Lucene search
WPScanVULNRICHMENT:CVE-2024-4057HistoryJun 04, 2024 - 6:00 a.m.
CVE-2024-4057 Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
2024-06-0406:00:02
WPScan
github.com
2
gutenberg blocks
kadence wp
xss
AI Score
5.8
Confidence
High
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:*:*:*"
],
"vendor": "kadencewp",
"product": "gutenberg_blocks_with_ai",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.2.37",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-4057
2024-06-04 06:15:10
wpvulndb
wpvulndb
Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
2024-05-14 00:00:00
cvelist
cvelist
wpexploit
wpexploit
Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
2024-05-14 00:00:00
cve
cve
CVE-2024-4057
2024-06-04 06:15:10
wordfence
wordfence
AI Score
5.8
Confidence
High
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-4057