CVE-2024-8536

The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:dotcamp:ultimate_blocks:*:*:*:*:*:wordpress:*:*

History

03 Oct 2024, 18:16

Type Values Removed Values Added
CPE cpe:2.3:a:dotcamp:ultimate_blocks:*:*:*:*:*:wordpress:*:*
First Time Dotcamp
Dotcamp ultimate Blocks
CWE CWE-79
References () https://wpscan.com/vulnerability/abd5b6c6-f541-4739-882d-2011436f7a8b/ - () https://wpscan.com/vulnerability/abd5b6c6-f541-4739-882d-2011436f7a8b/ - Exploit, Third Party Advisory

01 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) El complemento Ultimate Blocks para WordPress anterior a la versión 3.2.2 no valida ni escapa algunos de los atributos de sus bloques antes de mostrarlos nuevamente en una página o publicación donde está incrustado el bloque, lo que podría permitir a los usuarios con el rol de colaborador y superior realizar ataques de cross site scripting almacenado.

30 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 06:15

Updated : 2024-10-03 18:16


NVD link : CVE-2024-8536

Mitre link : CVE-2024-8536

CVE.ORG link : CVE-2024-8536


JSON object : View

Products Affected

dotcamp

  • ultimate_blocks
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')