4 matches found
CVE-2024-10678
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10678
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10678
creationtimestamp| type| source ---|---|--- 2024-12-13 06:10:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113644024652935047 2024-12-13 08:14:34+00:00| seen| https://t.me/cvedetector/12837...
CVE-2024-10678
CVE-2024-10678 affects the Ultimate Blocks – WordPress Blocks Plugin prior to 3.2.4. The Red Hat and NVD entries describe that the plugin does not validate or escape certain block options before outputting them in pages/posts where the block is embedded, enabling Stored XSS for users with the Con...