CVE-2024-10367 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

🗓️ 01 Nov 2024 11:01:55Reported by WordfenceType

Otter Blocks Gutenberg Blocks plugin 3.0.4 Stored XSS via SVG File Uploa

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-10367	1 Nov 202413:00	–	circl
CNNVD	WordPress plugin Otter Blocks 跨站脚本漏洞	1 Nov 202400:00	–	cnnvd
CVE	CVE-2024-10367	1 Nov 202411:01	–	cve
EUVD	EUVD-2024-33064	3 Oct 202520:07	–	euvd
NVD	CVE-2024-10367	1 Nov 202411:15	–	nvd
Patchstack	WordPress Otter - Gutenberg Block Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)	1 Nov 202400:00	–	patchstack
Patchstack	WordPress Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability	1 Nov 202407:14	–	patchstack
Patchstack	WordPress Otter - Gutenberg Block Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)	1 Nov 202400:00	–	patchstack
Patchstack	WordPress Otter Blocks plugin <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability	1 Nov 202421:23	–	patchstack
Positive Technologies	PT-2024-16220 · WordPress · The Otter Blocks – Gutenberg Blocks	1 Nov 202400:00	–	ptsecurity

[
  {
    "vendor": "themeisle",
    "product": "Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.0.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordpress	www.wordpress.org/plugins/otter-blocks/
plugins	www.plugins.trac.wordpress.org/changeset/3178637/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/9d83c085-b33a-4003-9e0a-8457669d6634

08 Apr 2026 17:11Current

CVSS 3.16.4

EPSS0.00305

CWE-79