CVE-2024-37457

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 70.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dotcamp Ultimate Blocks Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin Ultimateblocks Ultimate Blocks – 25+ Gutenberg Blocks FOR Block Editor

Timeline

PublishedJul 21

Latest updateJul 22

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 2.3 | Impact: 3.7

Affected Packages3 packages

▶CVEListV5ultimate_blocks/ultimate_blocks_–_gutenberg_blocks_pluginn/a — 3.1.9

▶CVEListV5ultimateblocks/ultimate_blocks_–_25+_gutenberg_blocks_for_block_editor3.1.9

▶NVDdotcamp/ultimate_blocks< 3.2.0

🔴Vulnerability Details

GHSA

GHSA-6gjh-c4qj-794j: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenbe↗2024-07-22

▶

CVEList

WordPress Ultimate Blocks – WordPress Blocks Plugin plugin <= 3.1.9 - Cross Site Scripting (XSS) vulnerability↗2024-07-21

▶