Lucene search
K

4 matches found

OSV
OSV
added 2024/12/13 6:15 a.m.3 views

CVE-2024-10678

The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS7.3AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2024/12/13 6:15 a.m.21 views

CVE-2024-10678

The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00281EPSS
Exploits1References1
Circl
Circl
added 2024/12/13 6:10 a.m.10 views

CVE-2024-10678

creationtimestamp| type| source ---|---|--- 2024-12-13 06:10:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113644024652935047 2024-12-13 08:14:34+00:00| seen| https://t.me/cvedetector/12837...

5.4CVSS8.7AI score0.00281EPSS
Exploits1References2
CVE
CVE
added 2024/12/13 6:0 a.m.56 views

CVE-2024-10678

CVE-2024-10678 affects the Ultimate Blocks – WordPress Blocks Plugin prior to 3.2.4. The Red Hat and NVD entries describe that the plugin does not validate or escape certain block options before outputting them in pages/posts where the block is embedded, enabling Stored XSS for users with the Con...

5.4CVSS5.6AI score0.00281EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder