CVE-2024-6362 Ultimate Blocks < 3.2.0 - Contributor+ Stored XSS

2024-07-2906:00:07

WPScan

github.com

cve-2024-6362 wordpress plugin stored xss

AI Score

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dotcamp:ultimate_blocks:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dotcamp",
    "product": "ultimate_blocks",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.2.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]