Unrated severityNVD Advisory· Published Apr 5, 2024· Updated Aug 1, 2024
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
CVE-2024-2509
Description
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/mitreexploitvdb-entrytechnical-description
- research.cleantalk.org/cve-2024-2509/mitre
News mentions
0No linked articles in our index yet.