2 matches found
CVE-2024-3565
CVE-2024-3565 affects Content Blocks (Custom Post Widget) for WordPress. It is a Stored XSS via the content_block shortcode in all versions up to 3.3.0 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at contributor level or...
CVE-2024-3565 Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode
The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'contentblock' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...