blocks_and_block_templates_library_for_gutenberg_editorRange≤1.3.9

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "kenta-blocks",
    "product": "Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor",
    "vendor": "WP Moose",
    "versions": [
      {
        "changes": [
          {
            "at": "1.4.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.9",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]