3 matches found
CVE-2024-4057 Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
CVE-2024-4057
The CVE-2024-4057 issue affects Gutenberg Blocks with AI by Kadence WP for WordPress, where certain block attributes are not validated/escaped before they are output in a page/post containing the block. This can allow stored XSS by users with contributor role and above. Root cause: output of unva...
WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.37 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions 3.2.37 Fixed in 3.2.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4057 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 5b79e65c4424 Credits Dmitrii...