2 matches found
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress Nova Blocks by Pixelgrade Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Nova Blocks by Pixelgrade Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f5ae0b10869 Credits Francesco...