Lucene search
Dmitrii IgnatyevWPEX-ID:5E5E67EA-A831-43FF-9D87-DCEFE425BC42HistoryMar 15, 2024 - 12:00 a.m.
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
2024-03-1500:00:00
Dmitrii Ignatyev
19
gutenberg blocks
kadence blocks
xss vulnerability
contributor
stored xss
code editor
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor (or above), edit a post in Code Editor mode, put the below code in it and save:
<!-- wp:kadence/advanced-form-text {"uniqueID":"9c5eb1-eb","formID":"1","label":"Name","placeholder":"Mouse Over There!\u0022onmouseover='alert(/XSS/)'"} /-->
The XSS will be trigged when viewing/previewing the post and moving the mouse over the generated input.References
Related
cvelist
cvelist
wpexploit
wpexploit
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
2024-03-15 00:00:00
nvd
nvd
CVE-2024-2509
2024-04-05 05:15:07
CVE-2024-2866
2024-04-09 19:15:38
vulnrichment
vulnrichment
wpvulndb
wpvulndb
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
2024-03-15 00:00:00
cve
cve
CVE-2024-2509
2024-04-05 05:15:07
CVE-2024-2866
2024-04-09 19:15:38
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPEX-ID:5E5E67EA-A831-43FF-9D87-DCEFE425BC42