5 matches found
CVE-2024-2509
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2024-2509 Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2024-2509 Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2024-2509
The CVE-2024-2509 issue affects the WordPress plugin Gutenberg Blocks by Kadence Blocks (versions
WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.26 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions 3.2.26 Fixed in 3.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2509 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 59ef6d666275 Credits Dmitrii...