CVE-2024-2761 Genesis Blocks < 3.1.3 - Contributor+ Stored XSS

2024-04-1905:00:02

WPScan

www.cve.org

genesis blocks

wordpress plugin

stored xss

contributor privileges

cve-2024-2761

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Genesis Blocks",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.1.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/