Lucene search

CVE-2024-4057

🗓️ 04 Jun 2024 06:10:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 20 Views🌐 WEB

CVE-2024-4057 vulnerability in NVD

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2024-4057	4 Jun 202406:15	–	nvd
wpexploit	Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS	14 May 202400:00	–	wpexploit
WPVulnDB	Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS	14 May 202400:00	–	wpvulndb
Cvelist	CVE-2024-4057 Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS	4 Jun 202406:00	–	cvelist
Patchstack	WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.37 is vulnerable to Cross Site Scripting (XSS)	15 May 202400:00	–	patchstack
Vulnrichment	CVE-2024-4057 Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS	4 Jun 202406:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)	23 May 202415:00	–	wordfence

Vulners

Vulnrichment

Node

gutenberg_blocks_with_ai_by_kadence_wpRange<3.2.37wordpress

[
  {
    "vendor": "Unknown",
    "product": "Gutenberg Blocks with AI by Kadence WP ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.2.37"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f/

Parameter	Position	Path	Description	CWE
Lottie Animation URL	request body	/wp-admin/admin-ajax.php	The plugin is vulnerable to stored XSS due to lack of validation and escaping of block attributes before rendering.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Jun 2024 06:15Current

6Medium risk

Vulners AI Score6

CVSS36.1

EPSS0.00043

SSVC