CVE-2024-7132

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 55.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Page Builder Gutenberg Blocks Godaddy Coblocks

Timeline

PublishedAug 29

Description

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/page_builder_gutenberg_blocks< 3.1.13

▶NVDgodaddy/coblocks< 3.1.13

🔴Vulnerability Details

GHSA

GHSA-65w4-w734-528c: The Page Builder Gutenberg Blocks WordPress plugin before 3↗2024-08-29

▶

CVEList

CoBlocks < 3.1.13 - Editor+ Stored XSS↗2024-08-29

▶