4 matches found
CVE-2024-5417 Gutentor < 3.3.6 - Contributor+ Stored XSS
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-5417 Gutentor < 3.3.6 - Contributor+ Stored XSS
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-5417
The CVE-2024-5417 entry concerns the Gutentor WordPress plugin prior to version 3.3.6. Root cause: the plugin does not validate or escape certain block options before outputting them in embedded blocks, enabling Stored XSS. Affected software: Gutentor WordPress plugin versions
WordPress Gutentor Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)
Software Gutentor Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5417 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7af65b4190da Credits Dmitrii Ignatyev Required...